Add security doc and update main README. (#3)

pei0804 · easonlin404 · commit 2af46aa04dc9 · 2018-03-28T14:19:34.000+08:00
diff --git a/.travis.yml b/.travis.yml
@@ -3,17 +3,11 @@ node_js:
   - '7'
 sudo: false
 script:
-  - sudo -v && wget -nv -O- https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py | sudo python -c "import sys; main=lambda:sys.stderr.write('Download failed\n'); exec(sys.stdin.read()); main()"
-  - sudo ln -s /opt/calibre/ebook-convert /usr/local/bin/
-  - make install
-  - make publish
+  - $TRAVIS_BRANCH == "master" && $TRAVIS_PULL_REQUEST == "false" && make travis-deploy
 before_install:
   - openssl aes-256-cbc -K $encrypted_e8c0cd5f9239_key -iv $encrypted_e8c0cd5f9239_iv -in deploy_key.enc -out deploy_key -d
   - chmod 600 deploy_key
   - eval `ssh-agent -s`
   - ssh-add deploy_key
   - git config --global user.name "publisher"
   - git config --global user.email "publisher@git.hub"
-branches:
-  only:
-    - master
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 SHELL := /bin/bash
 
-.PHONY: all install prepare build watch publish pdf epub mobi clean
+.PHONY: all install prepare build watch publish pdf epub mobi clean travis-deploy
 
 all: install build
 
@@ -42,3 +42,9 @@ clean:
 	rm -rf _book
 	rm -rf node_modules
 
+travis-deploy:
+	sudo -v && wget -nv -O- https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py | sudo python -c "import sys; main=lambda:sys.stderr.write('Download failed\n'); exec(sys.stdin.read()); main()"
+	sudo ln -s /opt/calibre/ebook-convert /usr/local/bin/
+	$(MAKE) install
+	$(MAKE) publish
+
diff --git a/README.md b/README.md
@@ -21,9 +21,208 @@
 ## What is swag?
 swag converts Go annotations to Swagger Documentation 2.0. And provides a variety of builtin [web framework](#supported-web-framework) lib. Let you can quickly integrated in existing golang project(using Swagger UI) .
 
-## Documentation
+## Status of implementations
+
+[Swagger 2.0 document](https://swagger.io/docs/specification/2-0/basic-structure/)
+
+- [x] Basic Structure
+- [x] API Host and Base Path
+- [x] Paths and Operations
+- [x] Describing Parameters
+- [x] Describing Request Body
+- [x] Describing Responses
+- [x] MIME Types
+- [x] Authentication
+  - [x] Basic Authentication
+  - [x] API Keys
+- [x] Adding Examples
+- [x] File Upload
+- [ ] Enums
+- [x] Grouping Operations With Tags
+- [ ] Swagger Extensions
+
+## Document
 
