added security definition description

[pmorelli92]

Describe the PR

Added description capabilities for the security definitions types.

Additional context

I know this field is not mandatory, but another tool I am working with, relies on me adding the descriptions, otherwise it will break. I would need pretty please a tag if this gets merged 🙏

[ubogdan]

@pmorelli92 I perfectly understand the use case, please open a feature request https://github.com/swaggo/swag/issues examining this implementation requirement and I will follow you with a CR.

[pmorelli92]

Done @ubogdan #1175

[ubogdan]

Well done.
We need to have a clear readme so our users will understand how to use it.

[ubogdan]

Please update sec.def.description with "description" for the parameter column and add also the "description" feature in the example column.

[pmorelli92]

I added the example on the table below where the parameter annotation | example lives as I cannot do line breaks on the example cell of the mentioned table. Hope that is ok.

[pmorelli92]

@ubogdan , as sec.def.description is a "line" parameter such as header, in, scopes etc; I had to name it in the mentioned way because if I named it description it will override (or take) the description at the general API info level.

[pmorelli92]

I can of course change it to x-description as well as an alternative :)

[ubogdan]

See the following definition

swag/example/celler/main.go

Lines 31 to 56 in 050b0aa

	// @securityDefinitions.basic BasicAuth
	// @securityDefinitions.apikey ApiKeyAuth
	// @in header
	// @name Authorization
	// @securitydefinitions.oauth2.application OAuth2Application
	// @tokenUrl https://example.com/oauth/token
	// @scope.write Grants write access
	// @scope.admin Grants read and write access to administrative information
	// @securitydefinitions.oauth2.implicit OAuth2Implicit
	// @authorizationUrl https://example.com/oauth/authorize
	// @scope.write Grants write access
	// @scope.admin Grants read and write access to administrative information
	// @securitydefinitions.oauth2.password OAuth2Password
	// @tokenUrl https://example.com/oauth/token
	// @scope.read Grants read access
	// @scope.write Grants write access
	// @scope.admin Grants read and write access to administrative information
	// @securitydefinitions.oauth2.accessCode OAuth2AccessCode
	// @tokenUrl https://example.com/oauth/token
	// @authorizationUrl https://example.com/oauth/authorize
	// @scope.admin Grants read and write access to administrative information

I expect to see something like

// @securitydefinitions.oauth2.application  OAuth2Application
// @tokenUrl                                https://example.com/oauth/token
// @scope.write                             Grants write access
// @scope.admin                             Grants read and write access to administrative information
// @description                             Perform OAUTH2 at application level

[pmorelli92]

I can do that :)

[ubogdan]

You made it @security.definition.description instead of @description ...

[pmorelli92]

Sorry, did not see your edited comment 😅
I will try to make it work with just description but as I said before, when I tried it overlapped with the @description that you put to the general API info. I will debug and see if I can solve that.

[pmorelli92]

The current way it works is the following, given these lines:

// @description this API is a demo
// @securitydefinitions.oauth2.application  OAuth2Application
// @description                             Perform OAUTH2 at application level

The code will:

• Range every comment
• For the first line it will set the API description to this API is a demo
• For the second line it will range all comments starting from comments[i+1:] in other words skipping the current. This will effectively go through the @description and set it correctly.
• For the third line it will set the API description (and override) to Perform OAUTH2 at application level

The issue is that the parseSecAttr function is iterating all the lines below until it finds another @securitydefinitions.. But then, the lines that parseSecAttr iterated, will be iterated back again by the main for buckle.

This is why I changed the name to something different. I can potentially see how to make the main buckle not go through the lines that the security definition already did, but that might introduce lots of changes.

[pmorelli92]

@ubogdan check it now, with the changes I have done it is working correctly and the main buckle does not re-iterate the lines that the security definitions already iterated :)

[codecov]

Codecov Report

Merging #1174 (d991a85) into master (050b0aa) will decrease coverage by 0.05%.
The diff coverage is 100.00%.

❗ Current head d991a85 differs from pull request most recent head a117495. Consider uploading reports for the commit a117495 to get more accurate results

@@            Coverage Diff             @@
##           master    #1174      +/-   ##
==========================================
- Coverage   94.77%   94.71%   -0.06%     
==========================================
  Files          10       10              
  Lines        2449     2460      +11     
==========================================
+ Hits         2321     2330       +9     
- Misses         67       68       +1     
- Partials       61       62       +1     

Impacted Files	Coverage Δ
parser.go	92.41% <100.00%> (-0.15%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 050b0aa...a117495. Read the comment docs.

[ubogdan]

LGTM

[pmorelli92]

@ubogdan I discovered a bug when you could have more than one security definition so I did the fix and added test cases for it.

[ubogdan]

LGTM

[ubogdan]

@pmorelli92 Thanks for your contribution.