(feat) generate OAuth2 Scopes and Descriptions variables

paragon · paragon · commit edc6bb178944 · 2025-06-02T22:04:12.000-04:00
diff --git a/examples/ex_oauth2/oas_security_gen.go b/examples/ex_oauth2/oas_security_gen.go
diff --git a/examples/ex_oauth2_scopes_and_or/oas_security_gen.go b/examples/ex_oauth2_scopes_and_or/oas_security_gen.go
diff --git a/gen/_template/security.tmpl b/gen/_template/security.tmpl
@@ -34,18 +34,45 @@ func findAuthorization(h http.Header, prefix string) (string, bool) {
 
 {{ range $s := $.Securities }}
 
+{{ if gt (len $s.ScopeDescriptions) 0 }}
+
+type ScopeName = string
+
+const (
+{{- range $scopeName, $scopeDescription := $s.ScopeDescriptions }}
+    ScopeName{{ stripNonAlphaNumeric $scopeName }} ScopeName = {{ quote $scopeName }}
+{{- end }}
+)
+
+{{if $s.Format.IsOAuth2Security}}
+var oauth2ScopesDescription{{ $s.Type.Name }} = map[string]string {
+{{- range $scopeName, $scopeDescription := $s.ScopeDescriptions }}
+    ScopeName{{ stripNonAlphaNumeric $scopeName }}: {{ quote $scopeDescription }},
+{{- end }}
+}
+{{- end }}
+
+{{- end }}
+
 {{if $s.Format.IsOAuth2Security}}
 var oauth2Scopes{{ $s.Type.Name }} = map[string][]string {
-{{- else}}
+{{- range $operationName, $scopes := $s.OperationScopes }}
+    {{ $operationName }}Operation: []string{
+    {{- range $scopeName := $scopes }}
+        ScopeName{{ stripNonAlphaNumeric $scopeName }},
+    {{- end }}
+},
+{{- end }}
+{{- else }}
 var operationRoles{{ $s.Type.Name }} = map[string][]string {
-{{- end}}
-{{- range $operationName, $scopes := $s.Scopes }}
+{{- range $operationName, $scopes := $s.OperationScopes }}
 	{{ $operationName }}Operation: []string{
-		{{- range $scope := $scopes }}
-			{{ quote $scope }},
-		{{- end}}
+		{{- range $scopeName := $scopes }}
+			{{ quote $scopeName }},
+		{{- end }}
 	},
 {{- end }}
+{{- end }}
 }
 
 func (s *Server) security{{ $s.Type.Name }}(ctx context.Context, operationName OperationName, req *http.Request) (context.Context, bool, error) {
diff --git a/gen/gen_security.go b/gen/gen_security.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/go-faster/errors"
+	"golang.org/x/exp/maps"
 
 	"github.com/ogen-go/ogen/gen/ir"
 	"github.com/ogen-go/ogen/internal/bitset"
@@ -22,7 +23,7 @@ func (g *Generator) generateSecurityAPIKey(
 	}
 	s.Format = ir.APIKeySecurityFormat
 	s.ParameterName = security.Name
-	s.Scopes = map[string][]string{
+	s.OperationScopes = map[string][]string{
 		operationName: spec.Scopes,
 	}
 
@@ -58,10 +59,23 @@ func (g *Generator) generateSecurityOauth2(
 ) *ir.Security {
 	s.Format = ir.Oauth2SecurityFormat
 	s.Kind = ir.HeaderSecurity
-	s.Scopes = map[string][]string{
+	s.OperationScopes = map[string][]string{
 		operationName: spec.Scopes,
 	}
 
+	if spec.Security.Flows.AuthorizationCode != nil {
+		maps.Copy(s.ScopeDescriptions, spec.Security.Flows.AuthorizationCode.Scopes)
+	}
+	if spec.Security.Flows.ClientCredentials != nil {
+		maps.Copy(s.ScopeDescriptions, spec.Security.Flows.ClientCredentials.Scopes)
+	}
+	if spec.Security.Flows.Implicit != nil {
+		maps.Copy(s.ScopeDescriptions, spec.Security.Flows.Implicit.Scopes)
+	}
+	if spec.Security.Flows.Password != nil {
+		maps.Copy(s.ScopeDescriptions, spec.Security.Flows.Password.Scopes)
+	}
+
 	s.Type.Fields = append(s.Type.Fields,
 		&ir.Field{
 			Name: "Token",
@@ -82,7 +96,7 @@ func (g *Generator) generateSecurityHTTP(
 ) (*ir.Security, error) {
 	security := spec.Security
 	s.Kind = ir.HeaderSecurity
-	s.Scopes = map[string][]string{
+	s.OperationScopes = map[string][]string{
 		operationName: spec.Scopes,
 	}
 
