@mimik/api-helper 3.0.0 → 3.0.2

package/README.md

@@ -1,3 +1,21 @@
+## Modules
+
+<dl>
+<dt><a href="#module_api-helper">api-helper</a></dt>
+<dd></dd>
+</dl>
+
+## Typedefs
+
+<dl>
+<dt><a href="#UUID">UUID</a> : <code>string</code></dt>
+<dd><p>UUID string in RFC 4122 format.</p>
+</dd>
+<dt><a href="#PATH">PATH</a> : <code>string</code></dt>
+<dd><p>File system path string.</p>
+</dd>
+</dl>
+
 <a name="module_api-helper"></a>
 
 ## api-helper
@@ -21,19 +39,19 @@ import { apiSetup, securityLib, getAPIFile, validateSecuritySchemes, extractProp
 <a name="module_api-helper..apiSetup"></a>
 
 ### api-helper~apiSetup(setup, registeredOperations, securityHandlers, extraFormats, config, correlationId) ⇒ <code>Promise.&lt;object&gt;</code>
-Setup the API to be used for a service
+Set up the API to be used for a service
 
 **Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
-**Returns**: <code>Promise.&lt;object&gt;</code> - The API file itself.  
+**Returns**: <code>Promise.&lt;object&gt;</code> - The initialized OpenAPIBackend instance.  
 **Category**: async  
 **Throws**:
 
-- <code>Promise</code> An error is thrown if the initialization failed.
+- <code>Error</code> Rejects with an error if the initialization failed.
 
 The following scheme names are reserved: `SystemSecurity`, `AdminSecurity`, `UserSecurity`, `PeerSecurity`, `ApiKeySecurity`.
 The following security schemes can be defaulted: `SystemSecurity`, `AdminSecurity`, `UserSecurity`, `ApiKeySecurity`.
 The secOptions in the options property passed when using `init` allows the following operations:
-- introduce a customer security scheme, in this case secOptions contains: { newSecurityScheme: {function}newSecurityHandler },
+- introduce a custom security scheme, in this case secOptions contains: { newSecurityScheme: {function}newSecurityHandler },
 - disable a security scheme that is defined in the swagger API, in this case secOptions contains: { securitySchemeToDisable: { {boolean}notEnabled: true } },
 - overwrite an existing security scheme, in this case secOptions contains: { securitySchemeToOverwrite: {function}newSecurityHandler }.
 If the secOptions is not present either to introduce, disable or overwrite a security scheme that is present in the swagger API file an error is generated.
@@ -46,23 +64,26 @@ The default formats for validation are: `date`, `time`, `date-time`, `byte`, `uu
 | Param | Type | Description |
 | --- | --- | --- |
 | setup | <code>object</code> | Object containing the apiFilename and the existing security schemes in the API definition. |
-| registeredOperations | <code>object</code> | List of the operation to register for the API. |
-| securityHandlers | <code>object</code> | List of the security handlers to add for the service. |
-| extraFormats | <code>object</code> | list of the formats to add for validating properties. |
+| setup.apiFilename | [<code>PATH</code>](#PATH) | Path to the resolved API definition file. |
+| setup.existingSecuritySchemes | <code>Array.&lt;string&gt;</code> | Known security scheme names present in the API definition. |
+| setup.definedSecuritySchemes | <code>Array.&lt;string&gt;</code> | All security scheme names defined in the API definition. |
+| registeredOperations | <code>object</code> | Map of operationId to handler function to register for the API. |
+| securityHandlers | <code>object</code> | Map of security scheme name to handler object to add for the service. |
+| extraFormats | <code>object</code> | Map of format name to format definition for validating properties. Each entry is either an empty object (to use a built-in ajv-formats format) or an object with `type` and `validate` properties (to define a custom format). |
 | config | <code>object</code> | Configuration of the service. |
-| correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activities. |
+| correlationId | [<code>UUID</code>](#UUID) | CorrelationId when logging activities. |
 
 <a name="module_api-helper..getAPIFile"></a>
 
 ### api-helper~getAPIFile(apiFilename, correlationId, options) ⇒ <code>Promise.&lt;object&gt;</code>
-Gets the API file from swaggerhub and stores it in the given PATH location.
+Gets and resolves the API definition, loading from local file, Bitbucket, or SwaggerHub, and stores it in the given PATH location.
 
