UoaWDCC · GodYazza · Aug 15, 2024 · Aug 14, 2024 · Aug 14, 2024
diff --git a/api/src/application.ts b/api/src/application.ts
@@ -30,7 +30,27 @@ export class FsaeApiApplication extends BootMixin(
 
     // Set up the custom sequence
     this.sequence(MySequence);
-
+    // Add the security scheme to the OpenAPI specification
+    this.api({
+      openapi: '3.0.0',
+      info: {title: 'MyApp', version: '1.0.0'},
+      paths: {},
+      components: {
+        securitySchemes: {
+          // Define the security scheme (e.g., JWT bearer token)
+          bearerAuth: {
+            type: 'http',
+            scheme: 'bearer',
+            bearerFormat: 'JWT',
+          },
+        },
+      },
+      security: [
+        {
+          bearerAuth: [],
+        },
+      ],
+    });
     // Set up default home page
     this.static('/', path.join(__dirname, '../public'));
 

diff --git a/api/src/auth/auth-strategies/jwt-strategy.ts b/api/src/auth/auth-strategies/jwt-strategy.ts
@@ -1,6 +1,6 @@
 import {AuthenticationStrategy} from '@loopback/authentication';
 import {UserProfile} from '@loopback/security';
-import {RedirectRoute, Request} from '@loopback/rest';
+import {HttpErrors, RedirectRoute, Request} from '@loopback/rest';
 import {inject} from '@loopback/core';
 import {JwtService} from '../../services';
 
@@ -19,18 +19,18 @@ export class FSAEJwtStrategy implements AuthenticationStrategy {
 
   private extractTokenFromRequest(request: Request): string {
     if (!request.headers.authorization) {
-      throw new Error('Authorization header not found');
+      throw new HttpErrors.Unauthorized("Authorization header not found")
     }
 
     const authHeaderValue = request.headers.authorization;
 
     if(!authHeaderValue.startsWith('Bearer')) {
-      throw new Error('Authorization header is not of type Bearer. "Bearer <<Token>>"');
+      throw new HttpErrors.Unauthorized('Authorization header is not of type Bearer. "Bearer <<Token>>"');
     }
 
     const parts = authHeaderValue.split(' '); // Splits 'Bearer <Token>'
     if (parts.length !== 2) {
-      throw new Error('Authorization header value has too many parts. It must follow the pattern: \'Bearer xx.yy.zz\' where xx.yy.zz is a valid JWT token.');
+      throw new HttpErrors.BadRequest('Authorization header value has too many parts. It must follow the pattern: \'Bearer xx.yy.zz\' where xx.yy.zz is a valid JWT token.');
     }
     const token = parts[1];
     return token;

diff --git a/api/src/services/jwt.service.ts b/api/src/services/jwt.service.ts
@@ -37,7 +37,7 @@ export class JwtService implements TokenService{
 
   verifyToken(token: string): Promise<any> {
     if (!token) {
-      throw new Error('Error verifying Token. Token cannot be null');
+      throw new HttpErrors.Unauthorized('Error verifying Token. Token cannot be null');
     }
 
     let securityUserProfile: UserProfile;

diff --git a/api/yarn.lock b/api/yarn.lock
@@ -2252,11 +2252,6 @@ fs.realpath@^1.0.0:
   resolved "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz"
   integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==
 
-fsevents@~2.3.2:
-  version "2.3.3"
-  resolved "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz"
-  integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==
-
 function-bind@^1.1.2:
   version "1.1.2"
   resolved "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz"