1

I am trying to write a directive that rejects non-ajax requests. The code below doesn't work obviously:

import akka.http.scaladsl.model.HttpHeader
import akka.http.scaladsl.server.Directive0
import akka.http.scaladsl.server.directives.BasicDirectives
import akka.http.scaladsl.server.directives.HeaderDirectives
import akka.http.scaladsl.server.directives.RouteDirectives

trait AjaxDirectives extends BasicDirectives with HeaderDirectives with RouteDirectives {
  private val valid = "XMLHttpRequest"

  def ajax(): Directive0 = {
    headerValueByName("X-Requested-With") { header ⇒
      if (header == valid) {
        pass
      } else {
        reject
      }
    }
  }
}

(2 problems here: pass is Directive0 & headerValueByName is Directive1, and headerValueByName is Directive1 & ajax is Directive0. So it does not compile)

My question is: can I somehow have a locally scoped extract? As in, header doesn't escape ajax.

I know I can access the request to pull the header out, without using headerValue*, so please don't answer with that.

muhuk
  • 15,777
  • 9
  • 59
  • 98

1 Answers1

1

Reading SecurityDirectives.authorizeAsync gave me the answer:

import akka.http.scaladsl.model.HttpHeader
import akka.http.scaladsl.server.Directive0
import akka.http.scaladsl.server.directives.BasicDirectives
import akka.http.scaladsl.server.directives.HeaderDirectives
import akka.http.scaladsl.server.directives.RouteDirectives

trait AjaxDirectives extends BasicDirectives with HeaderDirectives with RouteDirectives {
  private val headerName = "X-Requested-With"
  private val valid = "XMLHttpRequest"

  def ajax(): Directive0 = {
    headerValueByName(headerName).flatMap { header ⇒
      if (header == valid) {
        pass
      } else {
        reject
      }
    }
  }
}
muhuk
  • 15,777
  • 9
  • 59
  • 98