 **Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Returns**: <code>Promise.&lt;object&gt;</code> - The API file itself.  
 **Category**: async  
 **Throws**:
 
-- <code>Promise</code> An error is thrown if the apiFilename resolution generates an error or the request to the API provider fails or the file cannot be saved.
+- <code>Error</code> Rejects with an error if the apiFilename resolution generates an error or the request to the API provider fails or the file cannot be saved.
 
 `apiInfo` options has the following format:
 ``` javascript
@@ -80,45 +101,45 @@ Gets the API file from swaggerhub and stores it in the given PATH location.
 
 | Param | Type | Description |
 | --- | --- | --- |
-| apiFilename | <code>PATH.&lt;string&gt;</code> | Name of the file where the API file will be stored. |
-| correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activities. |
+| apiFilename | [<code>PATH</code>](#PATH) | Name of the file where the API file will be stored. |
+| correlationId | [<code>UUID</code>](#UUID) | CorrelationId when logging activities. |
 | options | <code>object</code> | Options associated with the call. Use to pass `metrics` to `rpRetry` and `apiInfo` to access the api file in the api provider. |
 
 <a name="module_api-helper..setupServerFiles"></a>
 
 ### api-helper~setupServerFiles(apiFilename, controllersDirectory, buildDirectory, correlationId, options) ⇒ <code>Promise.&lt;object&gt;</code>
-Setup and validates files for the server
+Sets up and validates files for the server
 
 **Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Returns**: <code>Promise.&lt;object&gt;</code> - The API file, the API filename, the existing known security schemes and the defined security schemes.  
 **Category**: async  
 **Throws**:
 
-- <code>Promise</code> An error is thrown for many reasons associated with getAPIFile or validateSecuritySchemes or extractProperties.
+- <code>Error</code> Rejects with an error for many reasons associated with getAPIFile or validateSecuritySchemes or extractProperties.
 
 **Requires**: <code>module:@mimik/request-retry</code>, <code>module:@mimik/response-helper</code>, <code>module:@mimik/sumologic-winston-logger</code>, <code>module:fs</code>, <code>module:js-yaml</code>, <code>module:path</code>  
 
 | Param | Type | Description |
 | --- | --- | --- |
-| apiFilename | <code>PATH.&lt;string&gt;</code> | Name of the file where the API file will be stored. |
-| controllersDirectory | <code>PATH.&lt;string&gt;</code> | Directory to find the controller files. |
-| buildDirectory | <code>PATH.&lt;string&gt;</code> | Directory where the register file will be stored. |
-| correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activities. |
+| apiFilename | [<code>PATH</code>](#PATH) | Name of the file where the API file will be stored. |
+| controllersDirectory | [<code>PATH</code>](#PATH) | Directory to find the controller files. |
+| buildDirectory | [<code>PATH</code>](#PATH) | Directory where the register file will be stored. |
+| correlationId | [<code>UUID</code>](#UUID) | CorrelationId when logging activities. |
 | options | <code>object</code> | Options associated with the call. Use to pass `metrics` to `rpRetry` and `apiKey` to access private API. |
 
 <a name="module_api-helper..securityLib"></a>
 
 ### api-helper~securityLib(config) ⇒ <code>object</code>
-Implement the security flows for the API.
+Implements the security flows for the API.
 
 **Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Returns**: <code>object</code> - An object containing `SystemSecurity`, `AdminSecurity`, `UserSecurity`, and `ApiKeySecurity` handlers.
 
-This function is used to setup the following security handlers for the API:
-- `SystemSecurity` - used for the system operations, like /system, /onbehalf
-- `AdminSecurity` - used for the admin operations, like /admin,
-- `UserSecurity` - used for the user operations, like /user,
-- `ApiKeySecurity` - used for the API key operations, like /apikey,
+This function is used to set up the following security handlers for the API:
+- `SystemSecurity` - used for system-to-system operations, validates client credentials tokens.
+- `AdminSecurity` - used for admin operations, validates admin/subAdmin client credentials tokens.
+- `UserSecurity` - used for user operations, validates implicit flow tokens.
+- `ApiKeySecurity` - used for API key authenticated operations, validates API keys from headers.
 The security handlers are used to validate the tokens and scopes for the API operations.  
 **Category**: sync  
 **Requires**: <code>module:@mimik/swagger-helper</code>, <code>module:jsonwebtoken</code>  
@@ -137,32 +158,44 @@ Validates the known SecuritySchemes: `SystemSecurity`, `AdminSecurity`, `UserSec
 **Category**: sync  
 **Throws**:
 
-- An error is thrown if a validation fails.
+- <code>Error</code> An error is thrown if a validation fails.
 
 **Requires**: <code>module:@mimik/sumologic-winston-logger</code>, <code>module:@mimik/response-helper</code>  
 
 | Param | Type | Description |
 | --- | --- | --- |
 | apiDefinition | <code>object</code> | JSON object containing the API definition. |
-| correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activities. |
+| correlationId | [<code>UUID</code>](#UUID) | CorrelationId when logging activities. |
 
 <a name="module_api-helper..extractProperties"></a>
 
 ### api-helper~extractProperties(apiDefinition, controllersDirectory, buildDirectory, correlationId) ⇒ <code>void</code>
-Extracts the properties from API definition and creates a file binding the handler with the controller operations.
+Extracts the properties from API definition and creates a `register.js` file in the build directory binding the handler with the controller operations.
 
 **Kind**: inner method of [<code>api-helper</code>](#module_api-helper)  
 **Category**: sync  
 **Throws**:
 
-- An error is thrown for many reasons, like operationId does not exist in controllers, controller does not exist...
+- <code>Error</code> An error is thrown for many reasons, like operationId does not exist in controllers, controller does not exist...
 
 **Requires**: <code>module:@mimik/response-helper</code>, <code>module:@mimik/sumologic-winston-logger</code>, <code>module:fs</code>  
 
 | Param | Type | Description |
 | --- | --- | --- |
 | apiDefinition | <code>object</code> | JSON object containing the API definition. |
-| controllersDirectory | <code>PATH.&lt;string&gt;</code> | Directory to find the controller files. |
-| buildDirectory | <code>PATH.&lt;string&gt;</code> | Directory where the register file will be stored. |
-| correlationId | <code>UUID.&lt;string&gt;</code> | CorrelationId when logging activities. |
+| controllersDirectory | [<code>PATH</code>](#PATH) | Directory to find the controller files. |
+| buildDirectory | [<code>PATH</code>](#PATH) | Directory where the register file will be stored. |
+| correlationId | [<code>UUID</code>](#UUID) | CorrelationId when logging activities. |
+
+<a name="UUID"></a>
+
+## UUID : <code>string</code>
+UUID string in RFC 4122 format.
+
+**Kind**: global typedef  
+<a name="PATH"></a>
+
+## PATH : <code>string</code>
+File system path string.
 
+**Kind**: global typedef  

package/index.js

@@ -38,6 +38,14 @@ import pathLib from 'path';
 import { rpRetry } from '@mimik/request-retry';
 import { saveProperties } from './lib/extract-helper.js';
 import { securityLib } from './lib/securityHandlers.js';
+/**
+ * UUID string in RFC 4122 format.
+ * @typedef {string} UUID
+ */
+/**
+ * File system path string.
+ * @typedef {string} PATH
+ */
 /**
  * @module api-helper
  * @example
@@ -54,7 +62,7 @@ const API_VERSION_INDEX = 2;
 const POSTFIX_INDEX = 3;
 /**
  *
- * Implement the security flows for the API.
+ * Implements the security flows for the API.
  *
  * @function securityLib
  * @category sync
@@ -63,37 +71,40 @@ const POSTFIX_INDEX = 3;
  * @param {object} config - Configuration of the service.
