add goa examples

go/goa_example/gen/http/cli/host/cli.go

@@ -0,0 +1,179 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// host HTTP client CLI support package
+//
+// Command:
+// $ goa gen goa_example/design
+
+package cli
+
+import (
+	"flag"
+	"fmt"
+	service1c "goa_example/gen/http/service1/client"
+	"net/http"
+	"os"
+
+	goahttp "goa.design/goa/v3/http"
+	goa "goa.design/goa/v3/pkg"
+)
+
+// UsageCommands returns the set of commands and sub-commands using the format
+//
+//    command (subcommand1|subcommand2|...)
+//
+func UsageCommands() string {
+	return `service1 (signin|secure)
+`
+}
+
+// UsageExamples produces an example of a valid invocation of the CLI tool.
+func UsageExamples() string {
+	return os.Args[0] + ` service1 signin --username "user" --password "password"` + "\n" +
+		""
+}
+
+// ParseEndpoint returns the endpoint and payload as specified on the command
+// line.
+func ParseEndpoint(
+	scheme, host string,
+	doer goahttp.Doer,
+	enc func(*http.Request) goahttp.Encoder,
+	dec func(*http.Response) goahttp.Decoder,
+	restore bool,
+) (goa.Endpoint, interface{}, error) {
+	var (
+		service1Flags = flag.NewFlagSet("service1", flag.ContinueOnError)
+
+		service1SigninFlags        = flag.NewFlagSet("signin", flag.ExitOnError)
+		service1SigninUsernameFlag = service1SigninFlags.String("username", "REQUIRED", "Username used to perform signin")
+		service1SigninPasswordFlag = service1SigninFlags.String("password", "REQUIRED", "Password used to perform signin")
+
+		service1SecureFlags     = flag.NewFlagSet("secure", flag.ExitOnError)
+		service1SecureBodyFlag  = service1SecureFlags.String("body", "REQUIRED", "")
+		service1SecureTokenFlag = service1SecureFlags.String("token", "REQUIRED", "")
+	)
+	service1Flags.Usage = service1Usage
+	service1SigninFlags.Usage = service1SigninUsage
+	service1SecureFlags.Usage = service1SecureUsage
+
+	if err := flag.CommandLine.Parse(os.Args[1:]); err != nil {
+		return nil, nil, err
+	}
+
+	if flag.NArg() < 2 { // two non flag args are required: SERVICE and ENDPOINT (aka COMMAND)
+		return nil, nil, fmt.Errorf("not enough arguments")
+	}
+
+	var (
+		svcn string
+		svcf *flag.FlagSet
+	)
+	{
+		svcn = flag.Arg(0)
+		switch svcn {
+		case "service1":
+			svcf = service1Flags
+		default:
+			return nil, nil, fmt.Errorf("unknown service %q", svcn)
+		}
+	}
+	if err := svcf.Parse(flag.Args()[1:]); err != nil {
+		return nil, nil, err
+	}
+
+	var (
+		epn string
+		epf *flag.FlagSet
+	)
+	{
+		epn = svcf.Arg(0)
+		switch svcn {
+		case "service1":
+			switch epn {
+			case "signin":
+				epf = service1SigninFlags
+
+			case "secure":
+				epf = service1SecureFlags
+
+			}
+
+		}
+	}
+	if epf == nil {
+		return nil, nil, fmt.Errorf("unknown %q endpoint %q", svcn, epn)
+	}
+
+	// Parse endpoint flags if any
+	if svcf.NArg() > 1 {
+		if err := epf.Parse(svcf.Args()[1:]); err != nil {
+			return nil, nil, err
+		}
+	}
+
+	var (
+		data     interface{}
+		endpoint goa.Endpoint
+		err      error
+	)
+	{
+		switch svcn {
+		case "service1":
+			c := service1c.NewClient(scheme, host, doer, enc, dec, restore)
+			switch epn {
+			case "signin":
+				endpoint = c.Signin()
+				data, err = service1c.BuildSigninPayload(*service1SigninUsernameFlag, *service1SigninPasswordFlag)
+			case "secure":
+				endpoint = c.Secure()
+				data, err = service1c.BuildSecurePayload(*service1SecureBodyFlag, *service1SecureTokenFlag)
+			}
+		}
+	}
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return endpoint, data, nil
+}
+
+// service1Usage displays the usage of the service1 command and its subcommands.
+func service1Usage() {
+	fmt.Fprintf(os.Stderr, `The secured service exposes endpoints that require valid authorization credentials.
+Usage:
+    %[1]s [globalflags] service1 COMMAND [flags]
+
+COMMAND:
+    signin: Signin implements signin.
+    secure: 这是一个需要JWT认证的接口
+
+Additional help:
+    %[1]s service1 COMMAND --help
+`, os.Args[0])
+}
+func service1SigninUsage() {
+	fmt.Fprintf(os.Stderr, `%[1]s [flags] service1 signin -username STRING -password STRING
+
+Signin implements signin.
+    -username STRING: Username used to perform signin
+    -password STRING: Password used to perform signin
+
+Example:
+    %[1]s service1 signin --username "user" --password "password"
+`, os.Args[0])
+}
+
+func service1SecureUsage() {
+	fmt.Fprintf(os.Stderr, `%[1]s [flags] service1 secure -body JSON -token STRING
+
+这是一个需要JWT认证的接口
+    -body JSON: 
+    -token STRING: 
+
+Example:
+    %[1]s service1 secure --body '{
+      "fail": true
+   }' --token "Ducimus aut similique."
+`, os.Args[0])
+}

