From 09bf982a21e53b7029a4ca72a544c891e7823937 Mon Sep 17 00:00:00 2001
From: Jonathan Prince <jonathan.prince@gmail.com>
Date: Tue, 14 Aug 2018 15:29:51 +0200
Subject: [PATCH 1/2] Fix config.json URL when running from /index.html

---
 index.js              |  4 ++++
 test/explorer.test.js | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/index.js b/index.js
index b588f7c..0fd184b 100644
--- a/index.js
+++ b/index.js
@@ -69,6 +69,10 @@ function routes(loopbackApplication, options) {
     // Get the path we're mounted at. It's best to get this from the referer
     // in case we're proxied at a deep path.
     var source = url.parse(req.headers.referer || '').pathname;
+    // strip index.html if present in referer
+    if (source && /\/index\.html$/.test(source)) {
+      source = source.replace(/\/index\.html$/, '');
+    }
     // If no referer is available, use the incoming url.
     if (!source) {
       source = req.originalUrl.replace(/\/config.json(\?.*)?$/, '');
diff --git a/test/explorer.test.js b/test/explorer.test.js
index 72ff1ee..e9ddf12 100644
--- a/test/explorer.test.js
+++ b/test/explorer.test.js
@@ -33,6 +33,40 @@ describe('explorer', function() {
         .get('/explorer/')
         .expect('Content-Type', /html/)
         .expect(200)
+        .end(function(err, res) {
+          if (err) return done(err);
+
+          assert(!!~res.text.indexOf('<title>LoopBack API Explorer</title>'),
+            'text does not contain expected string');
+
+          done();
+        });
+    });
+
+    it('should serve correct swagger-ui config', function(done) {
+      request(this.app)
+        .get('/explorer/config.json')
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end(function(err, res) {
+          if (err) return done(err);
+
+          expect(res.body).to
+            .have.property('url', '/explorer/swagger.json');
+
+          done();
+        });
+    });
+  });
+
+  describe('when filename is included in url', function() {
+    beforeEach(givenLoopBackAppWithExplorer());
+
+    it('should serve the explorer at /explorer/index.html', function(done) {
+      request(this.app)
+        .get('/explorer/index.html')
+        .expect('Content-Type', /html/)
+        .expect(200)
         .end(function(err, res) {
           if (err) throw err;
 
@@ -46,6 +80,7 @@ describe('explorer', function() {
     it('should serve correct swagger-ui config', function(done) {
       request(this.app)
         .get('/explorer/config.json')
+        .set('Referer', 'http://example.com/explorer/index.html')
         .expect('Content-Type', /json/)
         .expect(200)
         .end(function(err, res) {

From 954399009ed225e88dc9a096536e44745774ad4d Mon Sep 17 00:00:00 2001
From: Jonathan Prince <jonathan.prince@gmail.com>
Date: Wed, 5 Sep 2018 15:16:46 +0200
Subject: [PATCH 2/2] Add config option for custom auth header

---
 README.md                   | 23 +++++++++++++++++++++++
 index.js                    |  1 +
 public/lib/loadSwaggerUI.js |  6 +++++-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4e47ec7..ed571c8 100644
--- a/README.md
+++ b/README.md
@@ -160,3 +160,26 @@ Options are passed to `explorer(app, options)`.
 > Default: Read from package.json
 
 > Sets your API version. If not present, will read from your app's package.json.
+
+`auth`: **Object**
+
+> Optional config for setting api access token, can be used to rename the query parameter or set an auth header.
+
+> The object has 2 keys:
+> - `in`: either `header` or `query`
+> - `name`: the name of the query parameter or header
+>
+> The default sets the token as a query parameter with the name `access_token`
+
+> Example for setting the api key in a header named `x-api-key`:
+> ```
+> {
+>   "loopback-component-explorer": {
+>     "mountPath": "/explorer",
+>     "auth": {
+>       "in": "header",
+>       "name": "x-api-key"
+>     }
+>   }
+> }
+> ```
diff --git a/index.js b/index.js
index 0fd184b..5f3d0d5 100644
--- a/index.js
+++ b/index.js
@@ -79,6 +79,7 @@ function routes(loopbackApplication, options) {
     }
     res.send({
       url: urlJoin(source, '/' + options.resourcePath),
+      auth: options.auth,
     });
   });
 
diff --git a/public/lib/loadSwaggerUI.js b/public/lib/loadSwaggerUI.js
index 595436c..369589b 100644
--- a/public/lib/loadSwaggerUI.js
+++ b/public/lib/loadSwaggerUI.js
@@ -27,6 +27,7 @@ $(function() {
       validatorUrl: null,
       url: config.url || '/swagger/resources',
       apiKey: '',
+      auth: config.auth,
       dom_id: 'swagger-ui-container',
       supportHeaderParams: true,
       onComplete: function(swaggerApi, swaggerUi) {
@@ -76,12 +77,15 @@ $(function() {
   function setAccessToken(e) {
     e.stopPropagation(); // Don't let the default #explore handler fire
     e.preventDefault();
+    var authOptions = window.swaggerUi.options.auth || {};
+    var keyLocation = authOptions.in || 'query';
+    var keyName = authOptions.name || 'access_token';
     var key = $('#input_accessToken')[0].value;
     log('key: ' + key);
     if (key && key.trim() !== '') {
       log('added accessToken ' + key);
       var apiKeyAuth =
-        new SwaggerClient.ApiKeyAuthorization('access_token', key, 'query');
+        new SwaggerClient.ApiKeyAuthorization(keyName, key, keyLocation);
       window.swaggerUi.api.clientAuthorizations.add('key', apiKeyAuth);
       accessToken = key;
       $('.accessTokenDisplay').text('Token Set.').addClass('set');