From 4d0faf449ae30506a29a8369da4742880adfd534 Mon Sep 17 00:00:00 2001 From: Abhishek Chatterjee Date: Sat, 9 May 2026 16:13:01 +0530 Subject: [PATCH 1/2] bug(auth): ROSS-160: update authorization logic to inherit global authentication setting and remove default schema value --- src/routes/aggregate/aggregate.ts | 9 ++++----- src/routes/custom-queries/custom-queries.ts | 3 ++- src/routes/operations/delete.ts | 3 ++- src/routes/operations/edit.ts | 3 ++- src/routes/operations/get-all.ts | 6 +++++- src/routes/operations/index-route.ts | 3 ++- src/routes/operations/post.ts | 3 ++- src/routes/operations/search.ts | 3 ++- src/validators/config/schema.ts | 1 - 9 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/routes/aggregate/aggregate.ts b/src/routes/aggregate/aggregate.ts index 9c88a6b..3d7bca1 100644 --- a/src/routes/aggregate/aggregate.ts +++ b/src/routes/aggregate/aggregate.ts @@ -36,12 +36,11 @@ export function registerAggregateRoutes( ); // API unique idenfier - const aggregateAPIIdentifier = `aggregate->${model.name}->get_aggregation`; - const webhookConfig = - config.apis?.[aggregateAPIIdentifier]?.webhooks ?? null; - const sspConfig = config.apis?.[aggregateAPIIdentifier]?.ssp ?? []; + const apiIdentifier = `aggregate->${model.name}->get_aggregation`; + const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; + const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; const authorization = - config.apis?.[aggregateAPIIdentifier]?.authorization ?? false; + config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; // for each aggregatable field, we create a GET route // //aggregation/ diff --git a/src/routes/custom-queries/custom-queries.ts b/src/routes/custom-queries/custom-queries.ts index 7ab3834..128e4e8 100644 --- a/src/routes/custom-queries/custom-queries.ts +++ b/src/routes/custom-queries/custom-queries.ts @@ -90,7 +90,8 @@ export function registerCustomQueryRoutes( const apiIdentifier = `customAPIs->customQueries->${cq.name}`; const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; - const authorization = config.apis?.[apiIdentifier]?.authorization ?? false; + const authorization = + config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; // body parameters are always in between @@ // path parameters are always in between $$ diff --git a/src/routes/operations/delete.ts b/src/routes/operations/delete.ts index 6f57e9f..266ca55 100644 --- a/src/routes/operations/delete.ts +++ b/src/routes/operations/delete.ts @@ -39,7 +39,8 @@ export function registerDeleteRoutes( const apiIdentifier = `modelAPIs->delete->${model.name}`; const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; - const authorization = config.apis?.[apiIdentifier]?.authorization ?? false; + const authorization = + config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; // If we have deletable fields, we register a DELETE route for each. for (const field of deletableFields) { diff --git a/src/routes/operations/edit.ts b/src/routes/operations/edit.ts index 8905a1b..9fa69bd 100644 --- a/src/routes/operations/edit.ts +++ b/src/routes/operations/edit.ts @@ -42,7 +42,8 @@ export function registerEditRoutes( const apiIdentifier = `modelAPIs->edit->${model.name}`; const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; - const authorization = config.apis?.[apiIdentifier]?.authorization ?? false; + const authorization = + config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; for (const field of editableFields) { const isUnique = field.primaryKey || field.unique; diff --git a/src/routes/operations/get-all.ts b/src/routes/operations/get-all.ts index 93f1956..ba3d391 100644 --- a/src/routes/operations/get-all.ts +++ b/src/routes/operations/get-all.ts @@ -39,7 +39,8 @@ export function registerGetAllRoutes( const apiIdentifier = `modelAPIs->getAll->${model.name}`; const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; - const authorization = config.apis?.