diff --git a/www/apps/api-reference/specs/admin/openapi.full.yaml b/www/apps/api-reference/specs/admin/openapi.full.yaml index ae338abeff..ed3213aa75 100644 --- a/www/apps/api-reference/specs/admin/openapi.full.yaml +++ b/www/apps/api-reference/specs/admin/openapi.full.yaml @@ -17443,7 +17443,7 @@ paths: operationId: GetInvites summary: List Invites description: Retrieve a list of invites. The invites can be filtered by fields such as `id`. The invites can also be sorted or paginated. - x-authenticated: false + x-authenticated: true parameters: - name: fields in: query @@ -17950,11 +17950,15 @@ paths: $ref: '#/components/responses/invalid_request_error' '500': $ref: '#/components/responses/500_error' + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] post: operationId: PostInvites summary: Create Invite description: Create a invite. - x-authenticated: false + x-authenticated: true parameters: - name: fields in: query @@ -18014,6 +18018,10 @@ paths: '500': $ref: '#/components/responses/500_error' x-workflow: createInvitesWorkflow + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] /admin/invites/accept: post: operationId: PostInvitesAccept @@ -18021,7 +18029,7 @@ paths: description: | Accept an invite and create a new user. Since the user isn't created yet, the JWT token used in the authorization header is retrieved from the `/auth/user/emailpass/register` API route (or a provider other than `emailpass`). The user can then authenticate using the `/auth/user/emailpass` API route. - x-authenticated: false + x-authenticated: true requestBody: content: application/json: @@ -18091,12 +18099,15 @@ paths: '500': $ref: '#/components/responses/500_error' x-workflow: acceptInviteWorkflow + security: + - cookie_auth: [] + - jwt_token: [] /admin/invites/{id}: get: operationId: GetInvitesId summary: Get an Invite description: Retrieve an invite by its ID. You can expand the invite's relations or select the fields that should be returned. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -18139,11 +18150,15 @@ paths: $ref: '#/components/responses/invalid_request_error' '500': $ref: '#/components/responses/500_error' + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] delete: operationId: DeleteInvitesId summary: Delete Invite description: Delete an invite. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -18196,12 +18211,16 @@ paths: '500': $ref: '#/components/responses/500_error' x-workflow: deleteInvitesWorkflow + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] /admin/invites/{id}/resend: post: operationId: PostInvitesIdResend summary: Refresh Invite Token description: Refresh the token of an invite. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -18245,6 +18264,10 @@ paths: '500': $ref: '#/components/responses/500_error' x-workflow: refreshInviteTokensWorkflow + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] /admin/notifications: get: operationId: GetNotifications @@ -41910,7 +41933,7 @@ paths: operationId: GetUsers summary: List Users description: Retrieve a list of users. The users can be filtered by fields such as `id`. The users can also be sorted or paginated. - x-authenticated: false + x-authenticated: true parameters: - name: fields in: query @@ -42379,12 +42402,15 @@ paths: $ref: '#/components/responses/invalid_request_error' '500': $ref: '#/components/responses/500_error' + security: + - cookie_auth: [] + - jwt_token: [] /admin/users/me: get: operationId: GetUsersMe summary: Get Logged-In User description: Retrieve the logged-in user's details. - x-authenticated: false + x-authenticated: true parameters: - name: fields in: query @@ -42421,12 +42447,15 @@ paths: $ref: '#/components/responses/invalid_request_error' '500': $ref: '#/components/responses/500_error' + security: + - cookie_auth: [] + - jwt_token: [] /admin/users/{id}: get: operationId: GetUsersId summary: Get a User description: Retrieve a user by its ID. You can expand the user's relations or select the fields that should be returned. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -42469,11 +42498,14 @@ paths: $ref: '#/components/responses/invalid_request_error' '500': $ref: '#/components/responses/500_error' + security: + - cookie_auth: [] + - jwt_token: [] post: operationId: PostUsersId summary: Update a User description: Update a user's details. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -42529,11 +42561,14 @@ paths: '500': $ref: '#/components/responses/500_error' x-workflow: updateUsersWorkflow + security: + - cookie_auth: [] + - jwt_token: [] delete: operationId: DeleteUsersId summary: Delete a User description: Delete a user. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -42567,6 +42602,9 @@ paths: '500': $ref: '#/components/responses/500_error' x-workflow: removeUserAccountWorkflow + security: + - cookie_auth: [] + - jwt_token: [] /admin/workflows-executions: get: operationId: GetWorkflowsExecutions diff --git a/www/apps/api-reference/specs/admin/paths/admin_invites.yaml b/www/apps/api-reference/specs/admin/paths/admin_invites.yaml index 08be7736e6..1365bb7ef5 100644 --- a/www/apps/api-reference/specs/admin/paths/admin_invites.yaml +++ b/www/apps/api-reference/specs/admin/paths/admin_invites.yaml @@ -4,7 +4,7 @@ get: description: >- Retrieve a list of invites. The invites can be filtered by fields such as `id`. The invites can also be sorted or paginated. - x-authenticated: false + x-authenticated: true parameters: - name: fields in: query @@ -589,11 +589,15 @@ get: $ref: ../components/responses/invalid_request_error.yaml '500': $ref: ../components/responses/500_error.yaml + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] post: operationId: PostInvites summary: Create Invite description: Create a invite. - x-authenticated: false + x-authenticated: true parameters: - name: fields in: query @@ -657,3 +661,7 @@ post: '500': $ref: ../components/responses/500_error.yaml x-workflow: createInvitesWorkflow + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] diff --git a/www/apps/api-reference/specs/admin/paths/admin_invites_accept.yaml b/www/apps/api-reference/specs/admin/paths/admin_invites_accept.yaml index 8eee8dea6f..61278e9669 100644 --- a/www/apps/api-reference/specs/admin/paths/admin_invites_accept.yaml +++ b/www/apps/api-reference/specs/admin/paths/admin_invites_accept.yaml @@ -8,7 +8,7 @@ post: header is retrieved from the `/auth/user/emailpass/register` API route (or a provider other than `emailpass`). The user can then authenticate using the `/auth/user/emailpass` API route. - x-authenticated: false + x-authenticated: true requestBody: content: application/json: @@ -72,3 +72,6 @@ post: '500': $ref: ../components/responses/500_error.yaml x-workflow: acceptInviteWorkflow + security: + - cookie_auth: [] + - jwt_token: [] diff --git a/www/apps/api-reference/specs/admin/paths/admin_invites_{id}.yaml b/www/apps/api-reference/specs/admin/paths/admin_invites_{id}.yaml index dd0631c2eb..933f808c6b 100644 --- a/www/apps/api-reference/specs/admin/paths/admin_invites_{id}.yaml +++ b/www/apps/api-reference/specs/admin/paths/admin_invites_{id}.yaml @@ -4,7 +4,7 @@ get: description: >- Retrieve an invite by its ID. You can expand the invite's relations or select the fields that should be returned. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -56,11 +56,15 @@ get: $ref: ../components/responses/invalid_request_error.yaml '500': $ref: ../components/responses/500_error.yaml + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] delete: operationId: DeleteInvitesId summary: Delete Invite description: Delete an invite. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -114,3 +118,7 @@ delete: '500': $ref: ../components/responses/500_error.yaml x-workflow: deleteInvitesWorkflow + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] diff --git a/www/apps/api-reference/specs/admin/paths/admin_invites_{id}_resend.yaml b/www/apps/api-reference/specs/admin/paths/admin_invites_{id}_resend.yaml index 15cacdc41d..4d4e5cc876 100644 --- a/www/apps/api-reference/specs/admin/paths/admin_invites_{id}_resend.yaml +++ b/www/apps/api-reference/specs/admin/paths/admin_invites_{id}_resend.yaml @@ -2,7 +2,7 @@ post: operationId: PostInvitesIdResend summary: Refresh Invite Token description: Refresh the token of an invite. