Use swagger's security section to specify auth (#1363)

wireapp · Feb 15, 2021 · 15f2b0c · 15f2b0c
1 parent fc9ef59
commit 15f2b0c
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 7 deletions.
diff --git a/services/brig/brig.cabal b/services/brig/brig.cabal
@@ -4,7 +4,7 @@ cabal-version: 1.12
 --
 -- see: https://github.com/sol/hpack
 --
--- hash: 43ab5a599f01fc9e162b243ef44c8aa65981e8add3904a82c9fe3d722d17f0ba
+-- hash: de21f2962373c76053047fe9f30bdc6a7dbcec8cf02f3649472597650839075c
 
 name:           brig
 version:        1.35.0
@@ -163,6 +163,7 @@ library
     , http-client-openssl >=0.2
     , http-types >=0.8
     , imports
+    , insert-ordered-containers
     , iproute >=1.5
     , iso639 >=0.1
     , lens >=3.8

diff --git a/services/brig/package.yaml b/services/brig/package.yaml
@@ -64,6 +64,7 @@ library:
   - HaskellNet-SSL >=0.3
   - HsOpenSSL >=0.10
   - HsOpenSSL-x509-system >=0.1
+  - insert-ordered-containers
   - iproute >=1.5
   - lens >=3.8
   - lens-aeson >=1.0

diff --git a/services/brig/src/Brig/API/Public.hs b/services/brig/src/Brig/API/Public.hs
@@ -55,23 +55,37 @@ import qualified Brig.User.Auth.Cookie as Auth
 import Brig.User.Email
 import Brig.User.Phone
 import Control.Error hiding (bool)
-import Control.Lens (view, (.~), (?~), (^.))
+import Control.Lens (view, (.~), (<>~), (?~), (^.))
 import Control.Monad.Catch (throwM)
 import Data.Aeson hiding (json)
 import Data.ByteString.Conversion
 import qualified Data.ByteString.Lazy as Lazy
 import Data.CommaSeparatedList (CommaSeparatedList (fromCommaSeparatedList))
 import Data.Domain
 import Data.Handle (Handle, parseHandle)
+import qualified Data.HashMap.Strict.InsOrd as InsOrdHashMap
 import Data.Id as Id
 import Data.IdMapping (MappedOrLocalId (Local))
 import qualified Data.Map.Strict as Map
 import Data.Misc (IpAddr (..))
 import Data.Qualified (Qualified (..), partitionRemoteOrLocalIds)
 import Data.Range
-import Data.Swagger (HasInfo (info), HasTitle (title), Swagger, ToSchema (..), description)
+import Data.Swagger
+  ( ApiKeyLocation (..),
+    ApiKeyParams (..),
+    HasInfo (info),
+    HasSchema (..),
+    HasSecurity (security),
+    HasSecurityDefinitions (securityDefinitions),
+    HasTitle (title),
+    SecurityRequirement (..),
+    SecurityScheme (..),
+    SecuritySchemeType (SecuritySchemeApiKey),
+    Swagger,
+    ToSchema (..),
+    description,
+  )
 import qualified Data.Swagger.Build.Api as Doc
-import Data.Swagger.Lens (HasSchema (..))
 import qualified Data.Text as Text
 import qualified Data.Text.Ascii as Ascii
 import Data.Text.Encoding (decodeLatin1)
@@ -118,10 +132,17 @@ data ZAuthServant
 
 type InternalAuth = Header' '[Servant.Required, Servant.Strict] "Z-User" UserId
 
-type OutsideWorldAuth = Header' [Servant.Required, Servant.Strict, Description "Bearer: token"] "Authorization" String
-
 instance HasSwagger api => HasSwagger (ZAuthServant :> api) where
-  toSwagger _ = toSwagger (Proxy @(OutsideWorldAuth :> api))
+  toSwagger _ =
+    toSwagger (Proxy @api)
+      & securityDefinitions <>~ InsOrdHashMap.singleton "ZAuth" secScheme
+      & security <>~ [SecurityRequirement $ InsOrdHashMap.singleton "ZAuth" []]
+    where
+      secScheme =
+        SecurityScheme
+          { _securitySchemeType = SecuritySchemeApiKey (ApiKeyParams "Authorization" ApiKeyHeader),
+            _securitySchemeDescription = Just "Must be a token retrieved by calling 'POST /login' or 'POST /access'. It must be presented in this format: 'Bearer \\<token\\>'."
+          }
 
 instance
   ( HasContextEntry (ctx .++ DefaultErrorFormatters) ErrorFormatters,