Merge branch 'master' of https://github.com/thiagobustamante/typescript-rest-swagger

Author: Thiago Bustamante

README.MD

@@ -147,7 +147,9 @@ class PeopleService {
 
 #### @Security
 
-Add a security constraint to method generated docs, refering the security name from securityDefinitions
+Add a security constraint to method generated docs, referencing the security name from securityDefinitions.
+`@Security` can be used at the controller and method level; if defined on both, method security overwrites controller security.
+Multiple security schemes may be specified to require all of them.
 
 ```typescript
 @Path('people')

src/metadata/controllerGenerator.ts

@@ -84,15 +84,10 @@ export class ControllerGenerator {
 
         const securityDecorators = getDecorators(this.node, decorator => decorator.text === 'Security');
         if (!securityDecorators || !securityDecorators.length) { return undefined; }
-        if (securityDecorators.length > 1) {
-            throw new Error(`Only one Security decorator allowed in '${this.node.name.text}' controller.`);
-        }
-
-        const d = securityDecorators[0];
 
-        return {
+        return securityDecorators.map(d => ({
             name: d.arguments[0],
             scopes: d.arguments[1] ? (d.arguments[1] as any).elements.map((e: any) => e.text) : undefined
-        };
+        }));
     }
 }

src/metadata/metadataGenerator.ts

@@ -94,7 +94,7 @@ export interface Controller {
     consumes: string[];
     produces: string[];
     tags: string[];
-    security?: Security;
+    security?: Security[];
 }
 
 export interface Method {
@@ -107,7 +107,7 @@ export interface Method {
     type: Type;
     tags: string[];
     responses: ResponseType[];
-    security?: Security;
+    security?: Security[];
     summary?: string;
     consumes: string[];
     produces: string[];

src/metadata/methodGenerator.ts

@@ -219,16 +219,11 @@ export class MethodGenerator {
     private getMethodSecurity() {
         const securityDecorators = getDecorators(this.node, decorator => decorator.text === 'Security');
         if (!securityDecorators || !securityDecorators.length) { return undefined; }
-        if (securityDecorators.length > 1) {
-            throw new Error(`Only one Security decorator allowed in '${this.getCurrentLocation}' method.`);
-        }
-
-        const d = securityDecorators[0];
 
-        return {
+        return securityDecorators.map(d => ({
             name: d.arguments[0],
             scopes: d.arguments[1] ? (d.arguments[1] as any).elements.map((e: any) => e.text) : undefined
-        };
+        }));
     }
 
     private getInitializerValue(initializer: any) {

src/metadata/resolveType.ts

@@ -291,7 +291,7 @@ function getAnyTypeName(typeNode: ts.TypeNode): string {
 
     if (typeNode.kind === ts.SyntaxKind.ArrayType) {
         const arrayType = typeNode as ts.ArrayTypeNode;
-        return getAnyTypeName(arrayType.elementType) + '[]';
+        return getAnyTypeName(arrayType.elementType) + 'Array';
     }
 
     if ((typeNode.kind === ts.SyntaxKind.UnionType) || (typeNode.kind === ts.SyntaxKind.AnyKeyword)) {

src/swagger/generator.ts

@@ -115,13 +115,14 @@ export class SpecGenerator {
     private buildPathMethod(controllerName: string, method: Method, pathObject: any) {
         const pathMethod: any = pathObject[method.method] = this.buildOperation(controllerName, method);
         pathMethod.description = method.description;
+        pathMethod.summary = method.summary;
 
         if (method.deprecated) { pathMethod.deprecated = method.deprecated; }
         if (method.tags.length) { pathMethod.tags = method.tags; }
         if (method.security) {
-            const security: any = {};
-            security[method.security.name] = method.security.scopes ? method.security.scopes : [];
-            pathMethod.security = [security];
+            pathMethod.security = method.security.map(s => ({
+                [s.name]: s.scopes || []
+            }));
         }
         this.handleMethodConsumes(method, pathMethod);
 

test/data/apis.ts

@@ -259,6 +259,10 @@ export class TypeEndpoint {
     }
 }
 
+export interface ResponseBody<T> {
+    data: T;
+}
+
 export class PrimitiveClassModel {
     /**
      * An integer
@@ -319,6 +323,12 @@ export class PrimitiveEndpoint {
     getById(@PathParam('id') @swagger.IsLong id: number) {
         // ...
     }
+
+    @Path('/array')
+    @GET
+    getArray(): ResponseBody<string[]> {
+        return { data: ['hello', 'world'] };
+    }
 }
 
 @Path('parameterized/:objectId')
@@ -350,3 +360,28 @@ export class AbstractEntityEndpoint {
         return new NamedEntity();
     }
 }
+
+@Path('secure')
+@swagger.Security('access_token')
+export class SecureEndpoint {
+    @GET
+    get(): string {
+        return 'Access Granted';
+    }
+
+    @POST
+    @swagger.Security('user_email')
+    post(): string {
+        return 'Posted';
+    }
+}
+
+@Path('supersecure')
+@swagger.Security('access_token')
+@swagger.Security('user_email')
+export class SuperSecureEndpoint {
+    @GET
+    get(): string {
+        return 'Access Granted';
+    }
+}

test/data/swagger.json

@@ -14,6 +14,16 @@
                 "type": "apiKey",
                 "name": "access_token",
                 "in": "query"
+            },
+            "access_token": {
+                "type": "apiKey",
+                "name": "authorization",
+                "in": "header"
+            },
+            "user_email": {
+                "type": "apiKey",
+                "name": "x-user-email",
+                "in": "header"
             }
         },
         "spec": {

test/unit/definitions.spec.ts

@@ -283,6 +283,14 @@ describe('Definition generation', () => {
       expression = jsonata('paths."/primitives/{id}".get.parameters[0].format');
       expect(expression.evaluate(spec)).to.eq('int64');
     });
+
+    it('should generate array type names as type + Array', () => {
+      let expression = jsonata('definitions.ResponseBodystringArray');
+      // tslint:disable-next-line:no-unused-expression
+      expect(expression.evaluate(spec)).to.not.be.undefined;
+      expression = jsonata('paths."/primitives/array".get.responses."200".schema."$ref"');
+      expect(expression.evaluate(spec)).to.equal('#/definitions/ResponseBodystringArray');
+    });
   });
 
   describe('ParameterizedEndpoint', () => {
@@ -303,4 +311,23 @@ describe('Definition generation', () => {
       expect(expression.evaluate(spec)).to.eq('A numeric identifier');
     });
   });
+
+  describe('SecureEndpoint', () => {
+    it('should apply controller security to request', () => {
+      const expression = jsonata('paths."/secure".get.security');
+      expect(expression.evaluate(spec)).to.deep.equal([ { 'access_token': [] } ]);
+    });
+
+    it('method security should override controller security', () => {
+      const expression = jsonata('paths."/secure".post.security');
+      expect(expression.evaluate(spec)).to.deep.equal([ { 'user_email': [] } ]);
+    });
+  });
+
+  describe('SuperSecureEndpoint', () => {
+    it('should apply two controller securities to request', () => {
+      const expression = jsonata('paths."/supersecure".get.security');
+      expect(expression.evaluate(spec)).to.deep.equal([ { 'access_token': [] }, { 'user_email': [] } ]);
+    });
+  });
 });