How can I create a custom directive for Akka-Http 2 by nesting existing Directives?

Question

I am trying to create a custom directive that I can later use to validate user roles like so:

val route = put & authorize(ADMIN) { 
              // do sth
            }

or

val route = put {
              authorize(ADMIN) {
                //do sth
              }
            }

. Here is what I got so far:

  def authorize(role: String): Directive0 = {
    extractToken { t: String =>
      validateToken(t) {
        extractRoles(t) { roles: Seq[String] =>
          validate(roles.contains(role), s"User does not have the required role")
        }
      }
    }
  }

  def extractRoles(token: String): Directive1[Seq[String]] = {
    token match {
      case JsonWebToken(header, claimsSet, signature) => {
        val decoded = decodeJWT(token)
        decoded match {
          case Some(_) => provide(extractRoleCodesFromJWT(decoded.get))
          case None => provide(Seq())
        }
      }
      case x =>
        provide(Seq())
    }
  }

  def validateToken(token: String): Directive0 = validate(validateJWT(token), INVALID_TOKEN_MESSAGE)

  def extractToken: Directive1[Option[String]] = extractToken | extractHeader

  def extractCookie: Directive1[Option[String]] = optionalCookie(JWT_COOKIE_NAME).map(_.map(_.value))

  def extractHeader: Directive1[Option[String]] = optionalHeaderValueByName(JWT_HEADER_NAME)

All compiles fine, except the actual Directive0 that I want use later (authorize). The most inner line validate(...) shows a compile error saying "Expression of type server.Directive0 doesn't conform to expected type server.Route"

How can I properly nest my other directives in order to form my authorize directive? Or can I concatenate them somehow else, instead of nesting? The documentation on custom directives is very slim unfortunately.

[UPDATE]

Thanks to the pointer from Java Anto this is what I came up with.

 def authorize(role: String): Directive0 = {
    extractToken.flatMap(validateToken)
                .flatMap(extractRoles)
                .flatMap(roles => validate(roles.contains(role), MISSING_ROLE_MESSAGE))
  }

This compiles and will hopefully do the trick one I get to test it properly.

You can use the 'map' and 'flatMap' functions on the existing Directives to compose new directives. — James, Dec 22 '15 at 07:28
@Java Anto: Thanks, that was a good pointer. I cannot answer myself yet, so I will update the question to include the solution. — Thelonius, Dec 22 '15 at 10:47
Glad it helped!! And for clear documentation, I would suggest you take a look at [spray website](http://spray.io/documentation/1.2.2/spray-routing/advanced-topics/custom-directives/) — James, Dec 22 '15 at 10:51
Refer this http://stackoverflow.com/questions/32187858/akka-http-accept-and-content-type-handling/32201336#32201336 — S.Karthik, Dec 23 '15 at 11:13
@Thelonius Did it work? I agree that the Spray documentation on this is (still) insufficient. — akauppi, Nov 18 '16 at 13:31
@akauppi Basically it did. I refined the code a bit later on, but in the end this is what lead me to the solution. If you are still interested I can post the code. — Thelonius, Nov 24 '16 at 14:34
@Thelonius I'd like that. I also think it would make this entry more useful (it was almost there for me, but not quite..). Btw could you present it as an answer? — akauppi, Nov 24 '16 at 20:30

score 2 · Accepted Answer · answered Nov 25 '16 at 12:37

Thanks to the pointer from @Java Anto the solution that worked for me was the following.

trait AuthorizationDirectives extends JWTService {

      val JWT_COOKIE_NAME = "jwt_cookie_name"
      val JWT_HEADER_NAME = "jwt_cookie_header"
      val INVALID_TOKEN_MESSAGE = "The provided token is not valid."
      val MISSING_ROLE_MESSAGE = "User does not have the required role."