[apiIdentifier]?.authorization ?? false; + const authorization = + config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; const schema: Record = generateSchema(model, config); @@ -49,8 +50,10 @@ export function registerGetAllRoutes( schema, preValidation: async request => enforceSSP(sspConfig, request), preHandler: async (request, reply) => { + console.log('I am here'); if (config.auth?.enableAuth && authorization) { try { + console.log('I am running to verify JWT?'); await request.jwtVerify(); } catch { return reply @@ -77,6 +80,7 @@ export function registerGetAllRoutes( }, }, async (request: FastifyRequest, reply: FastifyReply) => { + console.log(request.user); const queryParams = request.query as Record; const tableName = model.name; diff --git a/src/routes/operations/index-route.ts b/src/routes/operations/index-route.ts index 0f0502b..efa7876 100644 --- a/src/routes/operations/index-route.ts +++ b/src/routes/operations/index-route.ts @@ -47,7 +47,8 @@ export function registerIndexRoutes( const apiIdentifier = `modelAPIs->index->${model.name}`; const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; - const authorization = config.apis?.[apiIdentifier]?.authorization ?? false; + const authorization = + config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; // index apis means for these APIs, we can fetch data using the indexable fields // for example, if we have a field user_id in the users table, and it is indexed, diff --git a/src/routes/operations/post.ts b/src/routes/operations/post.ts index 9af4c4d..24f9cdf 100644 --- a/src/routes/operations/post.ts +++ b/src/routes/operations/post.ts @@ -31,7 +31,8 @@ export function registerPostRoutes( const apiIdentifier = `modelAPIs->insert->${model.name}`; const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; - const authorization = config.apis?.[apiIdentifier]?.authorization ?? false; + const authorization = + config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; // generating the JSON schema for the request body // we ignore the primary key since it's typically auto-generated (like serial or uuid) diff --git a/src/routes/operations/search.ts b/src/routes/operations/search.ts index b27a090..801f033 100644 --- a/src/routes/operations/search.ts +++ b/src/routes/operations/search.ts @@ -42,7 +42,8 @@ export function registerSearchRoutes( const apiIdentifier = `modelAPIs->search->${model.name}`; const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; - const authorization = config.apis?.[apiIdentifier]?.authorization ?? false; + const authorization = + config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; for (const field of searchableFields) { // defining the primary search query parameter diff --git a/src/validators/config/schema.ts b/src/validators/config/schema.ts index 27778cc..be7a4a8 100644 --- a/src/validators/config/schema.ts +++ b/src/validators/config/schema.ts @@ -388,7 +388,6 @@ const apisSchema = { }, authorization: { type: 'boolean', - default: false, }, }, additionalProperties: false, From a2393857ddbf06fb2672a02cffa3027d3bb108b4 Mon Sep 17 00:00:00 2001 From: Abhishek Chatterjee Date: Sat, 9 May 2026 16:28:47 +0530 Subject: [PATCH 2/2] bug(auth): ROSS-160: propagate authorization flag to schema generation and security configuration across all routes --- src/routes/aggregate/aggregate.ts | 25 +++++++++++--- src/routes/custom-queries/custom-queries.ts | 27 ++++++++++++--- src/routes/operations/delete.ts | 26 ++++++++++++--- src/routes/operations/edit.ts | 23 ++++++++++--- src/routes/operations/get-all.ts | 37 +++++++++++++++++---- src/routes/operations/index-route.ts | 26 ++++++++++++--- src/routes/operations/post.ts | 35 +++++++++++++++---- src/routes/operations/search.ts | 25 +++++++++++--- 8 files changed, 186 insertions(+), 38 deletions(-) diff --git a/src/routes/aggregate/aggregate.ts b/src/routes/aggregate/aggregate.ts index 3d7bca1..3e706e3 100644 --- a/src/routes/aggregate/aggregate.ts +++ b/src/routes/aggregate/aggregate.ts @@ -35,23 +35,31 @@ export function registerAggregateRoutes( f => f.supportedAggregation && f.supportedAggregation.length > 0, ); - // API unique idenfier + // construct the api identifier const apiIdentifier = `aggregate->${model.name}->get_aggregation`; + + // extract the api configs based on the api identifier const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; + // calculating the authroization based on auth flag, it can be true + // if the api level auth is enabled, or if the app level auth is enabled const authorization = - config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; + config.apis?.