Issues#771 - Adds the security definition of the apiKey type (bearer authorization) to the swagger middleware in a customized way (#772)

* issue#771
2024-11-15 07:45:54 +01:00 · 2024-09-03 08:49:28 -03:00 · 2024-09-03 08:49:28 -03:00 · 3ae1a2a766
commit 3ae1a2a766
parent febdf40863
1 changed files with 17 additions and 10 deletions
--- a/sources/MVCFramework.Middleware.Swagger.pas
+++ b/sources/MVCFramework.Middleware.Swagger.pas
@ -48,6 +48,7 @@ type
    fSwagDocURL: string;
    fJWTDescription: string;
    fEnableBasicAuthentication: Boolean;
+    fEnableBearerAuthentication: Boolean;
    fHost: string;
    fBasePath: string;
    fPathFilter: string;
@ -68,7 +69,8 @@ type
      const AHost: string = '';
      const ABasePath: string = '';
      const APathFilter: String = '';
-      const ATransferProtocolSchemes: TMVCTransferProtocolSchemes = [psHTTP, psHTTPS]);
+      const ATransferProtocolSchemes: TMVCTransferProtocolSchemes = [psHTTP, psHTTPS];
+      const AEnableBearerAuthentication: Boolean = False);
    destructor Destroy; override;
    procedure OnBeforeRouting(AContext: TWebContext; var AHandled: Boolean);
    procedure OnBeforeControllerAction(AContext: TWebContext; const AControllerQualifiedClassName: string;
@ -105,7 +107,7 @@ constructor TMVCSwaggerMiddleware.Create(const AEngine: TMVCEngine; const ASwagg
  const ASwaggerDocumentationURL, AJWTDescription: string; const AEnableBasicAuthentication: Boolean;
  const AHost, ABasePath: string;
  const APathFilter: String;
-  const ATransferProtocolSchemes: TMVCTransferProtocolSchemes);
+  const ATransferProtocolSchemes: TMVCTransferProtocolSchemes; const AEnableBearerAuthentication: Boolean);
 begin
  inherited Create;
  fSwagDocURL := ASwaggerDocumentationURL;
@ -113,6 +115,7 @@ begin
  fSwaggerInfo := ASwaggerInfo;
  fJWTDescription := AJWTDescription;
  fEnableBasicAuthentication := AEnableBasicAuthentication;
+  fEnableBearerAuthentication := AEnableBearerAuthentication;
  fHost := AHost;
  fBasePath := ABasePath;
  fPathFilter := APathFilter;
@ -361,19 +364,23 @@ begin
        // Path operation Middleware JWT
        ASwagDoc.Paths.Add(TMVCSwagger.GetJWTAuthenticationPath(lJwtUrlSegment,
          lJWTMiddleware.UserNameHeaderName, lJWTMiddleware.PasswordHeaderName));
-
-        // Methods that have the MVCRequiresAuthentication attribute use bearer authentication.
-        lSecurityDefsBearer := TSwagSecurityDefinitionApiKey.Create;
-        lSecurityDefsBearer.SchemeName := SECURITY_BEARER_NAME;
-        lSecurityDefsBearer.InLocation := kilHeader;
-        lSecurityDefsBearer.Name := 'Authorization';
-        lSecurityDefsBearer.Description := fJWTDescription;
-        ASwagDoc.SecurityDefinitions.Add(lSecurityDefsBearer);
      end;
    finally
      lRttiContext.Free;
    end;
  end;
+
+  // Methods that have the MVCRequiresAuthentication attribute use bearer authentication.
+  if fEnableBearerAuthentication or
+   (Assigned(lJWTMiddleware) and Assigned(lJwtUrlField)) then
+  begin
+    lSecurityDefsBearer := TSwagSecurityDefinitionApiKey.Create;
+    lSecurityDefsBearer.SchemeName := SECURITY_BEARER_NAME;
+    lSecurityDefsBearer.InLocation := kilHeader;
+    lSecurityDefsBearer.Name := 'Authorization';
+    lSecurityDefsBearer.Description := fJWTDescription;
+    ASwagDoc.SecurityDefinitions.Add(lSecurityDefsBearer);
+  end;
 end;

 procedure TMVCSwaggerMiddleware.DocumentApiSettings(AContext: TWebContext; ASwagDoc: TSwagDoc);