@nest-openapi/validator 0.1.0

package/dist/index.cjs

@@ -0,0 +1,636 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  OPENAPI_VALIDATOR: () => OPENAPI_VALIDATOR,
+  OpenApiValidatorModule: () => OpenApiValidatorModule,
+  OpenApiValidatorService: () => OpenApiValidatorService,
+  Validate: () => Validate
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/modules/openapi-validator.module.ts
+var import_common5 = require("@nestjs/common");
+var import_core3 = require("@nestjs/core");
+
+// src/services/openapi-validator.service.ts
+var import_common = require("@nestjs/common");
+var import_runtime = require("@nest-openapi/runtime");
+var import_ajv = __toESM(require("ajv"), 1);
+var OPENAPI_VALIDATOR_OPTIONS = "OPENAPI_VALIDATOR_OPTIONS";
+var OPENAPI_VALIDATOR = "OPENAPI_VALIDATOR";
+var OpenApiValidatorService = class {
+  constructor(runtime, options) {
+    this.runtime = runtime;
+    this.options = options;
+    this.debugLog = import_runtime.DebugUtil.createDebugFn(this.logger, this.options.debug || false);
+    if (this.options.ajv instanceof import_ajv.default) {
+      this.ajv = this.options.ajv;
+    } else {
+      this.ajv = new import_ajv.default({
+        allErrors: true,
+        strict: "log",
+        ...this.options.requestValidation?.transform ? { coerceTypes: true, useDefaults: true } : {},
+        ...this.options.ajv?.options
+      });
+      this.options.ajv?.configure?.(this.ajv);
+    }
+    if (this.options.debug) {
+      const { code: _code, uriResolver: _uriResolver, ...opts } = this.ajv.opts;
+      this.debugLog(`AJV instance created with options:
+${JSON.stringify(opts, null, 2)}`);
+    }
+  }
+  logger = new import_common.Logger("OpenApiValidator");
+  ajv;
+  openApiSpec;
+  debugLog;
+  async onApplicationBootstrap() {
+    this.openApiSpec = this.runtime.spec;
+    this.registerComponentSchemas();
+    if (this.options.precompileSchemas) await this.precompileSchemas();
+  }
+  get isSpecLoaded() {
+    return !!this.openApiSpec;
+  }
+  get validationOptions() {
+    return this.options;
+  }
+  /**
+   * Register all component schemas with AJV so it can resolve $ref references
+   */
+  registerComponentSchemas() {
+    if (!this.openApiSpec?.components) {
+      this.debugLog("No components found to register");
+      return;
+    }
+    const components = this.openApiSpec.components;
+    if (components.schemas) {
+      for (const [schemaName, schema] of Object.entries(components.schemas)) {
+        try {
+          this.ajv.addSchema(schema, `#/components/schemas/${schemaName}`);
+          this.debugLog(`Registered component schema: ${schemaName}`);
+        } catch (error) {
+          this.logger.warn(`Failed to register component schema '${schemaName}':`, error);
+        }
+      }
+    }
+    if (components.parameters) {
+      for (const [paramName, param] of Object.entries(components.parameters)) {
+        try {
+          this.ajv.addSchema(param, `#/components/parameters/${paramName}`);
+          this.debugLog(`Registered component parameter: ${paramName}`);
+        } catch (error) {
+          this.logger.warn(`Failed to register component parameter '${paramName}':`, error);
+        }
+      }
+    }
+    if (components.requestBodies) {
+      for (const [requestBodyName, requestBody] of Object.entries(components.requestBodies)) {
+        try {
+          this.ajv.addSchema(requestBody, `#/components/requestBodies/${requestBodyName}`);
+          this.debugLog(`Registered component request body: ${requestBodyName}`);
+        } catch (error) {
+          this.logger.warn(`Failed to register component request body '${requestBodyName}':`, error);
+        }
+      }
+    }
+    if (components.responses) {
+      for (const [responseName, response] of Object.entries(components.responses)) {
+        try {
+          this.ajv.addSchema(response, `#/components/responses/${responseName}`);
+          this.debugLog(`Registered component response: ${responseName}`);
+        } catch (error) {
+          this.logger.warn(`Failed to register component response '${responseName}':`, error);
+        }
+      }
+    }
+  }
+  /**
+   * Walk the OpenAPI spec and eagerly compile all requestBody and parameter
+   * schemas. This is triggered when `options.performance.precompileSchemas === true` and
+   * eliminates runtime compilation overhead.
