fixed header on all endpoints - next need CORS fix to see headers

eviltester · Jan 14, 2025 · 59acdd5 · 59acdd5
1 parent 7640094
commit 59acdd5
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 8 deletions.
diff --git a/challenger/src/main/java/uk/co/compendiumdev/challenge/ChallengeMain.java b/challenger/src/main/java/uk/co/compendiumdev/challenge/ChallengeMain.java
@@ -67,8 +67,6 @@ public static void main(String[] args) {
             }
         }
 
-        config.setToMultiPlayerMode();
-
         thingifier.apiConfig().setApiToAllowRobotsIndexingResponses(false);
         thingifier.apiConfig().setSupportsMultipleDatabases(true);
 

diff --git a/challenger/src/main/java/uk/co/compendiumdev/challenge/challengesrouting/AuthRoutes.java b/challenger/src/main/java/uk/co/compendiumdev/challenge/challengesrouting/AuthRoutes.java
@@ -69,6 +69,9 @@ public void configure(final Challengers challengers,
 
         // TODO: this all feels too tightly coupled to SparkJava we should have our own routing internally that spark delegates too
 
+        // todo: need to add res.addHeader("Access-Control-Expose-Headers", "Location"); to see headers in swagger
+        // i.e. https://groups.google.com/g/swagger-swaggersocket/c/TD0MWY09ESo?pli=1
+
         // POST /secret/token with basic auth to get a secret/token to use as X-AUTH-TOKEN header
         // todo: or {username, password} payload
         post("/secret/token", (request, result) -> {
@@ -98,14 +101,15 @@ public void configure(final Challengers challengers,
 
         SimpleSparkRouteCreator.routeStatusWhenNot(405, "/secret/token", List.of("post", "options"));
 
-        // TODO: configure for basic auth in documentation
         apiDefn.addRouteToDocumentation(
                 new RoutingDefinition(
                 RoutingVerb.POST,
                 "/secret/token",
                 RoutingStatus.returnedFromCall(),
                 null).addDocumentation("POST /secret/token with basic auth to get a secret/token to use as X-AUTH-TOKEN header, to allow access to the /secret/note end points.").
-                    addPossibleStatuses(201,401));
+                    addPossibleStatuses(201,401).
+                secureWithBasicAuth()
+        );
 
 
 

diff --git a/...c/main/java/uk/co/compendiumdev/challenge/challengesrouting/ChallengerTrackingRoutes.java b/...c/main/java/uk/co/compendiumdev/challenge/challengesrouting/ChallengerTrackingRoutes.java
@@ -373,8 +373,9 @@ public void configure(final Challengers challengers,
                         RoutingVerb.PUT,
                         "/challenger/database/:guid",
                         RoutingStatus.returnedFromCall(),
-                        null).addDocumentation("Restore a saved set of todos for a challenger matching the supplied X-CHALLENGER guid.")
-                        .addPossibleStatuses(204,400));
+                        null).addDocumentation("Restore a saved set of todos for a challenger matching the supplied X-CHALLENGER guid.").
+                        addPossibleStatuses(204,400)
+        );
 
 
         // TODO: add a protected admin page with an environment variable protection as password

diff --git a/thingifier/src/main/java/uk/co/compendiumdev/thingifier/api/docgen/RoutingDefinition.java b/thingifier/src/main/java/uk/co/compendiumdev/thingifier/api/docgen/RoutingDefinition.java
@@ -1,6 +1,5 @@
 package uk.co.compendiumdev.thingifier.api.docgen;
 
-import uk.co.compendiumdev.thingifier.api.ThingifierRestAPIHandler;
 import uk.co.compendiumdev.thingifier.api.response.ResponseHeader;
 import uk.co.compendiumdev.thingifier.core.domain.definitions.EntityDefinition;
 import uk.co.compendiumdev.thingifier.core.domain.definitions.field.definition.Field;
@@ -23,6 +22,7 @@ public class RoutingDefinition {
     private String requestPayload;
     private List<Field> requestUrlParams;
     private HashMap<String,String> customHeaders;
+    private boolean usesBasicAuth = false;
 
     public RoutingDefinition(RoutingVerb verb, String url, RoutingStatus routingStatus, ResponseHeader header) {
         this.verb = verb;
@@ -181,4 +181,13 @@ public String getCustomHeaderType(String headerName) {
     public boolean hasCustomHeaderNamed(String headerName) {
         return customHeaders.containsKey(headerName);
     }
+
+    public RoutingDefinition secureWithBasicAuth() {
+        usesBasicAuth = true;
+        return this;
+    }
+
+    public boolean isSecuredByBasicAuth(){
+        return usesBasicAuth;
+    }
 }
diff --git a/...c/main/java/uk/co/compendiumdev/thingifier/api/docgen/ThingifierApiDocumentationDefn.java b/...c/main/java/uk/co/compendiumdev/thingifier/api/docgen/ThingifierApiDocumentationDefn.java
@@ -137,7 +137,7 @@ public RoutingDefinition addAnyGlobalHeaders(RoutingDefinition route){
 
     private RoutingDefinition addCustomHeadersForRouteNotMatches(RoutingDefinition aRoute) {
         for(HeaderMatch match : customHeadersForRoutesThatDoNotMatch.values()){
-            if(aRoute.verb() != match.routingDefn.verb() && aRoute.url() != match.routingDefn.url()){
+            if(!(aRoute.verb() == match.routingDefn.verb() && aRoute.url().equals(match.routingDefn.url()))){
                 if(!aRoute.hasCustomHeaderNamed(match.headerDefn.headerName)){
                     aRoute.addCustomHeader(match.headerDefn.headerName, match.headerDefn.headerType);
                 }

diff --git a/thingifier/src/main/java/uk/co/compendiumdev/thingifier/swaggerizer/Swaggerizer.java b/thingifier/src/main/java/uk/co/compendiumdev/thingifier/swaggerizer/Swaggerizer.java
@@ -1,6 +1,8 @@
 package uk.co.compendiumdev.thingifier.swaggerizer;
 
 import io.swagger.v3.core.util.Json31;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
+import io.swagger.v3.oas.models.security.SecurityScheme;
 import io.swagger.v3.oas.models.*;
 import io.swagger.v3.oas.models.info.Info;
 import io.swagger.v3.oas.models.media.*;
@@ -20,6 +22,7 @@
 import uk.co.compendiumdev.thingifier.core.domain.definitions.field.definition.FieldType;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
 public class Swaggerizer {
@@ -196,6 +199,17 @@ public OpenAPI swagger(){
                                 operation.setRequestBody(requestBody);
                             }
 
+                            if(subroute.isSecuredByBasicAuth()){
+                                if(components.getSecuritySchemes() == null  || !components.getSecuritySchemes().containsKey("basicAuth")){
+                                    components.addSecuritySchemes(
+                                            "basicAuth",
+                                            new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("basic"));
+                                }
+                                operation.addSecurityItem(
+                                        new SecurityRequirement().addList("basicAuth")
+                                );
+                            }
+
                             if(subroute.hasRequestUrlParams()) {
 
                                 List<Parameter> urlParameters = new ArrayList<>();
-Original file line number
+Diff line change
@@ Expand Up / @@ -67,8 +67,6 @@ public static void main(String[] args) { @@
                 }
             }
-            config.setToMultiPlayerMode();
             thingifier.apiConfig().setApiToAllowRobotsIndexingResponses(false);
             thingifier.apiConfig().setSupportsMultipleDatabases(true);
@@ Expand Down @@