Errormessage with invalid api key

bokamera · November 5, 2016, 5:16pm

Hi,
i have implemented a api key check in my servicestack but it only returns an HTTPError (401 Unauthorized, invalid API key).
But when running swagger to try the service out or just calling the api in the browser just returns an blank page.
Is it possible to return a ResponseStatus or ResponseError DTO instead?

For example this URL

http://testapi.bokamera.se/categories

My API key check looks like this

  public void Verify(IRequest req, IResponse res, object dto)
    {
        if (req.PathInfo.StartsWith("/resource") || req.PathInfo.StartsWith("/postman") ||
            req.PathInfo.StartsWith("/metadata") || req.PathInfo.StartsWith("/types"))
            return;

        
        var apiKey = req.Headers["x-api-key"];
        if (!IsValid(req.UserHostAddress,apiKey))
        {
            res.StatusCode = (int)HttpStatusCode.Unauthorized;
            res.StatusDescription = "Unauthorized, invalid API Key";
            res.EndRequest();

            //throw HttpError.Unauthorized("Unauthorized, invalid API Key");
        }


    }

Thanks!

mythz · November 5, 2016, 6:05pm

This is your own Custom error handling where you’re short-circuiting the Response without writing a body, so you’re getting the expected (i.e. empty) response body.

Have a look at the WriteError* extension methods off IResponse that lets you write a body.

bokamera · November 6, 2016, 4:34pm

Hi mythz,

thanks for your reply.
I tried that one but got an Null pointer exception

 public void Verify(IRequest req, IResponse res, object dto)
    {
        if (req.PathInfo.StartsWith("/resource") || req.PathInfo.StartsWith("/postman") ||
            req.PathInfo.StartsWith("/metadata") || req.PathInfo.StartsWith("/types"))
            return;

        
        var apiKey = req.Headers["x-api-key"];
        if (!IsValid(req.UserHostAddress,apiKey))
        {
            res.StatusCode = (int)HttpStatusCode.Unauthorized;
            res.StatusDescription = "Unauthorized, invalid API Key";
            
            //This works
            res.WriteErrorToResponse(req, req.ContentType,"", "Unauthorized, invalid API Key", new Exception("Unauthorized, invalid API Key"), 401);
            
            //This doesnt work (Null pointer exceptions)
            res.WriteError(req, dto, "Unauthorized, invalid API Key");
            res.EndRequest();
            //throw HttpError.Unauthorized("Unauthorized, invalid API Key");
        }


    }

mythz · November 6, 2016, 4:37pm

Ok? but where, what’s the StackTrace?

bokamera · November 6, 2016, 5:55pm

Sorry,
here it is:

Stack Trace at ServiceStack.HttpRequestExtensions.ToErrorCode(Exception ex) at ServiceStack.HttpResponseExtensionsInternal.ToErrorResponse(Exception ex) at ServiceStack.HttpResponseExtensionsInternal.WriteErrorToResponse(IResponse httpRes, IRequest httpReq, String contentType, String operationName, String errorMessage, Exception ex, Int32 statusCode) at ServiceStack.HttpResponseExtensionsInternal.WriteError(IResponse httpRes, IRequest httpReq, Object dto, String errorMessage) at BokaMera.API.ServiceInterface.Requestfilters.ApiKeyRequestFilter.Verify(IRequest req, IResponse res, Object dto) in C:\BokaMera API\api\BokaMera.API.ServiceInterface\Requestfilters\ApiKeyRequestFilter.cs:line 44 at ServiceStack.ServiceStackHost.ApplyRequestFiltersSingle(IRequest req, IResponse res, Object requestDto) at ServiceStack.ServiceStackHost.ApplyRequestFilters(IRequest req, IResponse res, Object requestDto) at ServiceStack.Host.RestHandler.ProcessRequestAsync(IRequest httpReq, IResponse httpRes, String operationName)

mythz · November 6, 2016, 6:25pm

ok thanks, should be resolved with this commit on next release.

bokamera · November 6, 2016, 8:35pm

Thx Mythz!
I will check for the next release.

mythz · November 6, 2016, 8:51pm

It’s available on MyGet now if you need it.