version 5.1.1, apiKey cookie authentication results in error
vaporii opened this issue · comments
When attempting to access any endpoint secured with cookie authentication, the following error occurs:
Cannot read properties of undefined (reading 'connect.sid')
To reproduce the error, create an OpenAPI spec sheet with an endpoint secured with cookie authentication. Then, write a TypeScript backend using express and express-openapi-validator. (Examples at bottom of page)
When accessing the endpoint secured with cookie authentication, the following error is returned:
Unauthorized: Cannot read properties of undefined (reading 'connect.sid')
at Function.create (/devfolder/node_modules/express-openapi-validator/dist/framework/types.js:42:24)
at /devfolder/node_modules/express-openapi-validator/dist/middlewares/openapi.security.js:78:43
at processTicksAndRejections (node:internal/process/task_queues:95:5) {
status: 401,
path: '/api/v3/url/{urlId}',
headers: undefined,
errors: [
{
path: '/api/v3/url/{urlId}',
message: "Cannot read properties of undefined (reading 'connect.sid')"
}
]
}
The endpoint should always be authenticated (see code below), but as seen above in the error, that does not happen.
Examples
OpenAPI spec snippet
/url/{urlId}:
put:
tags:
- url
summary: Update a URL
description: Update a URL
operationId: updateUrl
requestBody:
description: Update a URL
content:
application/json:
schema:
type: object
properties:
longUrl:
type: string
format: uri
alias:
type: string
parameters:
- name: urlId
in: path
description: The URL ID to update
required: true
schema:
type: integer
format: int64
responses:
"200":
description: Successful operation
security:
- tokenAuth: []
x-eov-operation-handler: controllers/Url
Security schema
securitySchemes:
tokenAuth:
type: apiKey
in: cookie
name: connect.sid
TypeScript backend example
import * as OpenApiValidator from "express-openapi-validator";
import express from "express";
import dotenv from "dotenv";
dotenv.config();
import { createUser } from "./utils";
const PORT = 5555;
const app = express();
app.use(express.json());
app.use(
OpenApiValidator.middleware({
apiSpec: "spec.yaml",
validateRequests: true,
validateSecurity: {
handlers: {
tokenAuth: async (req, scopes, schema) => {
return true;
},
},
},
})
);
app.use(
(
err: any,
req: express.Request,
res: express.Response,
next: express.NextFunction
) => {
console.log(err);
// format error
res.status(err.status || 500).json({
message: err.message,
errors: err.errors,
});
}
)
app.listen(PORT, () => {
console.log("Listening on http://localhost:" + PORT);
});
nevermind i'm stupid