hyperledger · aldousalvarez · Sep 6, 2024
@@ -15,6 +15,7 @@ Install the following dependencies:
 
 ```shell
 go get github.com/stretchr/testify/assert
+go get golang.org/x/oauth2
 go get golang.org/x/net/context
 ```
 
@@ -91,7 +92,37 @@ Class | Method | HTTP request | Description
 
 ## Documentation For Authorization
 
-Endpoints do not require authorization.
+
+Authentication schemes defined for the API:
+### OAuth2
+
+
+- **Type**: OAuth
+- **Flow**: accessCode
+- **Authorization URL**: http://0.0.0.0:4000/oauth/authorize
+- **Scopes**: 
+ - **read:health**: Read health information
+ - **read:metrics**: Read metrics information
+ - **read:spec**: Read OpenAPI specification
+
+Example
+
+```golang
+auth := context.WithValue(context.Background(), sw.ContextAccessToken, "ACCESSTOKENSTRING")
+r, err := client.Service.Operation(auth, args)
+```
+
+Or via OAuth2 module to automatically refresh tokens and perform user authentication.
+
+```golang
+import "golang.org/x/oauth2"
+
+/* Perform OAuth2 round trip request and obtain a token */
+
+tokenSource := oauth2cfg.TokenSource(createContext(httpClient), &token)
+auth := context.WithValue(oauth2.NoContext, sw.ContextOAuth2, tokenSource)
+r, err := client.Service.Operation(auth, args)
+```
 
 
 ## Documentation for Utility Methods

@@ -8,6 +8,11 @@ info:
   version: 2.0.0-rc.3
 servers:
 - url: /
+security:
+- OAuth2:
+  - read:health
+  - read:metrics
+  - read:spec
 paths:
   /api/v1/api-server/healthcheck:
     get:
@@ -21,6 +26,11 @@ paths:
               schema:
                 $ref: '#/components/schemas/HealthCheckResponse'
           description: OK
+        "401":
+          description: Unauthorized
+      security:
+      - OAuth2:
+        - read:health
       summary: Can be used to verify liveness of an API server instance
       x-hyperledger-cacti:
         http:
@@ -37,6 +47,11 @@ paths:
               schema:
                 $ref: '#/components/schemas/PrometheusExporterMetricsResponse'
           description: OK
+        "401":
+          description: Unauthorized
+      security:
+      - OAuth2:
+        - read:metrics
       summary: Get the Prometheus Metrics
       x-hyperledger-cacti:
         http:
@@ -54,6 +69,11 @@ paths:
               schema:
                 $ref: '#/components/schemas/GetOpenApiSpecV1EndpointResponse'
           description: OK
+        "401":
+          description: Unauthorized
+      security:
+      - OAuth2:
+        - read:spec
       x-hyperledger-cacti:
         http:
           verbLowerCase: get
@@ -127,3 +147,14 @@ components:
     GetOpenApiSpecV1EndpointResponse:
       nullable: false
       type: string
+  securitySchemes:
+    OAuth2:
+      flows:
+        authorizationCode:
+          authorizationUrl: http://0.0.0.0:4000/oauth/authorize
+          scopes:
+            read:health: Read health information
+            read:metrics: Read metrics information
+            read:spec: Read OpenAPI specification
+          tokenUrl: http://0.0.0.0:4000/oauth/token
+      type: oauth2
@@ -3,4 +3,5 @@ module github.com/hyperledger/cactus-cmd-api-server/src/main/go/generated/openap
 go 1.18
 
 require (
+	golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558
 )
@@ -4,6 +4,8 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

@@ -76,8 +76,29 @@
         "type": "string",
         "nullable": false
       }
+    },
+    "securitySchemes": {
+      "OAuth2": {
+        "type": "oauth2",
+        "flows": {
+          "authorizationCode": {
+            "authorizationUrl": "https://example.com/oauth/authorize",
+            "tokenUrl": "https://example.com/oauth/token",
+            "scopes": {
+              "read:health": "Read health information",
+              "read:metrics": "Read metrics information",
+              "read:spec": "Read OpenAPI specification"
+            }
+          }
+        }
+      }
     }
   },
+  "security": [
+    {
+      "OAuth2": ["read:health", "read:metrics", "read:spec"]
+    }
+  ],
   "paths": {
     "/api/v1/api-server/healthcheck": {
       "get": {
@@ -101,8 +122,16 @@
                 }
               }
             }
+          },
+          "401": {
+            "description": "Unauthorized"
           }
-        }
+        },
+        "security": [
+          {
+            "OAuth2": ["read:health"]
+          }
+        ]
       }
     },
     "/api/v1/api-server/get-prometheus-exporter-metrics": {
@@ -126,8 +155,16 @@
                 }
               }
             }
+          },
+          "401": {
+            "description": "Unauthorized"
           }
-        }
+        },
+        "security": [
+          {
+            "OAuth2": ["read:metrics"]
+          }
+        ]
       }
     },
     "/api/v1/api-server/get-open-api-spec": {
@@ -151,8 +188,16 @@
                 }
               }
             }
+          },
+          "401": {
+            "description": "Unauthorized"
           }
-        }
+        },
+        "security": [
+          {
+            "OAuth2": ["read:spec"]
+          }
+        ]
       }
     }
   }

