1.1.0 • Published 1 year ago

openapi-security-retriever v1.1.0

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

OpenAPI Security Retriever

Typescript package to retrieve security mechanism informations from an operation in compliance with an OpenApi specification. For 3.1.x and 3.0.x OpenAPI versions.

Installation

npm install openapi-security-retriever

or

yarn add openapi-security-retriever

Usage

import securityRetriever from 'openapi-security-retriever'
import schemaRetriever from 'openapi-schema-retriever'

let schema

const main = async () => {

    /* First, by schemaRetriever, get, check and parse the openapi specification that can be an object or an file path string.
     * If the specification input is a file path string, a second argument standing for the current working directory is mandatory.
     * We recommend to use '__dirname' as second argument.
     * The file must be either a json, a yaml or a yml file. 
     * specBuilder returns an object in accordance with OpenAPI scpecification.
    */
    const schema = await schemaRetriever('./openapi.yaml', __dirname)

    /*
     * securityRetriever takes 3 mandatory arguments: an OpenAPI specification object, a string as a schema path, and a string as a http request method.
    */
    const security = securityRetriever(schema, '/products', 'get')

    console.log(security) // => { secured: true, optional: false, securities: [ JwtOauth: { type: 'http', scheme: 'bearer', scopes: ['admin'] } ] } | null 
                          // 'null' if operation is not found in the OpenAPI specification
}

main()

Output structure

The output of the module, once called, is an object whose the structure is:

{
    secured: boolean, // indicates whether the operation requires authentication
    optional: boolean, // indicates whether authentication is optional or mandatory
    securities: [Object] // gives list of security mechanisms
}

The above-mentioned Object is structured as follows:

{
    {name}: {
                type: 'apiKey',
                name: string,
                in: string,
                scopes: [string]
            } | {
                type: 'http',
                scheme: string,
                bearerFormat?: string,
                scopes: [string]
            } | {
                type: 'oauth2',
                flows: {
                        implicit: {
                                    authorizationUrl: string,
                                    refreshUrl?: string,
                                    scopes: [string]
                                  },
                        password: {
                                    tokenUrl: string,
                                    refreshUrl?: string,
                                    scopes: [string]
                                  },
                        clientCredentials: {
                                    tokenUrl: string,
                                    refreshUrl?: string,
                                    scopes: [string]
                                  },
                        authorizationCode: {
                                    authorizationUrl: string,
                                    tokenUrl: string,
                                    refreshUrl?: string,
                                    scopes: [string]
                                  }
                       },
                scopes: [string]
            } | {
                type: 'openIdConnect',
                openIdConnectUrl: securityScheme.openIdConnectUrl,
                scopes: [string]
            }
}

License

This package is licensed under the MIT License.

Contact

If you have any questions or issues, please contact the package maintainer at ekoulemaneng@gmail.com.

openapi 3.xtypescripttoolkitsecurity
@everything-registry/sub-chunk-2382
1.1.0

1 year ago

1.0.0

1 year ago