@mimik/api-helper 2.0.7 → 2.0.8

package/test/index-async.test.js

@@ -0,0 +1,599 @@
+import esmock from 'esmock';
+import { expect } from 'chai';
+import fsReal from 'fs';
+import os from 'os';
+import path from 'path';
+
+const getRichError = (type, message, info, cause) => {
+  const error = new Error(message);
+
+  error.type = type;
+  error.info = info;
+  if (cause) error.cause = cause;
+  return error;
+};
+
+const mockLogger = {
+  info: () => {},
+  debug: () => {},
+  warn: () => {},
+  error: () => {},
+};
+
+const TOKEN_PARAMS = {
+  userId: 'userId', onBehalfId: 'onBehalfId', appId: 'appId',
+  clientId: 'clientId', customer: 'customer', onBehalf: 'onBehalf',
+  tokenType: 'tokenType', cluster: 'cluster', claims: 'claims',
+};
+
+let tmpDir;
+
+describe('getAPIFile', () => {
+  let getAPIFile;
+  let mockRpRetry;
+  let mockSwaggerResolve;
+
+  before(async () => {
+    mockRpRetry = () => Promise.resolve({ openapi: '3.0.0' });
+    mockSwaggerResolve = opts => Promise.resolve({ spec: opts.spec, errors: [] });
+
+    const mod = await esmock('../index.js', {
+      '@mimik/response-helper': { getRichError },
+      '@mimik/sumologic-winston-logger': mockLogger,
+      '@mimik/swagger-helper': { rejectRequest: () => {}, TOKEN_PARAMS },
+      '@mimik/request-retry': { rpRetry: (...args) => mockRpRetry(...args) },
+      'swagger-client': { default: { resolve: (...args) => mockSwaggerResolve(...args) } },
+      'openapi-backend': {
+        OpenAPIBackend: class {
+          register() {}
+          registerSecurityHandler() {}
+          init() { return Promise.resolve(); }
+        },
+      },
+    });
+
+    ({ getAPIFile } = mod);
+  });
+
+  beforeEach(() => {
+    tmpDir = fsReal.mkdtempSync(path.join(os.tmpdir(), 'getapifile-test-'));
+    mockRpRetry = () => Promise.resolve({ openapi: '3.0.0' });
+    mockSwaggerResolve = opts => Promise.resolve({ spec: opts.spec, errors: [] });
+  });
+
+  afterEach(() => {
+    fsReal.rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  it('should load and resolve an existing JSON file', async () => {
+    const apiFile = path.join(tmpDir, 'api.json');
+
+    fsReal.writeFileSync(apiFile, JSON.stringify({ openapi: '3.0.0', info: { title: 'test' } }));
+    const result = await getAPIFile(apiFile, 'corr-1');
+
+    expect(result).to.have.property('openapi', '3.0.0');
+  });
+
+  it('should reject when existing file has invalid JSON', async () => {
+    const apiFile = path.join(tmpDir, 'api.json');
+
+    fsReal.writeFileSync(apiFile, 'not json{{{');
+    try {
+      await getAPIFile(apiFile, 'corr-2');
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.message).to.equal('wrong file format');
+    }
+  });
+
+  it('should reject when no options provided and file does not exist', async () => {
+    const apiFile = path.join(tmpDir, 'nonexistent.json');
+
+    try {
+      await getAPIFile(apiFile, 'corr-3');
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.message).to.equal('no options');
+    }
+  });
+
+  it('should reject when options has no apiInfo', async () => {
+    const apiFile = path.join(tmpDir, 'nonexistent.json');
+
+    try {
+      await getAPIFile(apiFile, 'corr-4', {});
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.message).to.equal('no information for swaggerFile');
+    }
+  });
+
+  it('should reject for wrong api filename format', async () => {
+    const apiFile = path.join(tmpDir, 'bad-name.json');
+
+    try {
+      await getAPIFile(apiFile, 'corr-5', { apiInfo: { provider: 'bitbucket' } });
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.message).to.equal('wrong api name');
+    }
+  });
+
+  it('should reject when bitbucket auth is missing', async () => {
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+
