feat(spp_api_v2): OpenAPI polymorphic bodies, OAuth2 scheme in auth middleware, bundle schemas (re-land from #76)#276
feat(spp_api_v2): OpenAPI polymorphic bodies, OAuth2 scheme in auth middleware, bundle schemas (re-land from #76)#276gonzalesedwin1123 wants to merge 4 commits into
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces polymorphic OpenAPI schema utilities to document BundleEntry.resource as a polymorphic Individual/Group body, replaces the plain HTTPBearer authentication scheme with an OAuth2 client-credentials scheme, and adds corresponding contract and unit tests. The review feedback highlights two main improvements: first, in openapi_polymorphic.py, the custom OpenAPI hook should call the original app.openapi method instead of calling get_openapi directly to avoid discarding app metadata; second, in auth.py, the token extraction should strip any leading or trailing whitespace after slicing the 'Bearer ' prefix to ensure robust JWT decoding.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
… bundle schemas (from #76) Re-lands the spp_api_v2 portion of PR #76, which was reverted wholesale in d38ff9d. Restores the OpenAPI polymorphic schema utilities and app hook, the OAuth2 client-credentials security scheme in the auth middleware, the polymorphic BundleEntry.resource schema, and the OpenAPI contract tests, exactly as merged in 8bf9a3a. Bumps the module version to 19.0.2.1.0 with a matching HISTORY entry.
dc9fec1 to
c534549
Compare
|
gemini-code-assist disposition: Applied: Bearer-prefix strip now also trims whitespace ( Deferred: |
…emini review) The hook now calls the app's original openapi() generator and injects the polymorphic schemas into its output, so contact/license_info/servers/tags configured on the FastAPI app survive. Contract tests: 640/0.
|
Update: the deferred OpenAPI finding is now applied — the polymorphic hook delegates to the app's original openapi() generator and injects schemas into its output, preserving contact/license_info/servers/tags. Contract/polymorphic/bundle tests all pass (640/0). All gemini findings on this PR are now addressed. |
Re-lands the spp_api_v2 portion of reverted PR #76 (revert: #271). Everything listed is contained in THIS PR's diff.
Summary
utils/openapi_polymorphic.py:polymorphic_body()helper + OpenAPI schema-injection hook, installed on the app via the endpoint registry.BundleEntry.resourcebecomes a polymorphic Individual/Group body; schema import-order fix.Added on top of #76 (not in the original)
openapi()generator and injects schemas into its output, preserving app metadata (contact, license_info, servers, tags) that feat: geofence-based geographic targeting for programs #76's directget_openapi()call dropped; the Bearer-prefix strip also trims surrounding whitespace.Note:
tests/test_search_service.pyname-assertion updates from #76 landed with the revert itself (#271 kept them aligned with the retained spp_registry name fix), so they are not part of this diff.Verification
./spp t spp_api_v2: 640 passed, 0 failed (includes OpenAPI contract tests)