Skip to content

feat: add request body access to security handlers#10

Merged
eropple merged 3 commits intomainfrom
ed/security-body-access
Jan 15, 2026
Merged

feat: add request body access to security handlers#10
eropple merged 3 commits intomainfrom
ed/security-body-access

Conversation

@eropple
Copy link
Owner

@eropple eropple commented Jan 15, 2026

Summary

  • Move security handlers from onRequest to preValidation hook, enabling access to parsed request bodies
  • Add requiresParsedBody option to security schemes - when true, handlers receive a context parameter with the parsed body
  • Backward compatible: existing handlers work unchanged (context is undefined when not requested)

Changes

  • Hook migration: Security handlers now run in preValidation instead of onRequest
  • New types: SecurityHandlerContext with body: unknown, optional requiresParsedBody on all scheme types
  • Handler updates: All three handler builders (buildApiKeyHandler, buildHttpBasicHandler, buildHttpBearerHandler) pass context when requested
  • Documentation: Added comprehensive autowired security section to README

Test plan

  • All 62 existing tests pass (no regressions from hook change)
  • 9 new tests for requiresParsedBody feature:
    • Body access for API Key, HTTP Bearer, HTTP Basic schemes
    • Combined with passNullIfNoneProvided
    • AND/OR security logic with body-aware handlers
    • Verification that requiresParsedBody is stripped from OpenAPI doc

@eropple
feat: add request body access to security handlers
d0b6f56 
- Move security handlers from onRequest to preValidation hook
- Add SecurityHandlerContext type and requiresParsedBody option
- Security handlers can now access parsed request body when needed
- Add comprehensive tests for body access feature
- Add autowired security documentation to README
@eropple
style: fix prettier formatting
3c4dee0
@eropple
feat: add raw body access documentation and test
94a6d65 
- Add fastify-raw-body as dev dependency
- Add test demonstrating signature validation with raw body
- Document raw body access pattern in README
- Add CLAUDE.md with project conventions (use pnpm)
@eropple eropple merged commit 7f62436 into main Jan 15, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eropple