@mimik/api-helper 1.1.4 → 2.0.1

package/README.md

@@ -1,29 +1,53 @@
-## Functions
-
-<dl>
-<dt><a href="#apiSetup">apiSetup(setup, registeredOperations, securityHandlers, extraFormats, config, correlationId)</a> ⇒ <code>Promise</code></dt>
-<dd><p>Setup the API to be use for a service</p>
-</dd>
-<dt><a href="#getAPIFile">getAPIFile(apiFilename, correlationId, options)</a> ⇒ <code>Promise</code></dt>
-<dd><p>Gets the API file from swaggerhub and store it in the give PATH location.</p>
-</dd>
-<dt><a href="#setupServerFiles">setupServerFiles(apiFilename, controllersDirectory, buidDirectory, correlationId, options)</a> ⇒ <code>Promise</code></dt>
-<dd><p>Setup and validates files for the server</p>
-</dd>
-<dt><a href="#validateSecuritySchemes">validateSecuritySchemes(apiDefinition, correlationId)</a> ⇒</dt>
-<dd><p>Validates the known SecuritySchemes: <code>SystemSecurity</code>, <code>AdminSecurity</code>, <code>UserSecurity</code>, <code>PeerSecurity</code>, <code>ApiKeySecurity</code>.</p>
-</dd>
-<dt><a href="#extractProperties">extractProperties(apiDefinition, controllersDirectory, buidDirectory, correlationId)</a> ⇒</dt>
-<dd><p>Extracts the properties from API definiton and creates a file binding the handler with the controller operations.</p>
-</dd>
-</dl>
-
-<a name="apiSetup"></a>
-
-## apiSetup(setup, registeredOperations, securityHandlers, extraFormats, config, correlationId) ⇒ <code>Promise</code>
+<a name="module_api-helper"></a>
+
+## api-helper
+**Example**  
+```js
+import apiHelper from '@mimik/api-helper';
+or
+import { apiSetup, securityLib, getAPIFile, validateSecuritySchemes, extractProperties, setupServerFiles } from '@mimik/api-helper';
+```
+
+* [api-helper](#module_api-helper)
+    * _async_
+        * [~securityLib(config)](#module_api-helper..securityLib)
+        * [~apiSetup(setup, registeredOperations, securityHandlers, extraFormats, config, correlationId)](#module_api-helper..apiSetup) ⇒ <code>Promise</code>
+        * [~getAPIFile(apiFilename, correlationId, options)](#module_api-helper..getAPIFile) ⇒ <code>Promise</code>
+        * [~setupServerFiles(apiFilename, controllersDirectory, buidDirectory, correlationId, options)](#module_api-helper..setupServerFiles) ⇒ <code>Promise</code>
+    * _sync_
+        * [~validateSecuritySchemes(apiDefinition, correlationId)](#module_api-helper..validateSecuritySchemes) ⇒
+        * [~extractProperties(apiDefinition, controllersDirectory, buidDirectory, correlationId)](#module_api-helper..extractProperties) ⇒
+
+<a name="module_api-helper..securityLib"></a>
+
+### api-helper~securityLib(config)
+Implement the security flows for the API.
+
+**Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
+**Category**: async  
+**Throws**:
+
+- <code>Promise</code> An error is thrown if the initiatilization failed.
+
+This function is used to setup the following security handlers for the API:
+- `SystemSecurity` - used for the system operations, like /system, /onbehalf
+- `AdminSecurity` - used for the admin operations, like /admin,
+- `UserSecurity` - used for the user operations, like /user,
+- `ApiKeySecurity` - used for the API key operations, like /apikey,
+The security handlers are used to validate the tokens and scopes for the API operations.
+
+**Requires**: <code>module:@mimik/swagger-helper</code>, <code>module:jsonwebtoken</code>, <code>module:lodash</code>  
+
+| Param | Type | Description |
+| --- | --- | --- |
+| config | <code>object</code> | Configuration of the service. &fulfil {object} The API file itself. |
+
+<a name="module_api-helper..apiSetup"></a>
+
+### api-helper~apiSetup(setup, registeredOperations, securityHandlers, extraFormats, config, correlationId) ⇒ <code>Promise</code>
 Setup the API to be use for a service
 
-**Kind**: global function  
+**Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Returns**: <code>Promise</code> - .
 &fulfil {object} The API file itself.  
 **Category**: async  
@@ -53,12 +77,12 @@ The default formats for validation are: `date`, `time`, `date-time`, `byte`, `uu
 | config | <code>object</code> | Configuration of the service. |
 | correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activites. |
 
-<a name="getAPIFile"></a>
+<a name="module_api-helper..getAPIFile"></a>
 
-## getAPIFile(apiFilename, correlationId, options) ⇒ <code>Promise</code>
+### api-helper~getAPIFile(apiFilename, correlationId, options) ⇒ <code>Promise</code>
 Gets the API file from swaggerhub and store it in the give PATH location.
 
-**Kind**: global function  
+**Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Returns**: <code>Promise</code> - .
 &fulfil {object} The API file itself.  
 **Category**: async  
@@ -85,12 +109,12 @@ Gets the API file from swaggerhub and store it in the give PATH location.
 | correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activites. |
 | options | <code>object</code> | Options associated with the call. Use to pass `metrics` to `rpRetry` and `apiInfo` to access the api file in the api provider. |
 
-<a name="setupServerFiles"></a>
+<a name="module_api-helper..setupServerFiles"></a>
 
-## setupServerFiles(apiFilename, controllersDirectory, buidDirectory, correlationId, options) ⇒ <code>Promise</code>
+### api-helper~setupServerFiles(apiFilename, controllersDirectory, buidDirectory, correlationId, options) ⇒ <code>Promise</code>
 Setup and validates files for the server
 
-**Kind**: global function  
+**Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Returns**: <code>Promise</code> - .
 &fulfil {object} The API file, the API filename, the existing known security schemes and the defined security schemes.  
 **Category**: async  
@@ -104,16 +128,16 @@ Setup and validates files for the server
 | --- | --- | --- |
 | apiFilename | <code>PATH.&lt;string&gt;</code> | Name of the file where the API file will be stored. |
 | controllersDirectory | <code>PATH.&lt;string&gt;</code> | Directory to find the controller files. |
-| buidDirectory | <code>PATH.&lt;string&gt;</code> | = Directory where the register file will be stored. |
+| buidDirectory | <code>PATH.&lt;string&gt;</code> | Directory where the register file will be stored. |
 | correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activites. |
 | options | <code>object</code> | Options associated with the call. Use to pass `metrics` to `rpRetry` and `apiKey`` to access private API. |
 
-<a name="validateSecuritySchemes"></a>
+<a name="module_api-helper..validateSecuritySchemes"></a>
 
-## validateSecuritySchemes(apiDefinition, correlationId) ⇒
+### api-helper~validateSecuritySchemes(apiDefinition, correlationId) ⇒
 Validates the known SecuritySchemes: `SystemSecurity`, `AdminSecurity`, `UserSecurity`, `PeerSecurity`, `ApiKeySecurity`.
 
