mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-07-16 22:05:20 +00:00
Auto-generate an OpenAPI 3.1 spec from the v1 API's FormRequests and Resources (no annotations) for publishing at api-docs.invoiceshelf.com as a static Swagger UI site. - config/scramble.php: scope to api/v1, version from version.md, clean placeholder server, export to public/openapi.json - ScrambleServiceProvider: advertise Bearer (Sanctum) auth; add the required `company` tenancy header only to routes using the `company` middleware - OpenApiDocumentationTest: assert spec shape, auth scheme, company-header gating - .github/workflows/openapi.yml: export + commit spec on release, notify the api-docs site to rebuild - public/openapi.json: generated seed spec (184 paths) - dedoc/scramble added as a dev-only dependency Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
188 lines
7.4 KiB
PHP
188 lines
7.4 KiB
PHP
<?php
|
||
|
||
use Dedoc\Scramble\Http\Middleware\RestrictedDocsAccess;
|
||
|
||
return [
|
||
/*
|
||
* Which routes to document. String or array form; use Scramble::routes() for custom selection.
|
||
*
|
||
* 'api_path' => [
|
||
* 'include' => 'api',
|
||
* 'exclude' => ['api/internal'],
|
||
* ],
|
||
*
|
||
* Without *, patterns match path segments (api matches api and api/users, not apiary).
|
||
* With *, Str::is is used (e.g. api/v*).
|
||
*
|
||
* One static include → default server is /{include} and paths are stripped (/users).
|
||
* Multiple includes or wildcards → server defaults to / and paths stay full (/api/users).
|
||
* Override with `servers`, or use Scramble::registerApi() for separate bases.
|
||
*/
|
||
'api_path' => 'api/v1',
|
||
|
||
/*
|
||
* Your API domain. By default, app domain is used. This is also a part of the default API routes
|
||
* matcher, so when implementing your own, make sure you use this config if needed.
|
||
*/
|
||
'api_domain' => null,
|
||
|
||
/*
|
||
* The path where your OpenAPI specification will be exported (relative to the
|
||
* project root). Committed to the repo by CI so the api-docs.invoiceshelf.com
|
||
* build can fetch it; also servable directly from this instance at /openapi.json.
|
||
*/
|
||
'export_path' => 'public/openapi.json',
|
||
|
||
/*
|
||
* Cache configuration for the generated OpenAPI document.
|
||
*
|
||
* Use `scramble:cache` to warm the cache and `scramble:clear` to invalidate it.
|
||
*/
|
||
'cache' => [
|
||
'key' => 'scramble.openapi',
|
||
'store' => 'file',
|
||
],
|
||
|
||
'info' => [
|
||
/*
|
||
* API version. Defaults to the value in the repo's version.md so the
|
||
* generated spec self-labels (e.g. 3.0.0-alpha.1 on v3.0, 2.x on master).
|
||
*/
|
||
'version' => env('API_VERSION', is_file(base_path('version.md'))
|
||
? trim((string) file_get_contents(base_path('version.md')))
|
||
: '0.0.1'),
|
||
|
||
/*
|
||
* Description rendered on the home page of the API documentation (`/docs/api`).
|
||
*/
|
||
'description' => 'REST API for InvoiceShelf — open-source invoicing & expense tracking. '
|
||
.'Authenticate with a Sanctum personal access token (Authorization: Bearer <token>). '
|
||
.'Company-scoped endpoints additionally require a `company` header carrying the company ID.',
|
||
],
|
||
|
||
'ui' => [
|
||
'title' => 'InvoiceShelf API',
|
||
],
|
||
|
||
'renderer' => 'elements',
|
||
|
||
'renderers' => [
|
||
/*
|
||
* Stoplight Elements config options: https://docs.stoplight.io/docs/elements/b074dc47b2826-elements-configuration-options
|
||
*/
|
||
'elements' => [
|
||
'view' => 'scramble::docs',
|
||
'theme' => 'light',
|
||
'hideTryIt' => false,
|
||
'hideSchemas' => false,
|
||
'logo' => '',
|
||
'tryItCredentialsPolicy' => 'include',
|
||
'layout' => 'responsive',
|
||
'router' => 'hash',
|
||
],
|
||
/*
|
||
* Scalar API reference config options: https://scalar.com/products/api-references/configuration
|
||
*/
|
||
'scalar' => [
|
||
'view' => 'scramble::scalar',
|
||
'cdn' => 'https://cdn.jsdelivr.net/npm/@scalar/api-reference',
|
||
'theme' => 'laravel',
|
||
'proxyUrl' => 'https://proxy.scalar.com',
|
||
'darkMode' => false,
|
||
'showDeveloperTools' => 'never',
|
||
'agent' => ['disabled' => true],
|
||
'credentials' => 'include',
|
||
],
|
||
],
|
||
|
||
/*
|
||
* The list of servers of the API. By default, when `null`, server URL will be created from
|
||
* `scramble.api_path` and `scramble.api_domain` config variables. When providing an array, you
|
||
* will need to specify the local server URL manually (if needed).