go/goa_example/gen/http/openapi.json

@@ -0,0 +1 @@
+{"swagger":"2.0","info":{"title":"A Goa Example Service","description":"HTTP service for test","version":""},"host":"localhost:8088","consumes":["application/json","application/xml","application/gob"],"produces":["application/json","application/xml","application/gob"],"paths":{"/secure":{"get":{"tags":["Service1"],"summary":"secure Service1","description":"这是一个需要JWT认证的接口","operationId":"Service1#secure","parameters":[{"name":"Authorization","in":"header","description":"JWT used for authentication","required":true,"type":"string"},{"name":"SecureRequestBody","in":"body","required":true,"schema":{"$ref":"#/definitions/Service1SecureRequestBody"}}],"responses":{"200":{"description":"OK response.","schema":{"type":"string"}},"401":{"description":"Unauthorized response.","schema":{"type":"string"}}},"schemes":["http"],"security":[{"jwt_header_Authorization":[]}]}},"/signin":{"post":{"tags":["Service1"],"summary":"signin Service1","operationId":"Service1#signin","parameters":[{"name":"Authorization","in":"header","description":"Basic Auth security using Basic scheme (https://tools.ietf.org/html/rfc7617)","required":true,"type":"string"}],"responses":{"200":{"description":"OK response.","schema":{"$ref":"#/definitions/Service1SigninOKResponseBody","required":["jwt","api_key","oauth_token"]}},"400":{"description":"Bad Request response.","schema":{"$ref":"#/definitions/Service1SigninBadRequestResponseBody","required":["jwt","api_key","oauth_token"]}},"401":{"description":"Unauthorized response.","schema":{"type":"string"}}},"schemes":["http"],"security":[{"basic_header_Authorization":[]}]}}},"definitions":{"Service1SecureRequestBody":{"title":"Service1SecureRequestBody","type":"object","properties":{"fail":{"type":"boolean","description":"Whether to force auth failure even with a valid JWT","example":false}},"example":{"fail":false}},"Service1SigninBadRequestResponseBody":{"title":"Service1SigninBadRequestResponseBody","type":"object","properties":{"api_key":{"type":"string","description":"API Key","example":"abcdef12345"},"jwt":{"type":"string","description":"JWT token","example":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"},"oauth_token":{"type":"string","description":"OAuth2 token","example":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"}},"example":{"api_key":"abcdef12345","jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ","oauth_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"},"required":["jwt","api_key","oauth_token"]},"Service1SigninOKResponseBody":{"title":"Service1SigninOKResponseBody","type":"object","properties":{"api_key":{"type":"string","description":"API Key","example":"abcdef12345"},"jwt":{"type":"string","description":"JWT token","example":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"},"oauth_token":{"type":"string","description":"OAuth2 token","example":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"}},"example":{"api_key":"abcdef12345","jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ","oauth_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"},"required":["jwt","api_key","oauth_token"]}},"securityDefinitions":{"basic_header_Authorization":{"type":"basic","description":"Basic authentication used to authenticate security principal during signin"},"jwt_header_Authorization":{"type":"apiKey","description":"Secures endpoint by requiring a valid JWT token retrieved via the signin endpoint. Supports scopes \"api:read\" and \"api:write\".","name":"Authorization","in":"header"}}}

go/goa_example/gen/http/openapi.yaml

@@ -0,0 +1,153 @@
+swagger: "2.0"
+info:
+  title: A Goa Example Service
+  description: HTTP service for test
+  version: ""
+host: localhost:8088
+consumes:
+- application/json
+- application/xml
+- application/gob
+produces:
+- application/json
+- application/xml
+- application/gob
+paths:
+  /secure:
+    get:
+      tags:
+      - Service1
+      summary: secure Service1
+      description: 这是一个需要JWT认证的接口
+      operationId: Service1#secure
+      parameters:
+      - name: Authorization
+        in: header
+        description: JWT used for authentication
+        required: true
+        type: string
+      - name: SecureRequestBody
+        in: body
+        required: true
+        schema:
+          $ref: '#/definitions/Service1SecureRequestBody'
+      responses:
+        "200":
+          description: OK response.
+          schema:
+            type: string
+        "401":
+          description: Unauthorized response.
+          schema:
+            type: string
+      schemes:
+      - http
+      security:
+      - jwt_header_Authorization: []
+  /signin:
+    post:
+      tags:
+      - Service1
+      summary: signin Service1
+      operationId: Service1#signin
+      parameters:
+      - name: Authorization
+        in: header
+        description: Basic Auth security using Basic scheme (https://tools.ietf.org/html/rfc7617)
+        required: true
+        type: string
+      responses:
+        "200":
+          description: OK response.
+          schema:
+            $ref: '#/definitions/Service1SigninOKResponseBody'
+            required:
+            - jwt
+            - api_key
+            - oauth_token
+        "400":
+          description: Bad Request response.
+          schema:
+            $ref: '#/definitions/Service1SigninBadRequestResponseBody'
+            required:
+            - jwt
+            - api_key
+            - oauth_token
+        "401":
+          description: Unauthorized response.
+          schema:
+            type: string
+      schemes:
+      - http
+      security:
+      - basic_header_Authorization: []
+definitions:
+  Service1SecureRequestBody:
+    title: Service1SecureRequestBody
+    type: object
+    properties:
+      fail:
+        type: boolean
+        description: Whether to force auth failure even with a valid JWT
+        example: false
+    example:
+      fail: false
+  Service1SigninBadRequestResponseBody:
+    title: Service1SigninBadRequestResponseBody
+    type: object
+    properties:
+      api_key:
+        type: string
+        description: API Key
+        example: abcdef12345
+      jwt:
+        type: string
+        description: JWT token
+        example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+      oauth_token:
+        type: string
+        description: OAuth2 token
+        example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+    example:
+      api_key: abcdef12345
+      jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+      oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+    required:
+    - jwt
+    - api_key
+    - oauth_token
+  Service1SigninOKResponseBody:
+    title: Service1SigninOKResponseBody
+    type: object
+    properties:
+      api_key:
+        type: string
+        description: API Key
+        example: abcdef12345
+      jwt:
+        type: string
+        description: JWT token
+        example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+      oauth_token:
+        type: string
+        description: OAuth2 token
+        example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+    example:
+      api_key: abcdef12345
+      jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+      oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+    required:
+    - jwt
+    - api_key
+    - oauth_token
+securityDefinitions:
+  basic_header_Authorization:
+    type: basic
+    description: Basic authentication used to authenticate security principal during
+      signin
+  jwt_header_Authorization:
+    type: apiKey
+    description: Secures endpoint by requiring a valid JWT token retrieved via the
+      signin endpoint. Supports scopes "api:read" and "api:write".
+    name: Authorization
+    in: header

go/goa_example/gen/http/openapi3.json

@@ -0,0 +1 @@
+{"openapi":"3.0.3","info":{"title":"A Goa Example Service","description":"HTTP service for test","version":"1.0"},"servers":[{"url":"http://localhost:8088"},{"url":"http://localhost:8088"}],"paths":{"/secure":{"get":{"tags":["Service1"],"summary":"secure Service1","description":"这是一个需要JWT认证的接口","operationId":"Service1#secure","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SecureRequestBody"},"example":{"fail":true}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"type":"string","example":"Commodi earum ut dolorem qui."},"example":"Aliquid corrupti facere voluptate."}}},"401":{"description":"Unauthorized response.","content":{"application/json":{"schema":{"type":"string","example":"Alias placeat est tenetur ad distinctio nesciunt."},"example":"Odit qui ut culpa est."}}}},"security":[{"jwt_header_Authorization":[]}]}},"/signin":{"post":{"tags":["Service1"],"summary":"signin Service1","operationId":"Service1#signin","responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Creds"},"example":{"api_key":"abcdef12345","jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ","oauth_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"}}}},"400":{"description":"Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Creds"},"example":{"api_key":"abcdef12345","jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ","oauth_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"}}}},"401":{"description":"Unauthorized response.","content":{"application/json":{"schema":{"type":"string","example":"Voluptate non dolore autem ipsam omnis."},"example":"Et necessitatibus cupiditate repudiandae iste."}}}},"security":[{"basic_header_Authorization":[]}]}}},"components":{"schemas":{"Creds":{"type":"object","properties":{"api_key":{"type":"string","description":"API Key","example":"abcdef12345"},"jwt":{"type":"string","description":"JWT token","example":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"},"oauth_token":{"type":"string","description":"OAuth2 token","example":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"}},"example":{"api_key":"abcdef12345","jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ","oauth_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"},"required":["jwt","api_key","oauth_token"]},"SecureRequestBody":{"type":"object","properties":{"fail":{"type":"boolean","description":"Whether to force auth failure even with a valid JWT","example":false}},"example":{"fail":false}}},"securitySchemes":{"basic_header_Authorization":{"type":"http","description":"Basic authentication used to authenticate security principal during signin","scheme":"basic"},"jwt_header_Authorization":{"type":"http","description":"Secures endpoint by requiring a valid JWT token retrieved via the signin endpoint. Supports scopes \"api:read\" and \"api:write\".","scheme":"bearer"}}},"tags":[{"name":"Service1","description":"The secured service exposes endpoints that require valid authorization credentials."}]}

go/goa_example/gen/http/openapi3.yaml

@@ -0,0 +1,129 @@
+openapi: 3.0.3
+info:
+  title: A Goa Example Service
+  description: HTTP service for test
+  version: "1.0"
+servers:
+- url: http://localhost:8088
+- url: http://localhost:8088
+paths:
+  /secure:
+    get:
+      tags:
+      - Service1
+      summary: secure Service1
+      description: 这是一个需要JWT认证的接口
+      operationId: Service1#secure
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecureRequestBody'
+            example:
+              fail: true
+      responses:
+        "200":
+          description: OK response.
+          content:
+            application/json:
+              schema:
+                type: string
+                example: Commodi earum ut dolorem qui.
+              example: Aliquid corrupti facere voluptate.
+        "401":
+          description: Unauthorized response.
+          content:
+            application/json:
+              schema:
+                type: string
+                example: Alias placeat est tenetur ad distinctio nesciunt.
+              example: Odit qui ut culpa est.
+      security:
+      - jwt_header_Authorization: []
+  /signin:
+    post:
+      tags:
+      - Service1
+      summary: signin Service1
+      operationId: Service1#signin
+      responses:
+        "200":
+          description: OK response.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Creds'
+              example:
+                api_key: abcdef12345
+                jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+                oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+        "400":
+          description: Bad Request response.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Creds'
+              example:
+                api_key: abcdef12345
+                jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+                oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+        "401":
+          description: Unauthorized response.
+          content:
+            application/json:
+              schema:
+                type: string
+                example: Voluptate non dolore autem ipsam omnis.
+              example: Et necessitatibus cupiditate repudiandae iste.
+      security:
+      - basic_header_Authorization: []
+components:
+  schemas:
+    Creds:
+      type: object
+      properties:
+        api_key:
+          type: string
+          description: API Key
+          example: abcdef12345
+        jwt:
+          type: string
+          description: JWT token
+          example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+        oauth_token:
+          type: string
+          description: OAuth2 token
+          example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+      example:
+        api_key: abcdef12345
+        jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+        oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+      required:
+      - jwt
+      - api_key
+      - oauth_token
+    SecureRequestBody:
+      type: object
+      properties:
+        fail:
+          type: boolean
+          description: Whether to force auth failure even with a valid JWT
+          example: false
+      example:
+        fail: false
+  securitySchemes:
+    basic_header_Authorization:
+      type: http
+      description: Basic authentication used to authenticate security principal during
+        signin
+      scheme: basic
+    jwt_header_Authorization:
+      type: http
+      description: Secures endpoint by requiring a valid JWT token retrieved via the
+        signin endpoint. Supports scopes "api:read" and "api:write".
+      scheme: bearer
+tags:
+- name: Service1
+  description: The secured service exposes endpoints that require valid authorization
+    credentials.

