From 8ca54867cd81606a2ec705f9bcd7b40091113a44 Mon Sep 17 00:00:00 2001
From: manzarul Haque <manzarul07@gmail.com>
Date: Sat, 5 Oct 2024 09:25:06 +0200
Subject: [PATCH] Update index.js

In certain use cases where OpenAPI specifications reference schemas hosted on private URLs, it's important to support authentication to allow access to these resources. I identified this section of code that resolves schema references. To enable seamless access to private URLs, I propose extending the functionality to include an Authorization header if a user sets an authentication token via an environment variable. This way, when the schema reference is hosted on a private server, users can authenticate by setting the auth token in their environment, allowing the private URL to be accessed.
---
 src/resolver/utils/index.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/resolver/utils/index.js b/src/resolver/utils/index.js
index 38c056b61..5f9effa17 100644
--- a/src/resolver/utils/index.js
+++ b/src/resolver/utils/index.js
@@ -3,8 +3,13 @@ import { ACCEPT_HEADER_VALUE_FOR_DOCUMENTS } from '../../constants.js';
 // eslint-disable-next-line import/prefer-default-export
 export function makeFetchJSON(http, opts = {}) {
   const { requestInterceptor, responseInterceptor } = opts;
+
   // Set credentials with 'http.withCredentials' value
   const credentials = http.withCredentials ? 'include' : 'same-origin';
+
+  // Get Authorization token from environment variables if set
+  const authToken = process.env.AUTH_TOKEN ? `Bearer ${process.env.AUTH_TOKEN}` : undefined;
+
   return (docPath) =>
     http({
       url: docPath,
@@ -13,6 +18,8 @@ export function makeFetchJSON(http, opts = {}) {
       responseInterceptor,
       headers: {
         Accept: ACCEPT_HEADER_VALUE_FOR_DOCUMENTS,
+        // Conditionally add the Authorization header if the token exists
+        ...(authToken && { Authorization: authToken }),
       },
       credentials,
     }).then((res) => res.body);