From 717eb147a848657518e6992d9ebea4176bfc606e Mon Sep 17 00:00:00 2001
From: Chirag Chauhan <chiragvchauhan93@gmail.com>
Date: Sat, 14 Sep 2024 10:43:10 +0530
Subject: [PATCH] add cookie support for HTTP bearer authentication

---
 src/middlewares/openapi.security.ts | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/middlewares/openapi.security.ts b/src/middlewares/openapi.security.ts
index 8f43af14..3f1962de 100644
--- a/src/middlewares/openapi.security.ts
+++ b/src/middlewares/openapi.security.ts
@@ -232,14 +232,21 @@ class AuthValidator {
       const authHeader =
         req.headers['authorization'] &&
         req.headers['authorization'].toLowerCase();
-
-      if (!authHeader) {
+        const authCookie = req.cookies[scheme.name] || req.signedCookies?.[scheme.name]; 
+      if (!authHeader && !authCookie) {
         throw Error(`Authorization header required`);
       }
 
       const type = scheme.scheme && scheme.scheme.toLowerCase();
-      if (type === 'bearer' && !authHeader.includes('bearer')) {
-        throw Error(`Authorization header with scheme 'Bearer' required`);
+      if (type === 'bearer') {
+        if (authHeader && !authHeader.includes('bearer')) {
+          throw Error(`Authorization header with scheme 'Bearer' required`);
+        }
+        if (!authHeader && authCookie === undefined) {
+          throw Error(
+            `Bearer token required in authorization header or cookie`,
+          );
+        }
       }
 
       if (type === 'basic' && !authHeader.includes('basic')) {