Merge pull request #164 from SentryMan/serializer

support @SecurityScheme/Fix OpenAPI Serializer

Author: rbygrave

README.md

@@ -2,6 +2,7 @@
 [![Build](https://github.com/avaje/avaje-http/actions/workflows/build.yml/badge.svg)](https://github.com/avaje/avaje-http/actions/workflows/build.yml)
 <img src="https://img.shields.io/maven-central/v/io.avaje/avaje-http-api.svg?label=Maven%20Central">
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/avaje/avaje-inject/blob/master/LICENSE)
+[![Discord](https://img.shields.io/discord/1074074312421683250?color=%237289da&label=discord)](https://discord.gg/Qcqf9R27BR)
 
 HTTP server and client libraries via code generation.
 

http-generator-core/pom.xml

@@ -11,13 +11,7 @@
     <relativePath>..</relativePath>
   </parent>
 
-  <properties>
-    <swagger.version>2.0.8</swagger.version>
-  </properties>
-
   <dependencies>
-
-
     <dependency>
       <groupId>io.avaje</groupId>
       <artifactId>avaje-prisms</artifactId>
@@ -34,6 +28,12 @@
       <scope>provided</scope>
     </dependency>
 
+    <dependency>
+      <groupId>io.swagger.core.v3</groupId>
+      <artifactId>swagger-annotations</artifactId>
+      <version>${swagger.version}</version>
+      <scope>provided</scope>
+    </dependency>
     <dependency>
       <groupId>io.swagger.core.v3</groupId>
       <artifactId>swagger-models</artifactId>

http-generator-core/src/main/java/io/avaje/http/generator/core/BaseProcessor.java

@@ -2,7 +2,6 @@
 
 import java.io.IOException;
 import java.util.Set;
-
 import javax.annotation.processing.AbstractProcessor;
 import javax.annotation.processing.ProcessingEnvironment;
 import javax.annotation.processing.RoundEnvironment;
@@ -41,6 +40,7 @@ public boolean process(Set<? extends TypeElement> annotations, RoundEnvironment
     if (ctx.isOpenApiAvailable()) {
       readOpenApiDefinition(round);
       readTagDefinitions(round);
+      readSecuritySchemes(round);
     }
 
     final Set<? extends Element> controllers =
@@ -75,7 +75,19 @@ private void readTagDefinitions(RoundEnvironment round) {
       ctx.doc().addTagsDefinition(element);
     }
   }
-  
+
+  private void readSecuritySchemes(RoundEnvironment round) {
+    Set<? extends Element> elements = round.getElementsAnnotatedWith(ctx.typeElement(SecuritySchemePrism.PRISM_TYPE));
+    for (Element element : elements) {
+        ctx.doc().addSecurityScheme(element);
+    }
+
+    elements = round.getElementsAnnotatedWith(ctx.typeElement(SecuritySchemesPrism.PRISM_TYPE));
+    for (Element element : elements) {
+        ctx.doc().addSecuritySchemes(element);
+    }
+  }
+
   private void writeOpenAPI() {
     ctx.doc().writeApi();
   }

http-generator-core/src/main/java/io/avaje/http/generator/core/MethodReader.java

@@ -1,23 +1,24 @@
 package io.avaje.http.generator.core;
 
+import io.avaje.http.generator.core.javadoc.Javadoc;
+import io.avaje.http.generator.core.openapi.MethodDocBuilder;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Optional;
+import java.util.function.Consumer;
 import java.util.function.Function;
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
-
+import javax.lang.model.element.AnnotationMirror;
 import javax.lang.model.element.Element;
 import javax.lang.model.element.ExecutableElement;
 import javax.lang.model.element.VariableElement;
 import javax.lang.model.type.ExecutableType;
 import javax.lang.model.type.TypeKind;
 import javax.lang.model.type.TypeMirror;
 
