search

cloudflare / chanfana

OpenAPI 3 and 3.1 schema generator and validator for Hono, itty-router and more!
https://chanfana.pages.dev
MIT License
288 stars 38 forks source link

Security on nested routers #53

Open ghost opened 1 year ago

ghost commented 1 year ago

Reading the Swagger Bearer Authentication documentation, it is possible to add security globally, or on a specific route or routes (e.g. in the /private routes in the below screenshot.)

This doesn't appear to apply to a nested router such as the Secure section below. This nested router includes the security configuration as part of the schema but is seemingly ignored as no lock appears on the route, nor is security listed in the openapi.json for those routes (unlike the /private routes.)

Is (the inability of) applying security to all routes inside a nested router a limitation of itty-router-openapi, OpenAPI itself, or am I perhaps going about this the wrong way?

Repository: https://github.com/jasiqli/itty-openapi-security-test

docs-page

G4brym commented 1 year ago

Hey @jasiqli thanks for submitting this bug report, we are planning a big upgrade and will make sure to include this