Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Issues#771 - Adds the security definition of the apiKey type (bearer authorization) to the swagger middleware in a customized way #772

Merged
merged 11 commits into from
Sep 3, 2024
Merged

Issues#771 - Adds the security definition of the apiKey type (bearer authorization) to the swagger middleware in a customized way #772

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
fcb1afd
Issue #546 was missing from the merge.
marcelojaloto Oct 21, 2022
1778860
#581 - Fix error on removing default connection;
marcelojaloto Oct 21, 2022
66433f5
#583 - Fixes bugs 'Invalid class typecast' when using Active Record a…
marcelojaloto Oct 21, 2022
c8016b9
Merge pull request #1 from marcelojaloto/issue#581
marcelojaloto Oct 21, 2022
e8ae065
Merge pull request #2 from marcelojaloto/issue#583
marcelojaloto Oct 21, 2022
0cab47e
Merge branch 'master' of https://github.com/danieleteti/delphimvcfram…
marcelojaloto Mar 24, 2023
d739e15
Merge pull request #5 from marcelojaloto/merge-3.3.0
marcelojaloto Mar 24, 2023
22c9a2f
Merge pull request #6 from danieleteti/master
marcelojaloto Aug 29, 2023
f93e1fb
Merge remote-tracking branch 'remotes/origin/danieleteti-master'
marcelojaloto Aug 29, 2023
38c3a69
issue #771
marcelojaloto Sep 2, 2024
7428b86
issue#771
marcelojaloto Sep 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 17 additions & 10 deletions sources/MVCFramework.Middleware.Swagger.pas
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ TMVCSwaggerMiddleware = class(TInterfacedObject, IMVCMiddleware)
fSwagDocURL: string;
fJWTDescription: string;
fEnableBasicAuthentication: Boolean;
fEnableBearerAuthentication: Boolean;
fHost: string;
fBasePath: string;
fPathFilter: string;
Expand All @@ -68,7 +69,8 @@ TMVCSwaggerMiddleware = class(TInterfacedObject, IMVCMiddleware)
const AHost: string = '';
const ABasePath: string = '';
const APathFilter: String = '';
const ATransferProtocolSchemes: TMVCTransferProtocolSchemes = [psHTTP, psHTTPS]);
const ATransferProtocolSchemes: TMVCTransferProtocolSchemes = [psHTTP, psHTTPS];
const AEnableBearerAuthentication: Boolean = False);
destructor Destroy; override;
procedure OnBeforeRouting(AContext: TWebContext; var AHandled: Boolean);
procedure OnBeforeControllerAction(AContext: TWebContext; const AControllerQualifiedClassName: string;
Expand Down Expand Up @@ -105,14 +107,15 @@ constructor TMVCSwaggerMiddleware.Create(const AEngine: TMVCEngine; const ASwagg
const ASwaggerDocumentationURL, AJWTDescription: string; const AEnableBasicAuthentication: Boolean;
const AHost, ABasePath: string;
const APathFilter: String;
const ATransferProtocolSchemes: TMVCTransferProtocolSchemes);
const ATransferProtocolSchemes: TMVCTransferProtocolSchemes; const AEnableBearerAuthentication: Boolean);
begin
inherited Create;
fSwagDocURL := ASwaggerDocumentationURL;
fEngine := AEngine;
fSwaggerInfo := ASwaggerInfo;
fJWTDescription := AJWTDescription;
fEnableBasicAuthentication := AEnableBasicAuthentication;
fEnableBearerAuthentication := AEnableBearerAuthentication;
fHost := AHost;
fBasePath := ABasePath;
fPathFilter := APathFilter;
Expand Down Expand Up @@ -361,19 +364,23 @@ procedure TMVCSwaggerMiddleware.DocumentApiAuthentication(const ASwagDoc: TSwagD
// Path operation Middleware JWT
ASwagDoc.Paths.Add(TMVCSwagger.GetJWTAuthenticationPath(lJwtUrlSegment,
lJWTMiddleware.UserNameHeaderName, lJWTMiddleware.PasswordHeaderName));

// Methods that have the MVCRequiresAuthentication attribute use bearer authentication.
lSecurityDefsBearer := TSwagSecurityDefinitionApiKey.Create;
lSecurityDefsBearer.SchemeName := SECURITY_BEARER_NAME;
lSecurityDefsBearer.InLocation := kilHeader;
lSecurityDefsBearer.Name := 'Authorization';
lSecurityDefsBearer.Description := fJWTDescription;
ASwagDoc.SecurityDefinitions.Add(lSecurityDefsBearer);
end;
finally
lRttiContext.Free;
end;
end;

// Methods that have the MVCRequiresAuthentication attribute use bearer authentication.
if fEnableBearerAuthentication or
(Assigned(lJWTMiddleware) and Assigned(lJwtUrlField)) then
begin
lSecurityDefsBearer := TSwagSecurityDefinitionApiKey.Create;
lSecurityDefsBearer.SchemeName := SECURITY_BEARER_NAME;
lSecurityDefsBearer.InLocation := kilHeader;
lSecurityDefsBearer.Name := 'Authorization';
lSecurityDefsBearer.Description := fJWTDescription;
ASwagDoc.SecurityDefinitions.Add(lSecurityDefsBearer);
end;
end;

procedure TMVCSwaggerMiddleware.DocumentApiSettings(AContext: TWebContext; ASwagDoc: TSwagDoc);
Expand Down