Fork me on GitHub
#ring-swagger
<
2017-01-17
>
d5p10:01:00

hmm, what would be the easiest way to wrap the swagger-ui route in basic-auth middleware , but leave all my defined api routes alone

ikitommi10:01:09

@d5p you should remove the :swagger options from api and use swagger-routes instead. Does the same, but as it’s a separate ring handler, you can wrap anything around it. See https://github.com/metosin/compojure-api/wiki/Swagger-integration#swagger-routes

d5p11:01:52

ahh awesome thanks

d5p11:01:46

from https://github.com/metosin/compojure-api/wiki/Building-Documented-Apis#api-with-custom-options , am i reading it correctly that i could define a custom coercer in :coercion at the api level and all my resources would inherit?

ikitommi11:01:24

yes. the coercion is injected into request at runtime as thus available to all child routes. can be set to contexts too. Here are the tests: https://github.com/metosin/compojure-api/blob/master/test/compojure/api/coercion_test.clj

ikitommi11:01:44

1.2 will have a breaking change with the coercion, might be a cause to bump to version to 2.0. see https://github.com/metosin/compojure-api/pull/267

d5p11:01:43

ah great thanks,

d5p11:01:37

cool will be review , had only just noticed :coercion option at the higher level as had defined it individually on all my resources

d5p11:01:45

ah yeh that new coercion approach looks good

abarylko18:01:18

I'm using different roles to enable some of the APIs endpoints, any recommendations in how to document that?

ikitommi18:01:40

good question, there are many ways to do that. Swagger has nice authorization system built-in, tutorial on that in https://apihandyman.io/writing-openapi-swagger-specification-tutorial-part-6-defining-security/. So, you could write the swagger spec for those by hand. Or have multiple apis with separate swagger docs. Or just use tags. Or you could PR in something that writes the swagger-spec from buddy etc 😉

ikitommi18:01:02

we have used mainly custom handlers like :roles & :privileges. Some use buddy, some fully custom. Those could emit swagger-auth info too...

abarylko20:01:45

Once again @ikitommi thanks a lot!

d5p20:01:52

@ikitommi perhaps you can point at what i’m doing wrong , in trying to apply basic auth just to my swagger routes but leave the rest alone, i’m doing this:

d5p20:01:01

(defn apiroutes [{{db-spec :db-spec} :db}]
  (api {:coercion (constantly (assoc mw/default-coercion-matchers :body default-coercer))}

    (middleware [[wrap-basic-authentication authenticated?]]
      (swagger-routes {:ui "/api-docs"
                       :spec "/swagger.json"}))

    (context "/blah/" [] (blah-resource db-spec))))

d5p20:01:21

but the middleware wrap-basic-authentication is being applied to all routes not just swagger

d5p21:01:29

aah fixed it as such by putting my (middleware (swagger-routes) below all my other routes