-**Kind**: global function  
+**Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Returns**: An array of the known securitySchemes that are in the API definition.  
 **Category**: sync  
 **Throws**:
@@ -127,12 +151,12 @@ Validates the known SecuritySchemes: `SystemSecurity`, `AdminSecurity`, `UserSec
 | apiDefinition | <code>object</code> | JSON object containing the API definition. |
 | correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activites. |
 
-<a name="extractProperties"></a>
+<a name="module_api-helper..extractProperties"></a>
 
-## extractProperties(apiDefinition, controllersDirectory, buidDirectory, correlationId) ⇒
+### api-helper~extractProperties(apiDefinition, controllersDirectory, buidDirectory, correlationId) ⇒
 Extracts the properties from API definiton and creates a file binding the handler with the controller operations.
 
-**Kind**: global function  
+**Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Returns**: null  
 **Category**: sync  
 **Throws**:
@@ -145,6 +169,6 @@ Extracts the properties from API definiton and creates a file binding the handle
 | --- | --- | --- |
 | apiDefinition | <code>object</code> | JSON object containing the API definition. |
 | controllersDirectory | <code>PATH.&lt;string&gt;</code> | Directory to find the controller files. |
-| buidDirectory | <code>PATH.&lt;string&gt;</code> | = Directory where the register file will be stored. |
+| buidDirectory | <code>PATH.&lt;string&gt;</code> | Directory where the register file will be stored. |
 | correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activites. |
 

package/eslint.config.js

@@ -0,0 +1,63 @@
+import importPlugin from 'eslint-plugin-import';
+import js from '@eslint/js';
+import processDoc from '@mimik/eslint-plugin-document-env';
+import stylistic from '@stylistic/eslint-plugin';
+
+const MAX_LENGTH_LINE = 180;
+const MAX_FUNCTION_PARAMETERS = 6;
+const MAX_LINES_IN_FILES = 600;
+const MAX_LINES_IN_FUNCTION = 150;
+const MAX_STATEMENTS_IN_FUNCTION = 45;
+const MIN_KEYS_IN_OBJECT = 10;
+const MAX_COMPLEXITY = 30;
+
+export default [
+  {
+    ignores: ['mochawesome-report/**', 'node_modules/**', 'dist/**'],
+  },
+  importPlugin.flatConfigs.recommended,
+  stylistic.configs.recommended,
+  js.configs.all,
+  {
+    plugins: {
+      processDoc,
+    },
+    languageOptions: {
+      ecmaVersion: 2022,
+      globals: {
+        console: 'readonly',
+        describe: 'readonly',
+        it: 'readonly',
+        require: 'readonly',
+      },
+      sourceType: 'module',
+    },
+    rules: {
+      '@stylistic/brace-style': ['warn', 'stroustrup', { allowSingleLine: true }],
+      '@stylistic/line-comment-position': ['off'],
+      '@stylistic/semi': ['error', 'always'],
+      'capitalized-comments': ['off'],
+      'complexity': ['error', MAX_COMPLEXITY],
+      'curly': ['off'],
+      'id-length': ['error', { exceptions: ['x', 'y', 'z', 'i', 'j', 'k'] }],
+      'import/no-extraneous-dependencies': ['error', { devDependencies: true }],
+      'import/no-unresolved': ['error', { amd: true, caseSensitiveStrict: true, commonjs: true }],
+      'init-declarations': ['off'],
+      'linebreak-style': ['off'],
+      'max-len': ['warn', MAX_LENGTH_LINE, { ignoreComments: true }],
+      'max-lines': ['warn', { max: MAX_LINES_IN_FILES, skipComments: true }],
+      'max-lines-per-function': ['warn', { max: MAX_LINES_IN_FUNCTION, skipComments: true }],
+      'max-params': ['error', MAX_FUNCTION_PARAMETERS],
+      'max-statements': ['warn', MAX_STATEMENTS_IN_FUNCTION],
+      'no-confusing-arrow': ['off'], // arrow isnt confusing
+      'no-inline-comments': ['off'],
+      'no-process-env': ['error'],
+      'no-ternary': ['off'],
+      'no-undefined': ['off'],
+      'one-var': ['error', 'never'],
+      'processDoc/validate-document-env': ['error'],
+      'quotes': ['warn', 'single'],
+      'sort-keys': ['error', 'asc', { caseSensitive: true, minKeys: MIN_KEYS_IN_OBJECT, natural: false }],
+    },
+  },
+];

package/index.js

@@ -1,47 +1,80 @@
-const { OpenAPIBackend } = require('openapi-backend');
-const fs = require('fs');
-const pathLib = require('path');
-const yaml = require('js-yaml');
-const compact = require('lodash.compact');
-const difference = require('lodash.difference');
-const SwaggerClient = require('swagger-client');
-const { Base64 } = require('js-base64');
-
-const logger = require('@mimik/sumologic-winston-logger');
-const { getRichError } = require('@mimik/response-helper');
-const { rpRetry } = require('@mimik/request-retry');
-
-const { saveProperties } = require('./lib/extract-helper');
-const { validateOauth2, validateApiKey } = require('./lib/oauthValidation-helper');
-const { ajvFormats } = require('./lib/ajvHelpers');
-const securityLib = require('./lib/securityHandlers');
-const baseHandlers = require('./lib/baseHandlers');
-const {
-  LOCAL,
-  SET_ON,
-  SECURITY_ON,
-  SECURITY_OFF,
-  X_ROUTER_CONTROLLER,
-  EXTENSION,
+import {
   ADMIN_SECURITY,
-  SYSTEM_SECURITY,
-  PEER_SECURITY,
-  USER_SECURITY,
   API_KEY_SECURITY,
+  API_PROVIDER_BITBUCKET,
+  API_PROVIDER_SWAGGERHUB,
+  API_SOURCE,
+  BITBUCKET,
   CLIENT_CREDENTIALS,
+  DEFAULT_BITBUCKET_PASSWORD,
+  DEFAULT_BITBUCKET_USERNAME,
+  EXTENSION,
+  EXTENSION_YML,
   IMPLICIT,
+  LOCAL,
+  PEER_SECURITY,
   POSTFIX,
-  API_PROVIDER_SWAGGERHUB,
-  API_PROVIDER_BITBUCKET,
   RESOLVED,
-  API_SOURCE,
+  SECURITY_OFF,
+  SECURITY_ON,
+  SET_ON,
   SWAGGER,
-  BITBUCKET,
   SWAGGERHUB,
-  EXTENSION_YML,
-  DEFAULT_BITBUCKET_USERNAME,
-  DEFAULT_BITBUCKET_PASSWORD,
-} = require('./lib/common');
+  SYSTEM_SECURITY,
+  USER_SECURITY,
+  X_ROUTER_CONTROLLER,
+} from './lib/common.js';
+import { validateApiKey, validateOauth2 } from './lib/oauthValidation-helper.js';
+import { Base64 } from 'js-base64';
+import OpenAPIBackend from 'openapi-backend';
+import SwaggerClient from 'swagger-client';
+import { ajvFormats } from './lib/ajvHelpers.js';
+import baseHandlers from './lib/baseHandlers.js';
+import compact from 'lodash.compact';
+import difference from 'lodash.difference';
+import fs from 'fs';
+import { getRichError } from '@mimik/response-helper';
+import { load } from 'js-yaml';
+import logger from '@mimik/sumologic-winston-logger';
+import pathLib from 'path';
+import { rpRetry } from '@mimik/request-retry';
+import { saveProperties } from './lib/extract-helper.js';
+import { securityLib } from './lib/securityHandlers.js';
+/**
+ * @module api-helper
+ * @example
+ * import apiHelper from '@mimik/api-helper';
+ * or
+ * import { apiSetup, securityLib, getAPIFile, validateSecuritySchemes, extractProperties, setupServerFiles } from '@mimik/api-helper';
+ */
+const EMPTY = 0;
+const TAB = 2;
+const FULL_NAME_LENGTH = 4;
+const CUSTOMER_INDEX = 0;
+const API_NAME_INDEX = 1;
+const API_VERSION_INDEX = 2;
+const POSTFIX_INDEX = 3;
+/**
+ *
+ * Implement the security flows for the API.
+ *
+ * @function securityLib
+ * @category async
+ * @requires @mimik/swagger-helper
+ * @requires jsonwebtoken
+ * @requires lodash
+ * @param {object} config - Configuration of the service.
+ * &fulfil {object} The API file itself.
+ * @throws {Promise} An error is thrown if the initiatilization failed.
+ *
+ * This function is used to setup the following security handlers for the API:
+ * - `SystemSecurity` - used for the system operations, like /system, /onbehalf
+ * - `AdminSecurity` - used for the admin operations, like /admin,
+ * - `UserSecurity` - used for the user operations, like /user,
+ * - `ApiKeySecurity` - used for the API key operations, like /apikey,
+ * The security handlers are used to validate the tokens and scopes for the API operations.
+ */
+export { securityLib };
 
