feat(api): security configuration for endpoints #81
Description
Summary
Configure authentication requirements for API endpoints.
Parent Issue
Part of #75
Syntax
Entity-level default
#[entity(api(
security = "bearer", // Default for all endpoints
public = [Register, Login], // Exceptions (no auth required)
))]Command-level override
#[command(AdminDelete, security = "admin")] // Requires admin role
#[command(PublicList, security = "none")] // No authSecurity Schemes
// In OpenApi derive
security_schemes(
("bearer" = (ty = "http", scheme = "bearer", bearer_format = "JWT")),
("api_key" = (ty = "apiKey", in = "header", name = "X-API-Key")),
("admin" = (ty = "http", scheme = "bearer", bearer_format = "JWT")),
)Generated Code
#[utoipa::path(
// ...
security(
("bearer" = [])
),
)]
async fn update_user(...) { ... }
#[utoipa::path(
// ... no security for public endpoints
)]
async fn register_user(...) { ... }Implementation
- Parse security attributes
- Generate security requirements per endpoint
- Support predefined schemes: bearer, api_key, oauth2
Files to Modify
crates/entity-derive-impl/src/entity/parse.rscrates/entity-derive-impl/src/entity/api.rs