Merge pull request #117 from joolfe/develop

Add security at operation level
joolfe · Jun 5, 2021 · 7a7b210 · 7a7b210
2 parents 8593e26 + b2ced51
commit 7a7b210
Show file tree

Hide file tree

Showing 11 changed files with 528 additions and 115 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,20 @@
+## [1.12.0](https://github.com/joolfe/postman-to-openapi/compare/1.11.0...1.12.0) (2021-06-05)
+
+
+### Features
+
+* support for auth method at operation/request level Close [#40](https://github.com/joolfe/postman-to-openapi/issues/40) ([a8c4d17](https://github.com/joolfe/postman-to-openapi/commit/a8c4d176c8596cac3769cd0ac4eb7edaf74351d9))
+
+
+### Build System
+
+* update deps ([fb52ed4](https://github.com/joolfe/postman-to-openapi/commit/fb52ed48b13df29441873281a5319ad7f0a894e5))
+
+
+### Documentation
+
+* add codeql badget ([4e315f4](https://github.com/joolfe/postman-to-openapi/commit/4e315f43ef0bc740080d89c364dfbd7e980c3133))
+
 ## [1.11.0](https://github.com/joolfe/postman-to-openapi/compare/1.10.0...1.11.0) (2021-05-31)
 
 

diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@ Or in other words, transform [this specification](https://schema.getpostman.com/
 [![npm version](https://img.shields.io/npm/v/postman-to-openapi
 )](https://www.npmjs.com/package/postman-to-openapi)
 [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com)
+[![CodeQL](https://github.com/joolfe/postman-to-openapi/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/joolfe/postman-to-openapi/actions/workflows/codeql-analysis.yml)
 
 ## Installation
 

diff --git a/docs/index.md b/docs/index.md
@@ -7,6 +7,7 @@
 [![build](https://github.com/joolfe/postman-to-openapi/workflows/Build/badge.svg)](https://github.com/joolfe/postman-to-openapi/actions)
 [![codecov](https://codecov.io/gh/joolfe/postman-to-openapi/branch/master/graph/badge.svg)](https://codecov.io/gh/joolfe/postman-to-openapi)
 [![npm version](https://badge.fury.io/js/postman-to-openapi.svg)](https://www.npmjs.com/package/postman-to-openapi)
+[![CodeQL](https://github.com/joolfe/postman-to-openapi/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/joolfe/postman-to-openapi/actions/workflows/codeql-analysis.yml)
 
 ## Index
 
@@ -25,11 +26,12 @@
 * Postman variables as Path parameters.
 * Automatic infer types from query and headers parameters.
 * Support Json and Text body formats.
-* Global Authorization parse or by configuration (Basic and Bearer).
+* Postman Authorization parse or by configuration (Basic and Bearer).
 * Contact and License from variables or by configuration.
 * Provide meta-information as a markdown table.
 * Path depth configuration.
 * Response status code parse from test.
+* [x-logo](https://github.com/Redocly/redoc/blob/master/docs/redoc-vendor-extensions.md#x-logo) extension support
 
 See [Features](#features) section for more details about how to use each of this features.
 
@@ -186,7 +188,7 @@ The default value is `0`, so all prefix will be added to Open APi operations Pat
 
