@@ -803,10 +803,10 @@ end
803803
804804The Swagger UI on Grape could be secured from unauthorized access using any middleware, which provides certain methods:
805805
806- - a *before* method to be run in the Grape controller for authorization purpose;
806+ - a *before* method to be run in the Grape controller for authorization purpose;
807807- some guard method, which could receive as argument a string or an array of authorization scopes;
808808- a method which processes and returns the access token received in the HTTP request headers (usually in the ' HTTP_AUTHORIZATION ' header).
809-
809+
810810Below are some examples of securing the Swagger UI on Grape installed along with Ruby on Rails:
811811
812812- The WineBouncer and Doorkeeper gems are used in the examples;
@@ -828,9 +828,9 @@ This is how to configure the grape_swagger documentation:
828828
829829The guard method should inject the Security Requirement Object into the endpoint' s route settings (see Grape ::DSL ::Settings .route_setting method).
830830
831- The ' oauth2 false' Swagger endpoint protected with OAuth , i.e. it
831+ The ' oauth2 false' Swagger endpoint protected with OAuth , i.e. it
832832is retreiving the access_token from the HTTP request, but the ' false' for skipping authorization and showing
833- the UI for everyone. If the scope would be set to something else , like ' oauth2 admin' for example, than the UI
833+ the UI for everyone. If the scope would be set to something else , like ' oauth2 admin' for example, than the UI
834834 wouldn' t be displayed at all to unauthorized users.
835835
836836Further on, the guard could be used, where necessary, for endpoint access protection. Put it prior to the endpoint' s method:
@@ -841,20 +841,20 @@ Further on, the guard could be used, where necessary, for endpoint access protec
841841 get do
842842 render_users
843843 end
844-
844+
845845 oauth2 'admin'
846846 post do
847847 User.create!...
848848 end
849849 end
850850` ` `
851851
852- And , finally, if you want to not only restrict the access, but to completely hide the endpoint from unauthorized
852+ And , finally, if you want to not only restrict the access, but to completely hide the endpoint from unauthorized
853853users, you could pass a lambda to the :hidden key of a endpoint' s description:
854-
854+
855855```ruby
856856 not_admins = lambda { |token=nil| token.nil? || !User.find(token.resource_owner_id).admin? }
857-
857+
858858 resource :users do
859859 desc ' Create user' , hidden: not_admins
860860 oauth2 ' admin'
@@ -864,8 +864,8 @@ users, you could pass a lambda to the :hidden key of a endpoint's description:
864864 end
865865```
866866
867- The lambda is checking whether the user is authenticated (if not, the token is nil by default), and has the admin
868- role - only admins can see this endpoint.
867+ The lambda is checking whether the user is authenticated (if not, the token is nil by default), and has the admin
868+ role - only admins can see this endpoint.
869869
870870<a name="md_usage" />
871871## Markdown in Detail
@@ -1122,15 +1122,20 @@ GrapeSwagger::Rake::OapiTasks.new(::Api::Base)
11221122
11231123```
11241124rake oapi:fetch
1125- rake oapi:fetch store=true # writes to swagger_doc.json
1125+ params:
1126+ - store={ true | file_name } – save as JSON (optional)
1127+ - resource=resource_name – get only for this one (optional)
11261128```
11271129
11281130#### OpenApi/Swagger Validation
11291131
11301132**requires**: `npm` and `swagger-cli` to be installed
11311133
1134+
11321135```
11331136rake oapi:validate
1137+ params:
1138+ - resource=resource_name – get only for this one (optional)
11341139```
11351140
11361141
0 commit comments