  * @return {object} An object containing `SystemSecurity`, `AdminSecurity`, `UserSecurity`, and `ApiKeySecurity` handlers.
  *
- * This function is used to setup the following security handlers for the API:
- * - `SystemSecurity` - used for the system operations, like /system, /onbehalf
- * - `AdminSecurity` - used for the admin operations, like /admin,
- * - `UserSecurity` - used for the user operations, like /user,
- * - `ApiKeySecurity` - used for the API key operations, like /apikey,
+ * This function is used to set up the following security handlers for the API:
+ * - `SystemSecurity` - used for system-to-system operations, validates client credentials tokens.
+ * - `AdminSecurity` - used for admin operations, validates admin/subAdmin client credentials tokens.
+ * - `UserSecurity` - used for user operations, validates implicit flow tokens.
+ * - `ApiKeySecurity` - used for API key authenticated operations, validates API keys from headers.
  * The security handlers are used to validate the tokens and scopes for the API operations.
  */
 export { securityLib };
 
 /**
  *
- * Setup the API to be used for a service
+ * Set up the API to be used for a service
  *
  * @function apiSetup
  * @category async
  * @requires @mimik/response-helper
  * @requires @mimik/sumologic-winston-logger
  * @requires openapi-backend
- * @param {object} setup -  Object containing the apiFilename and the existing security schemes in the API definition.
- * @param {object} registeredOperations - List of the operation to register for the API.
- * @param {object} securityHandlers - List of the security handlers to add for the service.
- * @param {object} extraFormats - list of the formats to add for validating properties.
+ * @param {object} setup - Object containing the apiFilename and the existing security schemes in the API definition.
+ * @param {PATH} setup.apiFilename - Path to the resolved API definition file.
+ * @param {Array.<string>} setup.existingSecuritySchemes - Known security scheme names present in the API definition.
+ * @param {Array.<string>} setup.definedSecuritySchemes - All security scheme names defined in the API definition.
+ * @param {object} registeredOperations - Map of operationId to handler function to register for the API.
+ * @param {object} securityHandlers - Map of security scheme name to handler object to add for the service.
+ * @param {object} extraFormats - Map of format name to format definition for validating properties. Each entry is either an empty object (to use a built-in ajv-formats format) or an object with `type` and `validate` properties (to define a custom format).
  * @param {object} config - Configuration of the service.
- * @param {UUID.<string>} correlationId - CorrelationId when logging activities.
- * @return {Promise.<object>} The API file itself.
- * @throws {Promise} An error is thrown if the initialization failed.
+ * @param {UUID} correlationId - CorrelationId when logging activities.
+ * @return {Promise.<object>} The initialized OpenAPIBackend instance.
+ * @throws {Error} Rejects with an error if the initialization failed.
  *
  * The following scheme names are reserved: `SystemSecurity`, `AdminSecurity`, `UserSecurity`, `PeerSecurity`, `ApiKeySecurity`.
  * The following security schemes can be defaulted: `SystemSecurity`, `AdminSecurity`, `UserSecurity`, `ApiKeySecurity`.
  * The secOptions in the options property passed when using `init` allows the following operations:
- * - introduce a customer security scheme, in this case secOptions contains: { newSecurityScheme: {function}newSecurityHandler },
+ * - introduce a custom security scheme, in this case secOptions contains: { newSecurityScheme: {function}newSecurityHandler },
  * - disable a security scheme that is defined in the swagger API, in this case secOptions contains: { securitySchemeToDisable: { {boolean}notEnabled: true } },
  * - overwrite an existing security scheme, in this case secOptions contains: { securitySchemeToOverwrite: {function}newSecurityHandler }.
  * If the secOptions is not present either to introduce, disable or overwrite a security scheme that is present in the swagger API file an error is generated.
@@ -124,7 +135,7 @@ export const apiSetup = (setup, registeredOperations, securityHandlers, extraFor
   let mode;
 
   api.register(registeredOperations);
-  if (config && (config.nodeEnvironment.toLowerCase() !== LOCAL || config.serverSettings.securitySet === SET_ON)) {
+  if (config.nodeEnvironment.toLowerCase() !== LOCAL || config.serverSettings.securitySet === SET_ON) {
     mode = SECURITY_ON;
   }
   else {
@@ -152,7 +163,7 @@ export const apiSetup = (setup, registeredOperations, securityHandlers, extraFor
     if (unusedSecuritySchemes.length !== EMPTY) throw getRichError('System', 'unused handlers for security schemes', { unusedSecuritySchemes });
 
     remainingSecurities.forEach((securityScheme) => {
-      if (!securityHandlerNames.includes(securityScheme) && !securityHandlers[securityScheme]?.notEnabled) {
+      if (!securityHandlerNames.includes(securityScheme)) {
         throw getRichError('System', 'missing handler for security scheme', { securityScheme });
       }
     });
@@ -165,7 +176,7 @@ export const apiSetup = (setup, registeredOperations, securityHandlers, extraFor
   else if (remainingSecurities.length !== EMPTY) throw getRichError('System', 'missing handlers for security schemes', { missingSecuritySchemes: remainingSecurities });
   return api.init()
     .catch((err) => {
-      throw getRichError('System', 'could not initialize the api', { api }, err);
+      throw getRichError('System', 'could not initialize the api', { apiFilename }, err);
     })
     .then(() => api);
 };
@@ -228,7 +239,7 @@ const buildProviderRequest = (params, apiInfo, apiFilename) => {
 
 /**
  *
- * Gets the API file from swaggerhub and stores it in the given PATH location.
+ * Gets and resolves the API definition, loading from local file, Bitbucket, or SwaggerHub, and stores it in the given PATH location.
  *
  * @function getAPIFile
  * @category async
@@ -238,11 +249,11 @@ const buildProviderRequest = (params, apiInfo, apiFilename) => {
  * @requires fs
  * @requires js-yaml
  * @requires path
- * @param {PATH.<string>} apiFilename -  Name of the file where the API file will be stored.
- * @param {UUID.<string>} correlationId - CorrelationId when logging activities.
+ * @param {PATH} apiFilename - Name of the file where the API file will be stored.
+ * @param {UUID} correlationId - CorrelationId when logging activities.
  * @param {object} options - Options associated with the call. Use to pass `metrics` to `rpRetry` and `apiInfo` to access the api file in the api provider.
  * @return {Promise.<object>} The API file itself.
- * @throws {Promise} An error is thrown if the apiFilename resolution generates an error or the request to the API provider fails or the file cannot be saved.
+ * @throws {Error} Rejects with an error if the apiFilename resolution generates an error or the request to the API provider fails or the file cannot be saved.
  *
  * `apiInfo` options has the following format:
  * ``` javascript
@@ -368,9 +379,9 @@ export const getAPIFile = (apiFilename, correlationId, options) => {
  * @requires @mimik/sumologic-winston-logger
  * @requires @mimik/response-helper
  * @param {object} apiDefinition - JSON object containing the API definition.
- * @param {UUID.<string>} correlationId - CorrelationId when logging activities.
+ * @param {UUID} correlationId - CorrelationId when logging activities.
  * @return {Array.<string>} An array of the known securitySchemes that are in the API definition.
- * @throws An error is thrown if a validation fails.
+ * @throws {Error} An error is thrown if a validation fails.
  */
 export const validateSecuritySchemes = (apiDefinition, correlationId) => {
   const existingSecuritySchemes = [];
@@ -390,7 +401,7 @@ export const validateSecuritySchemes = (apiDefinition, correlationId) => {
 
