@mimik/api-helper 2.0.6 → 2.0.8

package/test/index-sync.test.js

@@ -0,0 +1,282 @@
+import esmock from 'esmock';
+import { expect } from 'chai';
+import fsReal from 'fs';
+import os from 'os';
+import path from 'path';
+
+const getRichError = (type, message, info, cause) => {
+  const error = new Error(message);
+
+  error.type = type;
+  error.info = info;
+  if (cause) error.cause = cause;
+  return error;
+};
+
+const mockLogger = {
+  info: () => {
+    // empty method
+  },
+  debug: () => {
+    // empty method
+  },
+  warn: () => {
+    // empty method
+  },
+  error: () => {
+    // empty method
+  },
+};
+
+let validateSecuritySchemes;
+let extractProperties;
+let tmpDir;
+
+describe('index.js sync functions', () => {
+  before(async () => {
+    const mod = await esmock('../index.js', {
+      '@mimik/response-helper': { getRichError },
+      '@mimik/sumologic-winston-logger': mockLogger,
+      '@mimik/swagger-helper': {
+        rejectRequest: () => {},
+        TOKEN_PARAMS: {
+          userId: 'userId', onBehalfId: 'onBehalfId', appId: 'appId',
+          clientId: 'clientId', customer: 'customer', onBehalf: 'onBehalf',
+          tokenType: 'tokenType', cluster: 'cluster', claims: 'claims',
+        },
+      },
+      '@mimik/request-retry': { rpRetry: () => Promise.resolve() },
+      'swagger-client': { default: { resolve: () => Promise.resolve() } },
+      'openapi-backend': {
+        OpenAPIBackend: class {
+          register() {}
+          registerSecurityHandler() {}
+          init() { return Promise.resolve(); }
+        },
+      },
+    });
+
+    ({ validateSecuritySchemes, extractProperties } = mod);
+  });
+
+  beforeEach(() => {
+    tmpDir = fsReal.mkdtempSync(path.join(os.tmpdir(), 'index-sync-test-'));
+  });
+
+  afterEach(() => {
+    fsReal.rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  describe('validateSecuritySchemes', () => {
+    it('should return empty array when no components', () => {
+      const result = validateSecuritySchemes({}, 'corr-1');
+
+      expect(result).to.deep.equal([]);
+    });
+
+    it('should return empty array when no securitySchemes', () => {
+      const result = validateSecuritySchemes({ components: {} }, 'corr-1');
+
+      expect(result).to.deep.equal([]);
+    });
+
+    it('should validate all known security scheme types', () => {
+      const apiDefinition = {
+        components: {
+          securitySchemes: {
+            AdminSecurity: { type: 'oauth2', flows: { clientCredentials: {} } },
+            SystemSecurity: { type: 'oauth2', flows: { clientCredentials: {} } },
+            PeerSecurity: { type: 'oauth2', flows: { clientCredentials: {} } },
+            UserSecurity: { type: 'oauth2', flows: { implicit: {} } },
+            ApiKeySecurity: { in: 'header', name: 'apiKey' },
+          },
+        },
+      };
+
+      const result = validateSecuritySchemes(apiDefinition, 'corr-2');
+      expect(result).to.include('AdminSecurity');
+      expect(result).to.include('SystemSecurity');
+      expect(result).to.include('PeerSecurity');
+      expect(result).to.include('UserSecurity');
+      expect(result).to.include('ApiKeySecurity');
+    });
+
+    it('should return null for missing scheme types', () => {
+      const apiDefinition = {
+        components: {
+          securitySchemes: {
+            AdminSecurity: { type: 'oauth2', flows: { clientCredentials: {} } },
+          },
+        },
+      };
+
+      const result = validateSecuritySchemes(apiDefinition, 'corr-3');
+      expect(result).to.include('AdminSecurity');
+      expect(result).to.include(null);
+    });
+
+    it('should throw for invalid oauth2 type', () => {
+      const apiDefinition = {
+        components: {
+          securitySchemes: {
+            AdminSecurity: { type: 'apiKey', flows: { clientCredentials: {} } },
+          },
+        },
+      };
+
+      expect(() => validateSecuritySchemes(apiDefinition, 'corr-4')).to.throw('auth type is not oauth2');
+    });
+  });
+
+  describe('extractProperties', () => {
+    it('should handle apiDefinition with no paths', () => {
+      const buildDir = path.join(tmpDir, 'build');
+
+      fsReal.mkdirSync(buildDir);
+      const controllersDir = path.join(tmpDir, 'controllers');
+
+      fsReal.mkdirSync(controllersDir);
+
+      extractProperties({}, controllersDir, buildDir, 'corr-1');
+      const registerFile = path.join(buildDir, 'register.js');
+
+      expect(fsReal.existsSync(registerFile)).to.equal(true);
+    });
+
+    it('should throw when controllers directory does not exist', () => {
+      const buildDir = path.join(tmpDir, 'build');
+
+      fsReal.mkdirSync(buildDir);
+      const controllersDir = path.join(tmpDir, 'nonexistent');
+
+      expect(() => extractProperties({}, controllersDir, buildDir, 'corr-2'))
+        .to.throw('file system error');
+    });
+
+    it('should extract operations from paths and create register file', () => {
+      const controllersDir = path.join(tmpDir, 'controllers');
+
+      fsReal.mkdirSync(controllersDir);
+      fsReal.writeFileSync(path.join(controllersDir, 'userCtrl.js'), 'export {\n  getUsers,\n  createUser,\n};');
+      const buildDir = path.join(tmpDir, 'build');
+
+      fsReal.mkdirSync(buildDir);
+      const apiDefinition = {
+        paths: {
+          '/users': {
+            get: {
+              'operationId': 'getUsers',
+              'x-swagger-router-controller': 'userCtrl',
+            },
+            post: {
+              'operationId': 'createUser',
+              'x-swagger-router-controller': 'userCtrl',
+            },
+          },
+        },
+      };
+
+      extractProperties(apiDefinition, controllersDir, buildDir, 'corr-3');
+      const content = fsReal.readFileSync(path.join(buildDir, 'register.js'), 'utf8');
+
+      expect(content).to.include('getUsers');
+      expect(content).to.include('createUser');
+      expect(content).to.include('userCtrl');
+    });
+
+    it('should throw when controller file does not exist', () => {
+      const controllersDir = path.join(tmpDir, 'controllers');
+
+      fsReal.mkdirSync(controllersDir);
+      const buildDir = path.join(tmpDir, 'build');
+
+      fsReal.mkdirSync(buildDir);
+      const apiDefinition = {
+        paths: {
+          '/items': {
+            get: {
+              'operationId': 'getItems',
+              'x-swagger-router-controller': 'missingCtrl',
+            },
+          },
+        },
+      };
+
+      expect(() => extractProperties(apiDefinition, controllersDir, buildDir, 'corr-4'))
+        .to.throw('file system error');
+    });
+
+    it('should throw when operationId is not found in controller file', () => {
+      const controllersDir = path.join(tmpDir, 'controllers');
+
+      fsReal.mkdirSync(controllersDir);
+      fsReal.writeFileSync(path.join(controllersDir, 'ctrl.js'), 'export const otherOp = () => {};');
+      const buildDir = path.join(tmpDir, 'build');
+
+      fsReal.mkdirSync(buildDir);
+      const apiDefinition = {
+        paths: {
+          '/test': {
+            get: {
+              'operationId': 'missingOp',
+              'x-swagger-router-controller': 'ctrl',
+            },
+          },
+        },
+      };
+
+      try {
+        extractProperties(apiDefinition, controllersDir, buildDir, 'corr-5');
+        expect.fail('should have thrown');
+      }
+      catch (err) {
+        expect(err.message).to.equal('file system error');
+        expect(err.cause.message).to.equal('missing operationId in controller file');
+      }
+    });
+
+    it('should throw when x-swagger-router-controller is missing', () => {
+      const controllersDir = path.join(tmpDir, 'controllers');
+
+      fsReal.mkdirSync(controllersDir);
+      const buildDir = path.join(tmpDir, 'build');
+
+      fsReal.mkdirSync(buildDir);
+      const apiDefinition = {
+        paths: {
+          '/test': {
+            get: { operationId: 'someOp' },
+          },
+        },
+      };
+
+      expect(() => extractProperties(apiDefinition, controllersDir, buildDir, 'corr-6'))
+        .to.throw('missing property');
+    });
+
+    it('should recognize operationId via export syntax', () => {
+      const controllersDir = path.join(tmpDir, 'controllers');
+
+      fsReal.mkdirSync(controllersDir);
+      fsReal.writeFileSync(path.join(controllersDir, 'ctrl.js'), 'export getItems');
+      const buildDir = path.join(tmpDir, 'build');
+
+      fsReal.mkdirSync(buildDir);
+      const apiDefinition = {
+        paths: {
+          '/items': {
+            get: {
+              'operationId': 'getItems',
+              'x-swagger-router-controller': 'ctrl',
+            },
+          },
+        },
+      };
+
+      extractProperties(apiDefinition, controllersDir, buildDir, 'corr-7');
+      const content = fsReal.readFileSync(path.join(buildDir, 'register.js'), 'utf8');
