mirror of
https://github.com/ditkrg/rswag.git
synced 2026-01-22 22:06:43 +00:00
fix: Scope auth to swagger endpoints
This commit is contained in:
Austin Kabiru
parent
875bbfa04b
commit
529cfae73e
@ -1,4 +1,5 @@
|
||||
require 'ostruct'
|
||||
require 'rack'
|
||||
|
||||
module Rswag
|
||||
module Ui
|
||||
|
||||
@ -1,5 +1,29 @@
|
||||
require 'rswag/ui/middleware'
|
||||
|
||||
class UiBasicAuth < ::Rack::Auth::Basic
|
||||
def call(env)
|
||||
return @app.call(env) unless env_matching_path
|
||||
|
||||
super(env)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def env_matching_path
|
||||
swagger_endpoints = Rswag::Ui.config.swagger_endpoints[:urls]
|
||||
swagger_endpoints.find do |endpoint|
|
||||
base_path = base_path(endpoint[:url])
|
||||
env_base_path = base_path(env['PATH_INFO'])
|
||||
|
||||
base_path == env_base_path
|
||||
end
|
||||
end
|
||||
|
||||
def base_path(url)
|
||||
url.downcase.split('/')[1]
|
||||
end
|
||||
end
|
||||
|
||||
module Rswag
|
||||
module Ui
|
||||
class Engine < ::Rails::Engine
|
||||
@ -10,7 +34,7 @@ module Rswag
|
||||
|
||||
if Rswag::Ui.config.basic_auth_enabled
|
||||
c = Rswag::Ui.config
|
||||
app.middleware.use ::Rack::Auth::Basic do |username, password|
|
||||
app.middleware.use UiBasicAuth do |username, password|
|
||||
c.config_object[:basic_auth].values == [username, password]
|
||||
end
|
||||
end
|
||||
|
||||
@ -1,4 +1,6 @@
|
||||
require 'spec_helper'
|
||||
require 'rswag/ui/configuration'
|
||||
|
||||
require_relative '../../spec_helper'
|
||||
|
||||
RSpec.describe Rswag::Ui::Configuration do
|
||||
describe '#swagger_endpoints'
|
||||
@ -40,7 +42,7 @@ RSpec.describe Rswag::Ui::Configuration do
|
||||
it 'sets the username and password' do
|
||||
configuration = described_class.new
|
||||
configuration.basic_auth_credentials 'foo', 'bar'
|
||||
credentials = configuration.config_object[:basic_aut]
|
||||
credentials = configuration.config_object[:basic_auth]
|
||||
|
||||
expect(credentials).to eq(username: 'foo', password: 'bar')
|
||||
end
|
||||
|
||||
@ -1,16 +1,100 @@
|
||||
require 'bundler/setup'
|
||||
|
||||
require 'rack'
|
||||
require 'rswag/ui/configuration'
|
||||
|
||||
# This file was generated by the `rspec --init` command. Conventionally, all
|
||||
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
||||
# The generated `.rspec` file contains `--require spec_helper` which will cause
|
||||
# this file to always be loaded, without a need to explicitly require it in any
|
||||
# files.
|
||||
#
|
||||
# Given that it is always loaded, you are encouraged to keep this file as
|
||||
# light-weight as possible. Requiring heavyweight dependencies from this file
|
||||
# will add to the boot time of your test suite on EVERY test run, even for an
|
||||
# individual file that may not need all of that loaded. Instead, consider making
|
||||
# a separate helper file that requires the additional dependencies and performs
|
||||
# the additional setup, and require it from the spec files that actually need
|
||||
# it.
|
||||
#
|
||||
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
||||
RSpec.configure do |config|
|
||||
# Enable flags like --only-failures and --next-failure
|
||||
config.example_status_persistence_file_path = ".rspec_status"
|
||||
# rspec-expectations config goes here. You can use an alternate
|
||||
# assertion/expectation library such as wrong or the stdlib/minitest
|
||||
# assertions if you prefer.
|
||||
config.expect_with :rspec do |expectations|
|
||||
# This option will default to `true` in RSpec 4. It makes the `description`
|
||||
# and `failure_message` of custom matchers include text for helper methods
|
||||
# defined using `chain`, e.g.:
|
||||
# be_bigger_than(2).and_smaller_than(4).description
|
||||
# # => "be bigger than 2 and smaller than 4"
|
||||
# ...rather than:
|
||||
# # => "be bigger than 2"
|
||||
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
||||
end
|
||||
|
||||
# Disable RSpec exposing methods globally on `Module` and `main`
|
||||
# rspec-mocks config goes here. You can use an alternate test double
|
||||
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
||||
config.mock_with :rspec do |mocks|
|
||||
# Prevents you from mocking or stubbing a method that does not exist on
|
||||
# a real object. This is generally recommended, and will default to
|
||||
# `true` in RSpec 4.
|
||||
mocks.verify_partial_doubles = true
|
||||
end
|
||||
|
||||
# This option will default to `:apply_to_host_groups` in RSpec 4 (and will
|
||||
# have no way to turn it off -- the option exists only for backwards
|
||||
# compatibility in RSpec 3). It causes shared context metadata to be
|
||||
# inherited by the metadata hash of host groups and examples, rather than
|
||||
# triggering implicit auto-inclusion in groups with matching metadata.
|
||||
config.shared_context_metadata_behavior = :apply_to_host_groups
|
||||
|
||||
# The settings below are suggested to provide a good initial experience
|
||||
# with RSpec, but feel free to customize to your heart's content.
|
||||
=begin
|
||||
# This allows you to limit a spec run to individual examples or groups
|
||||
# you care about by tagging them with `:focus` metadata. When nothing
|
||||
# is tagged with `:focus`, all examples get run. RSpec also provides
|
||||
# aliases for `it`, `describe`, and `context` that include `:focus`
|
||||
# metadata: `fit`, `fdescribe` and `fcontext`, respectively.
|
||||
config.filter_run_when_matching :focus
|
||||
|
||||
# Allows RSpec to persist some state between runs in order to support
|
||||
# the `--only-failures` and `--next-failure` CLI options. We recommend
|
||||
# you configure your source control system to ignore this file.
|
||||
config.example_status_persistence_file_path = "spec/examples.txt"
|
||||
|
||||
# Limits the available syntax to the non-monkey patched syntax that is
|
||||
# recommended. For more details, see:
|
||||
# - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
|
||||
# - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
||||
# - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
|
||||
config.disable_monkey_patching!
|
||||
|
||||
config.expect_with :rspec do |c|
|
||||
c.syntax = :expect
|
||||
# This setting enables warnings. It's recommended, but in some cases may
|
||||
# be too noisy due to issues in dependencies.
|
||||
config.warnings = true
|
||||
|
||||
# Many RSpec users commonly either run the entire suite or an individual
|
||||
# file, and it's useful to allow more verbose output when running an
|
||||
# individual spec file.
|
||||
if config.files_to_run.one?
|
||||
# Use the documentation formatter for detailed output,
|
||||
# unless a formatter has already been configured
|
||||
# (e.g. via a command-line flag).
|
||||
config.default_formatter = "doc"
|
||||
end
|
||||
|
||||
# Print the 10 slowest examples and example groups at the
|
||||
# end of the spec run, to help surface which specs are running
|
||||
# particularly slow.
|
||||
config.profile_examples = 10
|
||||
|
||||
# Run specs in random order to surface order dependencies. If you find an
|
||||
# order dependency and want to debug it, you can fix the order by providing
|
||||
# the seed, which is printed after each run.
|
||||
# --seed 1234
|
||||
config.order = :random
|
||||
|
||||
# Seed global randomization in this process using the `--seed` CLI option.
|
||||
# Setting this allows you to use `--seed` to deterministically reproduce
|
||||
# test failures related to randomization by passing the same `--seed` value
|
||||
# as the one that triggered the failure.
|
||||
Kernel.srand config.seed
|
||||
=end
|
||||
end
|
||||
|
||||
Loading…
Reference in New Issue
Block a user