customisation to filter swagger definition by authorization

Blair McKenzie · Blair McKenzie · commit 51403e0c4998 · 2019-11-28T12:13:35.000+11:00
diff --git a/packages/api/base.cfc b/packages/api/base.cfc
@@ -26,15 +26,18 @@ component {
 		var stSwagger = duplicate(application.fc.lib.api.swagger[request.req.handler.api]);
 		var path = "";
 		var method = "";
+		var allowedTags = [];
+		var i = 0;
 
-		/* CURRENT VERSION OF SWAGGER UI DOES NOT SUPPORT AUTHENTICATED SWAGGER LOADING
 		for (path in stSwagger.paths) {
 			for (method in stSwagger.paths[path]) {
 				if (request.req.authentication eq "public") {
 					structDelete(stSwagger.paths[path][method], "x-permission");
+					arrayAppend(allowedTags, stSwagger.paths[path][method].tags);
 				}
 				else if (stSwagger.paths[path][method]["x-permission"] eq "public") {
 					structDelete(stSwagger.paths[path][method], "x-permission");
+					arrayAppend(allowedTags, stSwagger.paths[path][method].tags);
 				}
 				else if (not structKeyExists(request.req, "user")) {
 					structDelete(stSwagger.paths[path], method);
@@ -44,9 +47,16 @@ component {
 				}
 				else {
 					structDelete(stSwagger.paths[path][method], "x-permission");
+					arrayAppend(allowedTags, stSwagger.paths[path][method].tags);
 				}
 			}
-		}*/
+		}
+
+		for (i=arrayLen(stSwagger.tags); i>0; i--) {
+			if (not arrayFindNoCase(allowedTags, stSwagger.tags[i].name)) {
+				arrayDeleteAt(stSwagger.tags, i);
+			}
+		}
 
 		setResponse(stSwagger);
 	}
diff --git a/www/index.cfm b/www/index.cfm
@@ -70,8 +70,36 @@
         ],
         plugins: [
           SwaggerUIBundle.plugins.DownloadUrl,
-          SwaggerUIBundle.plugins.Topbar
+          SwaggerUIBundle.plugins.Topbar,
+          function (system) {
+            window.configSystem = system;
+            return {
+              statePlugins: {
+                auth: {
+                  wrapActions: {
+                    authorize: function(oriAction, system) {
+                      return function(a) {
+                        var r = oriAction(a);
+                        system.specActions.download();
+                        return r;
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
         ],
+        requestInterceptor: function(e) {
+          var token = window.configSystem.auth().getIn(["authorized"]);
+          if (token != null && e.headers.authorization == null) {
+            if (j.api_key)
+              e.headers[j.api_key.schema.name] = j.api_key.value;
+            if (j.basic)
+              e.headers.Authorization = j.basic.value.header;
+          }
+          return e;
+        },
         layout: "StandaloneLayout",
       })
 