-import io.avaje.http.generator.core.javadoc.Javadoc;
-import io.avaje.http.generator.core.openapi.MethodDocBuilder;
-
 public class MethodReader {
 
   private final ProcessingContext ctx;
@@ -31,6 +32,7 @@ public class MethodReader {
    */
   private final List<String> methodRoles;
   private final Optional<ProducesPrism> producesAnnotation;
+  private final List<SecurityRequirementPrism> securityRequirements;
   private final List<OpenAPIResponsePrism> apiResponses;
   private final ExecutableType actualExecutable;
   private final List<? extends TypeMirror> actualParams;
@@ -57,6 +59,7 @@ public class MethodReader {
         ctx.superMethods(element.getEnclosingElement(), element.getSimpleName().toString());
     superMethods.forEach(m -> methodRoles.addAll(Util.findRoles(m)));
 
+    this.securityRequirements = readSecurityRequirements();
     this.apiResponses = buildApiResponses();
     this.javadoc = buildJavadoc(element, ctx);
 
@@ -130,6 +133,40 @@ public Javadoc javadoc() {
     return javadoc;
   }
 
+  private List<SecurityRequirementPrism> readSecurityRequirements() {
+    var list = new ArrayList<SecurityRequirementPrism>();
+
+    readSecurityRequirements(element, list);
+    for (ExecutableElement superMethod : superMethods) {
+        readSecurityRequirements(superMethod, list);
+    }
+    readSecurityRequirements(bean.beanType(), list);
+
+    var map = new HashMap<String, SecurityRequirementPrism>();
+    for (SecurityRequirementPrism p : list) {
+        if (!map.containsKey(p.name())) {
+          map.put(p.name(), p);
+        }
+    }
+    return List.copyOf(map.values());
+  }
+
+  private void readSecurityRequirements(Element element, List<SecurityRequirementPrism> list) {
+    Consumer<Element> f = e -> {
+      Optional.ofNullable(SecurityRequirementsPrism.getInstanceOn(e))
+        .map(SecurityRequirementsPrism::value)
+        .ifPresent(list::addAll);
+      Optional.ofNullable(SecurityRequirementPrism.getAllInstancesOn(e))
+        .ifPresent(list::addAll);
+    };
+    f.accept(element);
+
+    for (AnnotationMirror annotationMirror : element.getAnnotationMirrors()) {
+      // find only one level
+      f.accept(annotationMirror.getAnnotationType().asElement());
+    }
+  }
+
   private List<OpenAPIResponsePrism> buildApiResponses() {
 
     final var container =
@@ -260,6 +297,10 @@ public String produces() {
     return producesAnnotation.map(ProducesPrism::value).orElseGet(bean::produces);
   }
 
+  public List<SecurityRequirementPrism> securityRequirements() {
+    return securityRequirements;
+  }
+
   public List<OpenAPIResponsePrism> apiResponses() {
     return apiResponses;
   }

http-generator-core/src/main/java/io/avaje/http/generator/core/openapi/DocContext.java

@@ -2,6 +2,7 @@
 
 import java.io.IOException;
 import java.io.Writer;
+import java.util.List;
 import java.util.Map;
 import java.util.TreeMap;
 
@@ -17,6 +18,8 @@
 import javax.tools.StandardLocation;
 
 import io.avaje.http.generator.core.OpenAPIDefinitionPrism;
+import io.avaje.http.generator.core.SecuritySchemePrism;
+import io.avaje.http.generator.core.SecuritySchemesPrism;
 import io.avaje.http.generator.core.TagPrism;
 import io.avaje.http.generator.core.TagsPrism;
 import io.swagger.v3.oas.models.Components;
@@ -27,6 +30,7 @@
 import io.swagger.v3.oas.models.info.Info;
 import io.swagger.v3.oas.models.media.Content;
 import io.swagger.v3.oas.models.media.Schema;
+import io.swagger.v3.oas.models.security.SecurityScheme;
 import io.swagger.v3.oas.models.tags.Tag;
 