 /**
  *
@@ -77,7 +110,7 @@ const {
  *
  * The default formats for validation are: `date`, `time`, `date-time`, `byte`, `uuid`, `uri`, `email`, `ipv4`, `ipv6`, `semver`, `ip`.
  */
-const apiSetup = (setup, registeredOperations, securityHandlers, extraFormats, config, correlationId) => {
+export const apiSetup = (setup, registeredOperations, securityHandlers, extraFormats, config, correlationId) => {
   const { apiFilename, existingSecuritySchemes, definedSecuritySchemes } = setup;
   const {
     SystemSecurity,
@@ -125,7 +158,7 @@ const apiSetup = (setup, registeredOperations, securityHandlers, extraFormats, c
     const securityHandlerNames = Object.keys(securityHandlers);
     const unusedSecuritySchemes = difference(securityHandlerNames, definedSecuritySchemes);
 
-    if (unusedSecuritySchemes.length !== 0) throw getRichError('System', 'unused handlers for security schemes', { unusedSecuritySchemes });
+    if (unusedSecuritySchemes.length !== EMPTY) throw getRichError('System', 'unused handlers for security schemes', { unusedSecuritySchemes });
 
     remainingSecurities.forEach((securityScheme) => {
       if (!securityHandlerNames.includes(securityScheme) && !securityHandlers[securityScheme].notEnabled) {
@@ -138,7 +171,7 @@ const apiSetup = (setup, registeredOperations, securityHandlers, extraFormats, c
       }
     });
   }
-  else if (remainingSecurities.length !== 0) throw getRichError('System', 'missing handlers for security schemes', { missingSecuritySchemes: remainingSecurities });
+  else if (remainingSecurities.length !== EMPTY) throw getRichError('System', 'missing handlers for security schemes', { missingSecuritySchemes: remainingSecurities });
   api.init()
     .catch((err) => {
       throw getRichError('System', 'could not initialize the api', { api }, err);
@@ -176,8 +209,8 @@ const apiSetup = (setup, registeredOperations, securityHandlers, extraFormats, c
  *    "apiApiKey": "apiKey for access private API on swaggerhub, can be optional if the API is accessible publically"
  * }
  */
-const getAPIFile = (apiFilename, correlationId, options) => {
-  const swaggerOptions = (spec) => ({
+export const getAPIFile = (apiFilename, correlationId, options) => {
+  const swaggerOptions = spec => ({
     spec,
     allowMetaPatches: false,
     skipNormalization: true,
@@ -197,7 +230,9 @@ const getAPIFile = (apiFilename, correlationId, options) => {
     return Promise.reject(getRichError('System', 'file system error', { apiFilename }, err));
   }
   if (apiDefinition) {
-    try { apiDefinition = JSON.parse(apiDefinition); }
+    try {
+      apiDefinition = JSON.parse(apiDefinition);
+    }
     catch (err) {
       return Promise.reject(getRichError('System', 'wrong file format', { apiFilename }, err));
     }
@@ -206,11 +241,13 @@ const getAPIFile = (apiFilename, correlationId, options) => {
         throw getRichError('System', 'could not resolve apiDefiniton', { apiFilename }, err);
       })
       .then((apiDefinitionResult) => {
-        if (apiDefinitionResult.errors.length !== 0) {
+        if (apiDefinitionResult.errors.length !== EMPTY) {
           logger.error('errors while resolving definition', { errors: apiDefinitionResult.errors }, correlationId);
           throw getRichError('Parameter', 'errors while resolving definition', { apiFilename, errors: apiDefinitionResult.errors });
         }
-        try { fs.writeFileSync(apiFilename, JSON.stringify(apiDefinitionResult.spec, null, 2)); }
+        try {
+          fs.writeFileSync(apiFilename, JSON.stringify(apiDefinitionResult.spec, null, TAB));
+        }
         catch (err) {
           throw getRichError('System', 'file system error', { apiFilename }, err);
         }
@@ -228,13 +265,17 @@ const getAPIFile = (apiFilename, correlationId, options) => {
   let fileName;
   let apiDirectory;
 
-  try { fileName = pathLib.basename(apiFilename); }
+  try {
+    fileName = pathLib.basename(apiFilename);
+  }
   catch (err) { return Promise.reject(getRichError('System', 'file name error', { apiFilename }, err)); }
-  try { apiDirectory = pathLib.dirname(apiFilename); }
+  try {
+    apiDirectory = pathLib.dirname(apiFilename);
+  }
   catch (err) { return Promise.reject(getRichError('System', 'directory name error', { apiFilename }, err)); }
   const params = fileName.split('_');
 
-  if (params.length !== 4 || params[3] !== POSTFIX) {
+  if (params.length !== FULL_NAME_LENGTH || params[POSTFIX_INDEX] !== POSTFIX) {
     return Promise.reject(getRichError('System', 'wrong api name', { apiFilename }));
   }
   try {
@@ -257,7 +298,7 @@ const getAPIFile = (apiFilename, correlationId, options) => {
   try {
     switch (provider) {
       case SWAGGERHUB: {
-        opts.url = `${API_PROVIDER_SWAGGERHUB}/${params[0]}/${params[1]}/${params[2]}?${RESOLVED}`;
+        opts.url = `${API_PROVIDER_SWAGGERHUB}/${params[CUSTOMER_INDEX]}/${params[API_NAME_INDEX]}/${params[API_VERSION_INDEX]}?${RESOLVED}`;
         if (apiInfo.apiApiKey) opts.headers.Authorization = apiInfo.apiApiKey;
         break;
       }
@@ -268,11 +309,13 @@ const getAPIFile = (apiFilename, correlationId, options) => {
         if (apiInfo.apiBasicAuth.username === DEFAULT_BITBUCKET_USERNAME || apiInfo.apiBasicAuth.password === DEFAULT_BITBUCKET_PASSWORD) {
           throw getRichError('Parameter', 'missing username/password for accessing Bitbucket', { apiFilename });
         }
-        try { opts.headers.Authorization = `Basic ${Base64.encode(`${apiInfo.apiBasicAuth.username}:${apiInfo.apiBasicAuth.password}`)}`; }
+        try {
+          opts.headers.Authorization = `Basic ${Base64.encode(`${apiInfo.apiBasicAuth.username}:${apiInfo.apiBasicAuth.password}`)}`;
+        }
         catch (err) {
           throw getRichError('System', 'could not create basicAuth', { apiFilename }, err);
         }
-        opts.url = `${API_PROVIDER_BITBUCKET}/${params[0]}/${params[1]}${API_SOURCE}/${params[2]}/${SWAGGER}${EXTENSION_YML}`;
+        opts.url = `${API_PROVIDER_BITBUCKET}/${params[CUSTOMER_INDEX]}/${params[API_NAME_INDEX]}${API_SOURCE}/${params[API_VERSION_INDEX]}/${SWAGGER}${EXTENSION_YML}`;
         break;
       }
       default: {
@@ -299,7 +342,7 @@ const getAPIFile = (apiFilename, correlationId, options) => {
     .then((result) => {
       let resultJSON = result;
 
-      if (typeof result !== 'object') resultJSON = yaml.load(result);
+      if (typeof result !== 'object') resultJSON = load(result);
       return SwaggerClient.resolve(swaggerOptions(resultJSON));
     })
     .catch((err) => {
@@ -309,11 +352,13 @@ const getAPIFile = (apiFilename, correlationId, options) => {
       throw getRichError('System', 'could not resolve apiDefiniton', { apiFilename }, err);
     })
     .then((apiDefinitionResult) => {
-      if (apiDefinitionResult.errors.length !== 0) {
+      if (apiDefinitionResult.errors.length !== EMPTY) {
         logger.error('errors while resolving definition', { errors: apiDefinitionResult.errors }, correlationId);
         throw getRichError('Parameter', 'errors while resolving definition', { apiFilename, errors: apiDefinitionResult.errors });
       }
-      try { fs.writeFileSync(apiFilename, JSON.stringify(apiDefinitionResult.spec, null, 2)); }
+      try {
+        fs.writeFileSync(apiFilename, JSON.stringify(apiDefinitionResult.spec, null, TAB));
+      }
       catch (err) {
         throw getRichError('System', 'file system error', { apiFilename }, err);
       }
@@ -334,7 +379,7 @@ const getAPIFile = (apiFilename, correlationId, options) => {
  * @return An array of the known securitySchemes that are in the API definition.
  * @throws An error is thrown for the first validation fails.
  */
-const validateSecuritySchemes = (apiDefinition, correlationId) => {
+export const validateSecuritySchemes = (apiDefinition, correlationId) => {
   const existingSecuritySchemes = [];
 
   if (apiDefinition.components?.securitySchemes) {
@@ -361,17 +406,19 @@ const validateSecuritySchemes = (apiDefinition, correlationId) => {
  * @requires fs
  * @param {object} apiDefinition - JSON object containing the API definition.
  * @param {PATH.<string>} controllersDirectory - Directory to find the controller files.
- * @param {PATH.<string>} buidDirectory = Directory where the register file will be stored.
+ * @param {PATH.<string>} buidDirectory - Directory where the register file will be stored.
  * @param {UUID.<string>} correlationId - CorrelationId when logging activites.
  * @return null
  * @throws An error is thrown for many reasons, like operationId does not exist in controllers, controller dies not exist...
  */
-const extractProperties = (apiDefinition, controllersDirectory, buildDirectory, correlationId) => {
+export const extractProperties = (apiDefinition, controllersDirectory, buildDirectory, correlationId) => {
   const result = {};
   const { paths } = apiDefinition;
   let controllersDirectoryName;
 
-  try { controllersDirectoryName = pathLib.basename(controllersDirectory); }
+  try {
+    controllersDirectoryName = pathLib.basename(controllersDirectory);
+  }
   catch (err) {
     throw getRichError('System', 'directory name error', { controllersDirectory }, err);
   }
@@ -395,10 +442,7 @@ const extractProperties = (apiDefinition, controllersDirectory, buildDirectory,
         const operation = path[verb];
 
         if (operation.operationId) {
-          if (!operation[X_ROUTER_CONTROLLER]) {
-            throw getRichError('System', 'missing property', { property: X_ROUTER_CONTROLLER });
-          }
-          else {
+          if (operation[X_ROUTER_CONTROLLER]) {
             const controller = operation[X_ROUTER_CONTROLLER];
             const controllerFilename = `${controllersDirectory}/${controller}${EXTENSION}`;
 
@@ -413,16 +457,19 @@ const extractProperties = (apiDefinition, controllersDirectory, buildDirectory,
             try {
               const file = fs.readFileSync(controllerFilename, 'utf8');
               if (!file.includes(`${operation.operationId},`)
-                 && !file.includes(`${operation.operationId}:`)
-                 && !file.includes(`module.exports = ${operation.operationId}`)) { // code must be linted before
+                && !file.includes(`${operation.operationId}:`)
+                && !file.includes(`export ${operation.operationId}`)) { // code must be linted before
                 throw getRichError('System', 'missing operationId in controller file', { controllerFilename, operationId: operation.operationId });
               }
             }
             catch (err) {
               throw getRichError('System', 'file system error', { controllerFilename, operationId: operation.operationId }, err);
             }
-            if (!result[controller]) result[controller] = [operation.operationId];
-            else result[controller].push(operation.operationId);
+            if (result[controller]) result[controller].push(operation.operationId);
+            else result[controller] = [operation.operationId];
+          }
+          else {
+            throw getRichError('System', 'missing property', { property: X_ROUTER_CONTROLLER });
           }
         }
       });
@@ -445,14 +492,14 @@ const extractProperties = (apiDefinition, controllersDirectory, buildDirectory,
  * @requires path
  * @param {PATH.<string>} apiFilename -  Name of the file where the API file will be stored.
  * @param {PATH.<string>} controllersDirectory - Directory to find the controller files.
- * @param {PATH.<string>} buidDirectory = Directory where the register file will be stored.
+ * @param {PATH.<string>} buidDirectory - Directory where the register file will be stored.
  * @param {UUID.<string>} correlationId - CorrelationId when logging activites.
  * @param {object} options - Options associated with the call. Use to pass `metrics` to `rpRetry` and `apiKey`` to access private API.
  * @return {Promise}.
  * &fulfil {object} The API file, the API filename, the existing known security schemes and the defined security schemes.
  * @throws {Promise} An error is thrown for many reasons assocated with getAPIFile or validateSecuritySchemes or extractProperties.
  */
-const setupServerFiles = (apiFilename, controllersDirectory, buildDirectory, correlationId, options) => getAPIFile(apiFilename, correlationId, options)
+export const setupServerFiles = (apiFilename, controllersDirectory, buildDirectory, correlationId, options) => getAPIFile(apiFilename, correlationId, options)
   .then((apiDefinition) => {
     const existingSecuritySchemes = compact(validateSecuritySchemes(apiDefinition, correlationId));
 
