Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Commit

Permalink
fix #79 security scheme headers
Browse files Browse the repository at this point in the history
  • Loading branch information
brevity committed Mar 28, 2018
1 parent f82b697 commit e4f6c31
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 0 deletions.
35 changes: 35 additions & 0 deletions lib/server.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ function createServer (raml, opts) {
raml = expandTypes(raml)
}

raml = addSecurityHeaders(raml)

var resourceHandler = resources(raml.resources, function (schema, path) {
return handler(schema, path, schema.method, options)
})
Expand Down Expand Up @@ -64,6 +66,39 @@ function createServer (raml, opts) {
return app
}

/**
* Adds security headers to applicable resources..
*
* @param {Object} raml
*/
function addSecurityHeaders (raml) {
raml.resources = raml.resources.map(function (resource) {
if (resource && resource.methods) {
resource.methods = resource.methods.map(function (method) {
var securedBy = method.securedBy

if (securedBy) {
method.headers = securedBy.reduce(function (headers, securedById) {
var scheme = raml.securitySchemes.filter(function (scheme) {
if (Object.keys(scheme)[0] === securedById) return true
return false
})[0]

if (scheme && scheme[securedById]) {
var newHeader = Object.keys(scheme[securedById].describedBy.headers)[0]
headers[newHeader] = scheme[securedById].describedBy.headers[newHeader]
}
return headers
}, method.headers || {})
}
return method
})
}
return resource
})
return raml
}

/**
* The Osprey not found handler is simplistic and tests for `resourcePath`.
*
Expand Down
13 changes: 13 additions & 0 deletions test/fixtures/security-headers.raml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#%RAML 0.8
title: Example API
baseUri: https://example.com/api
securitySchemes:
- custom_auth:
type: x-custom
describedBy:
headers:
Custom-Token:
type: string
/foo:
get:
securedBy: [ custom_auth ]
25 changes: 25 additions & 0 deletions test/other.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@

var rewire = require('rewire')
var osprey = rewire('../')
var server = rewire('../lib/server')
var expect = require('chai').expect
var path = require('path')

var SECURITY_HEADERS = path.join(__dirname, 'fixtures', 'security-headers.raml')
describe('osprey.addJsonSchema', function () {
var schemas = {}
osprey.__set__('methodHandler', {
Expand All @@ -25,3 +28,25 @@ describe('osprey.addJsonSchema', function () {
expect(schemas).to.be.deep.equal({'cats': schema})
})
})
describe('server.addSecurityHeaders()', function () {
var addSecurityHeaders = server.__get__('addSecurityHeaders')
it('should duplicate securityScheme headers on the resources describedBy them.', function () {
return require('raml-1-parser')
.loadRAML(SECURITY_HEADERS, { rejectOnErrors: true })
.then(function (ramlApi) {
var raml = ramlApi.expand(true).toJSON({
serializeMetadata: false
})
var result = addSecurityHeaders(raml)
expect(result.resources[0].methods[0].headers).to.deep.equal({
'Custom-Token': {
name: 'Custom-Token',
displayName: 'Custom-Token',
type: 'string',
required: false,
repeat: false
}
})
})
})
})

0 comments on commit e4f6c31

Please sign in to comment.