+    try {
+      await getAPIFile(apiFile, 'corr-6', {
+        apiInfo: { provider: 'bitbucket' },
+      });
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.message).to.equal('missing username/password for accessing Bitbucket');
+    }
+  });
+
+  it('should reject when bitbucket auth uses default values', async () => {
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+
+    try {
+      await getAPIFile(apiFile, 'corr-7', {
+        apiInfo: {
+          provider: 'bitbucket',
+          apiBasicAuth: { username: ' ', password: 'real-pass' },
+        },
+      });
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.message).to.equal('missing username/password for accessing Bitbucket');
+    }
+  });
+
+  it('should fetch from bitbucket and resolve spec', async () => {
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+
+    const result = await getAPIFile(apiFile, 'corr-8', {
+      apiInfo: {
+        provider: 'bitbucket',
+        apiBasicAuth: { username: 'user', password: 'pass' },
+      },
+    });
+
+    expect(result).to.have.property('openapi');
+  });
+
+  it('should fetch from swaggerhub and resolve spec', async () => {
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+
+    const result = await getAPIFile(apiFile, 'corr-9', {
+      apiInfo: { provider: 'swaggerhub' },
+    });
+
+    expect(result).to.have.property('openapi');
+  });
+
+  it('should include apiApiKey as authorization for swaggerhub', async () => {
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+    let capturedOpts;
+
+    mockRpRetry = (opts) => {
+      capturedOpts = opts;
+      return Promise.resolve({ openapi: '3.0.0' });
+    };
+
+    await getAPIFile(apiFile, 'corr-10', {
+      apiInfo: { provider: 'swaggerhub', apiApiKey: 'my-key' },
+    });
+
+    expect(capturedOpts.headers.Authorization).to.equal('my-key');
+  });
+
+  it('should spread metrics with url added', async () => {
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+    let capturedOpts;
+
+    mockRpRetry = (opts) => {
+      capturedOpts = opts;
+      return Promise.resolve({ openapi: '3.0.0' });
+    };
+
+    await getAPIFile(apiFile, 'corr-11', {
+      apiInfo: { provider: 'swaggerhub' },
+      metrics: { name: 'api-fetch' },
+    });
+
+    expect(capturedOpts.metrics).to.have.property('name', 'api-fetch');
+    expect(capturedOpts.metrics).to.have.property('url');
+  });
+
+  it('should reject for invalid provider', async () => {
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+
+    try {
+      await getAPIFile(apiFile, 'corr-12', {
+        apiInfo: { provider: 'invalid' },
+      });
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.message).to.equal('invalid API provider');
+    }
+  });
+
+  it('should parse YAML response from provider', async () => {
+    mockRpRetry = () => Promise.resolve('openapi: "3.0.0"\ninfo:\n  title: test');
+
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+
+    const result = await getAPIFile(apiFile, 'corr-13', {
+      apiInfo: { provider: 'swaggerhub' },
+    });
+
+    expect(result).to.have.property('openapi');
+  });
+
+  it('should reject with resolve errors', async () => {
+    mockSwaggerResolve = () => Promise.resolve({
+      spec: {},
+      errors: [{ message: 'bad ref' }],
+    });
+
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+
+    try {
+      await getAPIFile(apiFile, 'corr-14', {
+        apiInfo: { provider: 'swaggerhub' },
+      });
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.message).to.equal('errors while resolving definition');
+    }
+  });
+
+  it('should re-throw errors with statusCode from rpRetry', async () => {
+    const httpError = new Error('Not Found');
+
+    httpError.statusCode = 404;
