middleware swaggerSecurity unable to access res object

Question

middleware swaggerSecurity unable to access res object

Opened this issue 4 years ago · 1 comments

Hello,

I am trying to process token and send a response back if the token is not present. I am trying to follow the document here

The issue is that in the auth code, I am unable to access req.res object to overload the response.

// Line 15 on verifyToken code in the link above
function sendError() {
        return req.res.status(403).json({message: 'Error: Access Denied'});
    }

Here is how I am initializing the middleware.

// Initialize the Swagger middleware
swaggerTools.initializeMiddleware(swaggerDoc, function (middleware) {
  
    // Route validated requests to appropriate controller
    app.use(middleware.swaggerRouter(options));
    
  // Serve the Swagger documents and Swagger UI
  app.use(middleware.swaggerUi());

  // Interpret Swagger resources and attach metadata to request - must be first in swagger-tools middleware chain
  app.use(middleware.swaggerMetadata());

  // Validate Swagger requests
  app.use(middleware.swaggerValidator());

  // Use security
  app.use(middleware.swaggerSecurity({
    Bearer: auth.verifyToken
  }));

Appreciate any pointers.

S

Answer 1 · 2022-06-02T02:37:27.000Z

Late to this, but for anybody who finds it... you need to include a call to OPs proposed error handler:

app.use(sendError)

at the end of your Express.js chain inside of your swagger initialization code.

the sendError function should have parameters of req, res, err, next

function sendError(req, res, err, next) { return res.status(403).json({message: 'Error: Access Denied'}); }

This works because an invalid token throws an error from its callback... i.e. (on Swagger 2.0):

function initializeSwaggerSecurity(middleware) { return middleware.swaggerSecurity({ jwtAuth: (req, authOrSecDef, scopes, callback) => { passport.authenticate('jwt', {session: false}, (err, user, info) => { if (err) { return callback(new Error(CONSTANTS.AUTHENTICATION.ERROR_MESSAGE_DEFAULT)) }; if (!user) { return callback(new Error(CONSTANTS.AUTHENTICATION.ERROR_MESSAGE_TOKEN)) } else { req.user = user; return callback(); } })(req, null, callback); } }); };

Lastly, if the response is just not there for you to work with (i.e. couldn't find res.status), I just composed a new response using a util tool I have and returned that.