[cpp][pistache-server] Add support for HTTP Bearer authentication.

mowijo · KRJ-RTX · commit ebeed217071d · 2025-11-07T12:46:04.000Z
diff --git a/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-base-header.mustache b/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-base-header.mustache
@@ -24,7 +24,18 @@ namespace {{apiNamespace}}
     } HttpBasicCredentials;
 
     typedef std::function<bool(HttpBasicCredentials &)> BasicCredentialsAuthenticator;
-    {{/isBasicBasic}}{{/authMethods}}
+    {{/isBasicBasic}}
+
+    {{#isBasicBearer}}
+    typedef struct
+    {
+        std::string token;
+        std::unique_ptr<void, std::function<void(void*)>> userdata;
+    } HttpBearerToken;
+
+    typedef std::function<bool(HttpBearerToken &)> BearerTokenAuthenticator;
+    {{/isBasicBearer}}
+    {{/authMethods}}
 
 
 
@@ -35,18 +46,23 @@ public:
     virtual void init() = 0;
 
     {{#authMethods}}{{#isBasicBasic}}
-    bool canCredentialsBeAccepted(HttpBasicCredentials& credentials) const;
     void setBasicCredentialsAuthenticator( const BasicCredentialsAuthenticator &newBasicCredentialsAuthenticator)
     {
         basicCredentialsAuthenticator = newBasicCredentialsAuthenticator;
     }
-
-    {{/isBasicBasic}}{{/authMethods}}
+    {{/isBasicBasic}}
+    {{#isBasicBearer}}
+    void setBearerTokenAuthenticator( const BearerTokenAuthenticator &newbearerTokenAuthenticator)
+    {
+        bearerTokenAuthenticator = newbearerTokenAuthenticator;
+    }
+    {{/isBasicBearer}}{{/authMethods}}
 
 
 protected:
     const std::shared_ptr<Pistache::Rest::Router> router;
     {{#authMethods}}{{#isBasicBasic}}std::optional<BasicCredentialsAuthenticator> basicCredentialsAuthenticator;{{/isBasicBasic}}{{/authMethods}}
+    {{#authMethods}}{{#isBasicBearer}}std::optional<BearerTokenAuthenticator> bearerTokenAuthenticator;{{/isBasicBearer}}{{/authMethods}}
 
 
 };
diff --git a/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-header.mustache b/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-header.mustache
@@ -79,7 +79,7 @@ private:
     {{#allParams}}
     /// <param name="{{paramName}}">{{description}}{{^required}} (optional{{#defaultValue}}, default to {{.}}{{/defaultValue}}){{/required}}</param>
     {{/allParams}}
-    virtual void {{operationIdSnakeCase}}({{#authMethods}}{{#isBasicBasic}}const HttpBasicCredentials &credentials, {{/isBasicBasic}}{{/authMethods}} {{#allParams}}const {{#isModel}}{{^isOptional}}{{modelNamespace}}::{{/isOptional}}{{/isModel}}{{{dataType}}} &{{paramName}}{{^-last}}, {{/-last}}{{/allParams}}{{#hasParams}}, {{/hasParams}}Pistache::Http::ResponseWriter &response) = 0;
+    virtual void {{operationIdSnakeCase}}({{#authMethods}}{{#isBasicBasic}}const HttpBasicCredentials &credentials, {{/isBasicBasic}}{{#isBasicBearer}}const HttpBearerToken &accessToken, {{/isBasicBearer}}{{/authMethods}} {{#allParams}}const {{#isModel}}{{^isOptional}}{{modelNamespace}}::{{/isOptional}}{{/isModel}}{{{dataType}}} &{{paramName}}{{^-last}}, {{/-last}}{{/allParams}}{{#hasParams}}, {{/hasParams}}Pistache::Http::ResponseWriter &response) = 0;
     {{/vendorExtensions.x-codegen-pistache-is-parsing-supported}}
     {{^vendorExtensions.x-codegen-pistache-is-parsing-supported}}
     virtual void {{operationIdSnakeCase}}(const Pistache::Rest::Request &request, Pistache::Http::ResponseWriter &response) = 0;
diff --git a/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-impl-header.mustache b/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-impl-header.mustache
@@ -35,7 +35,7 @@ public:
 