 /**
  *
- * Extracts the properties from API definition and creates a file binding the handler with the controller operations.
+ * Extracts the properties from API definition and creates a `register.js` file in the build directory binding the handler with the controller operations.
  *
  * @function extractProperties
  * @category sync
@@ -398,11 +409,11 @@ export const validateSecuritySchemes = (apiDefinition, correlationId) => {
  * @requires @mimik/sumologic-winston-logger
  * @requires fs
  * @param {object} apiDefinition - JSON object containing the API definition.
- * @param {PATH.<string>} controllersDirectory - Directory to find the controller files.
- * @param {PATH.<string>} buildDirectory - Directory where the register file will be stored.
- * @param {UUID.<string>} correlationId - CorrelationId when logging activities.
+ * @param {PATH} controllersDirectory - Directory to find the controller files.
+ * @param {PATH} buildDirectory - Directory where the register file will be stored.
+ * @param {UUID} correlationId - CorrelationId when logging activities.
  * @return {void}
- * @throws An error is thrown for many reasons, like operationId does not exist in controllers, controller does not exist...
+ * @throws {Error} An error is thrown for many reasons, like operationId does not exist in controllers, controller does not exist...
  */
 export const extractProperties = (apiDefinition, controllersDirectory, buildDirectory, correlationId) => {
   const result = {};
@@ -447,17 +458,19 @@ export const extractProperties = (apiDefinition, controllersDirectory, buildDire
             catch (err) {
               throw getRichError('System', 'file system error', { controllerFilename }, err);
             }
+            let file;
+
             try {
-              const file = fs.readFileSync(controllerFilename, 'utf8');
-              if (!file.includes(`${operation.operationId},`)
-                && !file.includes(`${operation.operationId}:`)
-                && !file.includes(`export ${operation.operationId}`)) { // code must be linted before
-                throw getRichError('System', 'missing operationId in controller file', { controllerFilename, operationId: operation.operationId });
-              }
+              file = fs.readFileSync(controllerFilename, 'utf8');
             }
             catch (err) {
               throw getRichError('System', 'file system error', { controllerFilename, operationId: operation.operationId }, err);
             }
+            if (!file.includes(`${operation.operationId},`)
+              && !file.includes(`${operation.operationId}:`)
+              && !file.includes(`export ${operation.operationId}`)) { // code must be linted before
+              throw getRichError('System', 'missing operationId in controller file', { controllerFilename, operationId: operation.operationId });
+            }
             if (result[controller]) result[controller].push(operation.operationId);
             else result[controller] = [operation.operationId];
           }
@@ -473,7 +486,7 @@ export const extractProperties = (apiDefinition, controllersDirectory, buildDire
 