+    mockRpRetry = () => Promise.reject(httpError);
+
+    const apiFile = path.join(tmpDir, 'customer_apiname_v1_swagger.json');
+
+    try {
+      await getAPIFile(apiFile, 'corr-15', {
+        apiInfo: { provider: 'swaggerhub' },
+      });
+      expect.fail('should have rejected');
+    }
+    catch (err) {
+      expect(err.statusCode).to.equal(404);
+      expect(err.message).to.equal('Not Found');
+    }
+  });
+
+  it('should create api directory when it does not exist', async () => {
+    const apiDir = path.join(tmpDir, 'newdir');
+    const apiFile = path.join(apiDir, 'customer_apiname_v1_swagger.json');
+
+    await getAPIFile(apiFile, 'corr-16', {
+      apiInfo: { provider: 'swaggerhub' },
+    });
+
+    expect(fsReal.existsSync(apiDir)).to.equal(true);
+  });
+});
+
+describe('apiSetup', () => {
+  let apiSetup;
+  let registeredSecurityHandlers;
+  let registeredOps;
+
+  before(async () => {
+    registeredSecurityHandlers = {};
+    registeredOps = null;
+
+    const mod = await esmock('../index.js', {
+      '@mimik/response-helper': { getRichError },
+      '@mimik/sumologic-winston-logger': mockLogger,
+      '@mimik/swagger-helper': { rejectRequest: () => {}, TOKEN_PARAMS },
+      '@mimik/request-retry': { rpRetry: () => Promise.resolve() },
+      'swagger-client': { default: { resolve: () => Promise.resolve() } },
+      'openapi-backend': {
+        OpenAPIBackend: class {
+          constructor(opts) { this.opts = opts; }
+          register(ops) { registeredOps = ops; }
+          registerSecurityHandler(name, handler) { registeredSecurityHandlers[name] = handler; }
+          init() { return Promise.resolve(); }
+        },
+      },
+    });
+
+    ({ apiSetup } = mod);
+  });
+
+  beforeEach(() => {
+    registeredSecurityHandlers = {};
+    registeredOps = null;
+  });
+
+  const makeConfig = (env = 'production') => ({
+    nodeEnvironment: env,
+    serverSettings: { basePath: '/api', securitySet: 'off' },
+    security: {
+      server: { audience: 'aud', issuer: 'iss', accessKey: 'key' },
+      generic: { audience: 'noGeneric', key: 'noGeneric' },
+      admin: { externalId: 'admin' },
+      apiKeys: ['key1'],
+    },
+  });
+
+  it('should return a promise that resolves to the api object', async () => {
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: [],
+      definedSecuritySchemes: [],
+    };
+
+    const result = await apiSetup(setup, {}, null, null, makeConfig(), 'corr-1');
+    expect(result).to.have.property('opts');
+  });
+
+  it('should register default security handlers for existing schemes', async () => {
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: ['SystemSecurity', 'AdminSecurity'],
+      definedSecuritySchemes: ['SystemSecurity', 'AdminSecurity'],
+    };
+
+    await apiSetup(setup, {}, null, null, makeConfig(), 'corr-2');
+    expect(registeredSecurityHandlers).to.have.property('SystemSecurity');
+    expect(registeredSecurityHandlers).to.have.property('AdminSecurity');
+  });
+
+  it('should use mock mode for local environment', async () => {
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: ['SystemSecurity'],
+      definedSecuritySchemes: ['SystemSecurity'],
+    };
+
+    await apiSetup(setup, {}, null, null, makeConfig('local'), 'corr-3');
+    expect(registeredSecurityHandlers).to.have.property('SystemSecurity');
+  });
+
+  it('should throw for unused security handlers', () => {
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: [],
+      definedSecuritySchemes: ['SystemSecurity'],
+    };
+    const handlers = {
+      SystemSecurity: { regular: () => true, mock: () => true },
+      UnknownSecurity: { regular: () => true, mock: () => true },
+    };
+
+    expect(() => apiSetup(setup, {}, handlers, null, makeConfig(), 'corr-4'))
