8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
# File 'lib/oas_request/security.rb', line 8
def self.parse_security(oas_security_schemes, security_requirements, security_options)
= {}
queries = {}
if oas_security_schemes
security_requirements.each do |key, value|
security_scheme = oas_security_schemes.fetch(key, nil)
unless security_scheme
raise "Security scheme #{key} not defined in spec."
end
secret = security_options[:secret]
jwt = security_options[:jwt]
case security_scheme["type"]
when "http"
unless .include?(:authorization)
[:authorization] = []
end
case security_scheme['scheme']
when 'bearer'
case security_scheme['bearerFormat']
when 'JWT'
payload = {}
if jwt
exp = jwt[:exp]
if exp
raise "exp must be a number." unless self.is_number?(exp)
payload[:exp] = Time.now.to_i + (exp.to_i * 60)
end
end
[:authorization].push("Bearer #{JWT.encode(payload, secret)}")
else
[:authorization].push("Bearer #{secret}")
end
else
raise "#{security_scheme["scheme"]} scheme type not implemented."
end
when "apiKey"
case security_scheme["in"]
when "header"
unless .include?(security_scheme["name"])
[security_scheme["name"]] = []
end
[security_scheme["name"]].push(secret)
when "query"
unless queries.include?(security_scheme["name"])
queries[security_scheme["name"]] = []
end
queries[security_scheme["name"]].push(secret)
else
raise "#{security_scheme["in"]} type not implemented."
end
else
raise "#{security_scheme["type"]} type not implemented."
end
end
end
[, queries]
end
|