@@ -469,7 +516,7 @@ const setupServerFiles = (apiFilename, controllersDirectory, buildDirectory, cor
     };
   });
 
-module.exports = {
+export default {
   apiSetup,
   securityLib,
   getAPIFile,

package/lib/ajvHelpers.js

@@ -1,16 +1,17 @@
-const addFormats = require('ajv-formats');
+import { DEFAULT_FORMATS } from './common.js';
+import addFormats from 'ajv-formats';
 
-const { DEFAULT_FORMATS } = require('./common');
-
-const ajvFormats = (origFormats) => (ajv) => {
+const ajvFormats = origFormats => (ajv) => {
   const extraFormats = {
     semver: {
       type: 'string',
-      validate: /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/,
+      // eslint-disable-next-line prefer-named-capture-group
+      validate: /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/u,
     },
     ip: {
       type: 'string',
-      validate: /((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$))/,
+      // eslint-disable-next-line prefer-named-capture-group
+      validate: /((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$))/u,
     },
   };
   const libFormats = DEFAULT_FORMATS;
@@ -18,14 +19,14 @@ const ajvFormats = (origFormats) => (ajv) => {
 
   if (!formats) formats = {};
   Object.keys(formats).forEach((format) => {
-    if (!formats[format].type) libFormats.push(format);
-    else extraFormats[format] = formats[format];
+    if (formats[format].type) extraFormats[format] = formats[format];
+    else libFormats.push(format);
   });
   addFormats(ajv, libFormats);
-  Object.keys(extraFormats).forEach((format) => ajv.addFormat(format, extraFormats[format]));
+  Object.keys(extraFormats).forEach(format => ajv.addFormat(format, extraFormats[format]));
   return ajv;
 };
 
-module.exports = {
+export {
   ajvFormats,
 };

package/lib/baseHandlers.js

@@ -1,84 +1,92 @@
-const { rejectRequest } = require('@mimik/swagger-helper');
+import { rejectRequest } from '@mimik/swagger-helper';
 
-const validationFail = (c, req, res) => {
+const PARAMETER_ERROR = 400;
+const NOT_FOUND_ERROR = 404;
+const UNAUTHORIZED_ERROR = 401;
+const NOT_IMPLEMENTED_ERROR = 501;
+
+const validationFail = (con, req, res) => {
   const error = new Error('Failed schema validation');
 
-  error.statusCode = 400;
+  error.statusCode = PARAMETER_ERROR;
   error.info = {
     method: req.method,
     path: req.url,
-    errors: c.validation.errors,
-    warnings: c.validation.warnings || [],
+    errors: con.validation.errors,
+    warnings: con.validation.warnings || [],
   };
-  rejectRequest(error, c, res);
+  rejectRequest(error, con, res);
 };
 
-const notFound = (c, req, res) => {
+const notFound = (con, req, res) => {
   const path = req.url;
   const error = new Error(`path ${path} not defined in Swagger specification`);
 
-  error.statusCode = 404;
+  error.statusCode = NOT_FOUND_ERROR;
   error.info = {
     method: req.method,
     path,
   };
-  rejectRequest(error, c, res);
+  rejectRequest(error, con, res);
 };
 
-const unauthorizedHandler = (c, req, res) => {
+const unauthorizedHandler = (con, req, res) => {
   let error = new Error('Unauthorized');
 
-  error.statusCode = 401;
-  const schemes = Object.keys(c.security);
+  error.statusCode = UNAUTHORIZED_ERROR;
+  const schemes = Object.keys(con.security);
 
   delete schemes.authorized;
   schemes.forEach((scheme) => {
-    if (c.security[scheme]?.error) error = c.security[scheme].error;
+    const { error: schemeError } = con.security[scheme] || {};
+    if (schemeError) {
+      error = schemeError;
+    }
   });
-  rejectRequest(error, c, res);
+  rejectRequest(error, con, res);
 };
 
-const notImplemented = (c, req, res) => {
+const notImplemented = (con, req, res) => {
   const { method } = req;
   const path = req.url;
   const error = new Error(`${req.method} ${path} defined in Swagger specification, but no implemented`);
 
-  error.statusCode = 505;
+  error.statusCode = NOT_IMPLEMENTED_ERROR;
   error.info = {
     method,
     path,
-    operationId: c.operation.operationId,
+    operationId: con.operation.operationId,
   };
-  rejectRequest(error, c, res);
+  rejectRequest(error, con, res);
 };
 
-const methodNotAllowed = (c, req, res) => {
+const methodNotAllowed = (con, req, res) => {
   const { method } = req;
   const path = req.url;
   const error = new Error(`path ${path} defined in Swagger specification, but the method ${method} is not defined`);
 
-  error.statusCode = 405;
+  error.statusCode = NOT_IMPLEMENTED_ERROR;
   error.info = {
     method,
     path,
   };
-  rejectRequest(error, c, res);
+  rejectRequest(error, con, res);
 };
 
 /*
-const postResponseHandler = (c, req, res) => {
-  const valid = c.api.validateResponse(c.response, c.operation);
-  console.log('----->', c.response);
+const postResponseHandler = (con, req, res) => {
+  const valid = con.api.validateResponse(con.response, con.operation);
+  console.log('----->', con.response);
   console.log('----->', valid);
   if (valid.errors) {
     // response validation failed
     return res.status(502).json({ status: 502, err: valid.errors });
   }
-  return res.status(200).json(c.response);
+  return res.status(200).json(con.response);
 };
 */
 
-module.exports = {
+export default {
   validationFail,
   notFound,
   unauthorizedHandler,

package/lib/common.js

@@ -51,7 +51,7 @@ const BEARERS = ['bearer', 'Bearer'];
 const USER = 'user';
 const CLUSTER = 'cluster';
 
-module.exports = {
+export {
   X_ROUTER_CONTROLLER,
   EXTENSION,
   REGISTER,

package/lib/extract-helper.js

@@ -1,9 +1,7 @@
-const fs = require('fs');
-
-const { getRichError } = require('@mimik/response-helper');
-const logger = require('@mimik/sumologic-winston-logger');
-
-const { EXTENSION, REGISTER } = require('./common');
+import { EXTENSION, REGISTER } from './common.js';
+import fs from 'fs';
+import { getRichError } from '@mimik/response-helper';
+import logger from '@mimik/sumologic-winston-logger';
 
 const saveProperties = (extractResult, buildDirectory, controllersDirectoryName, correlationId) => {
   try {
@@ -36,9 +34,9 @@ const saveProperties = (extractResult, buildDirectory, controllersDirectoryName,
       itemToSave += `  ${operationId},\n`;
       operationIds.push(operationId);
     });
-    stringToSave += `const {\n${itemToSave}} = require('../${controllersDirectoryName}/${controller}');\n`;
+    stringToSave += `import {\n${itemToSave}} from '../${controllersDirectoryName}/${controller}';\n`;
   });
-  stringToSave += '\nmodule.exports = {\n';
+  stringToSave += '\nexport {\n';
   itemToSave = '';
   operationIds.forEach((operationId) => {
     itemToSave += `  ${operationId},\n`;
@@ -53,6 +51,6 @@ const saveProperties = (extractResult, buildDirectory, controllersDirectoryName,
   }
 };
 
-module.exports = {
+export {
   saveProperties,
 };

package/lib/oauthValidation-helper.js

@@ -1,6 +1,9 @@
-const { getRichError } = require('@mimik/response-helper');
-
-const { OAUTH2, API_KEY_IN, API_KEY_NAME } = require('./common');
+import {
+  API_KEY_IN,
+  API_KEY_NAME,
+  OAUTH2,
+} from './common.js';
+import { getRichError } from '@mimik/response-helper';
 
 const validateOauth2 = (securitySchemes, securityType, flow) => {
   if (securitySchemes) {
@@ -36,7 +39,7 @@ const validateApiKey = (securitySchemes, securityType) => {
   return null;
 };
 
-module.exports = {
+export {
   validateOauth2,
   validateApiKey,
 };

package/lib/securityHandlers.js

@@ -1,33 +1,47 @@
-const jwt = require('jsonwebtoken');
-const intersection = require('lodash.intersection');
-const difference = require('lodash.difference');
-
-const { TOKEN_PARAMS } = require('@mimik/swagger-helper');
-const {
-  AUTHORIZATION,
+import {
   ADMIN,
-  SUB_ADMIN,
+  ADMIN_SECURITY,
+  API_KEY_NAME,
+  AUTHORIZATION,
+  BEARERS,
+  CLAIMS_DEFINITION,
+  CLAIMS_SEPARATOR,
   CLIENT,
+  CLUSTER,
   NO_GENERIC,
   ON_BEHALF,
-  CLAIMS_DEFINITION,
+  RESOURCE_SEPARATOR,
   SCOPES_SEPARATOR,
   SCOPE_CLAIMS_SEPARATOR,
-  RESOURCE_SEPARATOR,
-  CLAIMS_SEPARATOR,
-  BEARERS,
-  USER,
-  CLUSTER,
-  API_KEY_NAME,
-  ADMIN_SECURITY,
+  SUB_ADMIN,
   SYSTEM_SECURITY,
+  USER,
   USER_SECURITY,
-} = require('./common');
-
-const getScopes = (c, securityType) => {
+} from './common';
+import { TOKEN_PARAMS } from '@mimik/swagger-helper';
+import difference from 'lodash.difference';
+import intersection from 'lodash.intersection';
+import jwt from 'jsonwebtoken';
+
+const UNAUTHORIZED_ERROR = 401;
+const FORBIDDEN_ERROR = 403;
+const SYSTEM_ERROR = 500;
+const EMPTY = 0;
+const SINGLE = 1;
+const FIRST_AUTHORIZATION = 0;
+const BEARER_INDEX = 0;
+const TOKEN_INDEX = 1;
+const BEARER_LENGTH = 2;
+const FIRST = 1;
+const SECOND = 2;
+const SCOPE_INDEX = 0;
+const CLAIMS_INDEX = 1;
+const RESOURCE_INDEX = 0;
+
+const getScopes = (conf, securityType) => {
   let scopes = [];
 
-  c.operation.security.forEach((security) => {
+  conf.operation.security.forEach((security) => {
     if (security[securityType]) scopes = scopes.concat(security[securityType]);
   });
   return scopes;
@@ -43,36 +57,38 @@ const getError = (message, statusCode) => {
 const checkToken = (authToken) => {
   let token;
 
-  try { token = jwt.decode(authToken); }
+  try {
+    token = jwt.decode(authToken);
+  }
   catch (err) {
-    err.statusCode = 401;
+    err.statusCode = UNAUTHORIZED_ERROR;
     throw err;
   }
   if (!token) {
-    throw getError('invalid token', 401);
+    throw getError('invalid token', UNAUTHORIZED_ERROR);
   }
   return token;
 };
 
 const checkHeaders = (headers) => {
   if (!headers) {
-    throw getError('missing header', 401);
+    throw getError('missing header', UNAUTHORIZED_ERROR);
   }
-  const authNames = Object.keys(headers).filter((key) => key.toLowerCase() === AUTHORIZATION);
+  const authNames = Object.keys(headers).filter(key => key.toLowerCase() === AUTHORIZATION);
   const authNamesLength = authNames.length;
 
-  if (authNamesLength === 0) {
-    throw getError(`missing ${AUTHORIZATION} header`, 401);
+  if (authNamesLength === EMPTY) {
+    throw getError(`missing ${AUTHORIZATION} header`, UNAUTHORIZED_ERROR);
   }
-  if (authNamesLength !== 1) {
-    throw getError(`duplicated ${AUTHORIZATION} header`, 401);
+  if (authNamesLength !== SINGLE) {
+    throw getError(`duplicated ${AUTHORIZATION} header`, UNAUTHORIZED_ERROR);
   }
-  const auth = headers[authNames[0]].split(' ');
+  const auth = headers[authNames[FIRST_AUTHORIZATION]].split(' ');
 
-  if (!BEARERS.includes(auth[0]) || auth.length !== 2) {
-    throw getError(`authorization type incorrect: ${auth[0]}`, 401);
+  if (!BEARERS.includes(auth[BEARER_INDEX]) || auth.length !== BEARER_LENGTH) {
+    throw getError(`authorization type incorrect: ${auth[BEARER_INDEX]}`, UNAUTHORIZED_ERROR);
   }
-  return auth[1];
+  return auth[TOKEN_INDEX];
 };
 
 const checkScopes = (tokenScopes, defScopes, definition) => {
@@ -82,52 +98,52 @@ const checkScopes = (tokenScopes, defScopes, definition) => {
   let claims = [];
   let onBehalf = false;
 
