Skip to content

Commit 56a6ea4

Browse files
ernadoernado
authored
Merge pull request #1608 from schnell18/feat/client_scope_accessor
feat: add client-side security scope/role accessors
2 parents 26e3bb1 + 09ad476 commit 56a6ea4

File tree

12 files changed

+525
-0
lines changed

12 files changed

+525
-0
lines changed

examples/ex_k8s/oas_security_gen.go

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/ex_oauth2/oas_security_gen.go

Lines changed: 21 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/ex_oauth2_scopes_and_or/oas_security_gen.go

Lines changed: 21 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/ex_oauth2_with_client_editors/oas_security_gen.go

Lines changed: 21 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/ex_tinkoff/oas_security_gen.go

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

gen/_template/security.tmpl

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -142,6 +142,72 @@ type SecuritySource interface {
142142
{{- end }}
143143
}
144144

145+
{{ range $s := $.Securities }}
146+
147+
{{- if not $.PathsServerEnabled }}
148+
{{if $s.Format.IsOAuth2Security}}
149+
// oauth2Scopes{{ $s.Type.Name }} is a private map storing OAuth2 scopes per operation.
150+
var oauth2Scopes{{ $s.Type.Name }} = map[string][]string {
151+
{{- else}}
152+
// operationRoles{{ $s.Type.Name }} is a private map storing roles per operation.
153+
var operationRoles{{ $s.Type.Name }} = map[string][]string {
154+
{{- end}}
155+
{{- range $operationName, $scopes := $s.Scopes }}
156+
{{ $operationName }}Operation: []string{
157+
{{- range $scope := $scopes }}
158+
{{ quote $scope }},
159+
{{- end}}
160+
},
161+
{{- end }}
162+
}
163+
{{- end }}
164+
165+
{{if $s.Format.IsOAuth2Security}}
166+
// GetOAuth2ScopesFor{{ $s.Type.Name }} returns the required OAuth2 scopes for the given operation.
167+
//
168+
// This is useful for token exchange scenarios where you need to know which scopes
169+
// to request when obtaining a token for a downstream API call.
170+
//
171+
// Example:
172+
//
173+
// requiredScopes := GetOAuth2ScopesFor{{ $s.Type.Name }}(AddPetOperation)
174+
// token := exchangeTokenWithScopes(requiredScopes, "https://api.example.com")
175+
//
176+
// Returns nil if the operation has no scope requirements or if the operation is unknown.
177+
func GetOAuth2ScopesFor{{ $s.Type.Name }}(operation string) []string {
178+
scopes, ok := oauth2Scopes{{ $s.Type.Name }}[operation]
179+
if !ok {
180+
return nil
181+
}
182+
// Return a copy to prevent external modification
183+
result := make([]string, len(scopes))
184+
copy(result, scopes)
185+
return result
186+
}
187+
{{- else}}
188+
// GetRolesFor{{ $s.Type.Name }} returns the required roles for the given operation.
189+
//
190+
// This is useful for authorization scenarios where you need to know which roles
191+
// are required for an operation.
192+
//
193+
// Example:
194+
//
195+
// requiredRoles := GetRolesFor{{ $s.Type.Name }}(AddPetOperation)
196+
//
197+
// Returns nil if the operation has no role requirements or if the operation is unknown.
198+
func GetRolesFor{{ $s.Type.Name }}(operation string) []string {
199+
roles, ok := operationRoles{{ $s.Type.Name }}[operation]
200+
if !ok {
201+
return nil
202+
}
203+
// Return a copy to prevent external modification
204+
result := make([]string, len(roles))
205+
copy(result, roles)
206+
return result
207+
}
208+
{{- end}}
209+
{{- end }}
210+
145211
{{- range $s := $.Securities }}
146212
func (s *Client) security{{ $s.Type.Name }}(ctx context.Context, operationName OperationName, req *http.Request) error {
147213
{{- if $s.Format.IsCustomSecurity }}

internal/integration/sample_api/oas_security_gen.go

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

internal/integration/sample_api_no_otel/oas_security_gen.go

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

internal/integration/sample_api_ns/oas_security_gen.go

Lines changed: 25 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)