+
+      expect(content).to.include('getItems');
+    });
+  });
+});

package/test/oauthValidation-helper.test.js

@@ -0,0 +1,136 @@
+import esmock from 'esmock';
+import { expect } from 'chai';
+
+const getRichError = (type, message, info) => {
+  const error = new Error(message);
+
+  error.type = type;
+  error.info = info;
+  return error;
+};
+
+let validateOauth2;
+let validateApiKey;
+
+describe('oauthValidation-helper', () => {
+  before(async () => {
+    const mod = await esmock('../lib/oauthValidation-helper.js', {
+      '@mimik/response-helper': { getRichError },
+    });
+
+    ({ validateOauth2, validateApiKey } = mod);
+  });
+
+  describe('validateOauth2', () => {
+    it('should return null when securitySchemes is undefined', () => {
+      expect(validateOauth2(undefined, 'SystemSecurity', 'clientCredentials')).to.equal(null);
+    });
+
+    it('should return null when securitySchemes is null', () => {
+      expect(validateOauth2(null, 'SystemSecurity', 'clientCredentials')).to.equal(null);
+    });
+
+    it('should return null when the securityType does not exist in schemes', () => {
+      const schemes = { OtherSecurity: { type: 'oauth2' } };
+
+      expect(validateOauth2(schemes, 'SystemSecurity', 'clientCredentials')).to.equal(null);
+    });
+
+    it('should return the securityType when valid oauth2 with correct flow', () => {
+      const schemes = {
+        SystemSecurity: {
+          type: 'oauth2',
+          flows: { clientCredentials: { tokenUrl: 'https://example.com' } },
+        },
+      };
+
+      expect(validateOauth2(schemes, 'SystemSecurity', 'clientCredentials')).to.equal('SystemSecurity');
+    });
+
+    it('should throw when type is not oauth2', () => {
+      const schemes = {
+        SystemSecurity: {
+          type: 'apiKey',
+          flows: { clientCredentials: {} },
+        },
+      };
+
+      expect(() => validateOauth2(schemes, 'SystemSecurity', 'clientCredentials'))
+        .to.throw('auth type is not oauth2');
+    });
+
+    it('should throw when flows is missing', () => {
+      const schemes = {
+        SystemSecurity: { type: 'oauth2' },
+      };
+
+      expect(() => validateOauth2(schemes, 'SystemSecurity', 'clientCredentials'))
+        .to.throw('no flow type available');
+    });
+
+    it('should throw when the specific flow does not exist', () => {
+      const schemes = {
+        SystemSecurity: {
+          type: 'oauth2',
+          flows: { authorizationCode: {} },
+        },
+      };
+
+      expect(() => validateOauth2(schemes, 'SystemSecurity', 'clientCredentials'))
+        .to.throw('no flow type available');
+    });
+
+    it('should validate implicit flow for UserSecurity', () => {
+      const schemes = {
+        UserSecurity: {
+          type: 'oauth2',
+          flows: { implicit: { authorizationUrl: 'https://example.com' } },
+        },
+      };
+
+      expect(validateOauth2(schemes, 'UserSecurity', 'implicit')).to.equal('UserSecurity');
+    });
+  });
+
+  describe('validateApiKey', () => {
+    it('should return null when securitySchemes is undefined', () => {
+      expect(validateApiKey(undefined, 'ApiKeySecurity')).to.equal(null);
+    });
+
+    it('should return null when securitySchemes is null', () => {
+      expect(validateApiKey(null, 'ApiKeySecurity')).to.equal(null);
+    });
+
+    it('should return null when the securityType does not exist in schemes', () => {
+      const schemes = { OtherSecurity: { in: 'header', name: 'apiKey' } };
+
+      expect(validateApiKey(schemes, 'ApiKeySecurity')).to.equal(null);
+    });
+
+    it('should return the securityType when valid apiKey config', () => {
+      const schemes = {
+        ApiKeySecurity: { in: 'header', name: 'apiKey' },
+      };
+
+      expect(validateApiKey(schemes, 'ApiKeySecurity')).to.equal('ApiKeySecurity');
+    });
+
+    it('should throw when in is not header', () => {
+      const schemes = {
+        ApiKeySecurity: { in: 'query', name: 'apiKey' },
+      };
+
+      expect(() => validateApiKey(schemes, 'ApiKeySecurity'))
+        .to.throw('apikey security must be in header');
+    });
+
+    it('should throw when name is not apiKey', () => {
+      const schemes = {
+        ApiKeySecurity: { in: 'header', name: 'x-api-key' },
+      };
+
+      expect(() => validateApiKey(schemes, 'ApiKeySecurity'))
+        .to.throw('apikey security must be named apiKey');
+    });
+  });
+});