-  if (defScopes && defScopes.length !== 0) {
+  if (defScopes && defScopes.length !== EMPTY) {
     const currentScopes = tokenScopes.split(SCOPES_SEPARATOR);
     const intersects = [];
-    let resourceIndex = 1;
+    let resourceIndex = FIRST;
 
     currentScopes.forEach((currentScope) => {
       const analyzedScope = currentScope.split(SCOPE_CLAIMS_SEPARATOR);
-      const analyzedResource = analyzedScope[0].split(RESOURCE_SEPARATOR);
+      const analyzedResource = analyzedScope[SCOPE_INDEX].split(RESOURCE_SEPARATOR);
 
-      if (analyzedResource[0] === ON_BEHALF) {
+      if (analyzedResource[RESOURCE_INDEX] === ON_BEHALF) {
         onBehalf = true;
-        resourceIndex = 2; // legacy handling
+        resourceIndex = SECOND; // legacy handling
       }
 
-      if (defScopes.includes(analyzedScope[0])) {
-        if (analyzedScope[1]) {
+      if (defScopes.includes(analyzedScope[SCOPE_INDEX])) {
+        if (analyzedScope[CLAIMS_INDEX]) {
           const includedDefinitionName = `${analyzedResource[resourceIndex]}${CLAIMS_DEFINITION}`;
 
           if (!definition.components || !definition.components.schemas) {
-            throw getError(`missing ${includedDefinitionName} definition: no definitions`, 500);
+            throw getError(`missing ${includedDefinitionName} definition: no definition`, SYSTEM_ERROR);
           }
           const includedDefinition = definition.components.schemas[includedDefinitionName];
 
           if (!includedDefinition) {
-            throw getError(`missing ${includedDefinitionName} definition`, 500);
+            throw getError(`missing ${includedDefinitionName} definition`, SYSTEM_ERROR);
           }
-          const includedClaims = analyzedScope[1].split(CLAIMS_SEPARATOR);
+          const includedClaims = analyzedScope[CLAIMS_INDEX].split(CLAIMS_SEPARATOR);
           const definitionClaims = Object.keys(includedDefinition);
           const claimsIntersects = intersection(includedClaims, definitionClaims);
 
           if (claimsIntersects.length !== includedClaims.length) {
-            throw getError(`incorrect claims included: ${difference(includedClaims, claimsIntersects)}`, 403);
+            throw getError(`incorrect claims included: ${difference(includedClaims, claimsIntersects)}`, FORBIDDEN_ERROR);
           }
           claims = claims.concat(claimsIntersects);
         }
-        intersects.push(analyzedScope[0]);
+        intersects.push(analyzedScope[SCOPE_INDEX]);
       }
     });
-    if (intersects.length === 0) {
-      throw getError(`incorrect scopes: ${tokenScopes}`, 403);
+    if (intersects.length === EMPTY) {
+      throw getError(`incorrect scopes: ${tokenScopes}`, FORBIDDEN_ERROR);
     }
   }
   return { onBehalf, claims };
 };
 
-module.exports = (config) => {
+export const securityLib = (config) => {
   const verifyTokenClientCredentials = (authToken) => {
     const { server, generic } = config.security;
     const options = {
@@ -136,17 +152,21 @@ module.exports = (config) => {
       // subject: `${config.serverSettings.id}@clients`,
     };
 
-    try { jwt.verify(authToken, (generic.key === NO_GENERIC) ? server.accessKey : generic.key, options); }
+    try {
+      jwt.verify(authToken, (generic.key === NO_GENERIC) ? server.accessKey : generic.key, options);
+    }
     catch (err) {
       if (generic.previousKey) { // backward compatibility
-        try { jwt.verify(authToken, generic.previousKey, options); }
+        try {
+          jwt.verify(authToken, generic.previousKey, options);
+        }
         catch (secondErr) {
-          secondErr.statusCode = 403;
+          secondErr.statusCode = FORBIDDEN_ERROR;
           throw secondErr;
         }
       }
       else {
-        err.statusCode = 403;
+        err.statusCode = FORBIDDEN_ERROR;
         throw err;
       }
     }
@@ -159,32 +179,34 @@ module.exports = (config) => {
       issuer: (implicit && implicit.issuer) || server.issuer,
     };
 
-    try { jwt.verify(authToken, (implicit && implicit.key) || ((generic.key === NO_GENERIC) ? server.accessKey : generic.key), options); }
+    try {
+      jwt.verify(authToken, (implicit && implicit.key) || ((generic.key === NO_GENERIC) ? server.accessKey : generic.key), options);
+    }
     catch (err) {
-      err.statusCode = 403;
+      err.statusCode = FORBIDDEN_ERROR;
       throw err;
     }
   };
 
   const AdminSecurity = {
-    regular: (c, req) => {
+    regular: (con, req) => {
       const authToken = checkHeaders(req.headers);
       const token = checkToken(authToken);
-      const { request } = c;
+      const { request } = con;
 
       if (token.subType !== ADMIN && token.subType !== SUB_ADMIN) {
-        throw getError('invalid token: wrong type', 403);
+        throw getError('invalid token: wrong type', FORBIDDEN_ERROR);
       }
       if (token.subType === SUB_ADMIN) {
         if (!token.cust) {
-          throw getError('invalid token: no customer', 403);
+          throw getError('invalid token: no customer', FORBIDDEN_ERROR);
         }
       }
       else if (token.sub !== `${config.security.admin.externalId}${CLIENT}`) {
-        throw getError(`jwt subject invalid: ${token.sub}`, 403);
+        throw getError(`jwt subject invalid: ${token.sub}`, FORBIDDEN_ERROR);
       }
       verifyTokenClientCredentials(authToken);
-      const scopeResult = checkScopes(token.scope, getScopes(c, ADMIN_SECURITY), c.api.definition);
+      const scopeResult = checkScopes(token.scope, getScopes(con, ADMIN_SECURITY), con.api.definition);
 
       req[TOKEN_PARAMS.claims] = scopeResult.claims;
       request[TOKEN_PARAMS.claims] = scopeResult.claims;
@@ -202,8 +224,8 @@ module.exports = (config) => {
       }
       return true;
     },
-    mock: (c, req) => {
-      const { request } = c;
+    mock: (con, req) => {
+      const { request } = con;
 
       req[TOKEN_PARAMS.claims] = ['dummyClaims'];
       req[TOKEN_PARAMS.tokenType] = ADMIN;
@@ -218,16 +240,16 @@ module.exports = (config) => {
   };
 
   const SystemSecurity = {
-    regular: (c, req) => {
+    regular: (con, req) => {
       const authToken = checkHeaders(req.headers);
       const token = checkToken(authToken);
-      const { request } = c;
+      const { request } = con;
 
       if (token.subType === ADMIN || token.subType === SUB_ADMIN) {
-        throw getError('invalid token: wrong type', 403);
+        throw getError('invalid token: wrong type', FORBIDDEN_ERROR);
       }
       verifyTokenClientCredentials(authToken);
-      const scopeResult = checkScopes(token.scope, getScopes(c, SYSTEM_SECURITY), c.api.definition);
+      const scopeResult = checkScopes(token.scope, getScopes(con, SYSTEM_SECURITY), con.api.definition);
 
