Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
ApiSecurity does not expose ApiKey authorisation option
See original GitHub issueI’m submitting a…
[ ] Regression
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.
Current behavior
By adding decorator on my controller route I should get option to use ApiKey authorization method. And it also fails to add header to request.
- Shows correctly at global option to add auth.
- Fails to show at secured route
Related issue: #484
Expected behavior
Option does not show at all.
Minimal reproduction of the problem with instructions
OpenAPI Configuration
const options = new DocumentBuilder()
.addApiKey({ type: 'apiKey', name: 'ApiKeyAuth', in: 'header' })
.addBearerAuth()
.setTitle('API Generator')
.setDescription('API Gateway')
.setVersion('1.0')
.build();
Route example
@Post('webhook/process')
@ApiConsumes('multipart/form-data')
@ApiSecurity('ApiKeyAuth')
@ApiBody({
schema: {
type: 'object',
properties: {
file: {
type: 'string',
format: 'binary'
},
uuid: {
type: 'string'
}
}
}
})
@UseInterceptors(FileInterceptor('file'))
@UseGuards(LocalApiKeyGuard)
webHookProcess(@UploadedFile() file, @Body('region') region: string, @Body('uuid') uuid: string) {
return this.queueService.uploadImageAndProcess({ file, userId: uuid, region, name: file.originalname });
}
What is the motivation / use case for changing the behavior?
Environment
Nest version: `7.0.7`
Nest-Swagger version: `4.5.1`
For Tooling issues:
- Node version: `v13.6.0`
- Platform: `Mac, Linux`Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Best practices for REST API security: Authentication and ...
OAuth2 doesn't directly handle authentication and is a more ... To authenticate a user's API request, look up their API key in the...
Read more >Why and when to use API keys | Cloud Endpoints with OpenAPI
API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key....
Read more >API Security - Getting started with Recharge
When using API keys in your applications, ensure they are kept secure in transit and at rest. Publicly exposing your credentials can result...
Read more >What is an API Key? (And Are They Secure?) - HubSpot Blog
Project authentication: The API key identifies the application ... Though API keys are not the only (or even the best) API security measure, ......
Read more >API Keys ≠ Security: Why API Keys Are Not Enough
An API Key is a piece of code assigned to a specific program, ... the user over a connection with limited encryption and...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Maybe it helps someone, for me to get it to work, I had to add the name as well.
I have found solution tho I think it should be documented in better way. So I will probably make and PR and reference this issue.
Solution
Where I assume
nameneeds to match optional array in@ApiSecuritydecorator. Name is also the name of the entry that will be added in my case to header of the request.And on controller itself decorator should look like:
@ApiSecurity('api_key', ['api_key'])where second argument is array of security dependencies I assume. Documentation as noted above should be improved in this regard.