How could we automatically add schema.security when we add authorization requirements to a route?

[tmcw]

What are you trying to achieve, or the steps to reproduce?

We're using some very basic fastify.decorateRequest and fastify.decorate calls to support bearer auth in our application:

fastify.decorateRequest("user", null);

fastify.decorate("bearerAuthOptional", async (request: FastifyRequest) => {
  request.user = await getAuth(request.headers.authorization);
});

As an example. Then in each route, we use a preHandler to run this decorator:

preHandler: fastify.auth([fastify.bearerAuthOptional]),

Now, we're generating OpenAPI with fastify/swagger, and it becomes necessary to tell API consumers which routes have which kinds of authentication. The code knows which routes do and don't, and we can repeat this information in the route-specific schema, but it'd be lovely to be able to have routes with auth automatically get a schema.security value.

I don't know how this is possible - preHandler, probably not. Maybe like a plugin that operates on each route?

Is there a kind of abstraction that can both add a preHandler hook and affect a route's schema in this way?

[mcollina]

Thanks for reporting. It would be great to add this feature somehow to fastify-swagger.

I'm moving this issue there.