 /**
  *
- * Setup and validates files for the server
+ * Sets up and validates files for the server
  *
  * @function setupServerFiles
  * @category async
@@ -483,13 +496,13 @@ export const extractProperties = (apiDefinition, controllersDirectory, buildDire
  * @requires fs
  * @requires js-yaml
  * @requires path
- * @param {PATH.<string>} apiFilename -  Name of the file where the API file will be stored.
- * @param {PATH.<string>} controllersDirectory - Directory to find the controller files.
- * @param {PATH.<string>} buildDirectory - Directory where the register file will be stored.
- * @param {UUID.<string>} correlationId - CorrelationId when logging activities.
+ * @param {PATH} apiFilename - Name of the file where the API file will be stored.
+ * @param {PATH} controllersDirectory - Directory to find the controller files.
+ * @param {PATH} buildDirectory - Directory where the register file will be stored.
+ * @param {UUID} correlationId - CorrelationId when logging activities.
  * @param {object} options - Options associated with the call. Use to pass `metrics` to `rpRetry` and `apiKey` to access private API.
  * @return {Promise.<object>} The API file, the API filename, the existing known security schemes and the defined security schemes.
- * @throws {Promise} An error is thrown for many reasons associated with getAPIFile or validateSecuritySchemes or extractProperties.
+ * @throws {Error} Rejects with an error for many reasons associated with getAPIFile or validateSecuritySchemes or extractProperties.
  */
 export const setupServerFiles = (apiFilename, controllersDirectory, buildDirectory, correlationId, options) => getAPIFile(apiFilename, correlationId, options)
   .then((apiDefinition) => {

