libswagger2-perl 0.73-1 / usr / share / perl5 / Swagger2 / Guides / ProtectedApi.pod

This file is indexed.

/usr/share/perl5/Swagger2/Guides/ProtectedApi.pod is in libswagger2-perl 0.73-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
=head1 NAME

Swagger2::Guides::ProtectedApi - Protected API Guide

=head1 OVERVIEW

It is possible to protect your API: You can either use a L</Custom route> or
an L</Around action hook>. Both can serve the same purpose, but the around
action hook can be customized for every API resource.

=head1 TUTORIAL

=head2 Around action hook

The C<x-mojo-around-action> value is optional, but can hold the name of a
method to call, which wraps around the autogenerated action which does input
and output validation. This means that any data sent to the server is not
yet converted into C<$input> to your action.

Here is an example method which match the C<x-mojo-around-action> from
L</Swagger specification>, C<MyApp::authenticate_api_request>:

  package MyApp;

  sub authenticate_api_request {
    my ($next, $c, $action_spec) = @_;

    # Go to the action if the Authorization header is valid
    return $next->($c) if $c->req->headers->authorization eq "s3cret!";

    # ...or render an error if not
    return $c->render_swagger(
      {errors => [{message => "Invalid authorization key", path => "/"}]},
      {},
      401
    );
  }

C<x-mojo-around-action> is also inherited from most levels, meaning that you
define it globally for your whole API if you like:

  {
    "x-mojo-around-action": "MyApp::protect_any_resource",
    "paths": {
      "/pets": {
        "x-mojo-around-action": "MyApp::protect_any_method_under_foo",
        "get": {
          "x-mojo-around-action": "MyApp::protect_just_this_resource"
        }
      }
    }
  }

=head2 Custom route

  use Mojolicious::Lite;

  my $route = app->routes->under->to(
    cb => sub {
      my $c = shift;
      return 1 if $c->param('secret');
      return $c->render(json => {error => "Not authenticated"}, status => 401);
    }
  );

  plugin Swagger2 => {
    route => $route,
    url   => "data://api.json",
  };

  __DATA__
  @@ api.json
  {"swagger":"2.0", ...}

=head1 AUTHOR

Jan Henning Thorsen - C<jhthorsen@cpan.org>

=cut

APT Browse - Built by Thomas Orozco.