       if (scopeResult.onBehalf) {
         req[TOKEN_PARAMS.onBehalf] = true;
@@ -253,8 +275,8 @@ module.exports = (config) => {
       }
       return true;
     },
-    mock: (c, req) => {
-      const { request } = c;
+    mock: (con, req) => {
+      const { request } = con;
 
       req[TOKEN_PARAMS.claims] = ['dummyClaims'];
       req[TOKEN_PARAMS.tokenType] = 'dummyServiceType';
@@ -269,13 +291,13 @@ module.exports = (config) => {
   };
 
   const UserSecurity = {
-    regular: (c, req) => {
+    regular: (con, req) => {
       const authToken = checkHeaders(req.headers);
       const token = checkToken(authToken);
-      const { request } = c;
+      const { request } = con;
 
       verifyTokenImplicit(authToken);
-      const scopeResult = checkScopes(token.scope, getScopes(c, USER_SECURITY), c.api.definition);
+      const scopeResult = checkScopes(token.scope, getScopes(con, USER_SECURITY), con.api.definition);
 
       if (scopeResult.onBehalf) {
         req[TOKEN_PARAMS.onBehalf] = true;
@@ -301,8 +323,8 @@ module.exports = (config) => {
       }
       return true;
     },
-    mock: (c, req) => {
-      const { request } = c;
+    mock: (con, req) => {
+      const { request } = con;
 
       req[TOKEN_PARAMS.claims] = ['dummyClaims'];
       req[TOKEN_PARAMS.userId] = 'dummyUserId';
@@ -317,19 +339,19 @@ module.exports = (config) => {
   };
 
   const ApiKeySecurity = {
-    regular: (c, req) => {
+    regular: (con, req) => {
       const apiKey = req.headers ? req.headers[API_KEY_NAME.toLowerCase()] : null;
-      const { request } = c;
+      const { request } = con;
 
       if (config.security.apiKeys.includes(apiKey)) {
         req[API_KEY_NAME] = apiKey;
         request[API_KEY_NAME] = apiKey;
         return true;
       }
-      throw getError('invalid API key', 401);
+      throw getError('invalid API key', UNAUTHORIZED_ERROR);
     },
-    mock: (c, req) => {
-      const { request } = c;
+    mock: (con, req) => {
+      const { request } = con;
 
       req[API_KEY_NAME] = 'dummyApiKey';
       request[API_KEY_NAME] = 'dummyApiKey';

package/package.json

@@ -1,16 +1,16 @@
 {
   "name": "@mimik/api-helper",
-  "version": "1.1.4",
+  "version": "2.0.1",
   "description": "helper for openAPI backend and mimik service",
-  "main": "index.js",
+  "main": "./index.js",
+  "type": "module",  
   "scripts": {
-    "lint": "eslint --ignore-path .gitignore .",
+    "lint": "eslint . --no-error-on-unmatched-pattern",
     "docs": "jsdoc2md index.js > README.md",
     "test": "echo \"Error: no test specified\" && exit 0",
     "test-ci": "echo \"Error: no test specified\" && exit 0",
     "prepublishOnly": "npm run docs && npm run lint && npm run test-ci",
-    "commit-ready": "npm run docs && npm run lint && npm run test-ci",
-    "prepare": "husky install"
+    "commit-ready": "npm run docs && npm run lint && npm run test-ci"
   },
   "husky": {
     "hooks": {
@@ -30,11 +30,11 @@
     "url": "https://bitbucket.org/mimiktech/api-helper"
   },
   "dependencies": {
-    "@mimik/request-helper":"^1.7.11",
-    "@mimik/request-retry": "^3.0.1",
-    "@mimik/response-helper": "^3.1.0",
-    "@mimik/sumologic-winston-logger": "^1.6.21",
-    "@mimik/swagger-helper": "^4.0.10",
+    "@mimik/request-helper":"^2.0.2",
+    "@mimik/request-retry": "^4.0.3",
+    "@mimik/response-helper": "^4.0.4",
+    "@mimik/sumologic-winston-logger": "^2.0.3",
+    "@mimik/swagger-helper": "^5.0.2",
     "ajv-formats": "3.0.1",
     "js-base64": "3.7.7",
     "js-yaml":"4.1.0",
@@ -42,19 +42,16 @@
     "lodash.compact": "3.0.1", 
     "lodash.difference": "4.5.0",
     "lodash.intersection": "4.4.0",
-    "openapi-backend": "5.11.0",
-    "swagger-client": "3.29.3"
+    "openapi-backend": "5.13.0",
+    "swagger-client": "3.35.6"
   },
   "devDependencies": {
-    "@mimik/eslint-plugin-dependencies": "^2.4.6",
-    "@mimik/eslint-plugin-document-env": "^1.0.6",
-    "eslint": "8.57.0",
-    "eslint-config-airbnb": "19.0.4",
-    "eslint-plugin-import": "2.31.0",
-    "eslint-plugin-jsx-a11y": "6.10.0",
-    "eslint-plugin-react": "7.37.1",
-    "eslint-plugin-react-hooks": "4.6.2",
-    "husky": "9.1.6",
-    "jsdoc-to-markdown": "9.0.2"
+    "@eslint/js": "9.31.0",
+    "@mimik/eslint-plugin-document-env": "^2.0.8",
+    "@stylistic/eslint-plugin": "5.2.1",
+    "eslint": "9.31.0",
+    "eslint-plugin-import": "2.32.0",
+    "husky": "9.1.7",
+    "jsdoc-to-markdown": "9.1.2"
   }
 }

package/.eslintrc

@@ -1,43 +0,0 @@
-{
-  "plugins": [
-    "@mimik/document-env",
-    "@mimik/dependencies"
-  ],
-  "env": {
-    "node": true
-  },
-  "parserOptions": {
-    "ecmaVersion": 2020
-  },
-  "extends": "airbnb",
-  "rules": {
-    "import/no-extraneous-dependencies": ["error", { "devDependencies": true }],
-    "import/no-unresolved": ["error", { "amd": true, "commonjs": true, "caseSensitiveStrict": true }],
-    "brace-style": [1, "stroustrup", { "allowSingleLine": true }],
-    "no-confusing-arrow": [0], // arrow isnt confusing
-    "max-len": [1, 180, { "ignoreComments": true }],
-    "linebreak-style": 0,
-    "quotes": [1, "single"],
-    "semi": [1, "always"],
-    "no-process-env": ["error"],
-    "@mimik/document-env/validate-document-env": 2,
-    "@mimik/dependencies/case-sensitive": 2,
-    "@mimik/dependencies/no-cycles": 2,
-    "@mimik/dependencies/require-json-ext": 2
-  },
-  "settings":{
-    "react": {
-      "version": "detect"
-    }
-  },
-  "globals": {
-    "module": true,
-    "require": true,
-    "const": false,
-    "it": false,
-    "describe": false,
-    "before": true,
-    "after": true,
-    "JSON": true
-  }
-}