Fix security without scopes

Author: Josh

internal/generator/path.go

@@ -346,7 +346,7 @@ func (g *Generator) addOperation(p addOperationParams) error {
 	}
 
 	if len(methodOptions.Security) > 0 {
-		// Use service defined security.
+		// Use method defined security.
 		for _, s := range methodOptions.Security {
 			// If one is empty, this is how we'll clear it on an override.
 			// e.g. security: {}
@@ -379,9 +379,15 @@ func (g *Generator) addOperation(p addOperationParams) error {
 	if len(p.security) > 0 {
 		op.Security = new(openapi3.SecurityRequirements)
 		for _, sec := range p.security {
-			op.Security = op.Security.With(openapi3.SecurityRequirement{
-				sec.Name: sec.Scopes,
-			})
+			req := openapi3.SecurityRequirement{
+				sec.Name: make([]string, 0),
+			}
+
+			if len(sec.Scopes) > 0 {
+				req[sec.Name] = sec.Scopes
+			}
+
+			op.Security = op.Security.With(req)
 		}
 	}
 

test/field_test.proto

@@ -2,14 +2,13 @@ syntax = "proto3";
 
 package test.api;
 
+import "google/protobuf/timestamp.proto";
+import "oapi/v1/field.proto";
 import "oapi/v1/file.proto";
-import "oapi/v1/service.proto";
 import "oapi/v1/method.proto";
-import "oapi/v1/field.proto";
-import "google/protobuf/timestamp.proto";
+import "oapi/v1/service.proto";
 
 option go_package = "github.com/technicallyjosh/protoc-gen-openapi/test_api";
-
 option (oapi.v1.file) = {
   host: "swagger.io"
   prefix: "/v1"
@@ -23,15 +22,11 @@ service TestService {
   };
 
   rpc TestFieldTypes(TestFieldTypesRequest) returns (TestFieldTypesResponse) {
-    option (oapi.v1.method) = {
-      post: "TestFieldTypes"
-    };
-  };
+    option (oapi.v1.method) = {post: "TestFieldTypes"};
+  }
 
   rpc TestFieldExamples(TestFieldExamplesRequest) returns (TestFieldExamplesResponse) {
-    option (oapi.v1.method) = {
-      post: "TestFieldExamples"
-    };
+    option (oapi.v1.method) = {post: "TestFieldExamples"};
   }
 }
 
@@ -57,12 +52,10 @@ message TestFieldTypesRequest {
   repeated string repeated_string = 7;
   repeated Message repeated_message = 8;
   repeated MessageRequest repeated_request = 9;
-  google.protobuf.Timestamp message_at = 10 [
-    (oapi.v1.options) = {
-      as_type: "string"
-      format: "date-time"
-    }
-  ];
+  google.protobuf.Timestamp message_at = 10 [(oapi.v1.options) = {
+    as_type: "string"
+    format: "date-time"
+  }];
 }
 
 message TestFieldTypesResponse {}

test/file_test.proto

@@ -5,18 +5,12 @@ package test.api;
 import "oapi/v1/file.proto";
 
 option go_package = "github.com/technicallyjosh/protoc-gen-openapi/test_api";
-
 option (oapi.v1.file) = {
   host: "swagger.io"
 
   servers: [
-    {
-      url: "swagger.one"
-    },
-    {
-      url: "swagger.two"
-    }
-  ]
+    {url: "swagger.one"},
+    {url: "swagger.two"}]
 
   security_schemes: {
     name: "bearer_auth"

test/method_test.proto

@@ -3,38 +3,38 @@ syntax = "proto3";
 package test.api;
 
 import "oapi/v1/file.proto";
-import "oapi/v1/service.proto";
 import "oapi/v1/method.proto";
+import "oapi/v1/service.proto";
 
 option go_package = "github.com/technicallyjosh/protoc-gen-openapi/test_api";
-
 option (oapi.v1.file) = {
-  servers {
-    url: "swagger.io"
-  }
+  servers {url: "swagger.io"}
   prefix: "/v1"
+  security_schemes: {
+    name: "bearer_auth"
+    scheme: {
+      type: "http"
+      scheme: "bearer"
+      bearer_format: "JWT"
+    }
+  }
 };
 