+   */
+  async precompileSchemas() {
+    if (!this.openApiSpec || !this.openApiSpec.paths) return;
+    let schemasCompiled = 0;
+    const startTime = Date.now();
+    for (const [routePath, pathItem] of Object.entries(this.openApiSpec.paths)) {
+      for (const method of Object.keys(pathItem)) {
+        if (!["get", "post", "put", "patch", "delete", "options", "head", "trace"].includes(method.toLowerCase())) {
+          continue;
+        }
+        const operation = pathItem[method];
+        if (!operation) continue;
+        const operationName = `${method.toUpperCase()} ${routePath}`;
+        if (operation.requestBody) {
+          const bodySchema = this.runtime.schemaResolver.extractBodySchema(operation.requestBody);
+          if (bodySchema) {
+            try {
+              this.ajv.compile(bodySchema);
+              schemasCompiled++;
+              this.debugLog(`Precompiled schema "${operationName}" request body`);
+            } catch (error) {
+              this.logger.warn(`Failed to compile schema "${operationName}" request body`, error);
+            }
+          }
+        }
+        if (operation.parameters) {
+          const parameterSchemas = this.runtime.schemaResolver.extractParameterSchemas(operation.parameters);
+          ["path", "query"].forEach((loc) => {
+            for (const p of parameterSchemas[loc] || []) {
+              const sch = this.runtime.schemaResolver.resolveSchema(p.schema);
+              if (sch) {
+                try {
+                  this.ajv.compile(this.getParameterSchema(sch));
+                  schemasCompiled++;
+                  this.debugLog(`Precompiled schema "${operationName}" request ${loc}`);
+                } catch (error) {
+                  this.logger.warn(`Failed to compile schema "${operationName}" request ${loc}`, error);
+                }
+              }
+            }
+          });
+        }
+        if (operation.responses) {
+          for (const [statusCode] of Object.entries(operation.responses)) {
+            const responseSchema = this.runtime.schemaResolver.extractResponseSchema(operation.responses, statusCode);
+            if (responseSchema) {
+              try {
+                this.ajv.compile(responseSchema);
+                schemasCompiled++;
+                this.debugLog(`Precompiled schema "${operationName}" response "${statusCode}"`);
+              } catch (error) {
+                this.logger.warn(`Failed to compile schema "${operationName}" response "${statusCode}"`, error);
+              }
+            }
+          }
+        }
+      }
+    }
+    const duration = Date.now() - startTime;
+    this.debugLog(`Precompiled ${schemasCompiled} schemas in ${duration}ms`);
+  }
+  findOperation(method, path) {
+    if (!this.openApiSpec) return null;
+    const openApiPath = path.replace(/:([^/]+)/g, "{$1}");
+    const operation = this.openApiSpec.paths[openApiPath]?.[method.toLowerCase()];
+    if (!operation) this.debugLog(`Found no operation for ${method} ${path}`);
+    return operation;
+  }
+  validateWithSchema(schema, data, type) {
+    const validator = this.ajv.compile(schema);
+    if (!validator(data)) {
+      const errors = validator.errors?.map((error) => ({
+        validationType: type,
+        ...error
+      }));
+      if (errors?.length) {
+        if (this.options.debug) this.debugLog(`Validation failed for "${type}"
+
+Schema:
+${JSON.stringify(schema, null, 2)}
+
+Data:
+${JSON.stringify(data, null, 2)}
+
+Errors:
+${JSON.stringify(errors, null, 2)}`);
+        return errors;
+      }
+      ;
+    }
+    if (this.options.debug) this.debugLog(`Validation passed for "${type}"
+
+Schema:
+${JSON.stringify(schema, null, 2)}
+
+Data:
+${JSON.stringify(data, null, 2)}`);
+    return null;
+  }
+  validateRequest(httpContext, options = { body: true, params: true, query: true }) {
+    if (!this.isSpecLoaded) return [];
+    const validationOptions = options;
+    const requestData = import_runtime.PlatformUtil.extractRequestData(httpContext);
+    const { method, path, body } = requestData;
+    const { params, query } = requestData;
+    if (!method || !path) return [];
+    const operation = this.findOperation(method, path);
+    if (!operation) return [];
+    const errors = [];
+    if (operation.parameters) {
+      const parameterSchemas = this.runtime.schemaResolver.extractParameterSchemas(operation.parameters);
+      if (validationOptions.params && parameterSchemas.path.length > 0 && params) {
+        const pathErrors = this.validateParameters(parameterSchemas.path, params, "path");
+        if (pathErrors.length) errors.push(...pathErrors);