go/goa_example/gen/http/service1/client/cli.go

@@ -0,0 +1,55 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// Service1 HTTP client CLI support package
+//
+// Command:
+// $ goa gen goa_example/design
+
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	service1 "goa_example/gen/service1"
+)
+
+// BuildSigninPayload builds the payload for the Service1 signin endpoint from
+// CLI flags.
+func BuildSigninPayload(service1SigninUsername string, service1SigninPassword string) (*service1.SigninPayload, error) {
+	var username string
+	{
+		username = service1SigninUsername
+	}
+	var password string
+	{
+		password = service1SigninPassword
+	}
+	v := &service1.SigninPayload{}
+	v.Username = username
+	v.Password = password
+
+	return v, nil
+}
+
+// BuildSecurePayload builds the payload for the Service1 secure endpoint from
+// CLI flags.
+func BuildSecurePayload(service1SecureBody string, service1SecureToken string) (*service1.SecurePayload, error) {
+	var err error
+	var body SecureRequestBody
+	{
+		err = json.Unmarshal([]byte(service1SecureBody), &body)
+		if err != nil {
+			return nil, fmt.Errorf("invalid JSON for body, \nerror: %s, \nexample of valid JSON:\n%s", err, "'{\n      \"fail\": true\n   }'")
+		}
+	}
+	var token string
+	{
+		token = service1SecureToken
+	}
+	v := &service1.SecurePayload{
+		Fail: body.Fail,
+	}
+	v.Token = token
+
+	return v, nil
+}

go/goa_example/gen/http/service1/client/client.go

@@ -0,0 +1,102 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// Service1 client HTTP transport
+//
+// Command:
+// $ goa gen goa_example/design
+
+package client
+
+import (
+	"context"
+	"net/http"
+
+	goahttp "goa.design/goa/v3/http"
+	goa "goa.design/goa/v3/pkg"
+)
+
+// Client lists the Service1 service endpoint HTTP clients.
+type Client struct {
+	// Signin Doer is the HTTP client used to make requests to the signin endpoint.
+	SigninDoer goahttp.Doer
+
+	// Secure Doer is the HTTP client used to make requests to the secure endpoint.
+	SecureDoer goahttp.Doer
+
+	// RestoreResponseBody controls whether the response bodies are reset after
+	// decoding so they can be read again.
+	RestoreResponseBody bool
+
+	scheme  string
+	host    string
+	encoder func(*http.Request) goahttp.Encoder
+	decoder func(*http.Response) goahttp.Decoder
+}
+
+// NewClient instantiates HTTP clients for all the Service1 service servers.
+func NewClient(
+	scheme string,
+	host string,
+	doer goahttp.Doer,
+	enc func(*http.Request) goahttp.Encoder,
+	dec func(*http.Response) goahttp.Decoder,
+	restoreBody bool,
+) *Client {
+	return &Client{
+		SigninDoer:          doer,
+		SecureDoer:          doer,
+		RestoreResponseBody: restoreBody,
+		scheme:              scheme,
+		host:                host,
+		decoder:             dec,
+		encoder:             enc,
+	}
+}
+
+// Signin returns an endpoint that makes HTTP requests to the Service1 service
+// signin server.
+func (c *Client) Signin() goa.Endpoint {
+	var (
+		encodeRequest  = EncodeSigninRequest(c.encoder)
+		decodeResponse = DecodeSigninResponse(c.decoder, c.RestoreResponseBody)
+	)
+	return func(ctx context.Context, v interface{}) (interface{}, error) {
+		req, err := c.BuildSigninRequest(ctx, v)
+		if err != nil {
+			return nil, err
+		}
+		err = encodeRequest(req, v)
+		if err != nil {
+			return nil, err
+		}
+		resp, err := c.SigninDoer.Do(req)
+		if err != nil {
+			return nil, goahttp.ErrRequestError("Service1", "signin", err)
+		}
+		return decodeResponse(resp)
+	}
+}
+
+// Secure returns an endpoint that makes HTTP requests to the Service1 service
+// secure server.
+func (c *Client) Secure() goa.Endpoint {
+	var (
+		encodeRequest  = EncodeSecureRequest(c.encoder)
+		decodeResponse = DecodeSecureResponse(c.decoder, c.RestoreResponseBody)
+	)
+	return func(ctx context.Context, v interface{}) (interface{}, error) {
+		req, err := c.BuildSecureRequest(ctx, v)
+		if err != nil {
+			return nil, err
+		}
+		err = encodeRequest(req, v)
+		if err != nil {
+			return nil, err
+		}
+		resp, err := c.SecureDoer.Do(req)
+		if err != nil {
+			return nil, goahttp.ErrRequestError("Service1", "secure", err)
+		}
+		return decodeResponse(resp)
+	}
+}

go/goa_example/gen/http/service1/client/encode_decode.go

@@ -0,0 +1,188 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// Service1 HTTP client encoders and decoders
+//
+// Command:
+// $ goa gen goa_example/design
+
+package client
+
+import (
+	"bytes"
+	"context"
+	service1 "goa_example/gen/service1"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+
+	goahttp "goa.design/goa/v3/http"
+)
+
+// BuildSigninRequest instantiates a HTTP request object with method and path
+// set to call the "Service1" service "signin" endpoint
+func (c *Client) BuildSigninRequest(ctx context.Context, v interface{}) (*http.Request, error) {
+	u := &url.URL{Scheme: c.scheme, Host: c.host, Path: SigninService1Path()}
+	req, err := http.NewRequest("POST", u.String(), nil)
+	if err != nil {
+		return nil, goahttp.ErrInvalidURL("Service1", "signin", u.String(), err)
+	}
+	if ctx != nil {
+		req = req.WithContext(ctx)
+	}
+
+	return req, nil
+}
+
+// EncodeSigninRequest returns an encoder for requests sent to the Service1
+// signin server.
+func EncodeSigninRequest(encoder func(*http.Request) goahttp.Encoder) func(*http.Request, interface{}) error {
+	return func(req *http.Request, v interface{}) error {
+		p, ok := v.(*service1.SigninPayload)
+		if !ok {
+			return goahttp.ErrInvalidType("Service1", "signin", "*service1.SigninPayload", v)
+		}
+		req.SetBasicAuth(p.Username, p.Password)
+		return nil
+	}
+}
+
+// DecodeSigninResponse returns a decoder for responses returned by the
+// Service1 signin endpoint. restoreBody controls whether the response body
+// should be restored after having been read.
+// DecodeSigninResponse may return the following errors:
+//	- "unauthorized" (type service1.Unauthorized): http.StatusUnauthorized
+//	- error: internal error
+func DecodeSigninResponse(decoder func(*http.Response) goahttp.Decoder, restoreBody bool) func(*http.Response) (interface{}, error) {
+	return func(resp *http.Response) (interface{}, error) {
+		if restoreBody {
+			b, err := ioutil.ReadAll(resp.Body)
+			if err != nil {
+				return nil, err
+			}
+			resp.Body = ioutil.NopCloser(bytes.NewBuffer(b))
+			defer func() {
+				resp.Body = ioutil.NopCloser(bytes.NewBuffer(b))
+			}()
+		} else {
+			defer resp.Body.Close()
+		}
+		switch resp.StatusCode {
+		case http.StatusOK:
+			var (
+				body SigninOKResponseBody
+				err  error
+			)
+			err = decoder(resp).Decode(&body)
+			if err != nil {
+				return nil, goahttp.ErrDecodingError("Service1", "signin", err)
+			}
+			err = ValidateSigninOKResponseBody(&body)
+			if err != nil {
+				return nil, goahttp.ErrValidationError("Service1", "signin", err)
+			}
+			res := NewSigninCredsOK(&body)
+			return res, nil
+		case http.StatusUnauthorized:
+			var (
+				body string
+				err  error
+			)
+			err = decoder(resp).Decode(&body)
+			if err != nil {
+				return nil, goahttp.ErrDecodingError("Service1", "signin", err)
+			}
+			return nil, NewSigninUnauthorized(body)
+		default:
+			body, _ := ioutil.ReadAll(resp.Body)
+			return nil, goahttp.ErrInvalidResponse("Service1", "signin", resp.StatusCode, string(body))
+		}
+	}
+}
+
+// BuildSecureRequest instantiates a HTTP request object with method and path
+// set to call the "Service1" service "secure" endpoint
+func (c *Client) BuildSecureRequest(ctx context.Context, v interface{}) (*http.Request, error) {
+	u := &url.URL{Scheme: c.scheme, Host: c.host, Path: SecureService1Path()}
+	req, err := http.NewRequest("GET", u.String(), nil)
+	if err != nil {
+		return nil, goahttp.ErrInvalidURL("Service1", "secure", u.String(), err)
+	}
+	if ctx != nil {
+		req = req.WithContext(ctx)
+	}
+
+	return req, nil
+}
+
+// EncodeSecureRequest returns an encoder for requests sent to the Service1
+// secure server.
+func EncodeSecureRequest(encoder func(*http.Request) goahttp.Encoder) func(*http.Request, interface{}) error {
+	return func(req *http.Request, v interface{}) error {
+		p, ok := v.(*service1.SecurePayload)
+		if !ok {
+			return goahttp.ErrInvalidType("Service1", "secure", "*service1.SecurePayload", v)
+		}
+		{
+			head := p.Token
+			if !strings.Contains(head, " ") {
+				req.Header.Set("Authorization", "Bearer "+head)
+			} else {
+				req.Header.Set("Authorization", head)
+			}
+		}
+		body := NewSecureRequestBody(p)
+		if err := encoder(req).Encode(&body); err != nil {
+			return goahttp.ErrEncodingError("Service1", "secure", err)
+		}
+		return nil
+	}
+}
+
+// DecodeSecureResponse returns a decoder for responses returned by the
+// Service1 secure endpoint. restoreBody controls whether the response body
+// should be restored after having been read.
+// DecodeSecureResponse may return the following errors:
+//	- "unauthorized" (type service1.Unauthorized): http.StatusUnauthorized
+//	- error: internal error
+func DecodeSecureResponse(decoder func(*http.Response) goahttp.Decoder, restoreBody bool) func(*http.Response) (interface{}, error) {
+	return func(resp *http.Response) (interface{}, error) {
+		if restoreBody {
+			b, err := ioutil.ReadAll(resp.Body)
+			if err != nil {
+				return nil, err
+			}
+			resp.Body = ioutil.NopCloser(bytes.NewBuffer(b))
+			defer func() {
+				resp.Body = ioutil.NopCloser(bytes.NewBuffer(b))
+			}()
+		} else {
+			defer resp.Body.Close()
+		}
+		switch resp.StatusCode {
+		case http.StatusOK:
+			var (
+				body string
+				err  error
+			)
+			err = decoder(resp).Decode(&body)
+			if err != nil {
+				return nil, goahttp.ErrDecodingError("Service1", "secure", err)
+			}
+			return body, nil
+		case http.StatusUnauthorized:
+			var (
+				body string
+				err  error
+			)
+			err = decoder(resp).Decode(&body)
+			if err != nil {
+				return nil, goahttp.ErrDecodingError("Service1", "secure", err)
+			}
+			return nil, NewSecureUnauthorized(body)
+		default:
+			body, _ := ioutil.ReadAll(resp.Body)
+			return nil, goahttp.ErrInvalidResponse("Service1", "secure", resp.StatusCode, string(body))
+		}
+	}
+}

go/goa_example/gen/http/service1/client/paths.go

@@ -0,0 +1,18 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// HTTP request path constructors for the Service1 service.
+//
+// Command:
+// $ goa gen goa_example/design
+
+package client
+
+// SigninService1Path returns the URL path to the Service1 service signin HTTP endpoint.
+func SigninService1Path() string {
+	return "/signin"
+}
+
+// SecureService1Path returns the URL path to the Service1 service secure HTTP endpoint.
+func SecureService1Path() string {
+	return "/secure"
+}

