spikard 0.8.3 → 0.10.2

data/vendor/crates/spikard-core/src/schema_registry.rs

@@ -179,16 +179,15 @@ mod tests {
             }
         });
 
-        let handles: Vec<_> = (0..10)
+        let validators: Vec<_> = (0..10)
             .map(|_| {
                 let registry = StdArc::clone(&registry);
                 let schema = schema.clone();
                 thread::spawn(move || registry.get_or_compile(&schema).unwrap())
             })
+            .map(|h| h.join().unwrap())
             .collect();
 
-        let validators: Vec<_> = handles.into_iter().map(|h| h.join().unwrap()).collect();
-
         for i in 1..validators.len() {
             assert!(Arc::ptr_eq(&validators[0], &validators[i]));
         }

data/vendor/crates/spikard-core/src/type_hints.rs

@@ -206,7 +206,7 @@ pub fn auto_generate_parameter_schema(route_path: &str) -> Option<Value> {
 ///     "required": ["count"]
 /// });
 ///
-/// let merged = merge_parameter_schemas(auto_schema, explicit_schema);
+/// let merged = merge_parameter_schemas(&auto_schema, &explicit_schema);
 /// // Result: auto-generated id + explicit count with constraints
 /// ```
 #[must_use]
@@ -235,6 +235,7 @@ pub fn merge_parameter_schemas(auto_schema: &Value, explicit_schema: &Value) ->
     result
 }
 
+#[allow(clippy::literal_string_with_formatting_args)]
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -302,7 +303,7 @@ mod tests {
             "required": ["count"]
         });
 
-        let merged = merge_parameter_schemas(auto_schema, explicit_schema);
+        let merged = merge_parameter_schemas(&auto_schema, &explicit_schema);
         assert!(merged["properties"]["id"].is_object());
         assert!(merged["properties"]["count"].is_object());
         assert_eq!(merged["properties"]["count"]["minimum"], 1);

data/vendor/crates/spikard-core/src/validation/error_mapper.rs

@@ -675,7 +675,7 @@ mod tests {
         let condition = ErrorCondition::EmailFormat;
         let (error_type, msg, ctx) = ErrorMapper::map_error(&condition, &schema, "", "");
         assert_eq!(error_type, "string_pattern_mismatch");
-        assert!(msg.contains("@"));
+        assert!(msg.contains('@'));
         assert!(ctx.is_some());
     }
 

data/vendor/crates/spikard-core/src/validation/mod.rs

@@ -460,7 +460,7 @@ mod tests {
         });
 
         let result = validator.validate(&data);
-        eprintln!("Validation result: {:?}", result);
+        eprintln!("Validation result: {result:?}");
 
         assert!(result.is_err(), "Should have validation errors");
         let err = result.unwrap_err();

data/vendor/crates/spikard-core/tests/di_dependency_defaults.rs

@@ -20,7 +20,7 @@ impl Dependency for DummyDependency {
         Box::pin(async move { Ok(Arc::new(()) as Arc<dyn Any + Send + Sync>) })
     }
 
-    fn key(&self) -> &str {
+    fn key(&self) -> &'static str {
         "dummy"
     }
 

data/vendor/crates/spikard-core/tests/error_mapper.rs

@@ -466,7 +466,7 @@ fn test_error_context_includes_constraints() {
     let err = result.unwrap_err();
     assert!(err.errors[0].ctx.is_some());
     let ctx = err.errors[0].ctx.as_ref().unwrap();
-    assert_eq!(ctx.get("min_length").and_then(|v| v.as_u64()), Some(5));
+    assert_eq!(ctx.get("min_length").and_then(serde_json::Value::as_u64), Some(5));
 }
 
 #[test]
@@ -631,7 +631,7 @@ fn test_error_messages_are_user_friendly() {
     let msg = &err.errors[0].msg;
     assert!(msg.contains("18") || msg.contains("minimum"));
     assert!(!msg.contains("exclusiveMinimum"));
-    assert!(!msg.contains("$"));
+    assert!(!msg.contains('$'));
 }
 
