REST API middleware

[marcioemiranda]

Is your feature request related to a problem? Please describe.
In previous projects working with API Proxy and Lambda I found myself reusing a lot of repetitive code by copy and pasting. Tasks such as:

• routing different paths to functions
• validating a body against a model
• HTTP status code handling, like 4XX for validation errors, 5XX for generic errors, 2XX for success
• CORS handling
• Handling common set of errors like ResourceNotFound (404), InvalidRequest (400)

This HTTP boilerplate code should be more streamlined to the developer.

PS: I am willing to take this feature with your guidance.

Describe the solution you'd like
A middleware decorator abstracting many of the HTTP boilerplate code.

Describe alternatives you've considered
The before part of the middleware could handle model validation.

The middleware could assume a default correlation id based on the API request id.

The routing part is being handled by a different ticket #325. Maybe the functionality described here could be part of the same class. It could also handle an invalid path (not able to map to a handler function)
If a model is associated with a resource, the routing functionality could provide the validated model to the function as an extra param (or instead of the usual lambda handler params).
PS: Usually we map one resource to a lambda function with different methods. For example a CRUD of an Order resource with GET, POST, PUT and DELETE all go to the same function. It is a general best practice to have lambda functions with a single responsibility, but this could also lead to hundreds of lambda functions. We try to find a balance between LambdaLyth and too many Lambda functions.

The exception handler could expect a set of predefined error classes, like InvalidRequest, ResourceNotFound, etc. These errors might be thrown by the lambda handler implementation (Resource not found) or by the middleware per se (Invalid request, model validation). The errors are mapped to HTTP requests.

The error handlers can add logs with additional metadata like the error name, status code, correlation_id, stack trace and any other data that could be relevant in CW Log Insights or other analytical process.

Any HTTP boilerplate like headers required by CORS are added by the code after execution or error handling. A CORS handling flag could be passed to the decorator.

Additional context

[michaelbrewer]

Some of these have been covered in a recent PR:

• feat(event-handler): add http ProxyEvent handler #369

[marcioemiranda]

Hello Michael. Thanks for the great work on the other PR. We would be happy to take the development of the missing pieces with your guidance. Let me know if that works. Cheers.

…

Em 28 de abr. de 2021, à(s) 13:52, Michael Brewer ***@***.***> escreveu:  Some of these have been covered in a recent PR: aws-powertools/powertools-lambda-python#369 — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[michaelbrewer]

@marcioemiranda - sure. I think we need to stabilize the api and UX for it, and then we can see how easy it would be to add the missing features. :)

[michaelbrewer]

@marcioemiranda v1.15.0 is out now, maybe play with this and see what is missing. From my initial discussions we might want to add:

• A standard set of exceptions (InternalServerError)
• A standard set of responses (NotFoundResponse)

[michaelbrewer]

@heitorlessa should i make a PR with some of the standard exception types like InternalServerError.

[heitorlessa]

Yes, absolutely! This will help a ton

…

On Thu, 17 Jun 2021 at 03:49, Michael Brewer ***@***.***> wrote: @heitorlessa <https://github.com/heitorlessa> should i make a PR with some of the standard exception types like InternalServerError. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <awslabs/aws-lambda-powertools-python#1175>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAZPQBFKBYOQSU64LNUIQULTTFIEJANCNFSM442RID2A> .

[michaelbrewer]

@heitorlessa i added a PR for the exception stuff

[marcioemiranda]

Hello Michael, I wonder if the APIGatewayResolver supports the validation feature. For example, validate a request body against a schema and, if invalid, throw a 400 error. If not I assume one would have to grab the request body from app.current_event and call the validation standalone function. Am I correct? Em seg., 5 de jul. de 2021 às 02:02, Michael Brewer < ***@***.***> escreveu:

…

@heitorlessa <https://github.com/heitorlessa> i added a PR for the exception stuff — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <awslabs/aws-lambda-powertools-python#1175>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AG62T2OE6VVON72SBIEOMZ3TWE4GRANCNFSM442RID2A> .

-- Atenciosamente, Marcio Miranda | Gerente de Desenvolvimento | ***@***.*** | +55 21 3535.9137 DRUID | Rio de Janeiro - RJ CEO Office | Avenida João Cabral de Mello Neto, Nº 850 - Bloco III - 4º Andar - Sala 302 | Barra da Tijuca | CEP 22.775-057 Tel - 55 21 3535.9136 | Fax - 55 21 3535.9145

[michaelbrewer]

Hello Michael,

I wonder if the APIGatewayResolver supports the validation feature.
For example, validate a request body against a schema and, if
invalid, throw a 400 error.
If not I assume one would have to grab the request body from
app.current_event and call the validation standalone function. Am I
correct?

Em seg., 5 de jul. de 2021 às 02:02, Michael Brewer <
@.***> escreveu:

@heitorlessa https://github.com/heitorlessa i added a PR for the
exception stuff

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1175>,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AG62T2OE6VVON72SBIEOMZ3TWE4GRANCNFSM442RID2A
.

--

Atenciosamente,

Marcio Miranda | Gerente de Desenvolvimento | @.*** |
+55 21 3535.9137

DRUID | Rio de Janeiro - RJ
CEO Office | Avenida João Cabral de Mello Neto, Nº 850 - Bloco III - 4º
Andar - Sala 302 | Barra da Tijuca | CEP 22.775-057
Tel - 55 21 3535.9136 | Fax - 55 21 3535.9145

That's right. You can cool the standalone validate util. Or use the decorator

[heitorlessa]

Update: all requested features launched except the Middleware piece tracked here: #953

We'll revisit it after we end our pause