go/goa_example/gen/http/service1/client/types.go

@@ -0,0 +1,109 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// Service1 HTTP client types
+//
+// Command:
+// $ goa gen goa_example/design
+
+package client
+
+import (
+	service1 "goa_example/gen/service1"
+
+	goa "goa.design/goa/v3/pkg"
+)
+
+// SecureRequestBody is the type of the "Service1" service "secure" endpoint
+// HTTP request body.
+type SecureRequestBody struct {
+	// Whether to force auth failure even with a valid JWT
+	Fail *bool `form:"fail,omitempty" json:"fail,omitempty" xml:"fail,omitempty"`
+}
+
+// SigninOKResponseBody is the type of the "Service1" service "signin" endpoint
+// HTTP response body.
+type SigninOKResponseBody struct {
+	// JWT token
+	JWT *string `form:"jwt,omitempty" json:"jwt,omitempty" xml:"jwt,omitempty"`
+	// API Key
+	APIKey *string `form:"api_key,omitempty" json:"api_key,omitempty" xml:"api_key,omitempty"`
+	// OAuth2 token
+	OauthToken *string `form:"oauth_token,omitempty" json:"oauth_token,omitempty" xml:"oauth_token,omitempty"`
+}
+
+// SigninBadRequestResponseBody is used to define fields on response body types.
+type SigninBadRequestResponseBody struct {
+	// JWT token
+	JWT *string `form:"jwt,omitempty" json:"jwt,omitempty" xml:"jwt,omitempty"`
+	// API Key
+	APIKey *string `form:"api_key,omitempty" json:"api_key,omitempty" xml:"api_key,omitempty"`
+	// OAuth2 token
+	OauthToken *string `form:"oauth_token,omitempty" json:"oauth_token,omitempty" xml:"oauth_token,omitempty"`
+}
+
+// NewSecureRequestBody builds the HTTP request body from the payload of the
+// "secure" endpoint of the "Service1" service.
+func NewSecureRequestBody(p *service1.SecurePayload) *SecureRequestBody {
+	body := &SecureRequestBody{
+		Fail: p.Fail,
+	}
+	return body
+}
+
+// NewSigninCredsOK builds a "Service1" service "signin" endpoint result from a
+// HTTP "OK" response.
+func NewSigninCredsOK(body *SigninOKResponseBody) *service1.Creds {
+	v := &service1.Creds{
+		JWT:        *body.JWT,
+		APIKey:     *body.APIKey,
+		OauthToken: *body.OauthToken,
+	}
+
+	return v
+}
+
+// NewSigninUnauthorized builds a Service1 service signin endpoint unauthorized
+// error.
+func NewSigninUnauthorized(body string) service1.Unauthorized {
+	v := service1.Unauthorized(body)
+
+	return v
+}
+
+// NewSecureUnauthorized builds a Service1 service secure endpoint unauthorized
+// error.
+func NewSecureUnauthorized(body string) service1.Unauthorized {
+	v := service1.Unauthorized(body)
+
+	return v
+}
+
+// ValidateSigninOKResponseBody runs the validations defined on
+// SigninOKResponseBody
+func ValidateSigninOKResponseBody(body *SigninOKResponseBody) (err error) {
+	if body.JWT == nil {
+		err = goa.MergeErrors(err, goa.MissingFieldError("jwt", "body"))
+	}
+	if body.APIKey == nil {
+		err = goa.MergeErrors(err, goa.MissingFieldError("api_key", "body"))
+	}
+	if body.OauthToken == nil {
+		err = goa.MergeErrors(err, goa.MissingFieldError("oauth_token", "body"))
+	}
+	return
+}
+
+// ValidateSigninBadRequestResponseBody runs the validations defined on
+// SigninBad RequestResponseBody
+func ValidateSigninBadRequestResponseBody(body *SigninBadRequestResponseBody) (err error) {
+	if body.JWT == nil {
+		err = goa.MergeErrors(err, goa.MissingFieldError("jwt", "body"))
+	}
+	if body.APIKey == nil {
+		err = goa.MergeErrors(err, goa.MissingFieldError("api_key", "body"))
+	}
+	if body.OauthToken == nil {
+		err = goa.MergeErrors(err, goa.MissingFieldError("oauth_token", "body"))
+	}
+	return
+}