 service TestService {
   option (oapi.v1.service) = {
-    servers {
-      url: "api.swagger.io"
-    }
+    servers {url: "api.swagger.io"}
     x_display_name: "Test Service"
     x_tag_group: "Test Group"
   };
 
   rpc TestEmptyPost(TestEmptyPostRequest) returns (TestEmptyPostResponse) {
     option (oapi.v1.method) = {
       post: "TestEmptyPost"
-      servers {
-        url: "test.swagger.io"
-      }
-      add_servers: {
-        url: "test.added.io"
-      }
+      servers {url: "test.swagger.io"}
+      add_servers: {url: "test.added.io"}
+      security: {name: "bearer_auth"}
     };
-  };
+  }
 }
 
 message TestEmptyPostRequest {}

test/method_test_openapi.yaml

@@ -23,6 +23,8 @@ paths:
           description: ''
         default:
           $ref: '#/components/responses/default'
+      security:
+        - bearer_auth: [ ]
       servers:
         - url: https://test.swagger.io
         - url: https://test.added.io
@@ -37,6 +39,11 @@ components:
           schema:
             $ref: '#/components/schemas/test.api.Error'
       description: ""
+  securitySchemes:
+    bearer_auth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
   schemas:
     test.api.Error:
       properties:

test/service_test.proto

@@ -3,15 +3,12 @@ syntax = "proto3";
 package test.api;
 
 import "oapi/v1/file.proto";
-import "oapi/v1/service.proto";
 import "oapi/v1/method.proto";
+import "oapi/v1/service.proto";
 
 option go_package = "github.com/technicallyjosh/protoc-gen-openapi/test_api";
-
 option (oapi.v1.file) = {
-  servers {
-    url: "swagger.io"
-  }
+  servers {url: "swagger.io"}
   prefix: "/v1"
 
   security_schemes: {
@@ -25,27 +22,24 @@ option (oapi.v1.file) = {
 
   security: {
     name: "bearer_auth"
-    scopes: ["scope:1", "scope:2"]
+    scopes: [
+      "scope:1",
+      "scope:2"
+    ]
   }
 };
 
 service TestService {
   option (oapi.v1.service) = {
-    servers {
-      url: "api.swagger.io"
-    }
-    add_servers {
-      url: "api.added.io"
-    }
+    servers {url: "api.swagger.io"}
+    add_servers {url: "api.added.io"}
     x_display_name: "Test Service"
     x_tag_group: "Test Group"
   };
 
   rpc TestGet(TestGetRequest) returns (TestGetResponse) {
-    option (oapi.v1.method) = {
-      get: "TestGet"
-    };
-  };
+    option (oapi.v1.method) = {get: "TestGet"};
+  }
 
   rpc TestPost(TestPostRequest) returns (TestPostResponse) {
     option (oapi.v1.method) = {
@@ -57,34 +51,29 @@ service TestService {
 
 service Test2Service {
   option (oapi.v1.service) = {
-    add_servers {
-      url: "api.added.io"
-    }
+    add_servers {url: "api.added.io"}
     x_display_name: "Test 2 Service"
     x_tag_group: "Test 2 Group"
   };
 
   rpc TestGet(TestGetRequest) returns (TestGetResponse) {
-    option (oapi.v1.method) = {
-      get: "Test2Get"
-    };
-  };
+    option (oapi.v1.method) = {get: "Test2Get"};
+  }
 }
 
-message TestGetRequest{
+message TestGetRequest {
   string value = 1;
 }
 
-message TestGetResponse{
+message TestGetResponse {
   string value = 1;
 }
 
-message TestPostRequest{}
+message TestPostRequest {}
 
-message TestPostResponse{}
+message TestPostResponse {}
 
 message Error {
   string code = 1;
   string msg = 2;
 }
-