  def authorizeRole(role: String): Directive0 = {
    extractToken.flatMap(validateToken)
      .flatMap(extractRoles)
      .flatMap(validateRole(role)(_))
  }

  def extractRoles(token: String): Directive1[String] = {
    // decode the token
    val decoded = decodeJWT(token)
    // check if decode was successful
    decoded match {
      case Some(_) => {
        // get the role string
        val rolesString = extractRoleCodesFromJWT(decoded.get)
        rolesString match {
          // return rolestring if present
          case Some(_) => provide(rolesString.get)
          case None => reject(AuthorizationFailedRejection)
        }
      }
      case None => reject(AuthorizationFailedRejection)
    }
  }

  def validateRole(role: String)(roles: String): Directive0 = {
    if (roles.contains(role))
      pass
    else
      reject(AuthorizationFailedRejection)
  }

  def validateToken(token: Option[String]): Directive1[String] = {
    token match {
      case Some(_) => validate(validateJWT(token.get), INVALID_TOKEN_MESSAGE) & provide(token.get)
      case None => reject(AuthorizationFailedRejection)
    }
  }

  def extractToken: Directive1[Option[String]] = {
    extractCookie.flatMap {
      case None => extractHeader
      case t@Some(_) => provide(t)
    }
  }

  def extractCookie: Directive1[Option[String]] = optionalCookie(JWT_COOKIE_NAME).map(_.map(_.value))

  def extractHeader: Directive1[Option[String]] = optionalHeaderValueByName(JWT_HEADER_NAME)

}

The directive can then be used like this:

trait CRUDServiceRoute[ENTITY, UPDATE] extends BaseServiceRoute with Protocols with AuthorizationDirectives with CorsSupport {

import StatusCodes._

val requiredRoleForEdit = USER
val crudRoute: Route =
    pathEndOrSingleSlash {
      corsHandler {
        get {
          complete(getAll().map(entityToJson))
        } ~
          put {
            authorizeRole(requiredRoleForEdit) {
              entity(entityUnmarshaller) { t =>
                complete(Created -> create(t).map(idToJson))
              }
            }
          }
      }
    } ~
      pathPrefix(IntNumber) { id =>
        pathEndOrSingleSlash {
          corsHandler {
            get {
              complete(getById(id).map(entityToJson))
            }
          } ~
            corsHandler {
              put {
                authorizeRole(requiredRoleForEdit) {
                  entity(updateUnmarshaller) { tupd =>
                    complete(update(id, tupd).map(entityToJson))
                  }
                }
              }
            } ~
            delete {
              corsHandler {
                authorizeRole(requiredRoleForEdit) {
                  onSuccess(remove(id)) { ignored =>
                    complete(NoContent)
                  }
                }
              }
            }
        }
      }

  def entityToJson(value: Seq[ENTITY]): JsValue

  def entityToJson(value: Option[ENTITY]): JsValue

  def idToJson(value: Option[Long]): JsValue

  def entityUnmarshaller: FromRequestUnmarshaller[ENTITY]

  def updateUnmarshaller: FromRequestUnmarshaller[UPDATE]

  // CRUD service methods. These are implemented by the services used in the concrete routes
  def getAll(): Future[Seq[ENTITY]]

  def getById(id: Long): Future[Option[ENTITY]]

  def create(entity: ENTITY): Future[Option[Long]]

  def update(id: Long, noteUpdate: UPDATE): Future[Option[ENTITY]]

  def remove(id: Long): Future[Int]
}

Hey, @Thelonius from where this `reject` comes from in directives? — Harmeet Singh Taara, Jun 14 '19 at 08:19
Hi @Harmeet Singh Taara, as far as I recall it is a built-in directive from Spray. Unfortunately I don't have access to the code anymore, so I cannot verify 100% — Thelonius, Jun 17 '19 at 07:00
Thanks, @Thelonius for the reply, I found that it is actually available from `akka.http.scaladsl.server.directives.RouteDirectives` import. — Harmeet Singh Taara, Jun 19 '19 at 06:19

How can I create a custom directive for Akka-Http 2 by nesting existing Directives?

1 Answers1