-
Notifications
You must be signed in to change notification settings - Fork 269
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #552 from tfranzel/swagger_non_public
- Loading branch information
Showing
3 changed files
with
130 additions
and
10 deletions.
There are no files selected for viewing
114 changes: 107 additions & 7 deletions
114
drf_spectacular/templates/drf_spectacular/swagger_ui.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,118 @@ | ||
| "use strict"; | ||
|
|
||
| const swagger_settings = {{ settings|safe }}; | ||
| const swaggerSettings = {{ settings|safe }}; | ||
| const schemaAuthNames = {{ schema_auth_names|safe }}; | ||
| let schemaAuthFailed = false; | ||
| const plugins = []; | ||
|
|
||
| const reloadSchemaOnAuthChange = () => { | ||
| return { | ||
| statePlugins: { | ||
| auth: { | ||
| wrapActions: { | ||
| authorize: (ori) => (...args) => { | ||
| schemaAuthFailed = false; | ||
| setTimeout(() => ui.specActions.download()); | ||
| return ori(...args); | ||
| }, | ||
| logout: (ori) => (...args) => { | ||
| schemaAuthFailed = false; | ||
| setTimeout(() => ui.specActions.download()); | ||
| return ori(...args); | ||
| }, | ||
| }, | ||
| }, | ||
| }, | ||
| }; | ||
| }; | ||
|
|
||
| if (schemaAuthNames.length > 0) { | ||
| plugins.push(reloadSchemaOnAuthChange); | ||
| } | ||
|
|
||
| const uiInitialized = () => { | ||
| try { | ||
| ui; | ||
| return true; | ||
| } catch { | ||
| return false; | ||
| } | ||
| }; | ||
|
|
||
| const isSchemaUrl = (url) => { | ||
| if (!uiInitialized()) { | ||
| return false; | ||
| } | ||
| return url === new URL(ui.getConfigs().url, document.baseURI).href; | ||
| }; | ||
|
|
||
| const responseInterceptor = (response, ...args) => { | ||
| if (!response.ok && isSchemaUrl(response.url)) { | ||
| console.warn("schema request received '" + response.status + "'. disabling credentials for schema till logout."); | ||
| if (!schemaAuthFailed) { | ||
| // only retry once to prevent endless loop. | ||
| schemaAuthFailed = true; | ||
| setTimeout(() => ui.specActions.download()); | ||
| } | ||
| } | ||
| return response; | ||
| }; | ||
|
|
||
| const injectAuthCredentials = (request) => { | ||
| let authorized; | ||
| if (uiInitialized()) { | ||
| const state = ui.getState().get("auth").get("authorized"); | ||
| if (state !== undefined && Object.keys(state.toJS()).length !== 0) { | ||
| authorized = state.toJS(); | ||
| } | ||
| } else if (![undefined, "{}"].includes(localStorage.authorized)) { | ||
| authorized = JSON.parse(localStorage.authorized); | ||
| } | ||
| if (authorized === undefined) { | ||
| return; | ||
| } | ||
| for (const authName of schemaAuthNames) { | ||
| const authDef = authorized[authName]; | ||
| if (authDef === undefined || authDef.schema === undefined) { | ||
| continue; | ||
| } | ||
| if (authDef.schema.type === "http" && authDef.schema.scheme === "bearer") { | ||
| request.headers["Authorization"] = "Bearer " + authDef.value; | ||
| return; | ||
| } else if (authDef.schema.type === "http" && authDef.schema.scheme === "basic") { | ||
| request.headers["Authorization"] = "Basic " + btoa(authDef.value.username + ":" + authDef.value.password); | ||
| return; | ||
| } else if (authDef.schema.type === "apiKey" && authDef.schema.in === "header") { | ||
| request.headers[authDef.schema.name] = authDef.value; | ||
| return; | ||
| } | ||
| } | ||
| }; | ||
|
|
||
| const requestInterceptor = (request, ...args) => { | ||
| if (request.loadSpec && schemaAuthNames.length > 0 && !schemaAuthFailed) { | ||
| try { | ||
| injectAuthCredentials(request); | ||
| } catch (e) { | ||
| console.error("schema auth injection failed with error: ", e); | ||
| } | ||
| } | ||
| // selectively omit adding headers to mitigate CORS issues. | ||
| if (!["GET", undefined].includes(request.method) && request.credentials === "same-origin") { | ||
| request.headers["{{ csrf_header_name }}"] = "{{ csrf_token }}"; | ||
| } | ||
| return request; | ||
| }; | ||
|
|
||
| const ui = SwaggerUIBundle({ | ||
| url: "{{ schema_url }}", | ||
| dom_id: "#swagger-ui", | ||
| presets: [SwaggerUIBundle.presets.apis], | ||
| plugin: [SwaggerUIBundle.plugins.DownloadUrl], | ||
| plugins, | ||
| layout: "BaseLayout", | ||
| requestInterceptor: (request) => { | ||
| request.headers["X-CSRFToken"] = "{{ csrf_token }}"; | ||
| return request; | ||
| }, | ||
| ...swagger_settings, | ||
| requestInterceptor, | ||
| responseInterceptor, | ||
| ...swaggerSettings, | ||
| }); | ||
|
|
||
| {% if oauth2_config %}ui.initOAuth({{ oauth2_config|safe }});{% endif %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters