From 85cf36ae90cc4bd25d8269d94abbe8b01afdf17b Mon Sep 17 00:00:00 2001
From: NexVeridian <nexveridian@gmail.com>
Date: Fri, 13 Dec 2024 17:10:58 -0800
Subject: [PATCH] docs: SecurityAddon

---
 docs-site/content/docs/the-app/controller.md | 23 +++++++++++++++++---
 tests/infra_cfg/server.rs                    |  1 +
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/docs-site/content/docs/the-app/controller.md b/docs-site/content/docs/the-app/controller.md
index 80b133e24..e3994b304 100644
--- a/docs-site/content/docs/the-app/controller.md
+++ b/docs-site/content/docs/the-app/controller.md
@@ -797,7 +797,7 @@ server:
         # spec_yaml_url: /api-docs/openapi.yaml
 ```
 ## Inital OpenAPI Spec
-Modifies the OpenAPI spec before the routes are added, allowing you to edit [openapi::info](https://docs.rs/utoipa/latest/utoipa/openapi/info/struct.Info.html)
+Modifies the OpenAPI spec before the routes are added, allowing you to edit [`openapi::info`](https://docs.rs/utoipa/latest/utoipa/openapi/info/struct.Info.html)
 
 ```rust
 // src/app.rs
@@ -823,7 +823,7 @@ impl Hooks for App {
 ```
 
 ## Generating the OpenAPI spec for a route
-Only routes that are annotated with `utoipa::path` will be included in the OpenAPI spec.
+Only routes that are annotated with [`utoipa::path`](https://docs.rs/utoipa/latest/utoipa/attr.path.html) will be included in the OpenAPI spec.
 
 ```rust
 #[utoipa::path(
@@ -841,7 +841,7 @@ async fn get_action_openapi() -> Result<Response> {
 }
 ```
 
-Make sure to add `#[derive(ToSchema)]` on any struct that included in `utoipa::path`.
+Make sure to add `#[derive(ToSchema)]` on any struct that included in [`utoipa::path`](https://docs.rs/utoipa/latest/utoipa/attr.path.html).
 ```rust
 use utoipa::ToSchema;
 
@@ -852,6 +852,23 @@ pub struct Album {
 }
 ```
 
+If `modifiers(&SecurityAddon)` is set in `inital_openapi_spec`, you can document the per route security in `utoipa::path`:
+- `security(("jwt_token" = []))`
+- `security(("api_key" = []))`
+- or leave blank to remove security from the route `security()`
+
+Example:
+```rust
+#[utoipa::path(
+    get,
+    path = "/album",
+    security(("jwt_token" = [])),
+    responses(
+        (status = 200, description = "Album found", body = Album),
+    ),
+)]
+```
+
 ## Adding routes to the OpenAPI spec visualizer
 Swap the `axum::routing::MethodFilter` to `routes!`
 ### Before
diff --git a/tests/infra_cfg/server.rs b/tests/infra_cfg/server.rs
index 1d09a3498..8b2a7cccb 100644
--- a/tests/infra_cfg/server.rs
+++ b/tests/infra_cfg/server.rs
@@ -54,6 +54,7 @@ pub struct Album {
 #[utoipa::path(
     get,
     path = "/album",
+    security(("jwt_token" = [])),
     responses(
         (status = 200, description = "Album found", body = Album),
     ),