@@ -119,9 +133,13 @@ func (g *Generator) generateSecurityHTTP(
 	return s, nil
 }
 
-func (g *Generator) generateSecurity(ctx *genctx, operationName string, spec openapi.SecurityScheme) (r *ir.Security, rErr error) {
+func (g *Generator) generateSecurity(
+	ctx *genctx,
+	operationName string,
+	spec openapi.SecurityScheme,
+) (r *ir.Security, rErr error) {
 	if sec, ok := g.securities[spec.Name]; ok {
-		sec.Scopes[operationName] = append(sec.Scopes[operationName], spec.Scopes...)
+		sec.OperationScopes[operationName] = append(sec.OperationScopes[operationName], spec.Scopes...)
 		return sec, nil
 	}
 	security := spec.Security
@@ -136,14 +154,15 @@ func (g *Generator) generateSecurity(ctx *genctx, operationName string, spec ope
 		Name: typeName,
 	}
 	s := &ir.Security{
-		Type:        t,
-		Description: security.Description,
+		Type:              t,
+		Description:       security.Description,
+		ScopeDescriptions: map[string]string{},
 	}
 
 	// Do not create a type for custom security.
 	if security.XOgenCustomSecurity {
 		s.Format = ir.CustomSecurityFormat
-		s.Scopes = map[string][]string{
+		s.OperationScopes = map[string][]string{
 			operationName: spec.Scopes,
 		}
 		return s, nil
diff --git a/gen/gen_security_test.go b/gen/gen_security_test.go
@@ -89,28 +89,28 @@ func TestGenerateSecurities(t *testing.T) {
 		{
 			Kind:   ir.HeaderSecurity,
 			Format: ir.Oauth2SecurityFormat,
-			Scopes: map[string][]string{
+			OperationScopes: map[string][]string{
 				"testOp": {"scope1", "scope2", "scope3"},
 			},
 		},
 		{
 			Kind:   ir.QuerySecurity,
 			Format: ir.APIKeySecurityFormat,
-			Scopes: map[string][]string{
+			OperationScopes: map[string][]string{
 				"testOp": {"scope4"},
 			},
 		},
 		{
 			Kind:   ir.HeaderSecurity,
 			Format: ir.BasicHTTPSecurityFormat,
-			Scopes: map[string][]string{
+			OperationScopes: map[string][]string{
 				"testOp": {"scope5"},
 			},
 		},
 		{
 			Kind:   ir.HeaderSecurity,
 			Format: ir.BearerSecurityFormat,
-			Scopes: map[string][]string{
+			OperationScopes: map[string][]string{
 				"testOp": {"scope6"},
 			},
 		},
@@ -130,7 +130,7 @@ func TestGenerateSecurities(t *testing.T) {
 
 		require.Equal(t, wantSec.Kind, sec.Kind)
 		require.Equal(t, wantSec.Format, sec.Format)
-		require.Contains(t, sec.Scopes, "testOp")
-		require.Equal(t, wantSec.Scopes["testOp"], sec.Scopes["testOp"])
+		require.Contains(t, sec.OperationScopes, "testOp")
+		require.Equal(t, wantSec.OperationScopes["testOp"], sec.OperationScopes["testOp"])
 	}
 }
diff --git a/gen/ir/security.go b/gen/ir/security.go
@@ -93,12 +93,13 @@ func (s SecurityFormat) IsCustomSecurity() bool {
 }
 
 type Security struct {
-	Kind          SecurityKind
-	Format        SecurityFormat
-	ParameterName string
-	Description   string
-	Type          *Type
-	Scopes        map[string][]string
+	Kind            SecurityKind
+	Format          SecurityFormat
+	ParameterName   string
+	Description     string
+	Type              *Type
+	ScopeDescriptions map[string]string
+	OperationScopes   map[string][]string
 }
 
 func (s *Security) GoDoc() []string {
diff --git a/gen/templates.go b/gen/templates.go
@@ -3,12 +3,15 @@ package gen
 import (
 	"embed"
 	"fmt"
+	"regexp"
 	"strconv"
 	"strings"
 	"sync"
 	"text/template"
 
 	"github.com/go-faster/errors"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
 
 	"github.com/ogen-go/ogen/gen/ir"
 	"github.com/ogen-go/ogen/internal/naming"
@@ -208,6 +211,12 @@ func templateFunctions() template.FuncMap {
 		},
 		"isObjectParam":     isObjectParam,
 		"paramObjectFields": paramObjectFields,
+		"stripNonAlphaNumeric": func(s string) string {
+			// Remove all non-alphabetical characters.
+			// This is used to generate valid Go identifiers.
+			reg := regexp.MustCompile("[^a-zA-Z0-9][a-zA-Z]+")
+			return cases.Title(language.English, cases.NoLower).String(reg.ReplaceAllString(s, ""))
+		},
 	}
 }
 
