search

enzonotario / vitepress-openapi

Generate VitePress API Docs from OpenAPI specifications
https://vitepress-openapi.vercel.app
MIT License
36 stars 8 forks source link

securitySchemes should only be applied to routes that require it #36

Closed addshore closed 3 weeks ago

addshore commented 3 weeks ago

My rendered component looks something like this

image

However the define route doesnt require authentication

    "/users/login": {
      "post": {
        "description": "lalala.",
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/LoginRequest"
              }
            }
          },
          "description": "Login",
          "required": true
        },
        "responses": {
          "200": {
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/LoginResponse"
                }
              }
            },
            "description": "OK"
          },
        },
        "summary": "Login",
        "tags": [
          "users"
        ]
      }
    },

Other endpoints do specify it as a requirement

        "security": [
          {
            "ApiKeyAuth": []
          }
        ],

And it is defined as a schema in the spec

    "securitySchemes": {
      "ApiKeyAuth": {
        "in": "header",
        "name": "Authorization",
        "type": "apiKey"
      }
    }

But it should not be rendered by default unless they are deinfed in a top level security section

See https://swagger.io/docs/specification/authentication/ Step 2.

enzonotario commented 3 weeks ago

Yes, it was applied globally. Fixed now. Thanks!