@@ -76,8 +76,29 @@
         "type": "string",
         "nullable": false
       }
+    },
+    "securitySchemes": {
+      "OAuth2": {
+        "type": "oauth2",
+        "flows": {
+          "authorizationCode": {
+            "authorizationUrl": "https://example.com/oauth/authorize",
+            "tokenUrl": "https://example.com/oauth/token",
+            "scopes": {
+              "read:health": "Read health information",
+              "read:metrics": "Read metrics information",
+              "read:spec": "Read OpenAPI specification"
+            }
+          }
+        }
+      }
     }
   },
+  "security": [
+    {
+      "OAuth2": ["read:health", "read:metrics", "read:spec"]
+    }
+  ],
   "paths": {
     "/api/v1/api-server/healthcheck": {
       "get": {
@@ -101,8 +122,16 @@
                 }
               }
             }
+          },
+          "401": {
+            "description": "Unauthorized"
           }
-        }
+        },
+        "security": [
+          {
+            "OAuth2": ["read:health"]
+          }
+        ]
       }
     },
     "/api/v1/api-server/get-prometheus-exporter-metrics": {
@@ -126,8 +155,16 @@
                 }
               }
             }
+          },
+          "401": {
+            "description": "Unauthorized"
           }
-        }
+        },
+        "security": [
+          {
+            "OAuth2": ["read:metrics"]
+          }
+        ]
       }
     },
     "/api/v1/api-server/get-open-api-spec": {
@@ -151,8 +188,16 @@
                 }
               }
             }
+          },
+          "401": {
+            "description": "Unauthorized"
           }
-        }
+        },
+        "security": [
+          {
+            "OAuth2": ["read:spec"]
+          }
+        ]
       }
     }
   }

@@ -60,5 +60,16 @@ Class | Method | HTTP request | Description
 <a id="documentation-for-authorization"></a>
 ## Documentation for Authorization
 
-Endpoints do not require authorization.
+
+Authentication schemes defined for the API:
+<a id="OAuth2"></a>
+### OAuth2
+
+- **Type**: OAuth
+- **Flow**: accessCode
+- **Authorization URL**: http://0.0.0.0:4000/oauth/authorize
+- **Scopes**: 
+  - read:health: Read health information
+  - read:metrics: Read metrics information
+  - read:spec: Read OpenAPI specification
 
@@ -108,7 +108,7 @@ class DefaultApi(basePath: kotlin.String = defaultBasePath, client: OkHttpClient
             path = "/api/v1/api-server/healthcheck",
             query = localVariableQuery,
             headers = localVariableHeaders,
-            requiresAuthentication = false,
+            requiresAuthentication = true,
             body = localVariableBody
         )
     }
@@ -176,7 +176,7 @@ class DefaultApi(basePath: kotlin.String = defaultBasePath, client: OkHttpClient
             path = "/api/v1/api-server/get-open-api-spec",
             query = localVariableQuery,
             headers = localVariableHeaders,
-            requiresAuthentication = false,
+            requiresAuthentication = true,
             body = localVariableBody
         )
     }
@@ -243,7 +243,7 @@ class DefaultApi(basePath: kotlin.String = defaultBasePath, client: OkHttpClient
             path = "/api/v1/api-server/get-prometheus-exporter-metrics",
             query = localVariableQuery,
             headers = localVariableHeaders,
-            requiresAuthentication = false,
+            requiresAuthentication = true,
             body = localVariableBody
         )
     }

@@ -143,10 +143,20 @@ open class ApiClient(val baseUrl: String, val client: OkHttpClient = defaultClie
         }
     }
 
+    protected fun <T> updateAuthParams(requestConfig: RequestConfig<T>) {
+        if (requestConfig.headers[Authorization].isNullOrEmpty()) {
+            accessToken?.let { accessToken ->
+                requestConfig.headers[Authorization] = "Bearer $accessToken "
+            }
+        }
+    }
 
     protected inline fun <reified I, reified T: Any?> request(requestConfig: RequestConfig<I>): ApiResponse<T?> {
         val httpUrl = baseUrl.toHttpUrlOrNull() ?: throw IllegalStateException("baseUrl is invalid.")
 
+        // take authMethod from operation
+        updateAuthParams(requestConfig)
+
         val url = httpUrl.newBuilder()
             .addEncodedPathSegments(requestConfig.path.trimStart('/'))
             .apply {