diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f7d21f4..65c7c47 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,5 +1,11 @@ # Contributing +🎉 Thanks for taking the time to contribute! 🎉 + +We put forward the philosophy put forward by the [react community](https://reactcommunity.org/) about ownership, responsibility and avoiding burnout. + +We also strive to achieve [semantic versioning](https://semver.org/) for this repo. + ## Fork, then clone the repo: ``` git clone git@github.com:rswag/rswag.git diff --git a/README.md b/README.md index cc9eada..3038a6a 100644 --- a/README.md +++ b/README.md @@ -558,7 +558,7 @@ This is one of the more powerful features of rswag. When rswag runs your integra These integration tests are usually written with ```let``` variables for post body parameters, and since its an integration test the service is returning actual values. We might as well re-use these values and embed them into the generated swagger to provide a more real world example for request/response examples. -Add to application.rb: +Add to config/environments/test.rb: ```ruby RSpec.configure do |config| config.swagger_dry_run = false @@ -779,6 +779,17 @@ Rswag::Ui.configure do |c| end ``` +### Enable Simple Basic Auth for swagger-ui + +You can also update the _rswag-ui.rb_ initializer, installed with rswag-ui to specify a username and password should you want to keep your documentation private. + +```ruby +Rswag::Ui.configure do |c| + c.basic_auth_enabled = true + c.basic_auth_credentials 'username', 'password' +end +``` + ### Route Prefix for the swagger-ui ### Similar to rswag-api, you can customize the swagger-ui path by changing it's mount prefix in _routes.rb_: diff --git a/rswag-specs/lib/rswag/specs/swagger_formatter.rb b/rswag-specs/lib/rswag/specs/swagger_formatter.rb index 6d06811..1e3fb58 100644 --- a/rswag-specs/lib/rswag/specs/swagger_formatter.rb +++ b/rswag-specs/lib/rswag/specs/swagger_formatter.rb @@ -1,11 +1,13 @@ # frozen_string_literal: true require 'active_support/core_ext/hash/deep_merge' +require 'rspec/core/formatters/base_text_formatter' require 'swagger_helper' module Rswag module Specs - class SwaggerFormatter + class SwaggerFormatter < ::RSpec::Core::Formatters::BaseTextFormatter + # NOTE: rspec 2.x support if RSPEC_VERSION > 2 ::RSpec::Core::Formatters.register self, :example_group_finished, :stop diff --git a/rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb b/rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb index 3a7fe3e..0b9a4ab 100644 --- a/rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb +++ b/rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb @@ -7,4 +7,8 @@ Rswag::Ui.configure do |c| # then the list below should correspond to the relative paths for those endpoints c.swagger_endpoint '/api-docs/v1/swagger.yaml', 'API V1 Docs' + + # Add Basic Auth in case your API is private + # c.basic_auth_enabled = true + # c.basic_auth_credentials 'username', 'password' end diff --git a/rswag-ui/lib/rswag/ui/basic_auth.rb b/rswag-ui/lib/rswag/ui/basic_auth.rb new file mode 100644 index 0000000..ee42d36 --- /dev/null +++ b/rswag-ui/lib/rswag/ui/basic_auth.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +require 'rack/auth/basic' + +module Rswag + module Ui + # Extend Rack HTTP Basic Authentication, as per RFC 2617. + # @api private + # + class BasicAuth < ::Rack::Auth::Basic + def call(env) + return @app.call(env) unless env_matching_path(env) + + super(env) + end + + private + + def env_matching_path(env) + path = base_path(env['PATH_INFO']) + Rswag::Ui.config.config_object[:urls].find do |endpoint| + base_path(endpoint[:url]) == path + end + end + + def base_path(url) + url.downcase.split('/')[1] + end + end + end +end diff --git a/rswag-ui/lib/rswag/ui/configuration.rb b/rswag-ui/lib/rswag/ui/configuration.rb index 5f33c2c..ad46a49 100644 --- a/rswag-ui/lib/rswag/ui/configuration.rb +++ b/rswag-ui/lib/rswag/ui/configuration.rb @@ -1,9 +1,11 @@ require 'ostruct' +require 'rack' module Rswag module Ui class Configuration attr_reader :template_locations + attr_accessor :basic_auth_enabled attr_accessor :config_object attr_accessor :oauth_config_object attr_reader :assets_root @@ -20,6 +22,7 @@ module Rswag @assets_root = File.expand_path('../../../../node_modules/swagger-ui-dist', __FILE__) @config_object = {} @oauth_config_object = {} + @basic_auth_enabled = false end def swagger_endpoint(url, name) @@ -27,9 +30,15 @@ module Rswag @config_object[:urls] << { url: url, name: name } end + def basic_auth_credentials(username, password) + @config_object[:basic_auth] = { username: username, password: password } + end + + # rubocop:disable Naming/AccessorMethodName def get_binding binding end + # rubocop:enable Naming/AccessorMethodName end end end diff --git a/rswag-ui/lib/rswag/ui/engine.rb b/rswag-ui/lib/rswag/ui/engine.rb index 78ee075..e90b4f2 100644 --- a/rswag-ui/lib/rswag/ui/engine.rb +++ b/rswag-ui/lib/rswag/ui/engine.rb @@ -1,4 +1,5 @@ require 'rswag/ui/middleware' +require 'rswag/ui/basic_auth' module Rswag module Ui @@ -7,6 +8,13 @@ module Rswag initializer 'rswag-ui.initialize' do |app| middleware.use Rswag::Ui::Middleware, Rswag::Ui.config + + if Rswag::Ui.config.basic_auth_enabled + c = Rswag::Ui.config + app.middleware.use Rswag::Ui::BasicAuth do |username, password| + c.config_object[:basic_auth].values == [username, password] + end + end end rake_tasks do diff --git a/rswag-ui/spec/rswag/ui/configuration_spec.rb b/rswag-ui/spec/rswag/ui/configuration_spec.rb new file mode 100644 index 0000000..6e32590 --- /dev/null +++ b/rswag-ui/spec/rswag/ui/configuration_spec.rb @@ -0,0 +1,52 @@ +require 'rswag/ui/configuration' + +require_relative '../../spec_helper' + +RSpec.describe Rswag::Ui::Configuration do + describe '#swagger_endpoints' + + describe '#basic_auth_enabled' do + context 'when unspecified' do + it 'defaults to false' do + configuration = described_class.new + basic_auth_enabled = configuration.basic_auth_enabled + + expect(basic_auth_enabled).to be(false) + end + end + + context 'when specified' do + context 'when set to true' do + it 'returns true' do + configuration = described_class.new + configuration.basic_auth_enabled = true + basic_auth_enabled = configuration.basic_auth_enabled + + expect(basic_auth_enabled).to be(true) + end + end + + context 'when set to false' do + it 'returns false' do + configuration = described_class.new + configuration.basic_auth_enabled = false + basic_auth_enabled = configuration.basic_auth_enabled + + expect(basic_auth_enabled).to be(false) + end + end + end + end + + describe '#basic_auth_credentials' do + it 'sets the username and password' do + configuration = described_class.new + configuration.basic_auth_credentials 'foo', 'bar' + credentials = configuration.config_object[:basic_auth] + + expect(credentials).to eq(username: 'foo', password: 'bar') + end + end + + describe '#get_binding' +end diff --git a/rswag-ui/spec/spec_helper.rb b/rswag-ui/spec/spec_helper.rb index e69de29..251aa51 100644 --- a/rswag-ui/spec/spec_helper.rb +++ b/rswag-ui/spec/spec_helper.rb @@ -0,0 +1,100 @@ +# This file was generated by the `rspec --init` command. Conventionally, all +# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`. +# The generated `.rspec` file contains `--require spec_helper` which will cause +# this file to always be loaded, without a need to explicitly require it in any +# files. +# +# Given that it is always loaded, you are encouraged to keep this file as +# light-weight as possible. Requiring heavyweight dependencies from this file +# will add to the boot time of your test suite on EVERY test run, even for an +# individual file that may not need all of that loaded. Instead, consider making +# a separate helper file that requires the additional dependencies and performs +# the additional setup, and require it from the spec files that actually need +# it. +# +# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration +RSpec.configure do |config| + # rspec-expectations config goes here. You can use an alternate + # assertion/expectation library such as wrong or the stdlib/minitest + # assertions if you prefer. + config.expect_with :rspec do |expectations| + # This option will default to `true` in RSpec 4. It makes the `description` + # and `failure_message` of custom matchers include text for helper methods + # defined using `chain`, e.g.: + # be_bigger_than(2).and_smaller_than(4).description + # # => "be bigger than 2 and smaller than 4" + # ...rather than: + # # => "be bigger than 2" + expectations.include_chain_clauses_in_custom_matcher_descriptions = true + end + + # rspec-mocks config goes here. You can use an alternate test double + # library (such as bogus or mocha) by changing the `mock_with` option here. + config.mock_with :rspec do |mocks| + # Prevents you from mocking or stubbing a method that does not exist on + # a real object. This is generally recommended, and will default to + # `true` in RSpec 4. + mocks.verify_partial_doubles = true + end + + # This option will default to `:apply_to_host_groups` in RSpec 4 (and will + # have no way to turn it off -- the option exists only for backwards + # compatibility in RSpec 3). It causes shared context metadata to be + # inherited by the metadata hash of host groups and examples, rather than + # triggering implicit auto-inclusion in groups with matching metadata. + config.shared_context_metadata_behavior = :apply_to_host_groups + +# The settings below are suggested to provide a good initial experience +# with RSpec, but feel free to customize to your heart's content. +=begin + # This allows you to limit a spec run to individual examples or groups + # you care about by tagging them with `:focus` metadata. When nothing + # is tagged with `:focus`, all examples get run. RSpec also provides + # aliases for `it`, `describe`, and `context` that include `:focus` + # metadata: `fit`, `fdescribe` and `fcontext`, respectively. + config.filter_run_when_matching :focus + + # Allows RSpec to persist some state between runs in order to support + # the `--only-failures` and `--next-failure` CLI options. We recommend + # you configure your source control system to ignore this file. + config.example_status_persistence_file_path = "spec/examples.txt" + + # Limits the available syntax to the non-monkey patched syntax that is + # recommended. For more details, see: + # - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/ + # - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/ + # - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode + config.disable_monkey_patching! + + # This setting enables warnings. It's recommended, but in some cases may + # be too noisy due to issues in dependencies. + config.warnings = true + + # Many RSpec users commonly either run the entire suite or an individual + # file, and it's useful to allow more verbose output when running an + # individual spec file. + if config.files_to_run.one? + # Use the documentation formatter for detailed output, + # unless a formatter has already been configured + # (e.g. via a command-line flag). + config.default_formatter = "doc" + end + + # Print the 10 slowest examples and example groups at the + # end of the spec run, to help surface which specs are running + # particularly slow. + config.profile_examples = 10 + + # Run specs in random order to surface order dependencies. If you find an + # order dependency and want to debug it, you can fix the order by providing + # the seed, which is printed after each run. + # --seed 1234 + config.order = :random + + # Seed global randomization in this process using the `--seed` CLI option. + # Setting this allows you to use `--seed` to deterministically reproduce + # test failures related to randomization by passing the same `--seed` value + # as the one that triggered the failure. + Kernel.srand config.seed +=end +end