Skip to content

Commit

Permalink
update readme
Browse files Browse the repository at this point in the history
  • Loading branch information
Carmine DiMascio committed Oct 12, 2019
1 parent 36dd31d commit 12c9e5e
Showing 1 changed file with 76 additions and 75 deletions.
151 changes: 76 additions & 75 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,31 +91,32 @@ new OpenApiValidator(options).install(app);
- `[string]` - an array of unknown format names that will be ignored by the validator. This option can be used to allow usage of third party schemas with format(s), but still fail if another unknown format is used. (_Recommended if unknown formats are used_)
- `"ignore"` - to log warning during schema compilation and always pass validation. This option is not recommended, as it allows to mistype format name and it won't be validated without any error message.

**For example:**
**For example:**

```javascript
unknownFormats: ['phone-number', 'uuid']
```
```javascript
unknownFormats: ['phone-number', 'uuid']
```

**`securityHandlers:`** register authentication handlers

- `securityHandlers` is an object that maps security keys to security handler functions. Each security key must correspond to `securityScheme` name.

The `securityHandlers` object signature is as follows:
The `securityHandlers` object signature is as follows:

```
{
securityHandlers: {
[securityKey]: function(
req: Express.Request,
scopes: string[],
schema: Object // The OpenAPI components.securitySchemes.<scheme>
): void,
}
{
(
,
,
t
,
}
}
```

**For example:**
[SecuritySchemeObject](https://github.com/cdimascio/express-openapi-validator/blob/master/src/framework/types.ts#L269)

**For example:**

```javascript
securityHandlers: {
Expand All @@ -125,73 +126,73 @@ new OpenApiValidator(options).install(app);
},
}
```

The *express-openapi-validator* performs a basic validation pass prior to delegating to security handlers. If basic validation passes, security handler function(s) are invoked.



The _express-openapi-validator_ performs a basic validation pass prior to delegating to security handlers. If basic validation passes, security handler function(s) are invoked.

In order to signal an auth failure, the security handler function **must** either:

1. `throw { status: 403, message: 'forbidden' }`

- `throw Error('optional message')`
- `return false`
- return a promise which resolves to `false` e.g `Promise.resolve(true)`
- return a promise rejection e.g.
- `Promise.reject({ status: 401, message: 'yikes' });`
- `Promise.reject(Error('optional 'message')`
- `Promise.reject(false)`

Note: status is always 401, unless option 1. is used

**Some examples:**
```javascript
securityHandlers: {
ApiKeyAuth: (req, scopes, schema) => {
throw Error('my message');
},
OpenID: async (req, scopes, schema) => {
throw { status: 403, message: 'forbidden' }
},
BasicAuth: (req, scopes, schema) => {
return Promise.resolve(false);
},
...
}
```

In order to grant authz, the handler function **must** either:
- `return true`
- return a promise which resolves to `true`
**Some examples**
```javascript
securityHandlers: {
ApiKeyAuth: (req, scopes, schema) => {
return true;
},
ApiKeyAuth: async (req, scopes, schema) => {
return true;
},
...
```
Each `securityHandlers` `securityKey` must match a `components/securitySchemes` property
```yaml
components:
securitySchemes:
ApiKeyAuth: # <-- Note this name must be used as the name handler function property
type: apiKey
in: header
name: X-API-Key
```

See [OpenAPI 3](https://swagger.io/docs/specification/authentication/) authentication for `securityScheme` and `security` documentation
See [examples](https://github.com/cdimascio/express-openapi-validator/blob/security/test/security.spec.ts#L17) from unit tests
- return a promise rejection e.g. - `Promise.reject({ status: 401, message: 'yikes' });` - `Promise.reject(Error('optional 'message')` - `Promise.reject(false)`

````
ed
**
```javascript
securityHandlers: {
ApiKeyAuth: (req, scopes, schema) => {
throw Error('my message');
},
OpenID: async (req, scopes, schema) => {
throw { status: 403, message: 'forbidden' }
},
BasicAuth: (req, scopes, schema) => {
return Promise.resolve(false);
},
...
}
```
````
In order to grant authz, the handler function **must** either:
- `return true`
- return a promise which resolves to `true`
**Some examples**
```javascript
securityHandlers: {
ApiKeyAuth: (req, scopes, schema) => {
return true;
},
ApiKeyAuth: async (req, scopes, schema) => {
return true;
},
...
```
Each `securityHandlers` `securityKey` must match a `components/securitySchemes` property
```yaml
components:
securitySchemes:
ApiKeyAuth: # <-- Note this name must be used as the name handler function property
type: apiKey
in: header
name: X-API-Key
```
See [OpenAPI 3](https://swagger.io/docs/specification/authentication/) authentication for `securityScheme` and `security` documentation
See [examples](https://github.com/cdimascio/express-openapi-validator/blob/security/test/security.spec.ts#L17) from unit tests
**`coerceTypes:`** change data type of data to match type keyword. See the example in Coercing data types and coercion rules. Option values:
Expand Down

0 comments on commit 12c9e5e

Please sign in to comment.