[apiIdentifier]?.authorization ?? + config.auth?.enableAuth ?? + false; // for each aggregatable field, we create a GET route // //aggregation/ for (const field of aggregatableFields) { const operations = field.supportedAggregation!; + // generating the schema for the route const schema: Record = generateSchema( config, field, model, operations, + authorization, ); app.get( @@ -188,14 +196,23 @@ function generateSchema( field: ModelFieldConfig, model: ModelConfig, operations: SupportedAggregationOperation[], + authorization: boolean, ) { const security: Array<{[key: string]: string[]}> = []; - if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'up-auth' && + authorization + ) { security.push({bearerAuth: []}); } - if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'api-key' && + authorization + ) { security.push({apiKeyAuth: []}); } diff --git a/src/routes/custom-queries/custom-queries.ts b/src/routes/custom-queries/custom-queries.ts index 128e4e8..e942130 100644 --- a/src/routes/custom-queries/custom-queries.ts +++ b/src/routes/custom-queries/custom-queries.ts @@ -86,12 +86,18 @@ export function registerCustomQueryRoutes( const queryProperties: Record = {}; const bodyProperties: Record = {}; - // uniqie api identifier + // constructing the api identifier const apiIdentifier = `customAPIs->customQueries->${cq.name}`; + + // extracting the api configs based on the api identifier const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; + // calculating the authroization based on auth flag, it can be true + // if the api level auth is enabled, or if the app level auth is enabled const authorization = - config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; + config.apis?.[apiIdentifier]?.authorization ?? + config.auth?.enableAuth ?? + false; // body parameters are always in between @@ // path parameters are always in between $$ @@ -196,18 +202,31 @@ export function registerCustomQueryRoutes( const security: Array<{[key: string]: string[]}> = []; - if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') { + // adding the security based on the auth flag and auth engine + // if the auth flag is enabled and the auth engine is up-auth, then add the bearerAuth + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'up-auth' && + authorization + ) { security.push({bearerAuth: []}); } - if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') { + // if the auth flag is enabled and the auth engine is api-key, then add the apiKeyAuth + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'api-key' && + authorization + ) { security.push({apiKeyAuth: []}); } + // if there is any security configutaion required then add it to the swagger schema if (security.length > 0) { schema.security = security; } + // registering the route app.route({ method: cq.method, url: routePath, diff --git a/src/routes/operations/delete.ts b/src/routes/operations/delete.ts index 266ca55..ea77ef9 100644 --- a/src/routes/operations/delete.ts +++ b/src/routes/operations/delete.ts @@ -35,12 +35,19 @@ export function registerDeleteRoutes( f.supportedOperations?.includes('deletable'), ); - // Unique api identifier + // constructing the api identifier const apiIdentifier = `modelAPIs->delete->${model.name}`; + + // extracting the api configs based on the api identifier const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; + + // calculating the authroization based on auth flag, it can be true + // if the api level auth is enabled, or if the app level auth is enabled const authorization = - config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; + config.apis?.[apiIdentifier]?.authorization ?? + config.auth?.enableAuth ?? + false; // If we have deletable fields, we register a DELETE route for each. for (const field of deletableFields) { @@ -49,6 +56,7 @@ export function registerDeleteRoutes( field, model, config, + authorization, ); app.delete( @@ -57,6 +65,7 @@ export function registerDeleteRoutes( schema, preValidation: async request => enforceSSP(sspConfig, request), preHandler: async (request, reply) => { + // checking the authorization if (config.auth?.enableAuth && authorization) { try { await request.jwtVerify(); @@ -116,6 +125,7 @@ function generateSchema( field: ModelFieldConfig, model: ModelConfig, config: AppConfig, + authorization: boolean, ) { const paramSchema = mapDataTypeToJsonSchema(field.type); @@ -144,11 +154,19 @@ function generateSchema( const security: Array<{[key: string]: string[]}> = []; - if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'up-auth' && + authorization + ) { security.push({bearerAuth: []}); } - if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'api-key' && + authorization + ) { security.push({apiKeyAuth: []}); } diff --git a/src/routes/operations/edit.ts b/src/routes/operations/edit.ts index 9fa69bd..a5d01ba 100644 --- a/src/routes/operations/edit.ts +++ b/src/routes/operations/edit.ts @@ -38,12 +38,19 @@ export function registerEditRoutes( f.supportedOperations?.includes('editable'), ); - // unique api identifier + // constructing the api identifier const apiIdentifier = `modelAPIs->edit->${model.name}`; + + // extracting the api configs based on the api identifier const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; + + // calculating the authroization based on auth flag, it can be true + // if the api level auth is enabled, or if the app level auth is enabled const authorization = - config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; + config.apis?.[apiIdentifier]?.authorization ?? + config.auth?.enableAuth ?? + false; for (const field of editableFields) { const isUnique = field.primaryKey || field.unique; @@ -123,11 +130,19 @@ export function registerEditRoutes( const security: Array<{[key: string]: string[]}> = []; - if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'up-auth' && + authorization + ) { security.push({bearerAuth: []}); } - if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'api-key' && + authorization + ) { security.push({apiKeyAuth: []}); } diff --git a/src/routes/operations/get-all.ts b/src/routes/operations/get-all.ts index ba3d391..8f221d3 100644 --- a/src/routes/operations/get-all.ts +++ b/src/routes/operations/get-all.ts @@ -35,14 +35,25 @@ export function registerGetAllRoutes( const {models} = config; for (const model of models) { - // unique api identifier + // constructing the api identifier const apiIdentifier = `modelAPIs->getAll->${model.name}`; + + // extracting the api configs based on the api identifier const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; - const authorization = - config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; - const schema: Record = generateSchema(model, config); + // calculating the authroization based on auth flag, it can be true + // if the api level auth is enabled, or if the app level auth is enabled + const authorization = + config.apis?.[apiIdentifier]?.authorization ?? + config.auth?.enableAuth ?? + false; + + const schema: Record = generateSchema( + model, + config, + authorization, + ); app.get( `/${model.name}/`, @@ -150,7 +161,11 @@ export function registerGetAllRoutes( ); } } -function generateSchema(model: ModelConfig, config: AppConfig) { +function generateSchema( + model: ModelConfig, + config: AppConfig, + authorization: boolean, +) { const queryProperties: Record = {}; // Add filter params for each field based on its supportedOperations @@ -209,11 +224,19 @@ function generateSchema(model: ModelConfig, config: AppConfig) { const security: Array<{[key: string]: string[]}> = []; - if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'up-auth' && + authorization + ) { security.push({bearerAuth: []}); } - if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'api-key' && + authorization + ) { security.push({apiKeyAuth: []}); } diff --git a/src/routes/operations/index-route.ts b/src/routes/operations/index-route.ts index efa7876..b4c8a5f 100644 --- a/src/routes/operations/index-route.ts +++ b/src/routes/operations/index-route.ts @@ -43,12 +43,19 @@ export function registerIndexRoutes( ); }); - // unique api identifier + // constructing the api identifier const apiIdentifier = `modelAPIs->index->${model.name}`; + + // extracting the api configs based on the api identifier const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; + + // calculating the authroization based on auth flag, it can be true + // if the api level auth is enabled, or if the app level auth is enabled const authorization = - config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; + config.apis?.