+      .to.throw('unused handlers for security schemes');
+  });
+
+  it('should throw for missing handlers when remainingSecurities exist', () => {
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: [],
+      definedSecuritySchemes: ['CustomSecurity'],
+    };
+
+    expect(() => apiSetup(setup, {}, null, null, makeConfig(), 'corr-5'))
+      .to.throw('missing handlers for security schemes');
+  });
+
+  it('should throw for missing handler for a specific security scheme', () => {
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: [],
+      definedSecuritySchemes: ['CustomSecurity', 'OtherSecurity'],
+    };
+    const handlers = {
+      CustomSecurity: { regular: () => true, mock: () => true },
+    };
+
+    expect(() => apiSetup(setup, {}, handlers, null, makeConfig(), 'corr-6'))
+      .to.throw('missing handler for security scheme');
+  });
+
+  it('should allow disabled security schemes via notEnabled', async () => {
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: [],
+      definedSecuritySchemes: ['PeerSecurity'],
+    };
+    const handlers = {
+      PeerSecurity: { notEnabled: true },
+    };
+
+    const result = await apiSetup(setup, {}, handlers, null, makeConfig(), 'corr-7');
+    expect(result).to.have.property('opts');
+    expect(registeredSecurityHandlers).to.not.have.property('PeerSecurity');
+  });
+
+  it('should not register default handler when custom handler is provided', async () => {
+    const customHandler = () => 'custom';
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: ['SystemSecurity'],
+      definedSecuritySchemes: ['SystemSecurity'],
+    };
+    const handlers = {
+      SystemSecurity: { regular: customHandler, mock: customHandler },
+    };
+
+    await apiSetup(setup, {}, handlers, null, makeConfig(), 'corr-8');
+    expect(registeredSecurityHandlers.SystemSecurity).to.equal(customHandler);
+  });
+
+  it('should register operations', async () => {
+    const ops = { getUsers: () => {}, createUser: () => {} };
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: [],
+      definedSecuritySchemes: [],
+    };
+
+    await apiSetup(setup, ops, null, null, makeConfig(), 'corr-9');
+    expect(registeredOps).to.equal(ops);
+  });
+
+  it('should use regular mode for production with securitySet on', async () => {
+    const config = makeConfig('local');
+
+    config.serverSettings.securitySet = 'on';
+    const setup = {
+      apiFilename: '/test/api.json',
+      existingSecuritySchemes: ['SystemSecurity'],
+      definedSecuritySchemes: ['SystemSecurity'],
+    };
+
+    await apiSetup(setup, {}, null, null, config, 'corr-10');
+    expect(registeredSecurityHandlers).to.have.property('SystemSecurity');
+  });
+});
+
+describe('setupServerFiles', () => {
+  let setupServerFiles;
+  let mockRpRetry;
+  let mockSwaggerResolve;
+
+  before(async () => {
+    mockRpRetry = () => Promise.resolve({ openapi: '3.0.0' });
+    mockSwaggerResolve = opts => Promise.resolve({ spec: opts.spec, errors: [] });
+
+    const mod = await esmock('../index.js', {
+      '@mimik/response-helper': { getRichError },
+      '@mimik/sumologic-winston-logger': mockLogger,
+      '@mimik/swagger-helper': { rejectRequest: () => {}, TOKEN_PARAMS },
+      '@mimik/request-retry': { rpRetry: (...args) => mockRpRetry(...args) },
+      'swagger-client': { default: { resolve: (...args) => mockSwaggerResolve(...args) } },
+      'openapi-backend': {
+        OpenAPIBackend: class {
+          register() {}
+          registerSecurityHandler() {}
+          init() { return Promise.resolve(); }
+        },
+      },
+    });
+
+    ({ setupServerFiles } = mod);
+  });
+
+  beforeEach(() => {
+    tmpDir = fsReal.mkdtempSync(path.join(os.tmpdir(), 'setupserverfiles-test-'));
