Skip to content

feat(nestjs): support @ApiBearerAuth and custom auth decorators #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hyeonss0417 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(nestjs): support @ApiBearerAuth and custom auth decorators #95

hyeonss0417 wants to merge 1 commit into from

Conversation

@hyeonss0417
Copy link
Contributor

@hyeonss0417 hyeonss0417 commented Dec 25, 2025

Summary

Closes #94

This PR adds support for @ApiBearerAuth and per-operation security in NestJS mode.

Changes

Security Decorators Support

  • @ApiBearerAuth(name?) - Bearer token authentication
  • @ApiBasicAuth(name?) - Basic authentication
  • @ApiOAuth2(scopes[], name?) - OAuth2 with scopes
  • @ApiSecurity(name, scopes?) - Custom security scheme

Custom Auth Decorators via Config

Added authDecorators config option to support composite decorators:

{
  "nestjs": true,
  "openapi": {
    "securityDefinitions": {
      "bearerAuth": { "type": "http", "scheme": "bearer" }
    },
    "authDecorators": {
      "Auth": "bearerAuth",
      "AdminAuth": "bearerAuth"
    }
  }
}

Usage Example

@Controller('users')
export class UserController {
  @Get('me')
  @ApiBearerAuth('bearerAuth')  // ✅ Now recognized
  async getCurrentUser(): Promise<User> { }

  @Get('protected')
  @Auth()  // ✅ Custom decorator recognized via authDecorators config
  async getProtectedData(): Promise<Data> { }
}

Generated OpenAPI

paths:
  /users/me:
    get:
      security:
        - bearerAuth: []

Files Changed

  • packages/tspec/src/types/tspec.ts - Added authDecorators option type
  • packages/tspec/src/nestjs/types.ts - Added security field to method metadata
  • packages/tspec/src/nestjs/parser.ts - Added security decorator parsing logic
  • packages/tspec/src/nestjs/openapiGenerator.ts - Added security field to operations
  • packages/tspec/src/generator/index.ts - Pass authDecorators to parser
  • docs/guide/nestjs-integration.md - Added Security Decorators documentation

Tests

  • ✅ All 134 tests passing
  • Added tests for @ApiBearerAuth, @ApiBasicAuth, @ApiOAuth2, @ApiSecurity
  • Added tests for custom auth decorators via authDecorators config

@hyeonss0417
feat(nestjs): support @ApiBearerAuth and custom auth decorators (#94)
0603aa9 
- Add support for @ApiBearerAuth, @ApiBasicAuth, @ApiOAuth2, @apisecurity decorators
- Add authDecorators config option for custom composite decorators
- Update NestJS integration documentation with security decorators section
- Add comprehensive tests for security decorator parsing
github-actions[bot]
github-actions bot reviewed Dec 25, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[NestJS] Support for @ApiBearerAuth and per-operation security in NestJS mode

2 participants

@hyeonss0417