Secure endpoints different from openapi

geobeyond · Apr 7, 2024 · 195dbd0 · 195dbd0
1 parent 1a73bc1
commit 195dbd0
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 25 deletions.
diff --git a/app/middleware/pygeoapi.py b/app/middleware/pygeoapi.py
@@ -36,7 +36,6 @@ async def __call__(self, scope: Scope, receive: Receive, send: Send):
         if scope["type"] != "http":
             return await self.app(scope, receive, send)
         pygeoapi_path = scope["path"]
-        pygeoapi_query_params = scope["query_string"].decode()
         if pygeoapi_path not in routes_with_openapi:
             return await self.app(scope, receive, send)
         else:
@@ -81,7 +80,7 @@ async def send_with_security(self, message: Message) -> None:  # noqa: C901
             self.headers.update(headers_dict)
         if message_type == "http.response.body":
             initial_body = message.get("body", b"").decode()
-            if not "<!-- HTML" in initial_body:
+            if "<!-- HTML" not in initial_body:
                 openapi_body = augment_security(
                     doc=initial_body, security_schemes=self.security_schemes
                 )

diff --git a/app/pygeoapi/openapi.py b/app/pygeoapi/openapi.py
@@ -48,29 +48,34 @@ def augment_security(doc: str, security_schemes: List[SecurityScheme]) -> OpenAP
     secured_paths = {}
     if paths:
         for key, value in paths.items():
-            if value.get:
-                value.get.security = [{f"pygeoapi {cfg.PYGEOAPI_SECURITY_SCHEME}": []}]
-                if value.get.responses:
-                    value.get.responses.update(unauthorized)
-            if value.post:
-                value.post.security = [{f"pygeoapi {cfg.PYGEOAPI_SECURITY_SCHEME}": []}]
-                if value.post.responses:
-                    value.post.responses.update(unauthorized)
-            if value.options:
-                value.options.security = [
-                    {f"pygeoapi {cfg.PYGEOAPI_SECURITY_SCHEME}": []}
-                ]
-                if value.options.responses:
-                    value.options.responses.update(unauthorized)
-                    # Remove when it is fixed from pygeoapi
-                    value.options.responses.update(not_found)
-            if value.delete:
-                value.delete.security = [
-                    {f"pygeoapi {cfg.PYGEOAPI_SECURITY_SCHEME}": []}
-                ]
-                if value.delete.responses:
-                    value.delete.responses.update(unauthorized)
-            secured_paths.update({key: value})
+            if "openapi" not in key:
+                if value.get:
+                    value.get.security = [
+                        {f"pygeoapi {cfg.PYGEOAPI_SECURITY_SCHEME}": []}
+                    ]
+                    if value.get.responses:
+                        value.get.responses.update(unauthorized)
+                if value.post:
+                    value.post.security = [
+                        {f"pygeoapi {cfg.PYGEOAPI_SECURITY_SCHEME}": []}
+                    ]
+                    if value.post.responses:
+                        value.post.responses.update(unauthorized)
+                if value.options:
+                    value.options.security = [
+                        {f"pygeoapi {cfg.PYGEOAPI_SECURITY_SCHEME}": []}
+                    ]
+                    if value.options.responses:
+                        value.options.responses.update(unauthorized)
+                        # Remove when it is fixed from pygeoapi
+                        value.options.responses.update(not_found)
+                if value.delete:
+                    value.delete.security = [
+                        {f"pygeoapi {cfg.PYGEOAPI_SECURITY_SCHEME}": []}
+                    ]
+                    if value.delete.responses:
+                        value.delete.responses.update(unauthorized)
+                secured_paths.update({key: value})
 
     if secured_paths:
         content["paths"] = secured_paths