security pass-through

Author: z0mt3c

README.md

@@ -55,6 +55,7 @@ This plugin does not include the [swagger-ui](https://github.com/wordnik/swagger
 * `cache`: caching options for the swagger schema generation as specified in [`server.method()`](https://github.com/hapijs/hapi/blob/master/API.md#servermethodname-method-options) of hapi, defaults to: `{ expiresIn: 15 * 60 * 1000 }`
 * `responseValidation`: boolean, turn response validation on and off for hapi-swaggered routes, defaults to false
 * `auth`: authentication configuration [hapijs documentation](https://github.com/hapijs/hapi/blob/master/API.md#route-options) (default to undefined)
+* `securityDefinitions`: security definitions according to [swagger specs](https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md]
 
 ## Example
 Example configuration for hapi-swaggered + hapi-swaggered-ui
@@ -105,7 +106,7 @@ server.route({
   path: '/',
   method: 'GET',
   handler (request, h) {
-    h.redirect('/docs');
+    h.response().redirect('/docs');
   }
 });
 
@@ -250,6 +251,20 @@ Specify an operationId for a route:
 }
 ```
 
+Specify an security options to a route / operation:
+
+```js
+{
+  options: {
+    plugins: {
+      'hapi-swaggered': {
+        security: {}
+      }
+    }
+  }
+}
+```
+
 ### Tag filtering
 Routes can be filtered for tags through the tags query parameter beside the requiredTags property which is always required to be present.
 

lib/index.js

@@ -37,6 +37,7 @@ function register (plugin, options) {
         swagger: SWAGGER_VERSION,
         schemes: currentSettings.schemes,
         externalDocs: currentSettings.externalDocs,
+        securityDefinitions: currentSettings.securityDefinitions,
         paths: resources.paths,
         definitions: resources.definitions,
         tags: utils.getTags(currentSettings)

lib/resources.js

@@ -204,6 +204,10 @@ module.exports = function (settings, routes, tags) {
         operation.operationId = routesPluginOptions.operationId
       }
 
+      if (routesPluginOptions.security != null) {
+        operation.security = routesPluginOptions.security
+      }
+
       if (_.includes(routeSettings.tags, 'deprecated')) {
         operation.deprecated = true
       }

lib/schema.js

@@ -240,7 +240,8 @@ schemas.Swagger = Joi.object({
   // parameters: Joi.array().items(schemas.Parameter, schemas.Reference).optional()
   // responses: schemas.Responses,
   tags: Joi.array().items(schemas.Tag).optional(),
-  externalDocs: schemas.ExternalDocs.optional()
+  externalDocs: schemas.ExternalDocs.optional(),
+  securityDefinitions: Joi.any().optional()
 }).meta({
   className: 'Swagger'
 })
@@ -267,6 +268,7 @@ schemas.PluginOptions = Joi.object({
   cache: Joi.any().optional(),
   tags: Joi.alternatives().try(Joi.object().pattern(/.*/, Joi.string()), Joi.array().items(schemas.Tag)),
   info: schemas.Info,
+  securityDefinitions: Joi.any().optional(),
   host: Joi.string().optional(),
   schemes: Joi.array().items(Joi.string().valid(['http', 'https', 'ws', 'wss'])).optional(),
   auth: Joi.alternatives([
@@ -312,5 +314,6 @@ schemas.RoutesPluginOptions = Joi.object({
     schema: Joi.object().optional()
   })),
   custom: Joi.object().pattern(/^x-[A-Za-z]*-?[A-Za-z]*/, Joi.string().required()),
-  operationId: Joi.string().optional()
+  operationId: Joi.string().optional(),
+  security: Joi.any().optional()
 }).optional()