From 30152c3aa7d1f8f8cd026b9b7be6696be26f66ae Mon Sep 17 00:00:00 2001
From: KKKIIO <xc130d210@outlook.com>
Date: Sat, 26 Aug 2023 07:39:39 +0000
Subject: [PATCH] fix: use '&&' for security pair(AND)

---
 README.md                        |  8 ++++----
 README_pt.md                     |  8 ++++----
 README_zh-CN.md                  |  3 +--
 operation.go                     |  3 ++-
 operation_test.go                | 15 +++++++++++----
 parser.go                        |  2 +-
 testdata/global_security/main.go |  2 +-
 7 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index 98932c875..fad308391 100644
--- a/README.md
+++ b/README.md
@@ -874,18 +874,18 @@ Each API operation.
 // @Security ApiKeyAuth
 ```
 
-Make it AND condition
+Make it OR condition
 
 ```go
 // @Security ApiKeyAuth
 // @Security OAuth2Application[write, admin]
 ```
 
-Make it OR condition
+Make it AND condition
 
 ```go
-// @Security ApiKeyAuth || firebase
-// @Security OAuth2Application[write, admin] || APIKeyAuth
+// @Security ApiKeyAuth && firebase
+// @Security OAuth2Application[write, admin] && APIKeyAuth
 ```
 
 
diff --git a/README_pt.md b/README_pt.md
index 1415e9c84..ccac6d717 100644
--- a/README_pt.md
+++ b/README_pt.md
@@ -869,18 +869,18 @@ Cada operação API.
 // @Security ApiKeyAuth
 ```
 
-Faça-o AND condicione-o
+Faça-o OR condicione-o
 
 ```go
 // @Security ApiKeyAuth
 // @Security OAuth2Application[write, admin]
 ```
 
-Faça-o OR condição
+Faça-o AND condição
 
 ```go
-// @Security ApiKeyAuth || firebase
-// @Security OAuth2Application[write, admin] || APIKeyAuth
+// @Security ApiKeyAuth && firebase
+// @Security OAuth2Application[write, admin] && APIKeyAuth
 ```
 
 
diff --git a/README_zh-CN.md b/README_zh-CN.md
index 755a7f0b1..652f62510 100644
--- a/README_zh-CN.md
+++ b/README_zh-CN.md
@@ -729,8 +729,7 @@ type Resp struct {
 使用AND条件。
 
 ```go
-// @Security ApiKeyAuth
-// @Security OAuth2Application[write, admin]
+// @Security ApiKeyAuth && OAuth2Application[write, admin]
 ```
 
 ## 项目相关
diff --git a/operation.go b/operation.go
index edf251002..da2494e18 100644
--- a/operation.go
+++ b/operation.go
@@ -48,6 +48,7 @@ var mimeTypeAliases = map[string]string{
 }
 
 var mimeTypePattern = regexp.MustCompile("^[^/]+/[^/]+$")
+var securityPairSepPattern = regexp.MustCompile(`\|\||&&`) // || for compatibility with old version, && for clarity
 
 // NewOperation creates a new Operation with default properties.
 // map[int]Response.
@@ -731,7 +732,7 @@ func (operation *Operation) ParseSecurityComment(commentLine string) error {
 		securitySource = commentLine[strings.Index(commentLine, "@Security")+1:]
 	)
 
-	for _, securityOption := range strings.Split(securitySource, "||") {
+	for _, securityOption := range securityPairSepPattern.Split(securitySource, -1) {
 		securityOption = strings.TrimSpace(securityOption)
 
 		left, right := strings.Index(securityOption, "["), strings.Index(securityOption, "]")
diff --git a/operation_test.go b/operation_test.go
index 6b684bc2c..434264351 100644
--- a/operation_test.go
+++ b/operation_test.go
@@ -2132,21 +2132,28 @@ func TestParseSecurityCommentSimple(t *testing.T) {
 	})
 }
 
-func TestParseSecurityCommentOr(t *testing.T) {
+func TestParseSecurityCommentAnd(t *testing.T) {
 	t.Parallel()
 
-	comment := `@Security OAuth2Implicit[read, write] || Firebase[]`
+	comment := `@Security OAuth2Implicit[read, write] && Firebase[]`
 	operation := NewOperation(nil)
 
 	err := operation.ParseComment(comment, nil)
 	assert.NoError(t, err)
 
-	assert.Equal(t, operation.Security, []map[string][]string{
+	expect := []map[string][]string{
 		{
 			"OAuth2Implicit": {"read", "write"},
 			"Firebase":       {""},
 		},
-	})
+	}
+	assert.Equal(t, operation.Security, expect)
+
+	oldVersionComment := `@Security OAuth2Implicit[read, write] || Firebase[]`
+	operation = NewOperation(nil)
+	err = operation.ParseComment(oldVersionComment, nil)
+	assert.NoError(t, err)
+	assert.Equal(t, operation.Security, expect)
 }
 
 func TestParseMultiDescription(t *testing.T) {
diff --git a/parser.go b/parser.go
index 6bf991e92..07684125b 100644
--- a/parser.go
+++ b/parser.go
@@ -806,7 +806,7 @@ func parseSecAttributes(context string, lines []string, index *int) (*spec.Secur
 func parseSecurity(commentLine string) map[string][]string {
 	securityMap := make(map[string][]string)
 
-	for _, securityOption := range strings.Split(commentLine, "||") {
+	for _, securityOption := range securityPairSepPattern.Split(commentLine, -1) {
 		securityOption = strings.TrimSpace(securityOption)
 
 		left, right := strings.Index(securityOption, "["), strings.Index(securityOption, "]")
diff --git a/testdata/global_security/main.go b/testdata/global_security/main.go
index 83484bac8..18be6d182 100644
--- a/testdata/global_security/main.go
+++ b/testdata/global_security/main.go
@@ -14,5 +14,5 @@ package global_security
 // @scope.write Grants write access
 // @scope.admin Grants read and write access to administrative information
 
-// @security APIKeyAuth || OAuth2Application
+// @security APIKeyAuth && OAuth2Application
 func main() {}