Replies: 2 comments 6 replies
-
|
I belive that it is exactly like the way you have done it. fn main() {
let cookey_key = "this is the generated cookie key";
struct SecurityAddon;
impl utoipa::Modify for SecurityAddon {
fn modify(&self, openapi: &mut utoipa::openapi::OpenApi) {
if let Some(components) = openapi.components.as_mut() {
components.add_security_scheme(
"sid",
SecurityScheme::ApiKey(ApiKey::Cookie(ApiKeyValue::new(cookie_key))), //<- here
);
} else {
error!("Unable to get openapi components");
}
}
}
}This will set the security scheme available for the OpenAPI but to enforce it to the API or the endpoints you need attach it either to Same |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for clarification. If you have access to the type decorated with #[derive(OpenApi)]
struct ApiDoc;
fn main() {
let mut openapi = ApiDoc::openapi();
set_up_docs(openpi, "cookiekey");
}
fn set_up_docs(openapi: &mut OpenApi, cookie_key: String) {
let components = openapi.components.get_or_insert(Components::default());
components.add_sercurity_sheme(...);
} |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, that definitely helped but the key seems to come out as blank when I do that:
I stepped through with the debugger and the value seems to be passed into |
Beta Was this translation helpful? Give feedback.
-
|
Well that's weird. 🤔 It shouldn't be like that. I tried this with the example actix-web todo api and it works well. openapi.json "securitySchemes": {
"sid": {
"type": "apiKey",
"in": "cookie",
"name": "this_is_generated_secret"
}
}And the main function as follows: #[actix_web::main]
async fn main() -> Result<(), impl Error> {
env_logger::init();
#[derive(OpenApi)]
#[openapi(
paths(
todo::get_todos,
todo::create_todo,
todo::delete_todo,
todo::get_todo_by_id,
todo::update_todo,
todo::search_todos
),
components(
schemas(todo::Todo, todo::TodoUpdateRequest, todo::ErrorResponse)
),
tags(
(name = "todo", description = "Todo management endpoints.")
),
)]
struct ApiDoc;
let cookie_value = "this_is_generated_secret";
let store = Data::new(TodoStore::default());
// Make instance variable of ApiDoc so all worker threads gets the same instance.
let mut openapi = ApiDoc::openapi();
let components = openapi.components.get_or_insert(Components::new());
components.add_security_scheme(
"sid",
SecurityScheme::ApiKey(ApiKey::Cookie(ApiKeyValue::new(cookie_value))),
);
HttpServer::new(move || {
// This factory closure is called on each worker thread independently.
App::new()
.wrap(Logger::default())
.configure(todo::configure(store.clone()))
.service(
SwaggerUi::new("/swagger-ui/{_:.*}").url("/api-doc/openapi.json", openapi.clone()),
)
})
.bind((Ipv4Addr::UNSPECIFIED, 8080))?
.run()
.await
} |
Beta Was this translation helpful? Give feedback.
-
|
I am not sure whether the Swagger UI itself is able to read a specic cookie, but it can surely set that value in a cookie. When the security requirement is being defined for the handler like so: The Swagger UI method will get the lock icon that can be used to authenticate the endpoint: |
Beta Was this translation helpful? Give feedback.
-
|
But that of course does not really authenticate the endpoint, it just sends the provided value as a cookie during the request. And then it is the user's own implementation that need to authenticate the cookie in the request. |
Beta Was this translation helpful? Give feedback.
-
I'd like to be able to set the SecurityScheme settings at runtime. My application has a session cookie with a key generated in the main method. Is there a way to set that?
Beta Was this translation helpful? Give feedback.
All reactions