 /** Context for building the OpenAPI documentation. */
@@ -148,10 +152,43 @@ public void addTagsDefinition(Element element) {
   }
 
   public void addTagDefinition(Element element) {
-    final var tag = TagPrism.getInstanceOn(element);
-    if (tag == null) return;
 
-    openAPI.addTagsItem(createTagItem(tag));
+    for (var tag : TagPrism.getAllInstancesOn(element)) {
+      openAPI.addTagsItem(createTagItem(tag));
+    }
+  }
+
+  public void addSecurityScheme(Element element) {
+
+    this.addSecuritySchemes(SecuritySchemePrism.getAllInstancesOn(element));
+  }
+
+  public void addSecuritySchemes(Element element) {
+    var schemes = SecuritySchemesPrism.getInstanceOn(element);
+    if (schemes == null) {
+        return;
+      }
+    this.addSecuritySchemes(schemes.value());
+  }
+
+  void addSecuritySchemes(List<SecuritySchemePrism> schemes) {
+    for (SecuritySchemePrism p : schemes) {
+      var ss = new SecurityScheme()
+        .type(SecurityScheme.Type.valueOf(p.type()))
+        .in(SecurityScheme.In.valueOf(p.in()))
+        .name(p.paramName());
+
+      if (!p.description().isEmpty()) {
+        ss.description(p.description());
+      }
+      if (!p.bearerFormat().isEmpty()) {
+        ss.bearerFormat(p.bearerFormat());
+      }
+      if (!p.scheme().isEmpty()) {
+        ss.scheme(p.scheme());
+      }
+      components().addSecuritySchemes(p.name(), ss);
+    }
   }
 
   public void readApiDefinition(Element element) {
@@ -167,15 +204,11 @@ public void readApiDefinition(Element element) {
     if (!info.version().isEmpty()) {
       openAPI.getInfo().setVersion(info.version());
     }
-
   }
 
   public void writeApi() {
-
-    final var openAPI = getApiForWriting();
     try (var metaWriter = createMetaWriter()) {
-
-      final var json = OpenAPISerializer.serialize(openAPI);
+      final var json = OpenAPISerializer.serialize(getApiForWriting());
       JsonFormatter.prettyPrintJson(metaWriter, json);
 
     } catch (final Exception e) {

http-generator-core/src/main/java/io/avaje/http/generator/core/openapi/MethodDocBuilder.java

@@ -3,12 +3,14 @@
 import io.avaje.http.generator.core.HiddenPrism;
 import io.avaje.http.generator.core.MethodParam;
 import io.avaje.http.generator.core.MethodReader;
+import io.avaje.http.generator.core.SecurityRequirementPrism;
 import io.avaje.http.generator.core.javadoc.Javadoc;
 import io.avaje.prism.GeneratePrism;
 import io.swagger.v3.oas.models.Operation;
 import io.swagger.v3.oas.models.PathItem;
 import io.swagger.v3.oas.models.responses.ApiResponse;
 import io.swagger.v3.oas.models.responses.ApiResponses;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
 
 /** Build the OpenAPI documentation for a method. */
 @GeneratePrism(Deprecated.class)
@@ -62,6 +64,12 @@ public void build() {
         break;
     }
 
+    var securityRequirements = methodReader.securityRequirements();
+    for (SecurityRequirementPrism p : securityRequirements) {
+        var o = new SecurityRequirement().addList(p.name(), p.scopes());
+        operation.addSecurityItem(o);
+    }
+
     for (MethodParam param : methodReader.params()) {
       param.buildApiDocumentation(this);
     }

http-generator-core/src/main/java/io/avaje/http/generator/core/openapi/OpenAPISerializer.java

@@ -58,14 +58,21 @@ static String serialize(Object obj) throws IllegalAccessException {
       } else {
 
         sb.append("{");
-        if (obj instanceof String) {
-          System.out.println();
-        }
 
         final var fields = getAllFields(cls);
 
         var firstField = true;
         for (final Field field : fields) {
+
+          // skip JsonIgnored fields
+          if ("BIND_TYPE_AND_TYPES".equals(field.getName())
+              || "COMPONENTS_SCHEMAS_REF".equals(field.getName())
+              || "exampleSetFlag".equals(field.getName())
+              || "types".equals(field.getName())
+              || "specVersion".equals(field.getName())) {
+            continue;
+          }
+
           field.setAccessible(true);
           final var value = field.get(obj);
           if (value != null) {
@@ -168,6 +175,10 @@ static void write(StringBuilder sb, Object value) throws IllegalAccessException
         sb.append(value.toString().replace("\"", "\\\""));
         sb.append("\"");
       }
+    } else if (value.getClass().isEnum()) {
+      sb.append("\"");
+      sb.append(value.toString().replace("\"", "\\\""));
+      sb.append("\"");
     } else {
       // Recursively handle other object types
       sb.append(serialize(value));

http-generator-core/src/main/java/io/avaje/http/generator/core/package-info.java

@@ -19,6 +19,10 @@
 @GeneratePrism(value = io.swagger.v3.oas.annotations.OpenAPIDefinition.class, publicAccess = true)
 @GeneratePrism(value = io.swagger.v3.oas.annotations.tags.Tag.class, publicAccess = true)
 @GeneratePrism(value = io.swagger.v3.oas.annotations.tags.Tags.class, publicAccess = true)
+@GeneratePrism(value = io.swagger.v3.oas.annotations.security.SecurityScheme.class, publicAccess = true)
+@GeneratePrism(value = io.swagger.v3.oas.annotations.security.SecuritySchemes.class, publicAccess = true)
+@GeneratePrism(value = io.swagger.v3.oas.annotations.security.SecurityRequirement.class, publicAccess = true)
+@GeneratePrism(value = io.swagger.v3.oas.annotations.security.SecurityRequirements.class, publicAccess = true)
 @GeneratePrism(value = io.avaje.http.api.OpenAPIResponse.class, publicAccess = true)
 @GeneratePrism(value = io.avaje.http.api.OpenAPIResponses.class, publicAccess = true)
 @GeneratePrism(value = io.swagger.v3.oas.annotations.Hidden.class, publicAccess = true)

pom.xml

@@ -19,7 +19,8 @@
 
   <properties>
     <nexus.staging.autoReleaseAfterClose>true</nexus.staging.autoReleaseAfterClose>
-    <swagger.version>2.0.8</swagger.version>
+    <swagger.version>2.2.8</swagger.version>
+    <jackson.version>2.14.2</jackson.version>
     <module-info.shade>${project.build.directory}${file.separator}module-info.shade</module-info.shade>
   </properties>
 
@@ -103,7 +104,6 @@
                   <excludes>
                     <exclude>io/swagger/v3/oas/models/callbacks/**</exclude>
                     <exclude>io/swagger/v3/oas/models/examples/**</exclude>
-                    <exclude>io/swagger/v3/oas/models/security/**</exclude>
                     <exclude>io/swagger/v3/oas/models/servers/**</exclude>
                   </excludes>
                 </filter>

tests/test-javalin-jsonb/src/main/java/org/example/myapp/Main.java

@@ -1,12 +1,5 @@
 package org.example.myapp;
 
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import io.avaje.http.api.InvalidPathArgumentException;
 import io.avaje.http.api.InvalidTypeArgumentException;
 import io.avaje.http.api.ValidationException;
@@ -17,10 +10,19 @@
 import io.javalin.Javalin;
 import io.javalin.http.staticfiles.Location;
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @InjectModule(name = "app", requires = Validator.class)
 @OpenAPIDefinition(info = @Info(title = "Example service", description = "Example Javalin controllers with Java and Maven"))
+@SecurityScheme(type = SecuritySchemeType.APIKEY, in = SecuritySchemeIn.QUERY, name = "JWT", paramName = "access_token", description = "JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.")
 public class Main {
 
   private static final Logger log = LoggerFactory.getLogger(Main.class);