chore: add-security-to-swagger

Author: ryanbas21

e2e/mock-api-v2/package.json

@@ -4,7 +4,7 @@
   "private": true,
   "description": "",
   "type": "module",
-  "main": "./dist/index.js",
+  "main": "./src/main.js",
   "scripts": {
     "build": "pnpm nx nxBuild",
     "lint": "pnpm nx nxLint",
@@ -28,7 +28,7 @@
         "executor": "@nx/js:tsc",
         "outputs": ["{options.outputPath}"],
         "options": {
-          "outputPath": "./dist",
+          "outputPath": "e2e/mock-api-v2/dist",
           "main": "e2e/mock-api-v2/src/main.ts",
           "tsConfig": "e2e/mock-api-v2/tsconfig.app.json",
           "generatePackageJson": true

e2e/mock-api-v2/src/main.ts

@@ -36,7 +36,14 @@ const ServerMock = HttpApiBuilder.serve(HttpMiddleware.logger).pipe(
   Layer.provide(UserInfoMockService),
   Layer.provide(IncrementStepIndexMock),
   Layer.provide(AuthorizationMock),
-  Layer.provide(HttpApiBuilder.middlewareCors()),
+  Layer.provide(
+    HttpApiBuilder.middlewareCors({
+      allowedMethods: ['GET', 'PUT', 'POST', 'OPTIONS'],
+      allowedOrigins: ['http://localhost:5173', 'http://localhost:8443'],
+      credentials: true,
+      maxAge: 3600,
+    }),
+  ),
   HttpServer.withLogAddress,
   Layer.provide(NodeHttpServer.layer(createServer, { port: 9443 })),
 );

e2e/mock-api-v2/src/middleware/Authorization.ts

@@ -1,5 +1,5 @@
 import { Unauthorized } from '@effect/platform/HttpApiError';
-import { HttpApiMiddleware, HttpApiSecurity } from '@effect/platform';
+import { HttpApiMiddleware, HttpApiSecurity, OpenApi } from '@effect/platform';
 import { Brand, Context, Effect, Layer, Redacted } from 'effect';
 
 type BearerTokenValue = string & Brand.Brand<'BearerToken'>;
@@ -10,12 +10,13 @@ class BearerToken extends Context.Tag('BearerToken')<BearerToken, BearerTokenVal
 
 class Authorization extends HttpApiMiddleware.Tag<Authorization>()('Authorization', {
   failure: Unauthorized,
-  provides: BearerToken, // Declare that this middleware provides the bearer token
+  provides: BearerToken,
   security: {
-    myBearer: HttpApiSecurity.bearer,
+    myBearer: HttpApiSecurity.bearer.pipe(
+      HttpApiSecurity.annotate(OpenApi.Description, 'Bearer token for API authentication'),
+    ),
   },
 }) {}
-
 const AuthorizationMock = Layer.effect(
   Authorization,
   Effect.gen(function* () {

e2e/mock-api-v2/src/spec.ts

@@ -47,7 +47,7 @@ const MockApi = HttpApi.make('MyApi')
   .add(
     HttpApiGroup.make('Tokens')
       .add(
-        HttpApiEndpoint.post('Tokens')`/envid/as/token`
+        HttpApiEndpoint.post('Tokens')`/:envid/as/token`
           .addSuccess(TokenResponseBody)
           .addError(HttpApiError.Unauthorized)
           .setPath(Schema.Struct({ envid: Schema.String })),
@@ -62,8 +62,9 @@ const MockApi = HttpApi.make('MyApi')
           .addSuccess(UserInfoSchema)
           .addError(HttpApiError.Unauthorized),
       )
+      .middleware(Authorization)
       .annotate(OpenApi.Description, 'User Info route that requires a bearer token')
       .annotate(OpenApi.Description, 'Protected routes, that require a bearer token'),
-  )
-  .middleware(Authorization);
+  );
+
 export { MockApi };