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -55,3 +55,7 @@ post: '500': $ref: ../components/responses/500_error.yaml x-workflow: refreshInviteTokensWorkflow + security: + - api_token: [] + - cookie_auth: [] + - jwt_token: [] diff --git a/www/apps/api-reference/specs/admin/paths/admin_users.yaml b/www/apps/api-reference/specs/admin/paths/admin_users.yaml index da26ca3d5d..72ca4a2742 100644 --- a/www/apps/api-reference/specs/admin/paths/admin_users.yaml +++ b/www/apps/api-reference/specs/admin/paths/admin_users.yaml @@ -4,7 +4,7 @@ get: description: >- Retrieve a list of users. The users can be filtered by fields such as `id`. The users can also be sorted or paginated. - x-authenticated: false + x-authenticated: true parameters: - name: fields in: query @@ -547,3 +547,6 @@ get: $ref: ../components/responses/invalid_request_error.yaml '500': $ref: ../components/responses/500_error.yaml + security: + - cookie_auth: [] + - jwt_token: [] diff --git a/www/apps/api-reference/specs/admin/paths/admin_users_me.yaml b/www/apps/api-reference/specs/admin/paths/admin_users_me.yaml index 5948c6961f..6246d4f2e3 100644 --- a/www/apps/api-reference/specs/admin/paths/admin_users_me.yaml +++ b/www/apps/api-reference/specs/admin/paths/admin_users_me.yaml @@ -2,7 +2,7 @@ get: operationId: GetUsersMe summary: Get Logged-In User description: Retrieve the logged-in user's details. - x-authenticated: false + x-authenticated: true parameters: - name: fields in: query @@ -48,3 +48,6 @@ get: $ref: ../components/responses/invalid_request_error.yaml '500': $ref: ../components/responses/500_error.yaml + security: + - cookie_auth: [] + - jwt_token: [] diff --git a/www/apps/api-reference/specs/admin/paths/admin_users_{id}.yaml b/www/apps/api-reference/specs/admin/paths/admin_users_{id}.yaml index 63046c022f..490eba4d36 100644 --- a/www/apps/api-reference/specs/admin/paths/admin_users_{id}.yaml +++ b/www/apps/api-reference/specs/admin/paths/admin_users_{id}.yaml @@ -4,7 +4,7 @@ get: description: >- Retrieve a user by its ID. You can expand the user's relations or select the fields that should be returned. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -56,11 +56,14 @@ get: $ref: ../components/responses/invalid_request_error.yaml '500': $ref: ../components/responses/500_error.yaml + security: + - cookie_auth: [] + - jwt_token: [] post: operationId: PostUsersId summary: Update a User description: Update a user's details. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -118,11 +121,14 @@ post: '500': $ref: ../components/responses/500_error.yaml x-workflow: updateUsersWorkflow + security: + - cookie_auth: [] + - jwt_token: [] delete: operationId: DeleteUsersId summary: Delete a User description: Delete a user. - x-authenticated: false + x-authenticated: true parameters: - name: id in: path @@ -157,3 +163,6 @@ delete: '500': $ref: ../components/responses/500_error.yaml x-workflow: removeUserAccountWorkflow + security: + - cookie_auth: [] + - jwt_token: [] diff --git a/www/utils/generated/oas-output/operations/admin/delete_admin_invites_[id].ts b/www/utils/generated/oas-output/operations/admin/delete_admin_invites_[id].ts index 1af1647369..59a970b5ec 100644 --- a/www/utils/generated/oas-output/operations/admin/delete_admin_invites_[id].ts +++ b/www/utils/generated/oas-output/operations/admin/delete_admin_invites_[id].ts @@ -3,7 +3,7 @@ * operationId: DeleteInvitesId * summary: Delete Invite * description: Delete an invite. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: id * in: path @@ -56,6 +56,10 @@ * "500": * $ref: "#/components/responses/500_error" * x-workflow: deleteInvitesWorkflow + * security: + * - api_token: [] + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/delete_admin_users_[id].ts b/www/utils/generated/oas-output/operations/admin/delete_admin_users_[id].ts index 4296faeaf2..d0e600c2c5 100644 --- a/www/utils/generated/oas-output/operations/admin/delete_admin_users_[id].ts +++ b/www/utils/generated/oas-output/operations/admin/delete_admin_users_[id].ts @@ -3,7 +3,7 @@ * operationId: DeleteUsersId * summary: Delete a User * description: Delete a user. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: id * in: path @@ -37,6 +37,9 @@ * "500": * $ref: "#/components/responses/500_error" * x-workflow: removeUserAccountWorkflow + * security: + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/get_admin_invites.ts b/www/utils/generated/oas-output/operations/admin/get_admin_invites.ts index 293b272ded..e699fb8ec1 100644 --- a/www/utils/generated/oas-output/operations/admin/get_admin_invites.ts +++ b/www/utils/generated/oas-output/operations/admin/get_admin_invites.ts @@ -3,7 +3,7 @@ * operationId: GetInvites * summary: List Invites * description: Retrieve a list of invites. The invites can be filtered by fields such as `id`. The invites can also be sorted or paginated. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: fields * in: query @@ -512,6 +512,10 @@ * $ref: "#/components/responses/invalid_request_error" * "500": * $ref: "#/components/responses/500_error" + * security: + * - api_token: [] + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/get_admin_invites_[id].ts b/www/utils/generated/oas-output/operations/admin/get_admin_invites_[id].ts index d5368c38c9..d0ff01117c 100644 --- a/www/utils/generated/oas-output/operations/admin/get_admin_invites_[id].ts +++ b/www/utils/generated/oas-output/operations/admin/get_admin_invites_[id].ts @@ -3,7 +3,7 @@ * operationId: GetInvitesId * summary: Get an Invite * description: Retrieve an invite by its ID. You can expand the invite's relations or select the fields that should be returned. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: id * in: path @@ -48,6 +48,10 @@ * $ref: "#/components/responses/invalid_request_error" * "500": * $ref: "#/components/responses/500_error" + * security: + * - api_token: [] + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/get_admin_users.ts b/www/utils/generated/oas-output/operations/admin/get_admin_users.ts index c47c93b514..5b8453a45f 100644 --- a/www/utils/generated/oas-output/operations/admin/get_admin_users.ts +++ b/www/utils/generated/oas-output/operations/admin/get_admin_users.ts @@ -3,7 +3,7 @@ * operationId: GetUsers * summary: List Users * description: Retrieve a list of users. The users can be filtered by fields such as `id`. The users can also be sorted or paginated. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: fields * in: query @@ -474,6 +474,9 @@ * $ref: "#/components/responses/invalid_request_error" * "500": * $ref: "#/components/responses/500_error" + * security: + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/get_admin_users_[id].ts b/www/utils/generated/oas-output/operations/admin/get_admin_users_[id].ts index db3880819c..f106fa055d 100644 --- a/www/utils/generated/oas-output/operations/admin/get_admin_users_[id].ts +++ b/www/utils/generated/oas-output/operations/admin/get_admin_users_[id].ts @@ -3,7 +3,7 @@ * operationId: GetUsersId * summary: Get a User * description: Retrieve a user by its ID. You can expand the user's relations or select the fields that should be returned. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: id * in: path @@ -48,6 +48,9 @@ * $ref: "#/components/responses/invalid_request_error" * "500": * $ref: "#/components/responses/500_error" + * security: + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/get_admin_users_me.ts b/www/utils/generated/oas-output/operations/admin/get_admin_users_me.ts index 0905c73484..cbe5a6dcbf 100644 --- a/www/utils/generated/oas-output/operations/admin/get_admin_users_me.ts +++ b/www/utils/generated/oas-output/operations/admin/get_admin_users_me.ts @@ -3,7 +3,7 @@ * operationId: GetUsersMe * summary: Get Logged-In User * description: Retrieve the logged-in user's details. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: fields * in: query @@ -42,6 +42,9 @@ * $ref: "#/components/responses/invalid_request_error" * "500": * $ref: "#/components/responses/500_error" + * security: + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/post_admin_invites.ts b/www/utils/generated/oas-output/operations/admin/post_admin_invites.ts index d535a8c1fb..d818193ad4 100644 --- a/www/utils/generated/oas-output/operations/admin/post_admin_invites.ts +++ b/www/utils/generated/oas-output/operations/admin/post_admin_invites.ts @@ -3,7 +3,7 @@ * operationId: PostInvites * summary: Create Invite * description: Create a invite. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: fields * in: query @@ -65,6 +65,10 @@ * "500": * $ref: "#/components/responses/500_error" * x-workflow: createInvitesWorkflow + * security: + * - api_token: [] + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/post_admin_invites_[id]_resend.ts b/www/utils/generated/oas-output/operations/admin/post_admin_invites_[id]_resend.ts index d22c125aba..0b1fb6d106 100644 --- a/www/utils/generated/oas-output/operations/admin/post_admin_invites_[id]_resend.ts +++ b/www/utils/generated/oas-output/operations/admin/post_admin_invites_[id]_resend.ts @@ -3,7 +3,7 @@ * operationId: PostInvitesIdResend * summary: Refresh Invite Token * description: Refresh the token of an invite. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: id * in: path @@ -49,6 +49,10 @@ * "500": * $ref: "#/components/responses/500_error" * x-workflow: refreshInviteTokensWorkflow + * security: + * - api_token: [] + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/post_admin_invites_accept.ts b/www/utils/generated/oas-output/operations/admin/post_admin_invites_accept.ts index 80ce64627f..7c1e389b2a 100644 --- a/www/utils/generated/oas-output/operations/admin/post_admin_invites_accept.ts +++ b/www/utils/generated/oas-output/operations/admin/post_admin_invites_accept.ts @@ -6,7 +6,7 @@ * Accept an invite and create a new user. * * Since the user isn't created yet, the JWT token used in the authorization header is retrieved from the `/auth/user/emailpass/register` API route (or a provider other than `emailpass`). The user can then authenticate using the `/auth/user/emailpass` API route. - * x-authenticated: false + * x-authenticated: true * requestBody: * content: * application/json: @@ -76,6 +76,9 @@ * "500": * $ref: "#/components/responses/500_error" * x-workflow: acceptInviteWorkflow + * security: + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/generated/oas-output/operations/admin/post_admin_users_[id].ts b/www/utils/generated/oas-output/operations/admin/post_admin_users_[id].ts index bfa4b92dde..8c06c01174 100644 --- a/www/utils/generated/oas-output/operations/admin/post_admin_users_[id].ts +++ b/www/utils/generated/oas-output/operations/admin/post_admin_users_[id].ts @@ -3,7 +3,7 @@ * operationId: PostUsersId * summary: Update a User * description: Update a user's details. - * x-authenticated: false + * x-authenticated: true * parameters: * - name: id * in: path @@ -61,6 +61,9 @@ * "500": * $ref: "#/components/responses/500_error" * x-workflow: updateUsersWorkflow + * security: + * - cookie_auth: [] + * - jwt_token: [] * */ diff --git a/www/utils/packages/docs-generator/src/classes/kinds/oas.ts b/www/utils/packages/docs-generator/src/classes/kinds/oas.ts index e02a8a6f91..10db39fed3 100644 --- a/www/utils/packages/docs-generator/src/classes/kinds/oas.ts +++ b/www/utils/packages/docs-generator/src/classes/kinds/oas.ts @@ -52,6 +52,8 @@ type AuthRequests = { exact?: string startsWith?: string requiresAuthentication: boolean + allowedAuthTypes?: string[] + httpMethods?: string[] } /** @@ -99,6 +101,21 @@ class OasKindGenerator extends FunctionKindGenerator { exact: "store/orders/[id]/transfer/cancel", requiresAuthentication: true, }, + { + exact: "admin/invites/accept", + httpMethods: ["post"], + requiresAuthentication: true, + allowedAuthTypes: ["cookie_auth", "jwt_token"], + }, + { + startsWith: "admin/invites", + requiresAuthentication: true, + }, + { + startsWith: "admin/users", + requiresAuthentication: true, + allowedAuthTypes: ["cookie_auth", "jwt_token"], + }, ] readonly RESPONSE_TYPE_NAMES = ["MedusaResponse"] readonly FIELD_QUERY_PARAMS = ["fields", "expand"] @@ -275,8 +292,12 @@ class OasKindGenerator extends FunctionKindGenerator { const { oasPath, normalized: normalizedOasPath } = this.getOasPath(node) const splitOasPath = oasPath.split("/") const oasPrefix = this.getOasPrefix(methodName, normalizedOasPath) - const { isAdminAuthenticated, isStoreAuthenticated, isAuthenticated } = - this.getAuthenticationDetails(node, oasPath) + const { + isAdminAuthenticated, + isStoreAuthenticated, + isAuthenticated, + allowedAuthTypes, + } = this.getAuthenticationDetails(node, oasPath, methodName) const tagName = this.getTagName(splitOasPath) const { summary, description } = this.knowledgeBaseFactory.tryToGetOasMethodSummaryAndDescription({ @@ -370,7 +391,11 @@ class OasKindGenerator extends FunctionKindGenerator { } // add security details if applicable - oas.security = this.getSecurity({ isAdminAuthenticated, isAuthenticated }) + oas.security = this.getSecurity({ + isAdminAuthenticated, + isAuthenticated, + auth_types: allowedAuthTypes, + }) if (tagName) { oas.tags = [tagName] @@ -484,11 +509,19 @@ class OasKindGenerator extends FunctionKindGenerator { } // check if authentication details (including security) should be updated - const { isAdminAuthenticated, isStoreAuthenticated, isAuthenticated } = - this.getAuthenticationDetails(node, oasPath) + const { + isAdminAuthenticated, + isStoreAuthenticated, + isAuthenticated, + allowedAuthTypes, + } = this.getAuthenticationDetails(node, oasPath, methodName) oas["x-authenticated"] = isAuthenticated - oas.security = this.getSecurity({ isAdminAuthenticated, isAuthenticated }) + oas.security = this.getSecurity({ + isAdminAuthenticated, + isAuthenticated, + auth_types: allowedAuthTypes, + }) let parametersUpdated = false @@ -815,7 +848,8 @@ class OasKindGenerator extends FunctionKindGenerator { */ getAuthenticationDetails( node: FunctionNode, - oasPath: string + oasPath: string, + httpMethod: string ): { /** * Whether the OAS operation requires admin authentication. @@ -829,34 +863,42 @@ class OasKindGenerator extends FunctionKindGenerator { * Whether the OAS operation requires authentication in genral. */ isAuthenticated: boolean + /** + * Override the default security requirements. + */ + allowedAuthTypes?: string[] } { const isAuthenticationDisabled = node .getSourceFile() .statements.some((statement) => statement.getText().includes("AUTHENTICATE = false") ) - const hasAuthenticationOverride = - this.AUTH_REQUESTS.find((authRequest) => { - return ( - authRequest.exact === oasPath || - (authRequest.startsWith && oasPath.startsWith(authRequest.startsWith)) - ) - })?.requiresAuthentication === true + const hasAuthenticationOverride = this.AUTH_REQUESTS.find((authRequest) => { + const pathMatch = + authRequest.exact === oasPath || + (authRequest.startsWith && oasPath.startsWith(authRequest.startsWith)) + const httpMethodMatch = + !authRequest.httpMethods || authRequest.httpMethods.includes(httpMethod) + return pathMatch && httpMethodMatch + }) + const isAuthRequired = + hasAuthenticationOverride?.requiresAuthentication === true const isAdminAuthenticated = - (!isAuthenticationDisabled || hasAuthenticationOverride) && + (!isAuthenticationDisabled || isAuthRequired) && oasPath.startsWith("admin") - const isStoreAuthenticated = hasAuthenticationOverride + const isStoreAuthenticated = isAuthRequired ? oasPath.startsWith("store") : !isAuthenticationDisabled && - hasAuthenticationOverride && + isAuthRequired && oasPath.startsWith("store") const isAuthenticated = - isAdminAuthenticated || isStoreAuthenticated || hasAuthenticationOverride + isAdminAuthenticated || isStoreAuthenticated || isAuthRequired return { isAdminAuthenticated, isStoreAuthenticated, isAuthenticated, + allowedAuthTypes: hasAuthenticationOverride?.allowedAuthTypes, } } @@ -903,6 +945,7 @@ class OasKindGenerator extends FunctionKindGenerator { getSecurity({ isAdminAuthenticated, isAuthenticated, + auth_types, }: { /** * Whether the operation requires admin authentication. @@ -912,22 +955,35 @@ class OasKindGenerator extends FunctionKindGenerator { * Whether the operation requires general authentication. */ isAuthenticated: boolean + /** + * Override the default security requirements. + */ + auth_types?: string[] }): OpenAPIV3.SecurityRequirementObject[] | undefined { const security: OpenAPIV3.SecurityRequirementObject[] = [] - if (isAdminAuthenticated) { + const allowed_auth_types = + auth_types || + [ + "cookie_auth", + "jwt_token", + isAdminAuthenticated ? "api_token" : undefined, + ].filter(Boolean) + if (isAdminAuthenticated && allowed_auth_types.includes("api_token")) { security.push({ api_token: [], }) } if (isAuthenticated) { - security.push( - { + if (allowed_auth_types.includes("cookie_auth")) { + security.push({ cookie_auth: [], - }, - { + }) + } + if (allowed_auth_types.includes("jwt_token")) { + security.push({ jwt_token: [], - } - ) + }) + } } return security.length ? security : undefined