Swagger UI endpoint authorization. #493
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
texpert
force-pushed
the
swagger_doc_authorization
branch
from
aa6a972 to
59cf1a9
Compare
|
@texpert … nice work, but can you add a spec please |
|
@LeFnord , here is the spec, finally :) Rubocop's complaining about double negation !!, it is the only fail (and I think this cop is ambiguos. |
|
@texpert … please rebase and try to use |
texpert
force-pushed
the
swagger_doc_authorization
branch
from
e32fec5 to
ec7e5d8
Compare
|
👍 … good work 😄 |
|
Thanks, @LeFnord! I am prepairing one last commit to fix some nuances in the README, and after this I will squash. |
texpert
force-pushed
the
swagger_doc_authorization
branch
from
ec9a136 to
2da175c
Compare
|
Done! |
|
For some people wonder on how to use basic auth to protect the endpoint, here's my implementation after some trial & error. class BasicAuthWrapper < Grape::Middleware::Base
def before
path_is_swagger_doc = context.options[:for].try(:mount_path)&.include?("/swagger_doc")
if path_is_swagger_doc && !basic_auth(env['HTTP_AUTHORIZATION'])
context.error!('401 Unauthorized', 401)
end
end
private
def basic_auth(auth_header_string)
return false if !auth_header_string || !auth_header_string.start_with?('Basic ')
auth_header_string = auth_header_string.gsub(/^Basic /, '')
decoded_str = Base64.decode64(auth_header_string)
decoded_str == "username:password"
end
end
# Usage: Add class to `endpoint_auth_wrapper` option
add_swagger_documentation(
base_path: '/api',
doc_version: 'v1',
add_version: true,
mount_path: '/v1/swagger_doc',
endpoint_auth_wrapper: BasicAuthWrapper |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This helps to guard Swagger UI endpoints adding 3 new options to swagger documentation (in my case, using WineBouncer gem and Doorkeeper, but it is configurable):
To display the endpoint only for signed admin users, I am using a lambda (I think a few lambdas like this would go to options as well - I will work it later):
Notes: