From 751958f4be4d0f23d73809caed0ea6e35b479fe5 Mon Sep 17 00:00:00 2001 From: Jomarquez21 Date: Tue, 11 Sep 2018 15:00:37 -0500 Subject: [PATCH 1/3] optimization in the validation if the operation needs to be safe --- lib/codegen.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/codegen.js b/lib/codegen.js index 54dbe7ef..298fa92b 100644 --- a/lib/codegen.js +++ b/lib/codegen.js @@ -65,15 +65,15 @@ var getViewForSwagger2 = function(opts, type){ } var secureTypes = []; if(swagger.securityDefinitions !== undefined || op.security !== undefined) { - var mergedSecurity = _.merge([], swagger.security, op.security).map(function(security){ - return Object.keys(security); + var mergedSecurity = _.merge([], swagger.security, op.security).map(function(security) { + return Object.keys(security); }); - if(swagger.securityDefinitions) { - for(var sk in swagger.securityDefinitions) { - if(mergedSecurity.join(',').indexOf(sk) !== -1){ - secureTypes.push(swagger.securityDefinitions[sk].type); + if(swagger.securityDefinitions) { + for(var sk in swagger.securityDefinitions) { + if(mergedSecurity.join(',').indexOf(sk) !== -1) { + secureTypes.push(swagger.securityDefinitions[sk].type); + } } - } } } var methodName = (op.operationId ? normalizeName(op.operationId) : getPathToMethodName(opts, m, path)); @@ -100,7 +100,7 @@ var getViewForSwagger2 = function(opts, type){ isPOST: M === 'POST', summary: op.description || op.summary, externalDocs: op.externalDocs, - isSecure: swagger.security !== undefined || op.security !== undefined, + isSecure: swagger.security !== undefined || secureTypes.length > 0, isSecureToken: secureTypes.indexOf('oauth2') !== -1, isSecureApiKey: secureTypes.indexOf('apiKey') !== -1, isSecureBasic: secureTypes.indexOf('basic') !== -1, From 7e449bf7b284e3266c2c795d8fd5c9b43f325b56 Mon Sep 17 00:00:00 2001 From: Jomarquez21 Date: Tue, 11 Sep 2018 17:00:02 -0500 Subject: [PATCH 2/3] adding function to evaluate both keyword security --- lib/codegen.js | 42 +++++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/lib/codegen.js b/lib/codegen.js index 298fa92b..f875a153 100644 --- a/lib/codegen.js +++ b/lib/codegen.js @@ -30,6 +30,23 @@ var getPathToMethodName = function(opts, m, path){ return m.toLowerCase() + result[0].toUpperCase() + result.substring(1); }; +var validateSecurity = function(securityDefinitions, security) { + var secureTypes = [] + if (securityDefinitions !== undefined && security !== undefined) { + var mergedSecurity = _.merge([], security).map(function(securityOptions) { + return Object.keys(securityOptions); + }); + if(securityDefinitions) { + for(var sk in securityDefinitions) { + if(mergedSecurity.join(',').indexOf(sk) !== -1) { + secureTypes = secureTypes.concat(securityDefinitions[sk].type); + } + } + } + } + return secureTypes; +}; + var getViewForSwagger2 = function(opts, type){ var swagger = opts.swagger; var methods = []; @@ -47,6 +64,8 @@ var getViewForSwagger2 = function(opts, type){ definitions: [] }; + var secureTypesGlobal = validateSecurity(swagger.securityDefinitions, swagger.security); + _.forEach(swagger.paths, function(api, path){ var globalParams = []; /** @@ -63,19 +82,8 @@ var getViewForSwagger2 = function(opts, type){ if(M === '' || authorizedMethods.indexOf(M) === -1) { return; } - var secureTypes = []; - if(swagger.securityDefinitions !== undefined || op.security !== undefined) { - var mergedSecurity = _.merge([], swagger.security, op.security).map(function(security) { - return Object.keys(security); - }); - if(swagger.securityDefinitions) { - for(var sk in swagger.securityDefinitions) { - if(mergedSecurity.join(',').indexOf(sk) !== -1) { - secureTypes.push(swagger.securityDefinitions[sk].type); - } - } - } - } + var secureTypes = secureTypesGlobal.length > 0 ? secureTypesGlobal : validateSecurity(swagger.securityDefinitions, op.security); + var methodName = (op.operationId ? normalizeName(op.operationId) : getPathToMethodName(opts, m, path)); // Make sure the method name is unique if(methods.indexOf(methodName) !== -1) { @@ -100,10 +108,10 @@ var getViewForSwagger2 = function(opts, type){ isPOST: M === 'POST', summary: op.description || op.summary, externalDocs: op.externalDocs, - isSecure: swagger.security !== undefined || secureTypes.length > 0, - isSecureToken: secureTypes.indexOf('oauth2') !== -1, - isSecureApiKey: secureTypes.indexOf('apiKey') !== -1, - isSecureBasic: secureTypes.indexOf('basic') !== -1, + isSecure: secureTypes.length > 0, + isSecureToken: secureTypes.indexOf('oauth2') !== -1, + isSecureApiKey: secureTypes.indexOf('apiKey') !== -1, + isSecureBasic: secureTypes.indexOf('basic') !== -1, parameters: [], headers: [] }; From 9b6229d6c9d0a8b32915480b9b1b8363169cb119 Mon Sep 17 00:00:00 2001 From: Jomarquez21 Date: Tue, 11 Sep 2018 18:33:52 -0500 Subject: [PATCH 3/3] add semicolon --- lib/codegen.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/codegen.js b/lib/codegen.js index f875a153..9d844499 100644 --- a/lib/codegen.js +++ b/lib/codegen.js @@ -31,7 +31,7 @@ var getPathToMethodName = function(opts, m, path){ }; var validateSecurity = function(securityDefinitions, security) { - var secureTypes = [] + var secureTypes = []; if (securityDefinitions !== undefined && security !== undefined) { var mergedSecurity = _.merge([], security).map(function(securityOptions) { return Object.keys(securityOptions);