Request: offer a way to validate `get_media()` as part of decoding the stream data to Python about falcon HOT 7 OPEN

However, this introduces indeterminate return types for get_media() based on whatever the custom Handler may be doing, which arguably is even less desirable than needing to rely on a Middleware-defined property.

I don't think this is a particular issue, since the multipart handler does returns a custom object https://falcon.readthedocs.io/en/stable/api/multipart.html

As media is cached upon first access, another middleware component that runs earlier might even bypass validation if we added kwargs that control representation per the above suggestion.

this is the biggest problem I see of such a solution.

I considered allowing get_media() to pass arbitrary keyword-arguments through to the handler (which would allow something like req.get_media(type=schema_class) within the view logic itself to pass a msgspec schema straight through to a custom Handler class)

I think if we were to go with this system then we get_media should have a kwarg that's passed as kwarg to the handler. so this example would be something like req.get_media(handler_kwargs=dict(type=schema_class))

from falcon.

Thanks for the discussion on Gitter, and taking time to write down a very nice summary here!

I don't know what the best way is either, but I agree it would be nice to streamline this scenario.
Adding kwargs to req.get_media() might be problematic since the current kwargs do not alter the way media is deserialized as they only control the behaviour wrt missing media, i.e., the caller can implement the same effect by catching exceptions without having any other prior knowledge.
As media is cached upon first access, another middleware component that runs earlier might even bypass validation if we added kwargs that control representation per the above suggestion.

from falcon.

@CaselIT how would kwargs help in the case of cached media? Or would we buffer the stream somehow, and invalidate upon different kwargs?

from falcon.

They would be used only when first calling get_media.
I don't think it's a good change to replace caching that we have in place

from falcon.

Honestly it would not make for a great api since this would be allowed

a_foo = req.get_media(handler_kwargs=dict(type=Foo))
user_wants_a_bar_but_gets_a_foo = req.get_media(handler_kwargs=dict(type=Bar))

Of course this is an edge case that's unlikely to be realistic, but it's still not great.

I honestly don't know how to make it better

from falcon.

Agreed, I don't think it is easy to incorporate this into the current API.

We could make broader changes to the framework to afford this scenario, but that of course requires more thought. Options include:

• Add a new schema (or validator or similar) kwarg to the deserialization interface, that the framework would pass itself. It could be optionally set by add_route() (like suffix), or maybe even automagically by attaching an OAS schema to the App? (The latter sounds too complex, maybe better suited for an add-on?) We only support decorator-based jsonschema validation atm, but we could think of a centralized approach too, like middleware vs hooks (current validation is like hooks).
• Variations of the above, the generalized idea is to pass more contextual information from req than just content_type and content_length.
• Change how caching works, and allow repeated deserialization with different params. This is probably not a very bright idea, since one might end up caching similar data twice, as seen in some other framework. Also breaks Falcon's philosophy that no buffering is performed behind the user's back.
• What else?

from falcon.

What else?

I don't know if this makes much sense, but one option that comes to mind is that instead of having get_media() pass kwargs through in some way, there could be some officially-sanctioned method for setting the media cache explicitly in the instance that multiple layers might be trying to access the stream/get_media. Not sure of the performance implications, but you might have a signature like:

def set_media_cache(cached: Union[dict, Object, Callable])

If you pass in a dict or other object, it just gets assigned to the media cache, and returned next time anything calls get_media(). If you pass in a callable, it gets executed (and the results stored in the cache) the next time get_media() is called.

So my middleware that wants to validate the stream might do something like:

try:
    validated_media = msgspec.json.decode(req.stream.read(), type=schema)
    req.set_media_cache(partial(msgspec.structs.todict, validated_media)
except WhateverGetsThrownWhenStreamIsAlreadyConsumed:
    validated_media = msgspec.convert(req.get_media(), type=schema)

req.context.validated_media = validated_media

from falcon.