package/lib/baseHandlers.js

@@ -1,14 +1,10 @@
+import { ERROR_CODE } from '@mimik/response-helper';
 import { rejectRequest } from '@mimik/swagger-helper';
 
-const PARAMETER_ERROR = 400;
-const NOT_FOUND_ERROR = 404;
-const UNAUTHORIZED_ERROR = 401;
-const NOT_IMPLEMENTED_ERROR = 501;
-
 const validationFail = (con, req, res) => {
   const error = new Error('Failed schema validation');
 
-  error.statusCode = PARAMETER_ERROR;
+  error.statusCode = ERROR_CODE.PARAMETER;
   error.info = {
     method: req.method,
     path: req.url,
@@ -22,7 +18,7 @@ const notFound = (con, req, res) => {
   const path = req.url;
   const error = new Error(`path ${path} not defined in Swagger specification`);
 
-  error.statusCode = NOT_FOUND_ERROR;
+  error.statusCode = ERROR_CODE.NOT_FOUND;
   error.info = {
     method: req.method,
     path,
@@ -33,7 +29,7 @@ const notFound = (con, req, res) => {
 const unauthorizedHandler = (con, req, res) => {
   let error = new Error('Unauthorized');
 
-  error.statusCode = UNAUTHORIZED_ERROR;
+  error.statusCode = ERROR_CODE.UNAUTHORIZED;
   const schemes = Object.keys(con.security).filter(key => key !== 'authorized');
 
   schemes.forEach((scheme) => {
@@ -50,7 +46,7 @@ const notImplemented = (con, req, res) => {
   const path = req.url;
   const error = new Error(`${method} ${path} defined in Swagger specification, but not implemented`);
 