 - [web](https://swaggo.github.io/swaggo.io/)
 - [pdf](https://github.com/swaggo/swaggo.io/raw/gh-pages/swaggo.pdf)
 - [epub](https://github.com/swaggo/swaggo.io/raw/gh-pages/swaggo.epub)
 - [mobi](https://github.com/swaggo/swaggo.io/raw/gh-pages/swaggo.mobi)
+
+## Example
+
+[swaggo + gin](https://github.com/swaggo/swag/tree/master/example/celler)
+
+## Getting started
+
+1. Add comments to your API source code, [See Declarative Comments Format](https://swaggo.github.io/swaggo.io/declarative_comments_format/)
+
+2. Download swag by using:
+```sh
+$ go get -u github.com/swaggo/swag/cmd/swag
+```
+3. Run the [swag](#generate-swagger-20-docs) in project root folder which contains `main.go` file, The [swag](#generate-swagger-20-docs) will parse your comments and generate required files(`docs` folder and `docs/doc.go`).
+```sh
+$ swag init
+```
+
+## How to use it with `gin`?
+
+This example source [here.](https://github.com/swaggo/swag/tree/master/example/celler)
+
+1.After using [swag](#generate-swagger-20-docs) to generate Swagger 2.0 docs. Import following packages:
+
+```go
+import "github.com/swaggo/gin-swagger" // gin-swagger middleware
+import "github.com/swaggo/gin-swagger/swaggerFiles" // swagger embed files
+```
+
+***Supported Web Framework in generate swagger middleware***
+
+- [gin](http://github.com/swaggo/gin-swagger)
+- [echo](http://github.com/swaggo/echo-swagger)
+- [net/http](https://github.com/swaggo/http-swagger)
+- revel
+
+2.Added [General API Info](https://swaggo.github.io/swaggo.io/declarative_comments_format/api_operation.html) annotations in `main.go` code:
+
+```go
+// @title Swagger Example API
+// @version 1.0
+// @description This is a sample server celler server.
+// @termsOfService http://swagger.io/terms/
+
+// @contact.name API Support
+// @contact.url http://www.swagger.io/support
+// @contact.email support@swagger.io
+
+// @license.name Apache 2.0
+// @license.url http://www.apache.org/licenses/LICENSE-2.0.html
+
+// @host localhost:8080
+// @BasePath /api/v1
+
+// @securityDefinitions.basic BasicAuth
+
+// @securityDefinitions.apikey ApiKeyAuth
+// @in header
+// @name Authorization
+
+// @securitydefinitions.oauth2.application OAuth2Application
+// @tokenUrl https://example.com/oauth/token
+// @scope.write Grants write access
+// @scope.admin Grants read and write access to administrative information
+
+// @securitydefinitions.oauth2.implicit OAuth2Implicit
+// @authorizationurl https://example.com/oauth/authorize
+// @scope.write Grants write access
+// @scope.admin Grants read and write access to administrative information
+
+// @securitydefinitions.oauth2.password OAuth2Password
+// @tokenUrl https://example.com/oauth/token
+// @scope.read Grants read access
+// @scope.write Grants write access
+// @scope.admin Grants read and write access to administrative information
+
+// @securitydefinitions.oauth2.accessCode OAuth2AccessCode
+// @tokenUrl https://example.com/oauth/token
+// @authorizationurl https://example.com/oauth/authorize
+// @scope.admin Grants read and write access to administrative information
+
+func main() {
+	r := gin.Default()
+
+	c := controller.NewController()
+
+	v1 := r.Group("/api/v1")
+	{
+		accounts := v1.Group("/accounts")
+		{
+			accounts.GET(":id", c.ShowAccount)
+			accounts.GET("", c.ListAccounts)
+			accounts.POST("", c.AddAccount)
+			accounts.DELETE(":id", c.DeleteAccount)
+			accounts.PATCH(":id", c.UpdateAccount)
+			accounts.POST(":id/images", c.UploadAccountImage)
+		}
+    //...
+	}
+	r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
+	r.Run(":8080")
+}
+//...
+
+```
+
+3.Added [API Operation](https://swaggo.github.io/swaggo.io/declarative_comments_format/general_api_info.html) annotations in `controller` code
+
+``` go
+package controller
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/swaggo/swag/example/celler/httputil"
+	"github.com/swaggo/swag/example/celler/model"
+)
+
+// ShowAccount godoc
+// @Summary Show a account
+// @Description get string by ID
+// @ID get-string-by-int
+// @Accept  json
+// @Produce  json
+// @Param id path int true "Account ID"
+// @Success 200 {object} model.Account
+// @Failure 400 {object} httputil.HTTPError
+// @Failure 404 {object} httputil.HTTPError
+// @Failure 500 {object} httputil.HTTPError
+// @Router /accounts/{id} [get]
+func (c *Controller) ShowAccount(ctx *gin.Context) {
+	id := ctx.Param("id")
+	aid, err := strconv.Atoi(id)
+	if err != nil {
+		httputil.NewError(ctx, http.StatusBadRequest, err)
+		return
+	}
+	account, err := model.AccountOne(aid)
+	if err != nil {
+		httputil.NewError(ctx, http.StatusNotFound, err)
+		return
+	}
+	ctx.JSON(http.StatusOK, account)
+}
+
+// ListAccounts godoc
+// @Summary List accounts
+// @Description get accounts
+// @Accept  json
+// @Produce  json
+// @Param q query string false "name search by q"
+// @Success 200 {array} model.Account
+// @Failure 400 {object} httputil.HTTPError
+// @Failure 404 {object} httputil.HTTPError
+// @Failure 500 {object} httputil.HTTPError
+// @Router /accounts [get]
+func (c *Controller) ListAccounts(ctx *gin.Context) {
+	q := ctx.Request.URL.Query().Get("q")
+	accounts, err := model.AccountsAll(q)
+	if err != nil {
+		httputil.NewError(ctx, http.StatusNotFound, err)
+		return
+	}
+	ctx.JSON(http.StatusOK, accounts)
+}
+
+//...
+```
+
+4.Run it, and browser to http://localhost:8080/swagger/index.html. You will see Swagger 2.0 Api documents as bellow:
+
+![swagger_index.html](https://raw.githubusercontent.com/swaggo/swaggo.io/c7bdcce3bc6103fd019cc6c885ff6edca0e21519/images/swagger-image.png)
+
+## About the Project
+This project was inspired by [swagger](https://github.com/yvasiyarov/swagger) but simplified the usage of complexity and support a variety of [web framework]((#supported-web-framework)).
+
diff --git a/declarative_comments_format/api_operation.md b/declarative_comments_format/api_operation.md
@@ -1,17 +1,18 @@
 # API Operation
 