 ### auth (Object)
 
-The global authorization info can be parse from the Postman collection as described in [Global authorization](#global-authorization) section, but you can customize this info using the `auth` option, this param is a Object that follow the structure of OpenAPI [Security Scheme](http://spec.openapis.org/oas/v3.0.3.html#security-scheme-object), in this moment only type `http` is supported and schemes `basic` and `bearer`, as an example of this option:
+The global authorization info can be parse from the Postman collection as described in [Postman authorization](#postman-authorization) section, but you can customize this info using the `auth` option, this param is a Object that follow the structure of OpenAPI [Security Scheme](http://spec.openapis.org/oas/v3.0.3.html#security-scheme-object), in this moment only type `http` is supported and schemes `basic` and `bearer`, as an example of this option:
 
 ```js
 {
@@ -339,15 +341,15 @@ For headers and query fields you can indicate that this parameter is mandatory/r
 
 Have a look to the [GetMethods collection](https://github.com/joolfe/postman-to-openapi/blob/master/test/resources/input/v21/GetMethods.json), [Headers collection](https://github.com/joolfe/postman-to-openapi/blob/master/test/resources/input/v21/Headers.json) and [PathParams collection](https://github.com/joolfe/postman-to-openapi/blob/master/test/resources/input/v21/PathParams.json) files for examples of how to use this features.
 
-## Global authorization
+## Postman authorization
 
 The OpenAPI root [security](http://spec.openapis.org/oas/v3.0.3.html#openapi-object) definition is filled using the authorization method defined at Postman Collection [authorization config](https://learning.postman.com/docs/sending-requests/authorization/#inheriting-auth).
 
-Only types 'Basic Auth' and 'Bearer Token' are supported now and not operation individual definition is supported.
+Only types 'Basic Auth' and 'Bearer Token' are supported by now. If you define an authorization at postman request level this will overwrite the global defined for this OpenAPI operation.
 
 You can customize the global authorization definition using the [Auth option](#auth-(object)).
 
-Have a look to the collections [AuthBasic](https://github.com/joolfe/postman-to-openapi/blob/master/test/resources/input/v21/AuthBasic.json) and [AuthBearer](https://github.com/joolfe/postman-to-openapi/blob/master/test/resources/input/v21/AuthBearer.json) for examples of how to use this feature.
+Have a look to the collections [AuthBasic](https://github.com/joolfe/postman-to-openapi/blob/master/test/resources/input/v21/AuthBasic.json), [AuthBearer](https://github.com/joolfe/postman-to-openapi/blob/master/test/resources/input/v21/AuthBearer.json) and [AuthMultiple](https://github.com/joolfe/postman-to-openapi/blob/master/test/resources/input/v21/AuthMultiple.json) for examples of how to use this feature.
 
 ## Global servers configuration
 

diff --git a/lib/index.js b/lib/index.js
@@ -7,7 +7,7 @@ const { version } = require('../package.json')
 
 async function postmanToOpenApi (input, output, {
   info = {}, defaultTag = 'default', pathDepth = 0,
-  auth, servers, externalDocs = {}, folders = {}
+  auth: optsAuth, servers, externalDocs = {}, folders = {}
 } = {}) {
   // TODO validate?
   const collectionFile = await readFile(input)
@@ -16,6 +16,7 @@ async function postmanToOpenApi (input, output, {
   const paths = {}
   const domains = new Set()
   const tags = {}
+  const securitySchemes = {}
 
   for (let [i, element] of items.entries()) {
     while (element.item != null) { // is a folder
@@ -28,7 +29,7 @@ async function postmanToOpenApi (input, output, {
       element = (tagged.length > 0) ? tagged.shift() : items[i]
     }
     const {
-      request: { url, method, body, description: rawDesc, header },
+      request: { url, method, body, description: rawDesc, header, auth },
       name: summary, tag = defaultTag, event: events
     } = element
     const { path, query, protocol, host, port, valid } = scrapeURL(url)
@@ -37,12 +38,12 @@ async function postmanToOpenApi (input, output, {
       const joinedPath = calculatePath(path, pathDepth)
       if (!paths[joinedPath]) paths[joinedPath] = {}
       const { description, paramsMeta } = descriptionParse(rawDesc)
-
       paths[joinedPath][method.toLowerCase()] = {
         tags: [tag],
         summary,
         ...(description ? { description } : {}),
         ...parseBody(body, method),
+        ...parseOperationAuth(auth, securitySchemes, optsAuth),
         ...parseParameters(query, header, joinedPath, paramsMeta),
         responses: parseResponse(events)
       }
@@ -54,7 +55,7 @@ async function postmanToOpenApi (input, output, {
     info: compileInfo(postmanJson, info),
     ...parseExternalDocs(variable, externalDocs),
     ...parseServers(domains, servers),
-    ...parseAuth(postmanJson, auth),
+    ...parseAuth(postmanJson, optsAuth, securitySchemes),
     ...parseTags(tags),
     paths
   }
@@ -226,31 +227,46 @@ function inferType (value) {
 }
 
 /* Calculate the global auth based on options and postman definition */
-function parseAuth ({ auth }, optAuth) {
+function parseAuth ({ auth }, optAuth, securitySchemes) {
   if (optAuth != null) {
     return parseOptsAuth(optAuth)
   }
-  return parsePostmanAuth(auth)
+  return parsePostmanAuth(auth, securitySchemes)
 }
 
 /* Parse a postman auth definition */
-function parsePostmanAuth (postmanAuth = {}) {
+function parsePostmanAuth (postmanAuth = {}, securitySchemes) {
   const { type } = postmanAuth
-  return (type != null)
-    ? {
-        components: {
-          securitySchemes: {
-            [type + 'Auth']: {
-              type: 'http',
-              scheme: type
-            }
-          }
-        },
-        security: [{
-          [type + 'Auth']: []
-        }]
-      }
-    : {}
+  if (type != null) {
+    securitySchemes[`${type}Auth`] = {
+      type: 'http',
+      scheme: type
+    }
+    return {
+      components: { securitySchemes },
+      security: [{
+        [`${type}Auth`]: []
+      }]
+    }
+  }
+  return (Object.keys(securitySchemes).length === 0) ? {} : { components: { securitySchemes } }
+}
+
+/* Parse Auth at operation/request level */
+function parseOperationAuth (auth, securitySchemes, optsAuth) {
+  if (auth == null || optsAuth != null) {
+    // In case of config auth operation auth is disabled
+    return {}
+  } else {
+    const { type } = auth
+    securitySchemes[`${type}Auth`] = {
+      type: 'http',
+      scheme: type
+    }
+    return {
+      security: [{ [`${type}Auth`]: [] }]
+    }
+  }
 }
 
 /* Parse a options global auth */