Merge branch 'develop' into release

build.gradle.kts

@@ -6,7 +6,7 @@ plugins {
 }
 
 group = "io.github.smiley4"
-version = "1.2.0"
+version = "1.3.0"
 
 repositories {
     mavenCentral()

src/main/kotlin/io/github/smiley4/ktorswaggerui/SwaggerUIPluginConfig.kt

@@ -17,7 +17,6 @@ import io.ktor.http.HttpMethod
 import io.ktor.http.HttpStatusCode
 import io.ktor.server.routing.RouteSelector
 import kotlin.reflect.KClass
-import kotlin.reflect.KType
 
 /**
  * Main-Configuration of the "SwaggerUI"-Plugin
@@ -45,6 +44,12 @@ class SwaggerUIPluginConfig {
     var defaultSecuritySchemeName: String? = null
 
 
+    /**
+     * The names of the security schemes available for use for the protected paths
+     */
+    var defaultSecuritySchemeNames: Collection<String>? = null
+
+
     /**
      * function to generate a tag from the given url for a path. Result will be added to the tags defined for each path
      */

src/main/kotlin/io/github/smiley4/ktorswaggerui/dsl/OpenApiRoute.kt

@@ -27,17 +27,26 @@ class OpenApiRoute {
      */
     var operationId: String? = null
 
+
     /**
      * Whether this route is deprecated
      */
     var deprecated: Boolean = false
 
+
     /**
      * A declaration of which security mechanism can be used for this operation.
-     * If not specified, defaultSecuritySchemeName (global plugin config) will be used
+     * If not specified (and none specified with [securitySchemeNames]), defaultSecuritySchemeName (global plugin config) will be used
      */
     var securitySchemeName: String? = null
 
+
+    /**
+     * A declaration of which security mechanisms can be used for this operation (i.e. any of the specified ones).
+     * If none specified (and none with [securitySchemeName]), defaultSecuritySchemeName (global plugin config) will be used.
+     */
+    var securitySchemeNames: Collection<String>? = null
+
     private val request = OpenApiRequest()
 
 
@@ -48,10 +57,8 @@ class OpenApiRoute {
         request.apply(block)
     }
 
-
     fun getRequest() = request
 
-
     private val responses = OpenApiResponses()
 
 
@@ -62,7 +69,6 @@ class OpenApiRoute {
         responses.apply(block)
     }
 
-
     fun getResponses() = responses
 
 }

src/main/kotlin/io/github/smiley4/ktorswaggerui/specbuilder/OApiPathBuilder.kt

@@ -18,7 +18,6 @@ class OApiPathBuilder {
     private val requestBodyBuilder = OApiRequestBodyBuilder()
     private val responsesBuilder = OApiResponsesBuilder()
 
-
     fun build(route: RouteMeta, components: ComponentsContext, config: SwaggerUIPluginConfig): Pair<String, PathItem> {
         return route.path to PathItem().apply {
             val operation = Operation().apply {
@@ -42,12 +41,20 @@ class OApiPathBuilder {
                     }
                 }
                 if (route.protected) {
-                    (route.documentation.securitySchemeName ?: config.defaultSecuritySchemeName)?.let { schemeName ->
-                        security = mutableListOf(
+                    val securitySchemes = mutableSetOf<String>().also { schemes ->
+                        route.documentation.securitySchemeName?.also { schemes.add(it) }
+                        route.documentation.securitySchemeNames?.also { schemes.addAll(it) }
+                    }
+                    if (securitySchemes.isEmpty()) {
+                        config.defaultSecuritySchemeName?.also { securitySchemes.add(it) }
+                        config.defaultSecuritySchemeNames?.also { securitySchemes.addAll(it) }
+                    }
+                    if (securitySchemes.isNotEmpty()) {
+                        security = securitySchemes.map {
                             SecurityRequirement().apply {
-                                addList(schemeName, emptyList())
+                                addList(it, emptyList())
                             }
-                        )
+                        }
                     }
                 }
             }
@@ -63,15 +70,13 @@ class OApiPathBuilder {
         }
     }
 
-
     private fun buildTags(route: RouteMeta, tagGenerator: ((url: List<String>) -> String?)?): List<String> {
         val generatedTags = tagGenerator?.let {
             it(route.path.split("/").filter { it.isNotEmpty() })
         }
         return (route.documentation.tags + generatedTags).filterNotNull()
     }
 
-
     private fun shouldAddUnauthorized(config: RouteMeta, defaultUnauthorizedResponses: OpenApiResponse?): Boolean {
         val unauthorizedCode = HttpStatusCode.Unauthorized.value.toString();
         return defaultUnauthorizedResponses != null

src/main/kotlin/io/github/smiley4/ktorswaggerui/specbuilder/RouteCollector.kt

@@ -102,6 +102,10 @@ class RouteCollector {
             description = a.description ?: b.description
             operationId = a.operationId ?: b.operationId
             securitySchemeName = a.securitySchemeName ?: b.securitySchemeName
+            securitySchemeNames = mutableSetOf<String>().also { merged ->
+                a.securitySchemeNames?.let { merged.addAll(it) }
+                b.securitySchemeNames?.let { merged.addAll(it) }
+            }
             deprecated = a.deprecated || b.deprecated
             request {
                 (getParameters() as MutableList).also {

src/test/kotlin/io/github/smiley4/ktorswaggerui/examples/AuthExample.kt

@@ -55,15 +55,20 @@ private fun Application.myModule() {
 			type = AuthType.HTTP
 			scheme = AuthScheme.BASIC
 		}
+		// specify another security scheme
+		securityScheme("MyOtherSecurityScheme") {
+			type = AuthType.HTTP
+			scheme = AuthScheme.BASIC
+		}
 	}
 
 	// configure routes
 	routing {
 		authenticate {
 			// route is in an "authenticate"-block ->  default security scheme will be used (see plugin-config "defaultSecuritySchemeName")
 			get("hello", {
-				// Set the security scheme to be used by this route (here redundant, since already specified by 'defaultSecuritySchemeName')
-				securitySchemeName = "MySecurityScheme"
+				// Set the security schemes to be used by this route
+				securitySchemeNames = setOf("MyOtherSecurityScheme", "MySecurityScheme")
 				description = "Protected 'Hello World'-Route"
 				response {
 					HttpStatusCode.OK to {