-| annotation         | description                                                                                               | 
+| annotation         | description                                                                                               |
 |--------------------|-----------------------------------------------------------------------------------------------------------|
 | description        | A verbose explanation of the operation behavior.                                                          |
 | id                 | A unique string used to identify the operation. Must be unique among all API operations.                  |
 | tags               | A list of tags to each API operation that separated by commas.                                            |
 | summary            | A short summary of what the operation does.                                                               |
 | accept             | A list of MIME types the APIs can consume. Value MUST be as described under [Mime Types](#mime-types).    |
 | produce            | A list of MIME types the APIs can produce. Value MUST be as described under [Mime Types](#mime-types).    |
-| param              | Parameters that separated by spaces. `param name`,`param type`,`data type`,`is mandatory?`,`comment`      | 
-| success            | Success response that separated by spaces. `return code`,`{param type}`,`data type`,`comment`             | 
-| failure            | Failure response that separated by spaces. `return code`,`{param type}`,`data type`,`comment`             | 
-| router             | Failure response that separated by spaces. `path`,`[httpMethod]`                                          | 
+| param              | Parameters that separated by spaces. `param name`,`param type`,`data type`,`is mandatory?`,`comment`      |
+| security           | [Security](#security) to each API operation.                                                                         |
+| success            | Success response that separated by spaces. `return code`,`{param type}`,`data type`,`comment`             |
+| failure            | Failure response that separated by spaces. `return code`,`{param type}`,`data type`,`comment`             |
+| router             | Failure response that separated by spaces. `path`,`[httpMethod]`                                          |
 
 ## Example
 
@@ -37,6 +38,32 @@ json-api
 application/vnd.api+json
 ```
 
+## Security
+
+General API info.
+
+```go
+// @securityDefinitions.basic BasicAuth
+
+// @securitydefinitions.oauth2.application OAuth2Application
+// @tokenUrl https://example.com/oauth/token
+// @scope.write Grants write access
+// @scope.admin Grants read and write access to administrative information
+```
+
+Each API operation.
+
+```go
+// @Security ApiKeyAuth
+```
+
+Make it AND condition
+
+```go
+// @Security ApiKeyAuth
+// @Security OAuth2Application[write, admin]
+```
+
 ## Param Type
 
 - object (struct)
diff --git a/declarative_comments_format/general_api_info.md b/declarative_comments_format/general_api_info.md
@@ -14,6 +14,17 @@
 | host               | The host (name or ip) serving the API.                                                                    |
 | BasePath           | The base path on which the API is served.                                                                 |
 
+## Security
+
+| annotation                              | description                                                                                    | parameters                        |
+|-----------------------------------------|------------------------------------------------------------------------------------------------|-----------------------------------|
+| securitydefinitions.basic               | [Basic](https://swagger.io/docs/specification/2-0/authentication/basic-authentication/) auth.  |                                   |
+| securitydefinitions.apikey              | [API key](https://swagger.io/docs/specification/2-0/authentication/api-keys/) auth.            | in, name                          |
+| securitydefinitions.oauth2.application  | [OAuth2 application](https://swagger.io/docs/specification/authentication/oauth2/) auth.       | tokenUrl, scope                   |
+| securitydefinitions.oauth2.implicit     | [OAuth2 implicit](https://swagger.io/docs/specification/authentication/oauth2/) auth.          | authorizationUrl, scope           |
+| securitydefinitions.oauth2.password     | [OAuth2 password](https://swagger.io/docs/specification/authentication/oauth2/) auth.          | tokenUrl, scope                   |
+| securitydefinitions.oauth2.accessCode   | [OAuth2 access code](https://swagger.io/docs/specification/authentication/oauth2/) auth.       | tokenUrl, authorizationUrl, scope |
+
 ## Example
 
 [celler/main.go](https://github.com/swaggo/swag/blob/master/example/celler/main.go)
diff --git a/images/swagger-image.png b/images/swagger-image.png
