EssentialAction：如何在不解析的情况下获取请求的主体

Question

鉴于以下 EssentialAction...

object MyController extends Controller {

  ...

  def HasToken(action: Token => EssentialAction) = EssentialAction { request =>

    ...

    // this doesn't compile
    val body = request.body match {
      case json: JsValue => json.toString
      case _ => ""
    }

    // calculate hash with body content here
    ...
  }

  // here is an authenticated action
  def getUser(userId: Strign) = HasToken { token =>
    Action(parse.json) { request =>
      request.body.validate[User] match {
        ...
      }
    }
  }
}

...如何在不解析的情况下获取请求的主体？

我不想也不需要在 HasToken 中解析请求正文，因为正文将在操作中被解析 getUser。我只需要正文的原始内容来计算哈希值。

HasToken 中的代码无法编译，因为 request 是 RequestHeader 类型，而我需要 Request，它定义了 body。

Answer 1

这对你有用吗？

object MyController extends Controller {

  // Your HasToken Action
  def Authenticate(action: Token => EssentialAction) = EssentialAction { requestHeader =>
    // ... execute logic to verify authenticity using requestHeader
  }

  // Your action to validate tampering of request body and validity of JSON
  def Validate[A](action: Token => Request[A]) = Action(parse.json) { request =>
    val body = request.body
    body match {
      case json: JsValue => json.toString
      case _ => ""
    }
    // calculate hash with body content here

    body.validate[User] match {
      // ...
    }
  }

  def getUser(userId: Strign) = Authenticate { token =>
    Validate { user =>
      //.... Continue
    }
  }
}

• 认证只使用RequestHeader
• 验证使用请求正文。 （奖励：正文只被解析一次）

编辑：

问题 #1： 我不想在 Validate... （例如用户、消息等）。

如何添加另一个类型参数（使其成为通用的）：

def Validate[A, B](action: Token => Request[A])(implicit reads: Reads[B]) = Action(parse.json) { request =>
   // ...
}

问题 #2: 此外，如果令牌验证失败，则不必处理正文（这在文件上传的情况下很重要，必须执行）当且仅当验证成功时）。这样一来，在我看来，最好的选择是在 Validate 中读取正文的原始内容。

这很容易实现：

def Validate[A, B](action: Token => Request[A])(implicit reads: Reads[B]) = Action(parse.json) { request =>
   val body = request.body
    body match {
      case json: JsValue => json.toString
      case _ => ""
    }
    // calculate hash with body content here and figure out if the body is tampered
    if (bodyIsNotTampered) {
      body.validate[B] match {
        // ...
      }
    } else {
      // log and return Future.successful(BadRequest)
    }
  }

编辑 3：完整解决方案：

import play.api.libs.json.{Json, JsValue, Format}

object CompilationUtils {
  class Token
  case class User(name: String)
  implicit val UserFormat = Json.format[User]

  def authenticate = new Token // authentication logic

  def isTampered(body: JsValue) = {
    val bodyAsStr: String = Json.stringify(body)
    // calculate hash with body content here
    false
  }

}

object MyController extends Controller {
  import CompilationUtils._

  // Your HasToken Action
  def Authenticate(action: Token => EssentialAction) = EssentialAction { requestHeader =>
    action(authenticate)(requestHeader) // your execute logic to verify authenticity using requestHeader
  }

  // Your action to validate tampering of request body and validity of JSON
  def Validate[A, B](request: Request[A])(implicit formatA: Format[A], formatB: Format[B]): Either[Result, B] = {
    val body = request.body
    val bodyAsJsValue = Json.toJson(body)
    if (!isTampered(bodyAsJsValue)) {
      bodyAsJsValue.validate[B].fold(
        valid   = res => Right(res),
        invalid = err => Left(BadRequest(err.toString))
      )
    } else {
      Left(BadRequest) // Request Tampered
    }
  }

  def getUser(userId: String) = Authenticate { token =>
    Action(parse.json) { request =>
      Validate(request).fold(
        badReq => badReq,
        user   =>
          // continue...
          Ok("")
      )
    }
  }
}