From e4f6c3135a265118c2605cd00bd04b928a2df2fe Mon Sep 17 00:00:00 2001
From: brevity <andrew.toelle@gmail.com>
Date: Wed, 28 Mar 2018 12:12:33 -0400
Subject: [PATCH] fix #79 security scheme headers

---
 lib/server.js                       | 35 +++++++++++++++++++++++++++++
 test/fixtures/security-headers.raml | 13 +++++++++++
 test/other.js                       | 25 +++++++++++++++++++++
 3 files changed, 73 insertions(+)
 create mode 100644 test/fixtures/security-headers.raml

diff --git a/lib/server.js b/lib/server.js
index eeb56d1..8503ece 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -35,6 +35,8 @@ function createServer (raml, opts) {
     raml = expandTypes(raml)
   }
 
+  raml = addSecurityHeaders(raml)
+
   var resourceHandler = resources(raml.resources, function (schema, path) {
     return handler(schema, path, schema.method, options)
   })
@@ -64,6 +66,39 @@ function createServer (raml, opts) {
   return app
 }
 
+/**
+ * Adds security headers to applicable resources..
+ *
+ * @param {Object} raml
+ */
+function addSecurityHeaders (raml) {
+  raml.resources = raml.resources.map(function (resource) {
+    if (resource && resource.methods) {
+      resource.methods = resource.methods.map(function (method) {
+        var securedBy = method.securedBy
+
+        if (securedBy) {
+          method.headers = securedBy.reduce(function (headers, securedById) {
+            var scheme = raml.securitySchemes.filter(function (scheme) {
+              if (Object.keys(scheme)[0] === securedById) return true
+              return false
+            })[0]
+
+            if (scheme && scheme[securedById]) {
+              var newHeader = Object.keys(scheme[securedById].describedBy.headers)[0]
+              headers[newHeader] = scheme[securedById].describedBy.headers[newHeader]
+            }
+            return headers
+          }, method.headers || {})
+        }
+        return method
+      })
+    }
+    return resource
+  })
+  return raml
+}
+
 /**
  * The Osprey not found handler is simplistic and tests for `resourcePath`.
  *
diff --git a/test/fixtures/security-headers.raml b/test/fixtures/security-headers.raml
new file mode 100644
index 0000000..4fda490
--- /dev/null
+++ b/test/fixtures/security-headers.raml
@@ -0,0 +1,13 @@
+#%RAML 0.8
+title: Example API
+baseUri: https://example.com/api
+securitySchemes:
+  - custom_auth:
+      type: x-custom
+      describedBy:
+        headers:
+          Custom-Token:
+            type: string
+/foo:
+  get:
+    securedBy: [ custom_auth ]
diff --git a/test/other.js b/test/other.js
index 696156b..abb3801 100644
--- a/test/other.js
+++ b/test/other.js
@@ -2,8 +2,11 @@
 
 var rewire = require('rewire')
 var osprey = rewire('../')
+var server = rewire('../lib/server')
 var expect = require('chai').expect
+var path = require('path')
 
+var SECURITY_HEADERS = path.join(__dirname, 'fixtures', 'security-headers.raml')
 describe('osprey.addJsonSchema', function () {
   var schemas = {}
   osprey.__set__('methodHandler', {
@@ -25,3 +28,25 @@ describe('osprey.addJsonSchema', function () {
     expect(schemas).to.be.deep.equal({'cats': schema})
   })
 })
+describe('server.addSecurityHeaders()', function () {
+  var addSecurityHeaders = server.__get__('addSecurityHeaders')
+  it('should duplicate securityScheme headers on the resources describedBy them.', function () {
+    return require('raml-1-parser')
+      .loadRAML(SECURITY_HEADERS, { rejectOnErrors: true })
+      .then(function (ramlApi) {
+        var raml = ramlApi.expand(true).toJSON({
+          serializeMetadata: false
+        })
+        var result = addSecurityHeaders(raml)
+        expect(result.resources[0].methods[0].headers).to.deep.equal({
+          'Custom-Token': {
+            name: 'Custom-Token',
+            displayName: 'Custom-Token',
+            type: 'string',
+            required: false,
+            repeat: false
+          }
+        })
+      })
+  })
+})