diff --git a/lib/server.js b/lib/server.js index 82838fe..9d313c1 100644 --- a/lib/server.js +++ b/lib/server.js @@ -24,6 +24,8 @@ function createServer (raml, opts) { raml = expandTypes(raml) } + raml = addSecurityHeaders(raml) + var resourceHandler = resources(raml.resources, function (schema, path) { return handler(schema, path, schema.method, options) }) @@ -53,6 +55,39 @@ function createServer (raml, opts) { return app } +/** + * Adds security headers to applicable resources.. + * + * @param {Object} raml + */ +function addSecurityHeaders (raml) { + raml.resources = raml.resources.map(function (resource) { + if (resource && resource.methods) { + resource.methods = resource.methods.map(function (method) { + var securedBy = method.securedBy + + if (securedBy) { + method.headers = securedBy.reduce(function (headers, securedById) { + var scheme = raml.securitySchemes.filter(function (scheme) { + if (Object.keys(scheme)[0] === securedById) return true + return false + })[0] + + if (scheme && scheme[securedById]) { + var newHeader = Object.keys(scheme[securedById].describedBy.headers)[0] + headers[newHeader] = scheme[securedById].describedBy.headers[newHeader] + } + return headers + }, method.headers || {}) + } + return method + }) + } + return resource + }) + return raml +} + /** * The Osprey not found handler is simplistic and tests for `resourcePath`. * diff --git a/test/fixtures/security-headers.raml b/test/fixtures/security-headers.raml new file mode 100644 index 0000000..4fda490 --- /dev/null +++ b/test/fixtures/security-headers.raml @@ -0,0 +1,13 @@ +#%RAML 0.8 +title: Example API +baseUri: https://example.com/api +securitySchemes: + - custom_auth: + type: x-custom + describedBy: + headers: + Custom-Token: + type: string +/foo: + get: + securedBy: [ custom_auth ] diff --git a/test/other.js b/test/other.js index 696156b..abb3801 100644 --- a/test/other.js +++ b/test/other.js @@ -2,8 +2,11 @@ var rewire = require('rewire') var osprey = rewire('../') +var server = rewire('../lib/server') var expect = require('chai').expect +var path = require('path') +var SECURITY_HEADERS = path.join(__dirname, 'fixtures', 'security-headers.raml') describe('osprey.addJsonSchema', function () { var schemas = {} osprey.__set__('methodHandler', { @@ -25,3 +28,25 @@ describe('osprey.addJsonSchema', function () { expect(schemas).to.be.deep.equal({'cats': schema}) }) }) +describe('server.addSecurityHeaders()', function () { + var addSecurityHeaders = server.__get__('addSecurityHeaders') + it('should duplicate securityScheme headers on the resources describedBy them.', function () { + return require('raml-1-parser') + .loadRAML(SECURITY_HEADERS, { rejectOnErrors: true }) + .then(function (ramlApi) { + var raml = ramlApi.expand(true).toJSON({ + serializeMetadata: false + }) + var result = addSecurityHeaders(raml) + expect(result.resources[0].methods[0].headers).to.deep.equal({ + 'Custom-Token': { + name: 'Custom-Token', + displayName: 'Custom-Token', + type: 'string', + required: false, + repeat: false + } + }) + }) + }) +})