openapi - generator / IRestClient - feature improvements

tfopc · 2024-11-22 08:18:41

Hi,

i give the generator a quick try againt a "PostgREST (https://postgrest.org/)" api. Generation works. But i must some changes in the client to support the the login on the api (AuthBearer)

The Login route looks like this in the automatic generated openapi (v1) from the PostgREST-Service:

  "/rpc/login": {
      "get": {
        "parameters": [
          {
            "format": "text",
            "in": "query",
            "name": "email",
            "required": true,
            "type": "string"
          },
          {
            "format": "text",
            "in": "query",
            "name": "pass",
            "required": true,
            "type": "string"
          }
        ],
        "produces": [
          "application/json",
          "application/vnd.pgrst.object+json;nulls=stripped",
          "application/vnd.pgrst.object+json"
        ],
        "responses": {
          "200": {
            "description": "OK"
          }
        },
        "tags": [
          "(rpc) login"
        ]
      },

the via mopenapi.exe generated procedure for this route is:

procedure TAPIClient.GetRpcLogin(const Email: RawUtf8; const Pass: RawUtf8);

After i have change it to parse and return variant. It get the result token via json.

Is "produces": ["application/json"] not supported? - what is the right way to get the result from the ApiClient/IJsonClient?

But with the mod i got it working:

  
  c := TJsonClient.Create('https://postgrest.domain.tld','');
  api := TAPIClient.Create(c);
  v := api.GetRpcLogin('user@domain.tdl','SomePassword');
  d := DocDictFrom(v);
  s := d.U['token'];
  c.Http.Options.Auth.Scheme := wraBearer;
  c.Http.Options.Auth.Token := s;
  //next calls with token
  artArr := api.GetArticle;

Also it would be nice to give the generator or created object (TAPIClient/TJsonClient) the some hints and params so that the login results in a prefilled auth infos after login.

It was just a quick test for me, so no not critical for me, just a hint and maybe feature improvement for you ab.

Maybe it is also a lack of none standard generation of openapi-spec from PostgREST.

Many thanks for your work on this module of the framework @Andreas and @ab

ab · 2024-11-22 09:48:36

My guess is that plain "produces": ["application/json"] is indeed not supported yet, if there is no parameter explicit parameter.

The problem is that this "produces" behavior seems to be OpenApi v2 only.
https://swagger.io/docs/specification/v … responses/

tfopc · 2024-11-22 10:09:46

Hi ab,
thanks for the quick response.

You're right, I mixed up the internal "ApiVersion" with the openapi-spec.

In saggerui there is the hint "OAS 2.0" on top, so it isn't openapi spec v1

FYI: Because auf auth, the definition is defined as

 "securityDefinitions": {
    "JWT": {
      "description": "Add the token prepending \"Bearer \" (without quotes) to it",
      "in": "header",
      "name": "Authorization",
      "type": "apiKey"
    }
  },
  "security": [
    {
      "JWT": []
    }
  ],

ab · 2024-11-22 10:57:20

Please try with
https://github.com/synopse/mORMot2/commit/789679c3
It should now return a "variant" result to retrieve the token from.

But there is no simple way of knowing which method to call to authenticate, and how to retrieve the token. There is not enough information.
Some manual bearer setting is needed, but it seems fair enough to me, especially with https://github.com/synopse/mORMot2/commit/0e77ea3b :

  c := TJsonClient.Create('https://postgrest.domain.tld','');
  api := TAPIClient.Create(c);
  c.SetBearer(api.GetRpcLogin('user@domain.tdl','SomePassword').token);
  //next calls with token
  artArr := api.GetArticle;

tfopc · 2024-11-22 11:33:40

Hi ab,
you are the best!
It is working!
But one thing to mention/investigate: I think there is some problem with the assignment of the token via Variant (Pointer) - (Autofree?)

c.Http.Options.Auth.Token := api.GetRpcLogin('user@domain.tdl','SomePassword').token;

-> the Auth.Token in InternalSendRequest is empty.

if i set the token to a local rawutf8 and assign this to the c.Http.Options.Auth.Token it is filled and the next request is working.

s := api.GetRpcLogin('user@domain.tdl','SomePassword').token;
c.Http.Options.Auth.Token := s;

maybe critical/unexpected also on other assignments in the framework?

Last edited by tfopc (2024-11-22 11:34:41)

tfopc · 2024-11-22 16:24:46

Hi,

sorry didn't see that you add a "SetBearer" for the IJsonClient, with this it is working.

nice weekend to all of you.

mORMot Open Source

#1 2024-11-22 08:18:41

openapi - generator / IRestClient - feature improvements

#2 2024-11-22 09:48:36

Re: openapi - generator / IRestClient - feature improvements

#3 2024-11-22 10:09:46

Re: openapi - generator / IRestClient - feature improvements

#4 2024-11-22 10:57:20

Re: openapi - generator / IRestClient - feature improvements

#5 2024-11-22 11:33:40

Re: openapi - generator / IRestClient - feature improvements

#6 2024-11-22 16:24:46

Re: openapi - generator / IRestClient - feature improvements

Board footer