OpenAPI Docs and additional password protection on self update route: (#3320)

2025-05-24 02:14:21 -04:00 · 2020-02-12 21:06:59 +11:00 · 2020-02-12 21:06:59 +11:00 · f04f2b15fd
commit f04f2b15fd
parent 3a76d8bc34
3 changed files with 76 additions and 44 deletions
--- a/app/Http/Controllers/InvoiceController.php
+++ b/app/Http/Controllers/InvoiceController.php
@ -653,49 +653,49 @@ class InvoiceController extends BaseController {
 	}
 	/**
-		 *
+	 *
-		 * @OA\Get(
+	 * @OA\Get(
-		 *      path="/api/v1/invoice/{invitation_key}/download",
+	 *      path="/api/v1/invoice/{invitation_key}/download",
-		 *      operationId="downloadInvoice",
+	 *      operationId="downloadInvoice",
-		 *      tags={"invoices"},
+	 *      tags={"invoices"},
-		 *      summary="Download a specific invoice by invitation key",
+	 *      summary="Download a specific invoice by invitation key",
-		 *      description="Downloads a specific invoice",
+	 *      description="Downloads a specific invoice",
-		 *      @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
+	 *      @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
-		 *      @OA\Parameter(ref="#/components/parameters/X-Api-Token"),
+	 *      @OA\Parameter(ref="#/components/parameters/X-Api-Token"),
-		 *      @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
+	 *      @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
-		 *      @OA\Parameter(ref="#/components/parameters/include"),
+	 *      @OA\Parameter(ref="#/components/parameters/include"),
-		 *      @OA\Parameter(
+	 *      @OA\Parameter(
-		 *          name="invitation_key",
+	 *          name="invitation_key",
-		 *          in="path",
+	 *          in="path",
-		 *          description="The Invoice Invitation Key",
+	 *          description="The Invoice Invitation Key",
-		 *          example="D2J234DFA",
+	 *          example="D2J234DFA",
-		 *          required=true,
+	 *          required=true,
-		 *          @OA\Schema(
+	 *          @OA\Schema(
-		 *              type="string",
+	 *              type="string",
-		 *              format="string",
+	 *              format="string",
-		 *          ),
+	 *          ),
-		 *      ),
+	 *      ),
-		 *      @OA\Response(
+	 *      @OA\Response(
-		 *          response=200,
+	 *          response=200,
-		 *          description="Returns the invoice pdf",
+	 *          description="Returns the invoice pdf",
-		 *          @OA\Header(header="X-API-Version", ref="#/components/headers/X-API-Version"),
+	 *          @OA\Header(header="X-API-Version", ref="#/components/headers/X-API-Version"),
-		 *          @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
+	 *          @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
-		 *          @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit"),
+	 *          @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit"),
-		 *       ),
+	 *       ),
-		 *       @OA\Response(
+	 *       @OA\Response(
-		 *          response=422,
+	 *          response=422,
-		 *          description="Validation error",
+	 *          description="Validation error",
-		 *          @OA\JsonContent(ref="#/components/schemas/ValidationError"),
+	 *          @OA\JsonContent(ref="#/components/schemas/ValidationError"),
-		 *
+	 *
-		 *       ),
+	 *       ),
-		 *       @OA\Response(
+	 *       @OA\Response(
-		 *           response="default",
+	 *           response="default",
-		 *           description="Unexpected Error",
+	 *           description="Unexpected Error",
-		 *           @OA\JsonContent(ref="#/components/schemas/Error"),
+	 *           @OA\JsonContent(ref="#/components/schemas/Error"),
-		 *       ),
+	 *       ),
-		 *     )
+	 *     )
-		 *
+	 *
-		 */
+	 */
 	public function downloadPdf($invitation_key) {
 		$invitation = $this->invoice_repo->getInvitationByKey($invitation_key);
--- a/app/Http/Controllers/SelfUpdateController.php
+++ b/app/Http/Controllers/SelfUpdateController.php
@ -23,6 +23,38 @@ class SelfUpdateController extends BaseController
    }
    /**
     *
     *
     * @OA\Post(
     *      path="/api/v1/self-update",
     *      operationId="selfUpdate",
     *      tags={"update"},
     *      summary="Performs a system update",
     *      description="Performs a system update",
     *      @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
     *      @OA\Parameter(ref="#/components/parameters/X-Api-Token"),
     *      @OA\Parameter(ref="#/components/parameters/X-Api-Password"),
     *      @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
     *      @OA\Parameter(ref="#/components/parameters/include"),
     *      @OA\Response(
     *          response=200,
     *          description="Success/failure response"
     *       ),
     *       @OA\Response(
     *          response=422,
     *          description="Validation error",
     *          @OA\JsonContent(ref="#/components/schemas/ValidationError"),
     *
     *       ),
     *       @OA\Response(
     *           response="default",
     *           description="Unexpected Error",
     *           @OA\JsonContent(ref="#/components/schemas/Error"),
     *       ),
     *     )
     *
     */
    public function update(UpdaterManager $updater)
    {
--- a/routes/api.php
+++ b/routes/api.php
@ -112,7 +112,7 @@ Route::group(['middleware' => ['api_db', 'token_auth', 'locale'], 'prefix' => 'a
 		Route::post('templates', 'TemplateController@show')->name('templates.show');
-		Route::post('self-update', 'SelfUpdateController@update');
+		Route::post('self-update', 'SelfUpdateController@update')->middleware('password_protected');
 		/*
 		Route::resource('tasks', 'TaskController'); // name = (tasks. index / create / show / update / destroy / edit