Add support for customizable SecurityDefinitions

ServiceStack · Jan 24, 2019 · d5c478f · d5c478f
1 parent 2fed882
commit d5c478f
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 5 deletions.
diff --git a/src/ServiceStack.Api.OpenApi/OpenApiFeature.cs b/src/ServiceStack.Api.OpenApi/OpenApiFeature.cs
@@ -1,9 +1,11 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Text.RegularExpressions;
 using ServiceStack.Host.Handlers;
 using ServiceStack.IO;
 using ServiceStack.Api.OpenApi.Specification;
+using ServiceStack.Auth;
 
 namespace ServiceStack.Api.OpenApi
 {
@@ -43,6 +45,40 @@ public class OpenApiFeature : IPlugin, IPreInitPlugin
 
         public bool DisableSwaggerUI { get; set; }
 
+        public Dictionary<string, OpenApiSecuritySchema> SecurityDefinitions { get; set; }
+
+        public Dictionary<string, List<string>> OperationSecurity { get; set; }
+
+        public bool UseBearerSecurity
+        {
+            set
+            {
+                SecurityDefinitions = new Dictionary<string, OpenApiSecuritySchema> {
+                    { "Bearer", new OpenApiSecuritySchema {
+                        Type = "apiKey",
+                        Name = "Authorization",
+                        In = "header",
+                    } }
+                };
+                OperationSecurity = new Dictionary<string, List<string>> {
+                    { "Bearer", new List<string>() }
+                };
+            }
+        }
+
+        public bool UseBasicSecurity
+        {
+            set
+            {
+                SecurityDefinitions = new Dictionary<string, OpenApiSecuritySchema> {
+                    { "basic", new OpenApiSecuritySchema { Type = "basic" } }
+                };
+                OperationSecurity = new Dictionary<string, List<string>> {
+                    { "basic", new List<string>() }
+                };
+            }
+        }
+
         public OpenApiFeature()
         {
             Tags = new List<OpenApiTag>();
@@ -60,6 +96,16 @@ public void Register(IAppHost appHost)
             if (ResourceFilterPattern != null)
                 OpenApiService.resourceFilterRegex = new Regex(ResourceFilterPattern, RegexOptions.Compiled);
 
+            if (SecurityDefinitions == null && OperationSecurity == null)
+            {
+                var useBasicAuth = appHost.GetPlugin<AuthFeature>()?.AuthProviders
+                   ?.Any(x => x.Provider == AuthenticateService.BasicProvider) == true;
+                if (!useBasicAuth)
+                    UseBearerSecurity = true;
+                else
+                    UseBasicSecurity = true;
+            }
+
             OpenApiService.UseCamelCaseSchemaPropertyNames = UseCamelCaseSchemaPropertyNames;
             OpenApiService.UseLowercaseUnderscoreSchemaPropertyNames = UseLowercaseUnderscoreSchemaPropertyNames;
             OpenApiService.DisableAutoDtoInBodyParam = DisableAutoDtoInBodyParam;
@@ -69,6 +115,8 @@ public void Register(IAppHost appHost)
             OpenApiService.SchemaPropertyFilter = SchemaPropertyFilter;
             OpenApiService.AnyRouteVerbs = AnyRouteVerbs.ToArray();
             OpenApiService.InlineSchemaTypesInNamespaces = InlineSchemaTypesInNamespaces.ToArray();
+            OpenApiService.SecurityDefinitions = SecurityDefinitions;
+            OpenApiService.OperationSecurity = OperationSecurity;
 
             appHost.RegisterService(typeof(OpenApiService), "/openapi");
 

diff --git a/src/ServiceStack.Api.OpenApi/OpenApiService.cs b/src/ServiceStack.Api.OpenApi/OpenApiService.cs
@@ -40,6 +40,9 @@ public class OpenApiService : Service
         internal static Action<OpenApiProperty> SchemaPropertyFilter { get; set; }
         internal static string[] AnyRouteVerbs { get; set; }
         internal static string[] InlineSchemaTypesInNamespaces { get; set; }
+
+        public static Dictionary<string, OpenApiSecuritySchema> SecurityDefinitions { get; set; }
+        public static Dictionary<string, List<string>> OperationSecurity { get; set; }
 
         public object Get(OpenApiSpecification request)
         {
@@ -86,7 +89,7 @@ public object Get(OpenApiSpecification request)
                 Definitions = definitions.Where(x => !SchemaIdToClrType.ContainsKey(x.Key) || !IsInlineSchema(SchemaIdToClrType[x.Key])).ToDictionary(x => x.Key, x => x.Value),
                 Tags = tags.Values.OrderBy(x => x.Name).ToList(),
                 Parameters = new Dictionary<string, OpenApiParameter> { { "Accept", GetAcceptHeaderParameter() } },
-                SecurityDefinitions = new Dictionary<string, OpenApiSecuritySchema> { { "basic", new OpenApiSecuritySchema { Type = "basic" } } }
+                SecurityDefinitions = SecurityDefinitions,                
             };
 
             if (OperationFilter != null)
@@ -732,10 +735,7 @@ private OpenApiSchema GetSchemaForResponseType(Type schemaType, IDictionary<stri
                         Tags = userTags.Count > 0 ? userTags : GetTags(restPath.Path),
                         Deprecated = requestType.HasAttribute<ObsoleteAttribute>(),
                         Security = needAuth ? new List<Dictionary<string, List<string>>> {
-                            new Dictionary<string, List<string>>
-                            {
-                                { "basic", new List<string>() }
-                            }
+                            OperationSecurity
                         } : null
                     };