|
||
*
|
||
* Example of non-default config (final URLs are generated using Laravel `url` helper):
|
||
*
|
||
* ```php
|
||
* 'servers' => [
|
||
* 'Live' => 'api',
|
||
* 'Prod' => 'https://scramble.dedoc.co/api',
|
||
* ],
|
||
* ```
|
||
*/
|
||
'servers' => [
|
||
// InvoiceShelf is self-hosted: every instance has its own host. A clean
|
||
// placeholder is documented here instead of baking in the build-time
|
||
// APP_URL (which would leak a dev/CI hostname into the public spec).
|
||
// Readers replace it with their own instance URL.
|
||
'Your InvoiceShelf instance' => 'https://your-instance.example.com/api/v1',
|
||
],
|
||
|
||
/**
|
||
* Determines how Scramble stores the descriptions of enum cases.
|
||
* Available options:
|
||
* - 'description' – Case descriptions are stored as the enum schema's description using table formatting.
|
||
* - 'extension' – Case descriptions are stored in the `x-enumDescriptions` enum schema extension.
|
||
*
|
||
* @see https://redocly.com/docs-legacy/api-reference-docs/specification-extensions/x-enum-descriptions
|
||
* - false - Case descriptions are ignored.
|
||
*/
|
||
'enum_cases_description_strategy' => 'description',
|
||
|
||
/**
|
||
* Determines how Scramble stores the names of enum cases.
|
||
* Available options:
|
||
* - 'names' – Case names are stored in the `x-enumNames` enum schema extension.
|
||
* - 'varnames' - Case names are stored in the `x-enum-varnames` enum schema extension.
|
||
* - false - Case names are not stored.
|
||
*/
|
||
'enum_cases_names_strategy' => false,
|
||
|
||
/**
|
||
* When Scramble encounters deep objects in query parameters, it flattens the parameters so the generated
|
||
* OpenAPI document correctly describes the API. Flattening deep query parameters is relevant until
|
||
* OpenAPI 3.2 is released and query string structure can be described properly.
|
||
*
|
||
* For example, this nested validation rule describes the object with `bar` property:
|
||
* `['foo.bar' => ['required', 'int']]`.
|
||
*
|
||
* When `flatten_deep_query_parameters` is `true`, Scramble will document the parameter like so:
|
||
* `{"name":"foo[bar]", "schema":{"type":"int"}, "required":true}`.
|
||
*
|
||
* When `flatten_deep_query_parameters` is `false`, Scramble will document the parameter like so:
|
||
* `{"name":"foo", "schema": {"type":"object", "properties":{"bar":{"type": "int"}}, "required": ["bar"]}, "required":true}`.
|
||
*/
|
||
'flatten_deep_query_parameters' => true,
|
||
|
||
'middleware' => [
|
||
'web',
|
||
RestrictedDocsAccess::class,
|
||
],
|
||
|
||
'extensions' => [],
|
||
|
||
/*
|
||
* Automatically document API security (OpenAPI `security` / `securitySchemes`) based on route
|
||
* middleware.
|
||
*
|
||
* Disabled by default. Uncomment the line below to enable `MiddlewareAuthSecurityStrategy`.
|
||
* When at least one documented route uses middleware matching the configured patterns (by default
|
||
* `auth` and `auth:*`), bearer auth is applied globally. Routes without matching middleware are
|
||
* marked as public (`security: []`).
|
||
*
|
||
* Set to `null` explicitly to disable. If you already configure security manually via
|
||
* `afterOpenApiGenerated` / `extendOpenApi`, keep this disabled to avoid duplicate schemes.
|
||
*
|
||
* Customize with a class-string or [class, options]:
|
||
*
|
||
* 'security_strategy' => [
|
||
* \Dedoc\Scramble\SecurityDocumentation\MiddlewareAuthSecurityStrategy::class,
|
||
* [
|
||
* 'middleware' => ['auth', 'auth:*'],
|
||
* 'scheme' => \Dedoc\Scramble\Support\Generator\SecurityScheme::http('bearer'),
|
||
* ],
|
||
* ],
|
||
*/
|
||
// 'security_strategy' => \Dedoc\Scramble\SecurityDocumentation\MiddlewareAuthSecurityStrategy::class,
|
||
'security_strategy' => null,
|
||
];
|