restify_openapi/models/security.rs
1use indexmap::IndexMap;
2use serde::Serialize;
3use serde_json::Value;
4use std::collections::BTreeMap;
5
6/// Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#componentsSecuritySchemes) under the [Components Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#components-object).
7///
8/// Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
9///
10/// When a list of Security Requirement Objects is defined on the [OpenAPI Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-object) or [Operation Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.
11#[derive(Serialize, Clone, Debug, Default)]
12#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
13#[serde(rename_all = "camelCase")]
14pub struct SecurityRequirement {
15 /// Each name MUST correspond to a security scheme which is declared in the [Security Schemes](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#componentsSecuritySchemes) under the [Components Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty.
16 #[serde(flatten, skip_serializing_if = "BTreeMap::is_empty")]
17 pub requirements: BTreeMap<String, Vec<String>>,
18}
19
20/// Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), `OAuth2`'s common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://datatracker.ietf.org/doc/html/rfc6749), and [OpenID Connect Discovery](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-discovery-06).
21#[derive(Serialize, Clone, Debug)]
22#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
23#[serde(rename_all = "camelCase")]
24pub struct SecurityScheme {
25 /// The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`.
26 #[serde(flatten)]
27 pub _type: SecurityType,
28 /// A short description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation.
29 #[serde(skip_serializing_if = "Option::is_none")]
30 pub description: Option<String>,
31 /// This object MAY be extended with [Specification Extensions](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#specification-extensions).
32 #[serde(flatten, skip_serializing_if = "IndexMap::is_empty", skip_deserializing)]
33 pub extensions: IndexMap<String, Value>,
34}
35
36#[derive(Serialize, Clone, Debug)]
37#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
38#[serde(rename_all = "camelCase", tag = "type")]
39pub enum SecurityType {
40 ApiKey(ApiKey),
41 Http(Http),
42 #[serde(rename = "oauth2")]
43 OAuth2(OAuth2),
44 OpenIdConnect(OpenIdConnect),
45}
46
47#[derive(Serialize, Clone, Debug)]
48#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
49#[serde(rename_all = "camelCase")]
50pub struct ApiKey {
51 /// The name of the header, query or cookie parameter to be used.
52 pub name: String,
53 /// The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`.
54 #[serde(rename = "in")]
55 pub _in: ApiKeyIn,
56}
57
58#[derive(Serialize, Clone, Debug)]
59#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
60#[serde(rename_all = "camelCase")]
61pub enum ApiKeyIn {
62 Query,
63 Header,
64 Cookie,
65}
66
67#[derive(Serialize, Clone, Debug, Default)]
68#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
69#[serde(rename_all = "camelCase")]
70pub struct Http {
71 /// The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml).
72 pub scheme: String,
73 /// A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes.
74 #[serde(skip_serializing_if = "Option::is_none")]
75 pub bearer_format: Option<String>,
76}
77
78#[derive(Serialize, Clone, Debug, Default)]
79#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
80#[serde(rename_all = "camelCase")]
81pub struct OAuth2 {
82 /// An object containing configuration information for the flow types supported.
83 pub flows: OauthFlows,
84}
85
86/// Allows configuration of the supported OAuth Flows.
87#[derive(Serialize, Clone, Debug, Default)]
88#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
89#[serde(rename_all = "camelCase")]
90pub struct OauthFlows {
91 /// Configuration for the OAuth Implicit flow
92 #[serde(skip_serializing_if = "Option::is_none")]
93 pub implicit: Option<OauthImplicit>,
94 /// Configuration for the OAuth Resource Owner Password flow
95 #[serde(skip_serializing_if = "Option::is_none")]
96 pub password: Option<OauthToken>,
97 /// Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0.
98 #[serde(skip_serializing_if = "Option::is_none")]
99 pub client_credentials: Option<OauthToken>,
100 /// Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0.
101 #[serde(skip_serializing_if = "Option::is_none")]
102 pub authorization_code: Option<OauthToken>,
103 /// This object MAY be extended with [Specification Extensions](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#specification-extensions).
104 #[serde(flatten, skip_serializing_if = "IndexMap::is_empty", skip_deserializing)]
105 pub extensions: IndexMap<String, Value>,
106}
107
108#[derive(Serialize, Clone, Debug, Default)]
109#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
110#[serde(rename_all = "camelCase")]
111pub struct OauthImplicit {
112 /// The authorization URL to be used for this flow. This MUST be in the form of a URL.
113 pub authorization_url: String,
114 /// The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL.
115 #[serde(skip_serializing_if = "Option::is_none")]
116 pub refresh_url: Option<String>,
117 /// The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty.
118 pub scopes: BTreeMap<String, String>,
119}
120
121#[derive(Serialize, Clone, Debug, Default)]
122#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
123#[serde(rename_all = "camelCase")]
124pub struct OauthToken {
125 /// The token URL to be used for this flow. This MUST be in the form of a URL.
126 pub token_url: String,
127 /// The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL.
128 #[serde(skip_serializing_if = "Option::is_none")]
129 pub refresh_url: Option<String>,
130 /// The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty.
131 pub scopes: BTreeMap<String, String>,
132}
133
134#[derive(Serialize, Clone, Debug, Default)]
135#[cfg_attr(any(test, feature = "deserialize"), derive(serde::Deserialize, PartialEq))]
136#[serde(rename_all = "camelCase")]
137pub struct OpenIdConnect {
138 /// OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL.
139 pub open_id_connect_url: String,
140}