     {{#operation}}
     {{#vendorExtensions.x-codegen-pistache-is-parsing-supported}}
-    void {{operationIdSnakeCase}}({{#authMethods}}{{#isBasicBasic}}const HttpBasicCredentials &credentials,{{/isBasicBasic}}{{/authMethods}}{{#allParams}}const {{{dataType}}} &{{paramName}}{{^-last}}, {{/-last}}{{/allParams}}{{#hasParams}}, {{/hasParams}}Pistache::Http::ResponseWriter &response);
+    void {{operationIdSnakeCase}}({{#authMethods}}{{#isBasicBasic}}const HttpBasicCredentials &credentials,{{/isBasicBasic}}{{#isBasicBearer}}const HttpBearerToken &bearerToken, {{/isBasicBearer}}{{/authMethods}}{{#allParams}}const {{{dataType}}} &{{paramName}}{{^-last}}, {{/-last}}{{/allParams}}{{#hasParams}}, {{/hasParams}}Pistache::Http::ResponseWriter &response);
     {{/vendorExtensions.x-codegen-pistache-is-parsing-supported}}
     {{^vendorExtensions.x-codegen-pistache-is-parsing-supported}}
     void {{operationIdSnakeCase}}(const Pistache::Rest::Request &request, Pistache::Http::ResponseWriter &response);
diff --git a/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-impl-source.mustache b/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-impl-source.mustache
@@ -71,13 +71,71 @@ using namespace {{modelNamespace}};{{/hasModelImport}}
     or a mix.
 
     Until you do either, protected resources will result in a 401.
-    */{{/isBasicBasic}}{{/authMethods}}
+    */{{/isBasicBasic}}
+    {{#isBasicBearer}}/*
+
+    Http Basic Bearer
+    ===============
+
+    Do this in the individual classes in the constructor
+
+    this->setBearerTokenAuthenticator(
+        [](HttpBearerToken &token)->bool
+        {
+            if(token.token == "Zm9vYmFyCg==")
+            {
+                const int userIdOfFoo = 99;
+                token.userdata = std::unique_ptr<void,std::function<void(void*)>>(
+                    reinterpret_cast<void*>(new int(userIdOfFoo)),
+                    [&](void* ptr)
+                    {
+                        int * value = reinterpret_cast<int*>(ptr);
+                        delete value;
+                    }
+                );
+                return true;
+            }
+            return false;
+        }
+        );
+
+    or in main:
+
+    for (auto api : apiImpls) {
+        api->init();
+
+        api->setBearerTokenAuthenticator(
+        [](HttpBearerToken &token)->bool
+        {
+            if(token.token == "Zm9vYmFyCg==")
+            {
+                const int userIdOfFoo = 99;
+                token.userdata = std::unique_ptr<void,std::function<void(void*)>>(
+                    reinterpret_cast<void*>(new int(userIdOfFoo)),
+                    [&](void* ptr)
+                    {
+                        int * value = reinterpret_cast<int*>(ptr);
+                        delete value;
+                    }
+                );
+                return true;
+            }
+            return false;
+        }
+        );
+    }
+
+    or a mix.
+
+    Until you do either, protected resources will result in a 401.
+    */{{/isBasicBearer}}
+    {{/authMethods}}
 
 }
 
 {{#operation}}
 {{#vendorExtensions.x-codegen-pistache-is-parsing-supported}}
-void {{classname}}Impl::{{operationIdSnakeCase}}({{#authMethods}}{{#isBasicBasic}}const HttpBasicCredentials &credentials, {{/isBasicBasic}}{{/authMethods}}{{#allParams}}const {{{dataType}}} &{{paramName}}{{^-last}}, {{/-last}}{{/allParams}}{{#hasParams}}, {{/hasParams}}Pistache::Http::ResponseWriter &response) {
+void {{classname}}Impl::{{operationIdSnakeCase}}({{#authMethods}}{{#isBasicBasic}}const HttpBasicCredentials &credentials, {{/isBasicBasic}}{{#isBasicBearer}}const HttpBearerToken &bearerToken, {{/isBasicBearer}}{{/authMethods}}{{#allParams}}const {{{dataType}}} &{{paramName}}{{^-last}}, {{/-last}}{{/allParams}}{{#hasParams}}, {{/hasParams}}Pistache::Http::ResponseWriter &response) {
     response.send(Pistache::Http::Code::Ok, "Do some magic\n");
 }
 {{/vendorExtensions.x-codegen-pistache-is-parsing-supported}}
diff --git a/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-source.mustache b/modules/openapi-generator/src/main/resources/cpp-pistache-server/api-source.mustache
@@ -121,7 +121,22 @@ void {{classname}}::{{operationIdSnakeCase}}_handler(const Pistache::Rest::Reque
 
