Implicit discovery session authorization using Request context variable

[byewokko]

Summary

• asab.web.WebContainer stores every incoming request in asab.contextvars.Request.
• DiscoveryService.session now uses the Authorization header from the Request context by default, so it is no longer necessary to specify auth=request.

Usage

# In web handler
async def assign_ticket_to_user(self, request):
	ticket_id = request.match_info["ticket_id"]
	user_id = request.match_info["user_id"]
	await self.TicketService.assign_ticket(ticket_id, user_id)

# In TicketService
async def assign_ticket(self, ticket_id, user_id):
	await self.Storage.put(ticket_id, user_id)

	# Notify user about ticket using emailing microservice
	# NOTE that request does not have to be passed as argument to the session method;
	#   the authorization is passed on automatically.
	async with self.DiscoveryService.session(base_url="http://email-microservice.service_id.asab") as session:
		async with session.put("/send", json={"message": "You have been assigned a ticket.", ...}) as resp:
			...

[byewokko]

i'm not sure if asab.web.container is the right place for this piece of code

[PremyslCerny]

Why is that needed?

[byewokko]

at the moment mostly because of DiscoveryService.session(). most discovery session calls are (or soon will need to be) authorized which means you have to pass the authorization from the incoming request to the outgoing request.

instead of requiring devs to always pass on the request object (like DiscoveryService.session(auth=request)), it can be taken automatically from the context variable and used as the default auth value.

also, HTTP request objects should not be passed from the handler layer to the service layer. it makes sense to treat the request like a context variable.

[language-shprt]

I am already using this :)

[PremyslCerny]

Seems ok, but I really now cannot image a use case.