[apiIdentifier]?.authorization ?? + config.auth?.enableAuth ?? + false; // index apis means for these APIs, we can fetch data using the indexable fields // for example, if we have a field user_id in the users table, and it is indexed, @@ -58,7 +65,7 @@ export function registerIndexRoutes( schema, isUnique, }: {schema: Record; isUnique: boolean | undefined} = - generateSchema(field, model, config); + generateSchema(field, model, config, authorization); app.get( `/${model.name}/${field.name}/:${field.name}`, @@ -199,6 +206,7 @@ function generateSchema( field: ModelFieldConfig, model: ModelConfig, config: AppConfig, + authorization: boolean, ) { const isUnique = field.primaryKey || field.unique; // converting the data type of the indexable field to json schema supported type @@ -303,11 +311,19 @@ function generateSchema( const security: Array<{[key: string]: string[]}> = []; - if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'up-auth' && + authorization + ) { security.push({bearerAuth: []}); } - if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'api-key' && + authorization + ) { security.push({apiKeyAuth: []}); } diff --git a/src/routes/operations/post.ts b/src/routes/operations/post.ts index 24f9cdf..ac60066 100644 --- a/src/routes/operations/post.ts +++ b/src/routes/operations/post.ts @@ -27,17 +27,28 @@ export function registerPostRoutes( const {models} = config; for (const model of models) { - // unique api identifier + // constructing the api identifier const apiIdentifier = `modelAPIs->insert->${model.name}`; + + // extracting the api configs based on the api identifier const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; + + // calculating the authroization based on auth flag, it can be true + // if the api level auth is enabled, or if the app level auth is enabled const authorization = - config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; + config.apis?.[apiIdentifier]?.authorization ?? + config.auth?.enableAuth ?? + false; // generating the JSON schema for the request body // we ignore the primary key since it's typically auto-generated (like serial or uuid) // and we set additionalProperties to false for strict validation - const schema: Record = generateSchema(model, config); + const schema: Record = generateSchema( + model, + config, + authorization, + ); app.post( `/${model.name}/`, @@ -113,7 +124,11 @@ export function registerPostRoutes( ); } } -function generateSchema(model: ModelConfig, config: AppConfig) { +function generateSchema( + model: ModelConfig, + config: AppConfig, + authorization: boolean, +) { const bodySchema = generateJSONValidationSchema(model, { ignorePrimaryKey: true, additionalProperties: false, @@ -131,11 +146,19 @@ function generateSchema(model: ModelConfig, config: AppConfig) { const security: Array<{[key: string]: string[]}> = []; - if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'up-auth' && + authorization + ) { security.push({bearerAuth: []}); } - if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'api-key' && + authorization + ) { security.push({apiKeyAuth: []}); } diff --git a/src/routes/operations/search.ts b/src/routes/operations/search.ts index 801f033..5d14130 100644 --- a/src/routes/operations/search.ts +++ b/src/routes/operations/search.ts @@ -38,12 +38,19 @@ export function registerSearchRoutes( f.supportedOperations?.includes('searchable'), ); - // unique api identifier + // constructing the api identifier const apiIdentifier = `modelAPIs->search->${model.name}`; + + // extracting the api configs based on the api identifier const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null; const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? []; + + // calculating the authroization based on auth flag, it can be true + // if the api level auth is enabled, or if the app level auth is enabled const authorization = - config.apis?.[apiIdentifier]?.authorization ?? config.auth?.enableAuth; + config.apis?.[apiIdentifier]?.authorization ?? + config.auth?.enableAuth ?? + false; for (const field of searchableFields) { // defining the primary search query parameter @@ -52,6 +59,7 @@ export function registerSearchRoutes( field, model, config, + authorization, ); app.get( @@ -170,6 +178,7 @@ function generateSchema( field: ModelFieldConfig, model: ModelConfig, config: AppConfig, + authorization: boolean, ) { const queryProperties: Record = { [`${field.name}_search`]: { @@ -229,11 +238,19 @@ function generateSchema( const security: Array<{[key: string]: string[]}> = []; - if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'up-auth' && + authorization + ) { security.push({bearerAuth: []}); } - if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') { + if ( + config.auth?.enableAuth && + config.auth?.authEngine === 'api-key' && + authorization + ) { security.push({apiKeyAuth: []}); }