     {{/bodyParam}}
     {{/hasBodyParam}}
+
+    {{#authMethods}}
+    #ifndef HTTP_BASIC_AUTH_DEFINED
+    #define HTTP_BASIC_AUTH_DEFINED 0
+    #endif
+    #ifndef HTTP_BEARER_AUTH_DEFINED
+    #define HTTP_BEARER_AUTH_DEFINED 0
+    #endif
+    {{/authMethods}}
+
+
+
     {{#authMethods}}{{#isBasicBasic}}
+#undef HTTP_BASIC_AUTH_DEFINED
+#define HTTP_BASIC_AUTH_DEFINED 1
+
         auto basicAuthHeader = request.headers().tryGet<Pistache::Http::Header::Authorization>();
 
         if( (!basicAuthHeader) || (basicAuthHeader->getMethod() != Pistache::Http::Header::Authorization::Method::Basic))
@@ -145,10 +160,36 @@ void {{classname}}::{{operationIdSnakeCase}}_handler(const Pistache::Rest::Reque
         {{/isBasicBasic}}{{/authMethods}}
 
         {{#authMethods}}{{#isBasicBearer}}
-        /* BASIC BEARER */
+#undef HTTP_BEARER_AUTH_DEFINED
+#define HTTP_BEARER_AUTH_DEFINED 1
+        auto bearerAuthHeader = request.headers().tryGet<Pistache::Http::Header::Authorization>();
+
+        if( (!bearerAuthHeader) || (bearerAuthHeader->getMethod() != Pistache::Http::Header::Authorization::Method::Bearer))
+        {
+            response.send(Pistache::Http::Code::Unauthorized, "");
+            return;
+        }
+        std::string completeHeaderValue = bearerAuthHeader->value();
+        const std::string tokenAsString(completeHeaderValue.begin() + std::string("Bearer ").length(), completeHeaderValue.end());
+
+        HttpBearerToken bearerToken{tokenAsString};
+        if( ! this->bearerTokenAuthenticator.has_value())
+        {
+            response.send(Pistache::Http::Code::Unauthorized, "");
+            return;
+        }
+
+        if( ! this->bearerTokenAuthenticator.value()(bearerToken))
+        {
+            response.send(Pistache::Http::Code::Unauthorized, "");
+            return;
+        }
+
+
+
         {{/isBasicBearer}}{{/authMethods}}
 
-    this->{{operationIdSnakeCase}}({{#authMethods}}{{#isBasicBasic}}credentials,{{/isBasicBasic}}{{/authMethods}}{{#allParams}}{{paramName}}, {{/allParams}}response);
+    this->{{operationIdSnakeCase}}({{#authMethods}}{{#isBasicBasic}}credentials,{{/isBasicBasic}}{{#isBasicBearer}}bearerToken,{{/isBasicBearer}}{{/authMethods}}{{#allParams}}{{paramName}}, {{/allParams}}response);
     {{/vendorExtensions.x-codegen-pistache-is-parsing-supported}}
     {{^vendorExtensions.x-codegen-pistache-is-parsing-supported}}
     try {
@@ -166,6 +207,22 @@ void {{classname}}::{{operationIdSnakeCase}}_handler(const Pistache::Rest::Reque
         response.send(Pistache::Http::Code::Internal_Server_Error, e.what());
     }
 
+#define REST_PATH "{{{vendorExtensions.x-codegen-pistache-path}}}" {{! this is nessecary, because the path does not exist in the authMethods scope.}}
+    {{#authMethods}}
+    {{! This static assert may be rendered more that once, so the compilation will fail even harder!}}
+    static_assert(HTTP_BASIC_AUTH_DEFINED + HTTP_BEARER_AUTH_DEFINED < 2, "Path '" REST_PATH "' has more than one security scheme specified, and the Pistache server generator does not support that." );
+    {{/authMethods}}
+#undef REST_PATH
+
+    {{#authMethods}}
+    #ifdef HTTP_BEARER_AUTH_DEFINED
+    #undef HTTP_BEARER_AUTH_DEFINED
+    #endif
+    #ifdef HTTP_BASIC_AUTH_DEFINED
+    #undef HTTP_BASIC_AUTH_DEFINED
+    #endif
+    {{/authMethods}}
+
 }
 {{/operation}}
 