-  error.statusCode = NOT_IMPLEMENTED_ERROR;
+  error.statusCode = ERROR_CODE.NOT_IMPLEMENTED;
   error.info = {
     method,
     path,
@@ -64,7 +60,7 @@ const methodNotAllowed = (con, req, res) => {
   const path = req.url;
   const error = new Error(`path ${path} defined in Swagger specification, but the method ${method} is not defined`);
 
-  error.statusCode = NOT_IMPLEMENTED_ERROR;
+  error.statusCode = ERROR_CODE.NOT_ALLOWED;
   error.info = {
     method,
     path,
@@ -72,24 +68,10 @@ const methodNotAllowed = (con, req, res) => {
   rejectRequest(error, con, res);
 };
 
-/*
-const postResponseHandler = (con, req, res) => {
-  const valid = con.api.validateResponse(con.response, con.operation);
-  console.log('----->', con.response);
-  console.log('----->', valid);
-  if (valid.errors) {
-    // response validation failed
-    return res.status(502).json({ status: 502, err: valid.errors });
-  }
-  return res.status(200).json(con.response);
-};
-*/
-
 export default {
   validationFail,
   notFound,
   unauthorizedHandler,
   notImplemented,
   methodNotAllowed,
-  // postResponseHandler,
 };

package/lib/common.js

@@ -50,7 +50,7 @@ const CLAIMS_SEPARATOR = ',';
 const BEARERS = ['bearer', 'Bearer'];
 const USER = 'user';
 const CLUSTER = 'cluster';
-const ESLINT_HEAD = '/* eslint sort-imports:"off" */\n';
+const ESLINT_HEAD = '/* eslint sort-imports: off */\n';
 
 export {
   X_ROUTER_CONTROLLER,

package/lib/extract-helper.js

@@ -25,23 +25,18 @@ const saveProperties = (extractResult, buildDirectory, controllersDirectoryName,
   }
   const controllers = Object.keys(extractResult);
   const operationIds = [];
-  let stringToSave = ESLINT_HEAD;
-  let itemToSave;
+  const imports = [];
 
   controllers.forEach((controller) => {
-    itemToSave = '';
-    extractResult[controller].forEach((operationId) => {
-      itemToSave += `  ${operationId},\n`;
+    const items = extractResult[controller].map((operationId) => {
       operationIds.push(operationId);
+      return `  ${operationId},`;
     });
-    stringToSave += `import {\n${itemToSave}} from '../${controllersDirectoryName}/${controller}${EXTENSION}';\n`;
-  });
-  stringToSave += '\nexport {\n';
-  itemToSave = '';
-  operationIds.forEach((operationId) => {
-    itemToSave += `  ${operationId},\n`;
+
+    imports.push(`import {\n${items.join('\n')}\n} from '../${controllersDirectoryName}/${controller}${EXTENSION}';`);
   });
-  stringToSave += `${itemToSave}};\n`;
+  const exportLines = operationIds.map(id => `  ${id},\n`).join('');
+  const stringToSave = `${ESLINT_HEAD}${imports.join('\n')}\n\nexport {\n${exportLines}};\n`;
   logger.info(`creating ${filename}`, { filename }, correlationId);
   try {
     fs.writeFileSync(filename, stringToSave);

package/lib/oauthValidation-helper.js

@@ -28,10 +28,10 @@ const validateApiKey = (securitySchemes, securityType) => {
 
     if (security) {
       if (security.in !== API_KEY_IN) {
-        throw getRichError('System', `apikey security must be in ${API_KEY_IN}`, { securityType, receivedIn: security.in, expectedIn: API_KEY_IN });
+        throw getRichError('System', `API key security must be in ${API_KEY_IN}`, { securityType, receivedIn: security.in, expectedIn: API_KEY_IN });
       }
       if (security.name !== API_KEY_NAME) {
-        throw getRichError('System', `apikey security must be named ${API_KEY_NAME}`, { securityType, receivedName: security.name, expectedName: API_KEY_NAME });
+        throw getRichError('System', `API key security must be named ${API_KEY_NAME}`, { securityType, receivedName: security.name, expectedName: API_KEY_NAME });
       }
       return securityType;
     }