 #[test]

data/vendor/crates/spikard-core/tests/parameters_edge_cases.rs

@@ -39,7 +39,7 @@ fn test_query_boolean_empty_string_coerces_to_false() {
     let validator = ParameterValidator::new(schema).expect("validator");
 
     let mut raw_query_params = HashMap::new();
-    raw_query_params.insert("flag".to_string(), vec!["".to_string()]);
+    raw_query_params.insert("flag".to_string(), vec![String::new()]);
 
     let extracted = validator.validate_and_extract(
         &json!({}),

data/vendor/crates/spikard-core/tests/parameters_full.rs

@@ -1,7 +1,7 @@
 //! Comprehensive parameter validation tests
 //!
 //! These tests cover header, cookie, and query parameter validation scenarios
-//! using the ParameterValidator from spikard-core.
+//! using the `ParameterValidator` from spikard-core.
 
 use serde_json::json;
 use spikard_core::parameters::ParameterValidator;

data/vendor/crates/spikard-core/tests/parameters_schema_and_formats.rs

@@ -203,7 +203,7 @@ fn boolean_empty_string_is_coerced_to_false() {
 
     let validator = ParameterValidator::new(schema).expect("validator");
     let mut raw_query = HashMap::new();
-    raw_query.insert("flag".to_string(), vec!["".to_string()]);
+    raw_query.insert("flag".to_string(), vec![String::new()]);
 
     let extracted = validator
         .validate_and_extract(

data/vendor/crates/spikard-core/tests/validation_coverage.rs

@@ -32,10 +32,10 @@ fn validator_preprocesses_binary_file_objects_recursively() {
     });
 
     let data = json!({
-        "file": file_object.clone(),
-        "files": [file_object.clone()],
+        "file": &file_object,
+        "files": [&file_object],
         "nested": {
-            "inner": file_object,
+            "inner": &file_object,
             "other": 1
         }
     });
@@ -242,7 +242,7 @@ fn error_mapper_uses_schema_constraints_when_present() {
 
     let (ty, _msg, ctx) = ErrorMapper::map_error(&ErrorCondition::EmailFormat, &schema, "/properties/value", "generic");
     assert_eq!(ty, "string_pattern_mismatch");
-    assert!(ctx.as_ref().unwrap()["pattern"].as_str().unwrap().contains("@"));
+    assert!(ctx.as_ref().unwrap()["pattern"].as_str().unwrap().contains('@'));
 
     let (ty, _msg, ctx) = ErrorMapper::map_error(&ErrorCondition::UuidFormat, &schema, "/properties/value", "generic");
     assert_eq!(ty, "uuid_parsing");

data/vendor/crates/spikard-http/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "spikard-http"
-version = "0.8.3"
+version = "0.10.2"
 edition = "2024"
 authors = ["Na'aman Hirschfeld <nhirschfeld@gmail.com>"]
 license = "MIT"
@@ -16,6 +16,7 @@ readme = "README.md"
 axum = { version = "0.8", features = ["multipart", "ws"] }
 tokio = { version = "1", features = ["full"] }
 tokio-util = "0.7"
+tokio-stream = "0.1"
 tower = "0.5"
 tower-http = { version = "0.6.8", features = ["fs", "trace", "compression-gzip", "compression-br", "compression-deflate", "cors", "request-id", "limit", "timeout", "set-header", "sensitive-headers"] }
 tower_governor = "0.8"
@@ -40,7 +41,8 @@ urlencoding = "2.1"
 url = "2.5"
 mime = "0.3"
 jiff = "0.2"
-uuid = "1.19"
+uuid = "1.20"
+ahash = "0.8"
 bytes = "1.11"
 http-body-util = "0.1"
 http-body = "1.0"

data/vendor/crates/spikard-http/src/cors.rs

@@ -56,15 +56,16 @@ fn is_method_allowed(method: &str, allowed_methods: &[String]) -> bool {
 ///
 /// # Returns
 /// `true` if all requested headers are allowed, `false` if any header is not allowed
-fn are_headers_allowed(requested: &[&str], allowed: &[String]) -> bool {
+fn are_headers_allowed(requested: impl IntoIterator<Item = impl AsRef<str>>, allowed: &[String]) -> bool {
     if allowed.iter().any(|h| h == "*") {
         return true;
     }
 
