HasOpenApi instances for servant-auth

[jumper149]

I wrote these instances and just thought they might be interesting for the curious reader.

I don't know whether it makes sense to depend on servant-auth.
If you don't want to add this dependency to servant-openapi3 this issue might be useful to some people though.

import Control.Lens
import Data.HashMap.Strict.InsOrd qualified as HM
import Data.OpenApi
import Data.Proxy
import Data.Text qualified as T
import Servant.API
import Servant.Auth qualified
import Servant.OpenApi

instance (HasOpenApi api) => HasOpenApi (Servant.Auth.Auth '[] a :> api) where
  toOpenApi Proxy = toOpenApi $ Proxy @api

instance (HasOpenApi (Servant.Auth.Auth auths a :> api)) => HasOpenApi (Servant.Auth.Auth (Servant.Auth.BasicAuth : auths) a :> api) where
  toOpenApi Proxy = addSecurity $ toOpenApi $ Proxy @(Servant.Auth.Auth auths a :> api)
   where
    addSecurity = addSecurityRequirement identifier . addSecurityScheme identifier securityScheme
    identifier :: T.Text = "BasicAuth"
    securityScheme =
      SecurityScheme
        { _securitySchemeType = SecuritySchemeHttp HttpSchemeBasic
        , _securitySchemeDescription = Just "Basic Authentication"
        }

instance (HasOpenApi (Servant.Auth.Auth auths a :> api)) => HasOpenApi (Servant.Auth.Auth (Servant.Auth.JWT : auths) a :> api) where
  toOpenApi Proxy = addSecurity $ toOpenApi $ Proxy @(Servant.Auth.Auth auths a :> api)
   where
    addSecurity = addSecurityRequirement identifier . addSecurityScheme identifier securityScheme
    identifier :: T.Text = "JWT"
    securityScheme =
      SecurityScheme
        { _securitySchemeType = SecuritySchemeHttp $ HttpSchemeBearer $ Just "JWT"
        , _securitySchemeDescription = Just "Bearer Authentication"
        }

instance (HasOpenApi (Servant.Auth.Auth auths a :> api)) => HasOpenApi (Servant.Auth.Auth (Servant.Auth.Cookie : auths) a :> api) where
  toOpenApi Proxy = addSecurity $ toOpenApi $ Proxy @(Servant.Auth.Auth auths a :> api)
   where
    addSecurity = addSecurityRequirement identifier . addSecurityScheme identifier securityScheme
    identifier :: T.Text = "Cookie"
    securityScheme =
      SecurityScheme
        { _securitySchemeType = SecuritySchemeHttp $ HttpSchemeBearer $ Just "JWT"
        , _securitySchemeDescription = Just "Cookie Authentication"
        }

addSecurityScheme :: T.Text -> SecurityScheme -> OpenApi -> OpenApi
addSecurityScheme securityIdentifier securityScheme openApi =
  openApi
    { _openApiComponents =
        (_openApiComponents openApi)
          { _componentsSecuritySchemes =
              _componentsSecuritySchemes (_openApiComponents openApi)
                <> SecurityDefinitions (HM.singleton securityIdentifier securityScheme)
          }
    }

addSecurityRequirement :: T.Text -> OpenApi -> OpenApi
addSecurityRequirement securityRequirement =
  allOperations
    . security
    %~ ((SecurityRequirement $ HM.singleton securityRequirement []) :)

[fpringle]

@jumper149 I would vote for a servant-auth-openapi3 package (in the same vein as servant-auth-swagger)!

[maksbotan]

I definitely do not want to depend on servant-auth here. If you are still interested, could you make a PR at main servant repo (where servant-auth stuff lives) to add a new servant-auth-openapi3 package there?

[andrew-wja]

I definitely do not want to depend on servant-auth here. If you are still interested, could you make a PR at main servant repo (where servant-auth stuff lives) to add a new servant-auth-openapi3 package there?

@jumper149

Did this work get merged anywhere? I have a Servant application that I just added JWT authentication to, and I was really surprised to see this library choke on generating the schema for the authenticated API, since authentication has first-class support in OpenAPI.

[jumper149]

I definitely do not want to depend on servant-auth here. If you are still interested, could you make a PR at main servant repo (where servant-auth stuff lives) to add a new servant-auth-openapi3 package there?

@jumper149

Did this work get merged anywhere? I have a Servant application that I just added JWT authentication to, and I was really surprised to see this library choke on generating the schema for the authenticated API, since authentication has first-class support in OpenAPI.

Currently there is no such library, that I'm aware of. A new servant-auth-openapi3 package seems to be the way to go.