search

feathersjs-ecosystem / feathers-swagger

Add documentation to your FeatherJS services and feed them to Swagger UI.
MIT License
226 stars 63 forks source link

The JWT auth is not sending Auth(Bearer key) in the header #222

Closed VAIMORSS closed 3 years ago

VAIMORSS commented 3 years ago

Hello there,

I am trying to implement the JWT auth with feathers-swagger, but it is not setting the Authorization tag in the header.

I have tried to follow the example in the repo but even in the example when I tried GET requests I could not see any API_KEY or Authorization keys in the Header of the requests.

Is it an issue or I am missing anything?

I am using this module with feathers generate app

here is my config object

swagger({
  uiIndex: true,
  specs: {
    info: {
      title: 'A test',
      description: 'An example using security definitions',
      version: '1.0.0'
    },
    securityDefinitions: {
      BasicAuth: {
        type: 'basic'
      },
      ApiKeyAuth: {
        type: 'apiKey',
        in: 'header',
        name: 'X-API-Key'
      }
    },
    security: [
      { ApiKeyAuth: [] }
    ]
  },
})

I have also tried

swagger({
    openApiVersion: 3,
    uiIndex: true,
    specs: {
      info: {
        title: 'A test',
        description: 'An example using security definitions and swagger ui plugin.' +
          ' The valid credentials for BearerAuth in this example are `user` with password `secret`.',
        version: '1.0.0'
      },
      components: {
        securitySchemes: {
          BasicAuth: {
            type: 'http',
            scheme: 'basic'
          },
          BearerAuth: {
            type: 'http',
            scheme: 'bearer'
          }
        }
      },
      security: [
        { BearerAuth: [] }
      ]
    }
Mairu commented 3 years ago

Hi, you have to also set the security option for the specific methods you want to use it for (or use 'all' instead).

Referring to the example: https://github.com/feathersjs-ecosystem/feathers-swagger/blob/master/example/openapi-v3/security.js#L46. You could also add like shown in https://github.com/feathersjs-ecosystem/feathers-swagger/blob/master/example/openapi-v3/security.js#L50

For the first example, you would need to change name to Authorization for the header, but I would always suggest du use version 3 of the openAPI format.

VAIMORSS commented 3 years ago

Hyy Sorry for the confusion but I am having issue with setting security with specific endpoint, here is what my specifications look like

usersService.docs = {
  description: 'A service to send and receive messages',
  definitions: {
    users: {
      title: 'users',
      type: 'object',
      required: [
        'text'
      ],
      properties: {
        email: {
          type: 'string',
          description: 'The message text'
        },
        password: {
          type: 'string',
          description: 'The id of the user that send the message'
        }
      }
    },
    users_list: {
      title: 'List of users',
      type: 'array',
      items: {
        $ref: `#/definitions/users`
      }
    }
  },
  securities: ['create', 'update', 'patch', 'remove', 'get'],
  operations: {
    find: {
      security: [
        { BasicAuth: [] }
      ]
    }
  }
};

app.configure(swagger({
  uiIndex: true,
  specs: {
    info: {
      title: 'A test',
      description: 'An example using security definitions',
      version: '1.0.0'
    },
    securityDefinitions: {
      BasicAuth: {
        type: 'basic'
      },
      ApiKeyAuth: {
        type: 'apiKey',
        in: 'header',
        name: 'X-API-Key'
      }
    },
    security: [
      { ApiKeyAuth: [] }
    ]
  },
  include: {
    paths: ["users", "authentication"]
  },

}))

app.use("users", usersService);

The main problem is when I define the usersService with users it is not showing the lock icons on any of the users tabs, but if I change that users to something different like "tusers", "/n/users"! The auth lock is showing there but then the endpoint wil be different and in result 404.

Mairu commented 3 years ago

As you use the include option, it is strange that other paths should be available, if you have not configured them. But it should have nothing to do with the securities thing.

Could it be that the service is registered multiple times and the first version with the docs parameter is overwritten?

If you could provide a repository with the code to reproduce the problem, I could try to see what is wrong.

VAIMORSS commented 3 years ago

Thanks for your quick responses! I am trying it on directly generated app via feathers generate app. Still if you need repo please let me know

VAIMORSS commented 3 years ago

I figured it out, we have to configure the swagger minimum after the sequelize is configured, but then it is creating another problem!

authentication endpoint it self ask for valid authentication!

Mairu commented 3 years ago

authentication endpoint it self ask for valid authentication!

What do you mean by that, it requires the values the auth strategy requires to authenticate.

I have a simple test repository where I checked the authentication thing, and it is working as expected.

https://github.com/Mairu/feathersjs-swagger-tests

To check it you have to create a user first.

You could add a data/users.db file with the contents

{"email":"a@b.de","password":"$2a$13$9XGBgG1VVspqo6m31x5WaemN24honTtUcj02l7bDC3sWbEpxHpUNK","_id":"v5c3x3q0tHzaBon1"}
{"$$indexCreated":{"fieldName":"email","unique":true,"sparse":false}}

to have a user with a@b.de with password 123456.

VAIMORSS commented 3 years ago

Cannot figure out why the feathers-swagger was breaking authentication endpoint. Moved to express-ui-swaggeer