go/goa_example/gen/http/service1/server/encode_decode.go

@@ -0,0 +1,143 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// Service1 HTTP server encoders and decoders
+//
+// Command:
+// $ goa gen goa_example/design
+
+package server
+
+import (
+	"context"
+	"errors"
+	service1 "goa_example/gen/service1"
+	"io"
+	"net/http"
+	"strings"
+
+	goahttp "goa.design/goa/v3/http"
+	goa "goa.design/goa/v3/pkg"
+)
+
+// EncodeSigninResponse returns an encoder for responses returned by the
+// Service1 signin endpoint.
+func EncodeSigninResponse(encoder func(context.Context, http.ResponseWriter) goahttp.Encoder) func(context.Context, http.ResponseWriter, interface{}) error {
+	return func(ctx context.Context, w http.ResponseWriter, v interface{}) error {
+		res, _ := v.(*service1.Creds)
+		enc := encoder(ctx, w)
+		body := NewSigninOKResponseBody(res)
+		w.WriteHeader(http.StatusOK)
+		return enc.Encode(body)
+	}
+}
+
+// DecodeSigninRequest returns a decoder for requests sent to the Service1
+// signin endpoint.
+func DecodeSigninRequest(mux goahttp.Muxer, decoder func(*http.Request) goahttp.Decoder) func(*http.Request) (interface{}, error) {
+	return func(r *http.Request) (interface{}, error) {
+		payload := NewSigninPayload()
+		user, pass, ok := r.BasicAuth()
+		if !ok {
+			return nil, goa.MissingFieldError("Authorization", "header")
+		}
+		payload.Username = user
+		payload.Password = pass
+
+		return payload, nil
+	}
+}
+
+// EncodeSigninError returns an encoder for errors returned by the signin
+// Service1 endpoint.
+func EncodeSigninError(encoder func(context.Context, http.ResponseWriter) goahttp.Encoder, formatter func(err error) goahttp.Statuser) func(context.Context, http.ResponseWriter, error) error {
+	encodeError := goahttp.ErrorEncoder(encoder, formatter)
+	return func(ctx context.Context, w http.ResponseWriter, v error) error {
+		var en ErrorNamer
+		if !errors.As(v, &en) {
+			return encodeError(ctx, w, v)
+		}
+		switch en.ErrorName() {
+		case "unauthorized":
+			res := v.(service1.Unauthorized)
+			enc := encoder(ctx, w)
+			body := res
+			w.Header().Set("goa-error", res.ErrorName())
+			w.WriteHeader(http.StatusUnauthorized)
+			return enc.Encode(body)
+		default:
+			return encodeError(ctx, w, v)
+		}
+	}
+}
+
+// EncodeSecureResponse returns an encoder for responses returned by the
+// Service1 secure endpoint.
+func EncodeSecureResponse(encoder func(context.Context, http.ResponseWriter) goahttp.Encoder) func(context.Context, http.ResponseWriter, interface{}) error {
+	return func(ctx context.Context, w http.ResponseWriter, v interface{}) error {
+		res, _ := v.(string)
+		enc := encoder(ctx, w)
+		body := res
+		w.WriteHeader(http.StatusOK)
+		return enc.Encode(body)
+	}
+}
+
+// DecodeSecureRequest returns a decoder for requests sent to the Service1
+// secure endpoint.
+func DecodeSecureRequest(mux goahttp.Muxer, decoder func(*http.Request) goahttp.Decoder) func(*http.Request) (interface{}, error) {
+	return func(r *http.Request) (interface{}, error) {
+		var (
+			body SecureRequestBody
+			err  error
+		)
+		err = decoder(r).Decode(&body)
+		if err != nil {
+			if err == io.EOF {
+				return nil, goa.MissingPayloadError()
+			}
+			return nil, goa.DecodePayloadError(err.Error())
+		}
+
+		var (
+			token string
+		)
+		token = r.Header.Get("Authorization")
+		if token == "" {
+			err = goa.MergeErrors(err, goa.MissingFieldError("Authorization", "header"))
+		}
+		if err != nil {
+			return nil, err
+		}
+		payload := NewSecurePayload(&body, token)
+		if strings.Contains(payload.Token, " ") {
+			// Remove authorization scheme prefix (e.g. "Bearer")
+			cred := strings.SplitN(payload.Token, " ", 2)[1]
+			payload.Token = cred
+		}
+
+		return payload, nil
+	}
+}
+
+// EncodeSecureError returns an encoder for errors returned by the secure
+// Service1 endpoint.
+func EncodeSecureError(encoder func(context.Context, http.ResponseWriter) goahttp.Encoder, formatter func(err error) goahttp.Statuser) func(context.Context, http.ResponseWriter, error) error {
+	encodeError := goahttp.ErrorEncoder(encoder, formatter)
+	return func(ctx context.Context, w http.ResponseWriter, v error) error {
+		var en ErrorNamer
+		if !errors.As(v, &en) {
+			return encodeError(ctx, w, v)
+		}
+		switch en.ErrorName() {
+		case "unauthorized":
+			res := v.(service1.Unauthorized)
+			enc := encoder(ctx, w)
+			body := res
+			w.Header().Set("goa-error", res.ErrorName())
+			w.WriteHeader(http.StatusUnauthorized)
+			return enc.Encode(body)
+		default:
+			return encodeError(ctx, w, v)
+		}
+	}
+}

go/goa_example/gen/http/service1/server/paths.go

@@ -0,0 +1,18 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// HTTP request path constructors for the Service1 service.
+//
+// Command:
+// $ goa gen goa_example/design
+
+package server
+
+// SigninService1Path returns the URL path to the Service1 service signin HTTP endpoint.
+func SigninService1Path() string {
+	return "/signin"
+}
+
+// SecureService1Path returns the URL path to the Service1 service secure HTTP endpoint.
+func SecureService1Path() string {
+	return "/secure"
+}

