express-swagger-oauth-scopes
Express.js middleware to grant/block access to endpoints based on Swagger security entries
Note that it should be applied within router and not globally on application since it depends on route being already resolved for the request. Alternatively you can explicitly pass path to a endpoint when instantiating a middleware (this is necessary when you are using middleware inside Google Cloud Function which does not provide access to router).
const swaggerOauth = middleware;const swaggerService = ; //implement logic for generating/loading Swagger specification somewhereconst authUtils = ; //implement logic for getting user permissions from request somewhereconst swaggerDocument = swaggerService // valid Swagger document, parsed into a JS object; { return ;} { return ;} router; router;
Recommended way to use this library is together with swagger-jsdoc (https://github.com/Surnet/swagger-jsdoc) and swagger-combine (https://github.com/maxdome/swagger-combine) so that you could keep security definition together with controller implementation:
const swaggerOauth = middleware;const swaggerService = ; //implement logic for generating/loading Swagger specification somewhereconst authUtils = ; //implement logic for getting user permissions from request somewhereconst swaggerDocument = swaggerService // valid Swagger document, parsed into a JS object; { return ;} /** * @swagger * /users: * post: * description: Create user * produces: * - application/json * consumes: * - application/json * parameters: * - name: user * in: body * required: true * schema: * $ref: 'User.yaml' * security: * - oauth: * - 'CREATE_USERS' * responses: * 201: * description: User data * schema: * $ref: 'User.yaml' */router;
Reference implementation of a swagger.service:
const swaggerJSDoc = ;const objectionSwagger = ;const swaggerCombine = ;const mkdirp = ;const config = ;const yaml = ;const fs = ;const path = ;const _ = ; const PATH_TO_COMBINED_SWAGGER = configswaggerpathToCombinedSwagger;const PATH_TO_MODELS = configmodelspath; let builtSwaggerSchema; const options = swaggerDefinition: info: title: 'User Management System' version: '1.0.0' apis: './controllers/**/*.js' './modules/**/controllers/**/*.js' // Path to the controllers sources that will be parsed for Swagger fragments in JSDocs; const modelContainer = dirname: PATH_TO_MODELS filter: /\.js$/ recursive: false; const models = _; { const swaggerDir = path; const pathToTmpSwagger = `/tmpSwagger.yaml`; //Generate YAML for controllers const swaggerFromControllers = ; const swaggerYaml = yaml; await ; fs; //Generate YAML for models - if you are using objection.js, you can use objection-swagger, there are probably equivalent libraries available for Sequelize as well await objectionSwagger; //Combine YAMLs combinedSwaggerSchema = await ; fs; return combinedSwaggerSchema;} /** * Returns generated swagger * * @returns */ { if builtSwaggerSchema return builtSwaggerSchema; return ;} /** * Returns generated swagger * * @returns */ { if builtSwaggerSchema return builtSwaggerSchema; throw 'Swagger document was not yet built, please ensure that you are calling this method after initialization phase is completed.';} moduleexports = generateSwagger getSwagger getSwaggerSync;