securityDefinitions - Githubissues

pyeve / eve-swagger

Swagger extension for Eve-powered RESTful APIs

http://python-eve.org

Other

154 stars 43 forks source link

securityDefinitions #42

Closed sshellabarger closed 6 years ago

sshellabarger commented 7 years ago

When will eve-swagger support securityDefinitions?

marceljanerfont commented 7 years ago

Hello, I have coded 'security' support in a local branch and it works, at least in my scenario. I'm wondering if this feature will be officially included or it's better I do a 'pull request' of my approach:

Given an authentication class used in Eve:

class MyTokenAuth(TokenAuth):

I define the swagger securityDefinitions:

app = Eve(auth=MyTokenAuth())
app.config['SWAGGER_SECURITY_DEFINITIONS'] = {
    "MyTokenAuth": {
        "type": "apiKey",
        "name": "Access-Token",
        "in": "header"
    }
}

Then, all Eve resources and items methods will have the swagger specification 'security':

"security": [
    {
        "MyTokenAuth": []
    }
]

Tell me if a pull request of this approach is wanted, in that case I will prepare documentation and tests.

marceljanerfont commented 7 years ago

Actually, there is another approach using 'eve_swagger.add_documentation()'. Therefore is not necessary touch any eve-swagger source code.

Here it is:

app = Eve(auth=MyTokenAuth())

####################################################################
# Add security documentation
eve_swagger.add_documentation({'securityDefinitions': {
    "MyTokenAuth": {
        "type": "apiKey",
        "name": "Access-Token",
        "in": "header"
    }
}})
# iterate over all resources and items and add security
for resource, rd in app.config['DOMAIN'].items():
    if (rd.get('disable_documentation')
            or resource.endswith('_versions')):
        continue

    methods = rd['resource_methods']
    url = '/%s' % rd['url']
    for method in methods:
        eve_swagger.add_documentation({'paths': {url: {method.lower(): {"security": [{"MyTokenAuth": []}]}}}})

    methods = rd['item_methods']
    item_id = '%sId' % rd['item_title'].lower()
    url = '/%s/{%s}' % (rd['url'], item_id)
    for method in methods:
        eve_swagger.add_documentation({'paths': {url: {method.lower(): {"security": [{"MyTokenAuth": []}]}}}})
####################################################################

domeniconappo commented 7 years ago

@marceljanerfont so this scenario works only for global auth definition and not at resource/operation level. Thanks BTW!

Would be nice to code a full solution :) swagger seems to support operation security definition but not sure how it's implemented and how it looks in Swagger UI.

stale[bot] commented 6 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.