go/goa_example/gen/http/service1/server/server.go

@@ -0,0 +1,187 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// Service1 HTTP server
+//
+// Command:
+// $ goa gen goa_example/design
+
+package server
+
+import (
+	"context"
+	service1 "goa_example/gen/service1"
+	"net/http"
+
+	goahttp "goa.design/goa/v3/http"
+	goa "goa.design/goa/v3/pkg"
+)
+
+// Server lists the Service1 service endpoint HTTP handlers.
+type Server struct {
+	Mounts []*MountPoint
+	Signin http.Handler
+	Secure http.Handler
+}
+
+// ErrorNamer is an interface implemented by generated error structs that
+// exposes the name of the error as defined in the design.
+type ErrorNamer interface {
+	ErrorName() string
+}
+
+// MountPoint holds information about the mounted endpoints.
+type MountPoint struct {
+	// Method is the name of the service method served by the mounted HTTP handler.
+	Method string
+	// Verb is the HTTP method used to match requests to the mounted handler.
+	Verb string
+	// Pattern is the HTTP request path pattern used to match requests to the
+	// mounted handler.
+	Pattern string
+}
+
+// New instantiates HTTP handlers for all the Service1 service endpoints using
+// the provided encoder and decoder. The handlers are mounted on the given mux
+// using the HTTP verb and path defined in the design. errhandler is called
+// whenever a response fails to be encoded. formatter is used to format errors
+// returned by the service methods prior to encoding. Both errhandler and
+// formatter are optional and can be nil.
+func New(
+	e *service1.Endpoints,
+	mux goahttp.Muxer,
+	decoder func(*http.Request) goahttp.Decoder,
+	encoder func(context.Context, http.ResponseWriter) goahttp.Encoder,
+	errhandler func(context.Context, http.ResponseWriter, error),
+	formatter func(err error) goahttp.Statuser,
+) *Server {
+	return &Server{
+		Mounts: []*MountPoint{
+			{"Signin", "POST", "/signin"},
+			{"Secure", "GET", "/secure"},
+		},
+		Signin: NewSigninHandler(e.Signin, mux, decoder, encoder, errhandler, formatter),
+		Secure: NewSecureHandler(e.Secure, mux, decoder, encoder, errhandler, formatter),
+	}
+}
+
+// Service returns the name of the service served.
+func (s *Server) Service() string { return "Service1" }
+
+// Use wraps the server handlers with the given middleware.
+func (s *Server) Use(m func(http.Handler) http.Handler) {
+	s.Signin = m(s.Signin)
+	s.Secure = m(s.Secure)
+}
+
+// Mount configures the mux to serve the Service1 endpoints.
+func Mount(mux goahttp.Muxer, h *Server) {
+	MountSigninHandler(mux, h.Signin)
+	MountSecureHandler(mux, h.Secure)
+}
+
+// Mount configures the mux to serve the Service1 endpoints.
+func (s *Server) Mount(mux goahttp.Muxer) {
+	Mount(mux, s)
+}
+
+// MountSigninHandler configures the mux to serve the "Service1" service
+// "signin" endpoint.
+func MountSigninHandler(mux goahttp.Muxer, h http.Handler) {
+	f, ok := h.(http.HandlerFunc)
+	if !ok {
+		f = func(w http.ResponseWriter, r *http.Request) {
+			h.ServeHTTP(w, r)
+		}
+	}
+	mux.Handle("POST", "/signin", f)
+}
+
+// NewSigninHandler creates a HTTP handler which loads the HTTP request and
+// calls the "Service1" service "signin" endpoint.
+func NewSigninHandler(
+	endpoint goa.Endpoint,
+	mux goahttp.Muxer,
+	decoder func(*http.Request) goahttp.Decoder,
+	encoder func(context.Context, http.ResponseWriter) goahttp.Encoder,
+	errhandler func(context.Context, http.ResponseWriter, error),
+	formatter func(err error) goahttp.Statuser,
+) http.Handler {
+	var (
+		decodeRequest  = DecodeSigninRequest(mux, decoder)
+		encodeResponse = EncodeSigninResponse(encoder)
+		encodeError    = EncodeSigninError(encoder, formatter)
+	)
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := context.WithValue(r.Context(), goahttp.AcceptTypeKey, r.Header.Get("Accept"))
+		ctx = context.WithValue(ctx, goa.MethodKey, "signin")
+		ctx = context.WithValue(ctx, goa.ServiceKey, "Service1")
+		payload, err := decodeRequest(r)
+		if err != nil {
+			if err := encodeError(ctx, w, err); err != nil {
+				errhandler(ctx, w, err)
+			}
+			return
+		}
+		res, err := endpoint(ctx, payload)
+		if err != nil {
+			if err := encodeError(ctx, w, err); err != nil {
+				errhandler(ctx, w, err)
+			}
+			return
+		}
+		if err := encodeResponse(ctx, w, res); err != nil {
+			errhandler(ctx, w, err)
+		}
+	})
+}
+
+// MountSecureHandler configures the mux to serve the "Service1" service
+// "secure" endpoint.
+func MountSecureHandler(mux goahttp.Muxer, h http.Handler) {
+	f, ok := h.(http.HandlerFunc)
+	if !ok {
+		f = func(w http.ResponseWriter, r *http.Request) {
+			h.ServeHTTP(w, r)
+		}
+	}
+	mux.Handle("GET", "/secure", f)
+}
+
+// NewSecureHandler creates a HTTP handler which loads the HTTP request and
+// calls the "Service1" service "secure" endpoint.
+func NewSecureHandler(
+	endpoint goa.Endpoint,
+	mux goahttp.Muxer,
+	decoder func(*http.Request) goahttp.Decoder,
+	encoder func(context.Context, http.ResponseWriter) goahttp.Encoder,
+	errhandler func(context.Context, http.ResponseWriter, error),
+	formatter func(err error) goahttp.Statuser,
+) http.Handler {
+	var (
+		decodeRequest  = DecodeSecureRequest(mux, decoder)
+		encodeResponse = EncodeSecureResponse(encoder)
+		encodeError    = EncodeSecureError(encoder, formatter)
+	)
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := context.WithValue(r.Context(), goahttp.AcceptTypeKey, r.Header.Get("Accept"))
+		ctx = context.WithValue(ctx, goa.MethodKey, "secure")
+		ctx = context.WithValue(ctx, goa.ServiceKey, "Service1")
+		payload, err := decodeRequest(r)
+		if err != nil {
+			if err := encodeError(ctx, w, err); err != nil {
+				errhandler(ctx, w, err)
+			}
+			return
+		}
+		res, err := endpoint(ctx, payload)
+		if err != nil {
+			if err := encodeError(ctx, w, err); err != nil {
+				errhandler(ctx, w, err)
+			}
+			return
+		}
+		if err := encodeResponse(ctx, w, res); err != nil {
+			errhandler(ctx, w, err)
+		}
+	})
+}

go/goa_example/gen/http/service1/server/types.go

@@ -0,0 +1,58 @@
+// Code generated by goa v3.6.0, DO NOT EDIT.
+//
+// Service1 HTTP server types
+//
+// Command:
+// $ goa gen goa_example/design
+
+package server
+
+import (
+	service1 "goa_example/gen/service1"
+)
+
+// SecureRequestBody is the type of the "Service1" service "secure" endpoint
+// HTTP request body.
+type SecureRequestBody struct {
+	// Whether to force auth failure even with a valid JWT
+	Fail *bool `form:"fail,omitempty" json:"fail,omitempty" xml:"fail,omitempty"`
+}
+
+// SigninOKResponseBody is the type of the "Service1" service "signin" endpoint
+// HTTP response body.
+type SigninOKResponseBody struct {
+	// JWT token
+	JWT string `form:"jwt" json:"jwt" xml:"jwt"`
+	// API Key
+	APIKey string `form:"api_key" json:"api_key" xml:"api_key"`
+	// OAuth2 token
+	OauthToken string `form:"oauth_token" json:"oauth_token" xml:"oauth_token"`
+}
+
+// NewSigninOKResponseBody builds the HTTP response body from the result of the
+// "signin" endpoint of the "Service1" service.
+func NewSigninOKResponseBody(res *service1.Creds) *SigninOKResponseBody {
+	body := &SigninOKResponseBody{
+		JWT:        res.JWT,
+		APIKey:     res.APIKey,
+		OauthToken: res.OauthToken,
+	}
+	return body
+}
+
+// NewSigninPayload builds a Service1 service signin endpoint payload.
+func NewSigninPayload() *service1.SigninPayload {
+	v := &service1.SigninPayload{}
+
+	return v
+}
+
+// NewSecurePayload builds a Service1 service secure endpoint payload.
+func NewSecurePayload(body *SecureRequestBody, token string) *service1.SecurePayload {
+	v := &service1.SecurePayload{
+		Fail: body.Fail,
+	}
+	v.Token = token
+
+	return v
+}