Skip to content

fix(codegen): dedupe security schemes by type#3690

Merged
raphael merged 2 commits into
goadesign:v3from
speakeasy-api:dedupe-security-schemes
May 12, 2025
Merged

fix(codegen): dedupe security schemes by type#3690
raphael merged 2 commits into
goadesign:v3from
speakeasy-api:dedupe-security-schemes

Conversation

@disintegrator
Copy link
Copy Markdown
Contributor

@disintegrator disintegrator commented Apr 2, 2025
edited
Loading

This commit solves a bug where designs that use multiple security schemes of the same type break the generated Auther interface for a service as well as endpoint-related init methods due to unnecessary code duplication from ranging over .Schemes.

Reproducer

import (
	. "goa.design/goa/v3/dsl"
)

var AcmeAPIKey = APIKeySecurity("acme_api_key")
var AcmeTenant = APIKeySecurity("acme_tenant_id")

var _ = Service("customers", func() {
	Security(AcmeAPIKey, AcmeTenant)

        // ...
})

This currently results in code like this:

// Auther defines the authorization functions to be implemented by the service.
type Auther interface {
	// APIKeyAuth implements the authorization logic for the APIKey security scheme.
	APIKeyAuth(ctx context.Context, key string, schema *security.APIKeyScheme) (context.Context, error)
	// APIKeyAuth implements the authorization logic for the APIKey security scheme.
	APIKeyAuth(ctx context.Context, key string, schema *security.APIKeyScheme) (context.Context, error)
}

And:

// NewEndpoints wraps the methods of the "assets" service with endpoints.
func NewEndpoints(s Service) *Endpoints {
	// Casting service to Auther interface
	a := s.(Auther)
	return &Endpoints{
		UploadOpenAPIv3: NewUpdateDetailsEndpoint(s, a.APIKeyAuth, a.APIKeyAuth),
		//                                                         ^ 🚨
	}
}

// ...

func NewUpdateDetailsEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint {
//                                                                             ^ 🚨
	// ...
}

@disintegrator
fix(codegen): dedupe security schemes by type
007a880 
This commit solves a bug where designs that use multiple security
schemes _of the same type_ break the generated `Auther` interface for a
service as well as endpoint-related init methods due to unnecessary code
duplication from ranging over `.Schemes`.
@disintegrator
Copy link
Copy Markdown
Contributor Author

disintegrator commented Apr 2, 2025

Just need to figure out testing but putting it up PR to start discussion.

@raphael
Copy link
Copy Markdown
Member

raphael commented Apr 7, 2025

Thank you for the PR, it looks great. Will be happy to merge once there's a test for it.

@raphael
Copy link
Copy Markdown
Member

raphael commented Apr 27, 2025

This is a good bug fix that I'd like to have in the next release of Goa, let me know if I can help with the tests.

@disintegrator
Copy link
Copy Markdown
Contributor Author

disintegrator commented May 5, 2025

@raphael sorry for the delay, i've been a little swamped. I'll set some time aside for writing tests this week.

@disintegrator
Copy link
Copy Markdown
Contributor Author

disintegrator commented May 11, 2025
edited
Loading

Hey @raphael, added a couple of test DSLs to the mix that should reproduce this bug and confirm it's fixed by this PR.

@raphael
Copy link
Copy Markdown
Member

raphael commented May 11, 2025

Awesome, thank you

@raphael raphael merged commit feb52b3 into goadesign:v3 May 12, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@disintegrator @raphael