Skip to content

Security handler lookup

Compare
Choose a tag to compare
@theganyo theganyo released this 10 Nov 15:24
· 113 commits to master since this release

New Features

Security Handlers

Security Handlers can now be looked up and installed automatically without having to programmatically change the configuration in app.js or elsewhere. (Note: This also allows securityHandlers to be easily installed on Sails, which wasn't easily possible prior to this.)

In order to do this, you'll need to add the "securityHandlersModule" setting for the swagger_security fitting in your config/default.yaml file and change your swagger_controllers pipe to use your configured fitting instead of the default. See the excerpt from config/default yaml below:

    _swagger_security:
      name: swagger_security
      securityHandlersModule: api/helpers/securityHandlers  # <= This is the relative path to your javascript module

    # pipe for all swagger-node controllers
    swagger_controllers:
      - onError: json_error_handler
      - cors
      - swagger_params_parser
      - _swagger_security                           # <= This references the configured security handler above
      - _swagger_validate
      - express_compatibility
      - _router

Secondly, you'll write your security handler or handlers. The javascript file you create will export an object with the names of your security handlers as your keys and the securityHandler functions as the associated values. Note that you may use either of the supported security handler styles (swagger-tools style or connect-style) and you may even use them concurrently on different handlers. For example, the module below exports a security handler that is called "api_key" in the Swagger and checks the security via a connect-style handler.

module.exports = {
  api_key: function checkApiKeySecurity(req, res, next) {
    if (req.swagger.params.name.value === 'Scott') {
      next();
    } else {
      next(new Error('access denied!'));
    }
  }
};