+    mockRpRetry = () => Promise.resolve({ openapi: '3.0.0' });
+    mockSwaggerResolve = opts => Promise.resolve({ spec: opts.spec, errors: [] });
+  });
+
+  afterEach(() => {
+    fsReal.rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  it('should return apiDefinition, apiFilename, and security schemes', async () => {
+    const apiDefinition = {
+      openapi: '3.0.0',
+      components: {
+        securitySchemes: {
+          SystemSecurity: { type: 'oauth2', flows: { clientCredentials: {} } },
+        },
+      },
+    };
+    const apiFile = path.join(tmpDir, 'api.json');
+
+    fsReal.writeFileSync(apiFile, JSON.stringify(apiDefinition));
+    const controllersDir = path.join(tmpDir, 'controllers');
+
+    fsReal.mkdirSync(controllersDir);
+    const buildDir = path.join(tmpDir, 'build');
+
+    fsReal.mkdirSync(buildDir);
+
+    const result = await setupServerFiles(apiFile, controllersDir, buildDir, 'corr-1');
+    expect(result).to.have.property('apiDefinition');
+    expect(result).to.have.property('apiFilename', apiFile);
+    expect(result.existingSecuritySchemes).to.include('SystemSecurity');
+    expect(result.definedSecuritySchemes).to.include('SystemSecurity');
+  });
+
+  it('should return empty security schemes when none defined', async () => {
+    const apiDefinition = { openapi: '3.0.0' };
+    const apiFile = path.join(tmpDir, 'api.json');
+
+    fsReal.writeFileSync(apiFile, JSON.stringify(apiDefinition));
+    const controllersDir = path.join(tmpDir, 'controllers');
+
+    fsReal.mkdirSync(controllersDir);
+    const buildDir = path.join(tmpDir, 'build');
+
+    fsReal.mkdirSync(buildDir);
+
+    const result = await setupServerFiles(apiFile, controllersDir, buildDir, 'corr-2');
+    expect(result.existingSecuritySchemes).to.deep.equal([]);
+    expect(result.definedSecuritySchemes).to.deep.equal([]);
+  });
+
+  it('should create register.js in build directory', async () => {
+    const apiDefinition = {
+      openapi: '3.0.0',
+      paths: {
+        '/users': {
+          get: {
+            'operationId': 'getUsers',
+            'x-swagger-router-controller': 'userCtrl',
+          },
+        },
+      },
+    };
+    const apiFile = path.join(tmpDir, 'api.json');
+
+    fsReal.writeFileSync(apiFile, JSON.stringify(apiDefinition));
+    const controllersDir = path.join(tmpDir, 'controllers');
+
+    fsReal.mkdirSync(controllersDir);
+    fsReal.writeFileSync(path.join(controllersDir, 'userCtrl.js'), 'export {\n  getUsers,\n};');
+    const buildDir = path.join(tmpDir, 'build');
+
+    fsReal.mkdirSync(buildDir);
+
+    await setupServerFiles(apiFile, controllersDir, buildDir, 'corr-3');
+    expect(fsReal.existsSync(path.join(buildDir, 'register.js'))).to.equal(true);
+    const content = fsReal.readFileSync(path.join(buildDir, 'register.js'), 'utf8');
+
+    expect(content).to.include('getUsers');
+  });
+
+  it('should filter out null values from existingSecuritySchemes', async () => {
+    const apiDefinition = {
+      openapi: '3.0.0',
+      components: {
+        securitySchemes: {
+          AdminSecurity: { type: 'oauth2', flows: { clientCredentials: {} } },
+        },
+      },
+    };
+    const apiFile = path.join(tmpDir, 'api.json');
+
+    fsReal.writeFileSync(apiFile, JSON.stringify(apiDefinition));
+    const controllersDir = path.join(tmpDir, 'controllers');
+
+    fsReal.mkdirSync(controllersDir);
+    const buildDir = path.join(tmpDir, 'build');
+
+    fsReal.mkdirSync(buildDir);
+
+    const result = await setupServerFiles(apiFile, controllersDir, buildDir, 'corr-4');
+    expect(result.existingSecuritySchemes).to.not.include(null);
+    expect(result.existingSecuritySchemes).to.include('AdminSecurity');
+  });
+});