-    requested.iter().all(|req_header| {
+    requested.into_iter().all(|req_header| {
+        let req_str = req_header.as_ref();
         allowed
             .iter()
-            .any(|allowed_header| allowed_header.eq_ignore_ascii_case(req_header))
+            .any(|allowed_header| allowed_header.eq_ignore_ascii_case(req_str))
     })
 }
 
@@ -133,9 +134,8 @@ pub fn handle_preflight(headers: &HeaderMap, cors_config: &CorsConfig) -> Result
         .and_then(|v| v.to_str().ok());
 
     if let Some(req_headers) = requested_headers_str {
-        let requested_headers: Vec<&str> = req_headers.split(',').map(|h| h.trim()).collect();
-
-        if !are_headers_allowed(&requested_headers, &cors_config.allowed_headers) {
+        // Pass iterator directly without collecting into Vec
+        if !are_headers_allowed(req_headers.split(',').map(|h| h.trim()), &cors_config.allowed_headers) {
             return Err(Box::new((StatusCode::FORBIDDEN).into_response()));
         }
     }
@@ -162,16 +162,16 @@ pub fn handle_preflight(headers: &HeaderMap, cors_config: &CorsConfig) -> Result
         HeaderValue::from_str(origin).unwrap_or_else(|_| HeaderValue::from_static("*")),
     );
 
-    let methods = cors_config.allowed_methods.join(", ");
+    let methods = cors_config.allowed_methods_joined();
     headers_mut.insert(
         "access-control-allow-methods",
-        HeaderValue::from_str(&methods).unwrap_or_else(|_| HeaderValue::from_static("*")),
+        HeaderValue::from_str(methods).unwrap_or_else(|_| HeaderValue::from_static("*")),
     );
 
-    let allowed_headers = cors_config.allowed_headers.join(", ");
+    let allowed_headers = cors_config.allowed_headers_joined();
     headers_mut.insert(
         "access-control-allow-headers",
-        HeaderValue::from_str(&allowed_headers).unwrap_or_else(|_| HeaderValue::from_static("*")),
+        HeaderValue::from_str(allowed_headers).unwrap_or_else(|_| HeaderValue::from_static("*")),
     );
 
     if let Some(max_age) = cors_config.max_age
@@ -291,6 +291,7 @@ mod tests {
             expose_headers: Some(vec!["x-custom-header".to_string()]),
             max_age: Some(3600),
             allow_credentials: Some(true),
+            ..Default::default()
         }
     }
 
@@ -500,7 +501,8 @@ mod tests {
             allowed_headers: vec![],
             expose_headers: None,
             max_age: None,
-            allow_credentials: Some(true), // SECURITY BUG: This should not be allowed with wildcard
+            allow_credentials: Some(true), // SECURITY BUG: This should not be allowed with wildcard,
+            ..Default::default()
         };
 
         let mut headers = HeaderMap::new();
@@ -538,6 +540,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         assert!(!is_origin_allowed("https://api.example.com", &config.allowed_origins));
@@ -561,6 +564,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         assert!(!is_origin_allowed("http://localhost:3001", &config.allowed_origins));
@@ -581,6 +585,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         assert!(!is_origin_allowed("http://example.com", &config.allowed_origins));
@@ -601,6 +606,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         assert!(!is_origin_allowed("https://example.com", &config.allowed_origins));
@@ -620,6 +626,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         assert!(!is_origin_allowed("https://example.com/", &config.allowed_origins));
@@ -640,6 +647,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         // SECURITY NOTE: "null" origin is allowed by wildcard in current implementation
@@ -652,6 +660,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
         assert!(is_origin_allowed("null", &with_explicit_null.allowed_origins));
     }
@@ -666,6 +675,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
         assert!(!is_origin_allowed("", &config_with_wildcard.allowed_origins));
 
@@ -676,6 +686,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
         assert!(!is_origin_allowed("", &config_with_explicit.allowed_origins));
     }
@@ -705,6 +716,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         assert!(is_origin_allowed("https://trusted1.com", &config.allowed_origins));
@@ -728,6 +740,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         assert!(is_origin_allowed("https://example.com", &config.allowed_origins));
@@ -747,6 +760,7 @@ mod tests {
             expose_headers: None,
             max_age: Some(3600),
             allow_credentials: Some(false),
+            ..Default::default()
         };
 
         let mut headers = HeaderMap::new();
@@ -798,6 +812,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         let test_cases = vec![
@@ -836,6 +851,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         let test_cases = vec![
@@ -883,6 +899,7 @@ mod tests {
             expose_headers: Some(vec!["x-custom".to_string()]),
             max_age: None,
             allow_credentials: Some(true),
+            ..Default::default()
         };
 
         let mut response = Response::new(Body::empty());
@@ -908,6 +925,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         let mut headers = HeaderMap::new();
@@ -943,6 +961,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         let test_cases = vec!["GET", "get", "Get", "POST", "post"];
@@ -971,6 +990,7 @@ mod tests {
             expose_headers: None,
             max_age: Some(7200),
             allow_credentials: None,
+            ..Default::default()
         };
 
         let mut headers = HeaderMap::new();
@@ -995,6 +1015,7 @@ mod tests {
             expose_headers: None,
             max_age: None,
             allow_credentials: None,
+            ..Default::default()
         };
 
         assert!(!is_origin_allowed("https://api.example.com", &config.allowed_origins));

data/vendor/crates/spikard-http/src/di_handler.rs

@@ -153,10 +153,14 @@ impl Handler for DependencyInjectingHandler {
 
             let core_request_data = spikard_core::RequestData {
                 path_params: Arc::clone(&request_data.path_params),
-                query_params: request_data.query_params.clone(),
-                validated_params: request_data.validated_params.clone(),
+                query_params: Arc::try_unwrap(Arc::clone(&request_data.query_params))
+                    .unwrap_or_else(|arc| (*arc).clone()),
+                validated_params: request_data
+                    .validated_params
+                    .as_ref()
+                    .map(|arc| Arc::try_unwrap(Arc::clone(arc)).unwrap_or_else(|a| (*a).clone())),
                 raw_query_params: Arc::clone(&request_data.raw_query_params),
-                body: request_data.body.clone(),
+                body: Arc::try_unwrap(Arc::clone(&request_data.body)).unwrap_or_else(|arc| (*arc).clone()),
                 raw_body: request_data.raw_body.clone(),
                 headers: Arc::clone(&request_data.headers),
                 cookies: Arc::clone(&request_data.cookies),
@@ -346,10 +350,10 @@ mod tests {
     fn create_request_data() -> RequestData {
         RequestData {
             path_params: Arc::new(HashMap::new()),
-            query_params: serde_json::Value::Null,
+            query_params: Arc::new(serde_json::Value::Null),
             validated_params: None,
             raw_query_params: Arc::new(HashMap::new()),
-            body: serde_json::Value::Null,
+            body: Arc::new(serde_json::Value::Null),
             raw_body: None,
             headers: Arc::new(HashMap::new()),
             cookies: Arc::new(HashMap::new()),
@@ -1163,7 +1167,7 @@ mod tests {
             .unwrap();
         let mut request_data = create_request_data();
         request_data.method = "POST".to_string();
-        request_data.body = serde_json::json!({"key": "value"});
+        request_data.body = Arc::new(serde_json::json!({"key": "value"}));
 
         let result = di_handler.call(request, request_data).await;
 
@@ -1602,10 +1606,10 @@ mod tests {
 
         let request_data = RequestData {
             path_params: Arc::new(path_params.clone()),
-            query_params: serde_json::json!({"filter": "active", "sort": "name"}),
+            query_params: Arc::new(serde_json::json!({"filter": "active", "sort": "name"})),
             validated_params: None,
             raw_query_params: Arc::new(raw_query_params.clone()),
-            body: serde_json::json!({"name": "John", "email": "john@example.com"}),
+            body: Arc::new(serde_json::json!({"name": "John", "email": "john@example.com"})),
             raw_body: Some(bytes::Bytes::from(r#"{"name":"John","email":"john@example.com"}"#)),
             headers: Arc::new(headers.clone()),
             cookies: Arc::new(cookies.clone()),