search

honojs / middleware

monorepo for Hono third-party middleware/helpers/wrappers
https://hono.dev
481 stars 175 forks source link

Authorization Header Not Working with Swagger in Hono/Zod-OpenAPI #369

Open ercumentlacin opened 10 months ago

ercumentlacin commented 10 months ago

Hello Hono/Zod-OpenAPI Team,

I'm encountering an issue with Swagger integration in a route I defined using Hono/Zod-OpenAPI. Specifically, I'm unable to send the "Authorization" header through Swagger's interface. Here's a brief overview of the problem:

Issue Description:

I've defined a route in my Hono application and used Zod-OpenAPI to generate the Swagger documentation.
When I try to send a request with an "Authorization" header through Swagger UI, it seems like the header is not included in the request.
This issue is preventing me from testing secured endpoints directly from the Swagger UI.

Steps to Reproduce:

Define a route in Hono using Zod-OpenAPI.
Add an "Authorization" header requirement in the OpenAPI specification.
Attempt to send a request with the "Authorization" header through Swagger UI.

Expected Behavior:

The "Authorization" header should be included in the request, and the endpoint should recognize and validate it.

Actual Behavior:

The "Authorization" header appears to be missing or not sent in the request made from Swagger UI.

Environment:

Hono version: ^3.12.8
Zod-OpenAPI version: ^0.9.6
Node.js version: v20.8.1

For your reference, here is the link to the relevant part of my code in my GitHub repository: My Project Code.

I would appreciate any guidance or suggestions on how to resolve this issue. Is this a known problem, or am I missing something in my configuration? Any help would be greatly appreciated.

Thank you for your time and assistance.

Best regards,

Screenshot 2024-01-30 at 12 20 26 Screenshot 2024-01-30 at 12 21 05
yusukebe commented 10 months ago

Hi.

@sor4chi Can you handle this issue?

sor4chi commented 10 months ago

Hi @ercumentlacin

Did you try this "Tips" section written in @hono/zod-openapi? https://github.com/honojs/middleware/blob/main/packages/zod-openapi/README.md#tips

I didn't find it in your code.

You may find this issue helpful. https://github.com/honojs/middleware/issues/261

However, there are so many Bearer authentication-related issues in the Hono Swagger UI that I'm going to have to somehow devise a place to write them. cc: @yusukebe

ercumentlacin commented 10 months ago

Hi @ercumentlacin

Did you try this "Tips" section written in @hono/zod-openapi? https://github.com/honojs/middleware/blob/main/packages/zod-openapi/README.md#tips

I didn't find it in your code.

You may find this issue helpful. #261

However, there are so many Bearer authentication-related issues in the Hono Swagger UI that I'm going to have to somehow devise a place to write them. cc: @yusukebe

Yes id did https://github.com/ercumentlacin/hono-todo/blob/c3298d0f1a6910d0e6ebb83d9aa1cd8ba3e3786a/src/modules/users/app.ts#L24

I looked at the issue you mentioned but it didn't solve my problem.

I wrote the following code to solve my problem and it worked but I don't think this is the right way

export const userApp = new OpenAPIHono({});

userApp.use(userUpdateByIdRoute.path, (c, next) => {
    const authToken = c.req.header("authorization");
    c.header("authorization", authToken);
    return next();
});

// thats works
userApp.openapi(userUpdateByIdRoute, async (c) => {
    console.log(c.req.raw.headers);

    const { id } = c.req.valid("param");
    const input = c.req.valid("json");
    const header = c.req.valid("header");

    const json = await updateUserByIdService({ id, input });

    return c.json(json, StatusCodes.OK);
});
sor4chi commented 10 months ago

To begin with, when Swagger does Bearer Auth, it is supposed to work by setting the Bearer Token from the Authorization button in the upper right corner of the Swagger UI and then Execute Request in that state, but is it supposed to set the Header in the Field?