search

airtasker / spot

Spot is a concise, developer-friendly way to describe your API contract.
Other
555 stars 38 forks source link

How to cancel security on specific page - OAPI3 #1169

Open pilotak opened 3 years ago

pilotak commented 3 years ago

When setting up global security, all pages require to be authorized. But i don't want such a feature on login page. How can i disable it on a specific page?

@endpoint({
  method: 'POST',
  path: '/login',
})
class Login {
  @response({ status: 200 })
  successResponse(@body body: Response) {}
}

@api({ name: 'test', version: '0.0.1' })
class Api {
  @securityHeader
  'security-header': string;
}

output should be 

paths:
  /login:
    post:
      operationId: Login
      security: [] # no auth needed
      responses:
        '200':
          ...
jankuca commented 3 years ago

Personally, I have a post-processing script which adds "security": [] to endpoints with a specific tag.

pilotak commented 3 years ago

I was thinking about that too, but this should be built in. As well as ability to change the type of security to ie. Bearer or set more types of security (as seen in feature request)

This is perfect plugin if you don't need security features, unfortunately