gronod
964dacc588
- Import swagger-ui-express, swagger-jsdoc, yamljs in app.js and index.js - Load server/openapi.yaml as base spec - Configure swagger-jsdoc to merge JSDoc comments from route files - Mount Swagger UI at /api/swagger (publicly accessible) - Add authentication banner explaining cookie + CSRF flow - Ensure spec loads from both createApp (tests) and index.js (production)
35 lines
1.4 KiB
JavaScript
35 lines
1.4 KiB
JavaScript
// Swagger UI authentication banner
|
|
// This banner explains the cookie + CSRF authentication flow
|
|
(function() {
|
|
window.addEventListener('load', function() {
|
|
const banner = document.createElement('div');
|
|
banner.style.cssText = `
|
|
background: #fff3cd;
|
|
border: 1px solid #ffc107;
|
|
border-radius: 4px;
|
|
padding: 12px 16px;
|
|
margin: 16px;
|
|
font-family: sans-serif;
|
|
font-size: 14px;
|
|
line-height: 1.5;
|
|
color: #856404;
|
|
`;
|
|
banner.innerHTML = `
|
|
<strong>Authentication Required for Most Endpoints</strong><br>
|
|
sofarr uses cookie-based authentication with Emby/Jellyfin. To test authenticated endpoints:<br>
|
|
1. Call <code>POST /api/auth/login</code> with your username and password<br>
|
|
2. The server sets an <code>emby_user</code> cookie and <code>csrf_token</code> cookie<br>
|
|
3. Include these cookies in subsequent requests<br>
|
|
4. For state-changing operations (POST/PUT/PATCH/DELETE), also send the <code>X-CSRF-Token</code> header<br>
|
|
<br>
|
|
<em>Note: The Swagger UI "Authorize" button is not used. Authentication is handled via cookies.</em>
|
|
`;
|
|
|
|
// Insert after the topbar (which we hide with CSS) or at the top of the info section
|
|
const info = document.querySelector('.info');
|
|
if (info) {
|
|
info.insertBefore(banner, info.firstChild);
|
|
}
|
|
});
|
|
})();
|