NAME

Raisin::Plugin::Swagger - Generates API description in Swagger 2/OpenAPI compatible format.

SYNOPSIS

plugin 'Swagger';

DESCRIPTION

Generates an API description of application.

SPECIFICATION

Compatible with Swagger/OpenAPI Spec 2.0.

CORS

To enable Cross-Origin HTTP Requests you should enable a Plack::Middleware::CrossOrigin middleware with all the parameters you need (like origins, methods, headers, etc.).

middleware 'CrossOrigin',
    origins => '*',
    methods => [qw/DELETE GET HEAD OPTIONS PATCH POST PUT/],
    headers => [qw/accept authorization content-type api_key_token/];

Alternatively you can set CORS headers in a before hook.

SECURITY

Raisin has a limited support of OpenAPI security objects. To make it generate security objects configure it in the way it described below.

Add a api_key security via stoken header.

swagger_security(name => 'stoken', in => 'header', type => 'api_key');

Add the header name to "CORS" in Raisin::Plugin::Swagger headers if you use api_key.

middleware 'CrossOrigin',
    origins => '*',
    methods => [qw/DELETE GET HEAD OPTIONS PATCH POST PUT/],
    headers => [qw/stoken accept authorization content-type/];

Limitations

  • Raisin doesn't support per operation security.

  • Raisin doesn't support oauth2, only basic and api_key are supported.

Example Application

Example of a secured application.

use strict;
use warnings;

middleware '+MyAuthMiddleware';

middleware 'CrossOrigin',
    origins => '*',
    methods => [qw/DELETE GET HEAD OPTIONS PATCH POST PUT/],
    headers => [qw/stoken accept authorization content-type/];

plugin 'Swagger';
swagger_security(name => 'stoken', in => 'header', type => 'api_key');

get sub { { data => 'ok' } };

run;

Example of a middleware used in the application.

package Auth;

use strict;
use warnings;

use parent 'Plack::Middleware';
use Plack::Request;

sub call {
    my ($self, $env) = @_;

    my $req = Plack::Request->new($env);

    if (($req->header('stoken') // '') eq 'secret' || $req->path eq '/swagger.json') {
        $self->app->($env);
    }
    else {
        [403, [], ['forbidden']];
    }
}

1;

FUNCTIONS

swagger_setup

Configures base OpenAPI parameters, be aware they aren't validating and passing to the specification as is.

Properly configured section has following attributes: title, description, terms_service, contact and license.

Contact has name, url, email.

License has name and url.

swagger_setup(
    title => 'BatAPI',
    description => 'Simple BatAPI.',

    contact => {
        name => 'Bruce Wayne',
        url => 'http://wayne.enterprises',
        email => 'bruce@batman.com',
    },

    license => {
        name => 'Batman license',
        url => 'http://wayne.enterprises/licenses/',
    },
);

swagger_security

Configures OpenAPI security options.

Allowed types are basic, api_key and oauth2.

For more information please check OpenAPI specification and "SECURITY" in Raisin::Plugin::Swagger.

AUTHOR

Artur Khabibullin - rtkh <at> cpan.org

LICENSE

This module and all the modules in this package are governed by the same license as Perl itself.