You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The idea is:
when adding a new API it is very easy to forget to enable the security (as it is currently per API config).
Would it be a good idea if you set a config to make APIs secure by default, that huma.Register will automatically add Security to all APIs, excluding these which opted-out expliacitly?
the auth becomes optional for all registered APIs.
Please let me know if such option already exists and I just missed it.
Or also any suggestions how to implement something like that.
I understand that this type of behavior can be not compatible with the existing code bases, but maybe if it will be a completely new option in the config it may work.
Thanks
The text was updated successfully, but these errors were encountered:
I believe it should be solved in more general way via groups functionality, it's the problem not only with security property but with all the operation properties and transformers (that can't be set per operation)
And all the operations registred with api will have the security entry you specified.
The same with all other properties:
v1gr:=api. // all operations registered with v1gr will have:AddBasePath("/v1"). // - "/v1" base pathAddOpHandler(op_handler.AddTags("some_tag")). // - "some_tag" tagAddMiddlewares(m1, m2) // - m1, m2 middlewareshureg.Get(v1gr, "/cat", ...) // "/v1/cat" with "some_tag" tag and m1, m2 middlewareshureg.Get(v1gr, "/dog", ...) // "/v1/dog" with "some_tag" tag and m1, m2 middlewares
The idea is:
when adding a new API it is very easy to forget to enable the security (as it is currently per API config).
Would it be a good idea if you set a config to make APIs secure by default, that
huma.Register
will automatically addSecurity
to all APIs, excluding these which opted-out expliacitly?Currently if I set like this
the auth becomes optional for all registered APIs.
Please let me know if such option already exists and I just missed it.
Or also any suggestions how to implement something like that.
I understand that this type of behavior can be not compatible with the existing code bases, but maybe if it will be a completely new option in the config it may work.
Thanks
The text was updated successfully, but these errors were encountered: