From ca3a88e60c6876ddad248d6d74871923055f601e Mon Sep 17 00:00:00 2001 From: Aaron Heckmann Date: Mon, 25 Dec 2023 00:56:01 -0800 Subject: [PATCH] fix(openapi): hide auth header when set in securityScheme (#769) --- examples/options.js | 7 ++++++- lib/spec/openapi/utils.js | 5 ++++- test/spec/openapi/route.js | 4 ++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/examples/options.js b/examples/options.js index e6abf36f..24a5f8ac 100644 --- a/examples/options.js +++ b/examples/options.js @@ -52,11 +52,16 @@ const openapiOption = { type: 'apiKey', name: 'apiKey', in: 'header' + }, + bearerAuth: { + type: 'http', + scheme: 'bearer' } } }, security: [{ - apiKey: [] + apiKey: [], + bearerAuth: [] }], externalDocs: { description: 'Find more info here', diff --git a/lib/spec/openapi/utils.js b/lib/spec/openapi/utils.js index 19d01150..894e9efb 100644 --- a/lib/spec/openapi/utils.js +++ b/lib/spec/openapi/utils.js @@ -373,7 +373,10 @@ function prepareOpenapiMethod (schema, ref, openapiObject, url) { ] .reduce((acc, securitySchemeGroup) => { Object.keys(securitySchemeGroup).forEach((securitySchemeLabel) => { - const { name, in: category } = openapiObject.components.securitySchemes[securitySchemeLabel] + const scheme = openapiObject.components.securitySchemes[securitySchemeLabel] + const isBearer = scheme.type === 'http' && scheme.scheme === 'bearer' + const category = isBearer ? 'header' : scheme.in + const name = isBearer ? 'authorization' : scheme.name if (!acc[category]) { acc[category] = [] } diff --git a/test/spec/openapi/route.js b/test/spec/openapi/route.js index 984927e9..53b954d0 100644 --- a/test/spec/openapi/route.js +++ b/test/spec/openapi/route.js @@ -647,6 +647,10 @@ test('security headers ignored when declared in security and securityScheme', as type: 'string', description: 'api token' }, + bearerAuth: { + type: 'string', + description: 'authorization bearer' + }, id: { type: 'string', description: 'common field'