add security tag support for openapi (#2377)

* support openapi path security

* add security path test case

* go format

* fix test case

* add doc for security

net/goai/goai_path.go

@@ -96,6 +96,7 @@ func (oai *OpenApiV3) addPath(in addPathInput) error {
 			Responses:   map[string]ResponseRef{},
 			XExtensions: make(XExtensions),
 		}
+		seRequirement = SecurityRequirement{}
 	)
 	// Path check.
 	if in.Path == "" {
@@ -145,6 +146,18 @@ func (oai *OpenApiV3) addPath(in addPathInput) error {
 		}
 	}
 
+	// path security
+	// note: the security schema type only support http and apiKey;not support oauth2 and openIdConnect.
+	// multi schema separate with comma, e.g. `security: apiKey1,apiKey2`
+	TagNameSecurity := gmeta.Get(inputObject.Interface(), gtag.Security).String()
+	securities := gstr.SplitAndTrim(TagNameSecurity, ",")
+	for _, sec := range securities {
+		seRequirement[sec] = []string{}
+	}
+	if len(securities) > 0 {
+		operation.Security = &SecurityRequirements{seRequirement}
+	}
+
 	// =================================================================================================================
 	// Request Parameter.
 	// =================================================================================================================

net/goai/goai_z_unit_test.go

@@ -1046,3 +1046,56 @@ func Test_NameFromJsonTag(t *testing.T) {
 		t.Assert(b, `{"openapi":"3.0.0","components":{"schemas":{"github.com.gogf.gf.v2.net.goai_test.CreateReq":{"properties":{"nick_name":{"format":"string","properties":{},"type":"string"}},"type":"object"}}},"info":{"title":"","version":""},"paths":null}`)
 	})
 }
+
+func TestOpenApiV3_PathSecurity(t *testing.T) {
+	type CommonResponse struct {
+		Code    int         `json:"code"    description:"Error code"`
+		Message string      `json:"message" description:"Error message"`
+		Data    interface{} `json:"data"    description:"Result data for certain request according API definition"`
+	}
+
+	type Req struct {
+		gmeta.Meta `method:"PUT" security:"apiKey"` // 这里的apiKey要和openApi定义的key一致
+		Product    string                           `json:"product" v:"required" description:"Unique product key"`
+		Name       string                           `json:"name"    v:"required" description:"Instance name"`
+	}
+	type Res struct{}
+
+	f := func(ctx context.Context, req *Req) (res *Res, err error) {
+		return
+	}
+
+	gtest.C(t, func(t *gtest.T) {
+		var (
+			err error
+			oai = goai.New()
+		)
+
+		oai.Config.CommonResponse = CommonResponse{}
+		oai.Components = goai.Components{
+			SecuritySchemes: goai.SecuritySchemes{
+				"apiKey": goai.SecuritySchemeRef{
+					Ref: "",
+					Value: &goai.SecurityScheme{
+						// 此处type是openApi的规定，详见 https://swagger.io/docs/specification/authentication/api-keys/
+						Type: "apiKey",
+						In:   "header",
+						Name: "X-API-KEY",
+					},
+				},
+			},
+		}
+		err = oai.Add(goai.AddInput{
+			Path:   "/index",
+			Object: f,
+		})
+		t.AssertNil(err)
+		// Schema asserts.
+		fmt.Println(oai.String())
+		t.Assert(len(oai.Components.Schemas.Map()), 3)
+		t.Assert(len(oai.Components.SecuritySchemes), 1)
+		t.Assert(oai.Components.SecuritySchemes["apiKey"].Value.Type, "apiKey")
+		t.Assert(len(oai.Paths), 1)
+		t.Assert(len(oai.Paths["/index"].Put.Responses["200"].Value.Content["application/json"].Schema.Value.Properties.Map()), 3)
+	})
+}

util/gtag/gtag.go

@@ -44,4 +44,5 @@ const (
 	GConv             = "gconv"        // GConv defines the converting target name for specified struct field.
 	GConvShort        = "c"            // GConv defines the converting target name for specified struct field.
 	Json              = "json"         // Json tag is supported by stdlib.
+	Security          = "security"     // Security defines scheme for authentication. Detail to see https://swagger.io/docs/specification/authentication/
 )