+      }
+      if (validationOptions.query && parameterSchemas.query.length > 0 && query) {
+        const queryErrors = this.validateParameters(parameterSchemas.query, query, "query");
+        if (queryErrors.length) errors.push(...queryErrors);
+      }
+    }
+    if (validationOptions.body && operation.requestBody && body !== void 0) {
+      const bodySchema = this.runtime.schemaResolver.extractBodySchema(operation.requestBody);
+      if (bodySchema) {
+        const bodyErrors = this.validateWithSchema(bodySchema, body, "body");
+        if (bodyErrors) errors.push(...bodyErrors);
+      }
+    }
+    if (this.options.requestValidation?.transform) {
+      import_runtime.PlatformUtil.setTransformedRequestData(httpContext, { body, params, query });
+    }
+    return errors;
+  }
+  validateParameters(parameters, data, type) {
+    const errors = [];
+    for (const param of parameters) {
+      const value = data[param.name];
+      const isRequired = param.required === true;
+      if (isRequired && (value === void 0 || value === null || value === "")) {
+        this.debugLog(`Found missing required ${type} parameter: ${param.name}`);
+        errors.push({
+          validationType: type,
+          keyword: "required",
+          instancePath: `/${param.name}`,
+          schemaPath: `#/properties/${param.name}/required`,
+          params: { missingProperty: param.name },
+          message: `${param.name} is required`
+        });
+        continue;
+      }
+      if (value !== void 0 && param.schema) {
+        const schema = this.runtime.schemaResolver.resolveSchema(param.schema);
+        if (schema) {
+          const paramValue = { value };
+          const paramErrors = this.validateWithSchema(this.getParameterSchema(schema), paramValue, type);
+          data[param.name] = paramValue.value;
+          if (paramErrors) errors.push(...paramErrors);
+        }
+      }
+    }
+    return errors;
+  }
+  validateResponse(httpContext, statusCode, responseBody) {
+    if (!this.isSpecLoaded) return [];
+    const requestData = import_runtime.PlatformUtil.extractRequestData(httpContext);
+    const { method, path } = requestData;
+    if (!method || !path) return [];
+    const operation = this.findOperation(method, path);
+    if (!operation) return [];
+    if (!operation.responses) return [];
+    const responseSchema = this.runtime.schemaResolver.extractResponseSchema(operation.responses, statusCode);
+    if (responseSchema) {
+      const responseErrors = this.validateWithSchema(
+        responseSchema,
+        responseBody,
+        "response"
+      );
+      return responseErrors || [];
+    }
+    return [];
+  }
+  getParameterSchema(schema) {
+    return {
+      type: "object",
+      properties: {
+        value: schema
+      },
+      required: ["value"]
+    };
+  }
+};
+OpenApiValidatorService = __decorateClass([
+  (0, import_common.Injectable)(),
+  __decorateParam(0, (0, import_common.Inject)(import_runtime.OpenApiRuntimeService)),
+  __decorateParam(1, (0, import_common.Inject)(OPENAPI_VALIDATOR_OPTIONS))
+], OpenApiValidatorService);
+
+// src/interceptors/request-validation.interceptor.ts
+var import_common3 = require("@nestjs/common");
+var import_core = require("@nestjs/core");
+var import_runtime3 = require("@nest-openapi/runtime");
+
+// src/decorators/validate.decorator.ts
+var import_common2 = require("@nestjs/common");
+var VALIDATE_KEY = "VALIDATE";
+var Validate = (options = {}) => (0, import_common2.SetMetadata)(VALIDATE_KEY, options);
+
+// src/interceptors/request-validation.interceptor.ts
+var RequestValidationInterceptor = class {
+  constructor(validatorService, reflector) {
+    this.validatorService = validatorService;
+    this.reflector = reflector;
+    this.debugLog = import_runtime3.DebugUtil.createDebugFn(this.logger, this.validatorService.validationOptions.debug || false);
+  }
+  logger = new import_common3.Logger("OpenApiValidator");
+  debugLog;
+  async intercept(context, next) {
+    if (!this.validatorService.openApiSpec) {
+      this.debugLog("Skipped request validation - OpenAPI spec not loaded");
+      return next.handle();
+    }
+    if (this.validatorService.validationOptions.requestValidation?.enable === false) {
+      this.debugLog("Skipped request validation due to configuration");
+      return next.handle();
+    }
+    const validationConfig = this.getValidationDecorator(context);
+    if (validationConfig === false) {
+      this.debugLog("Skipped request validation due to configuration");
+      return next.handle();
+    }
+    const httpContext = context.switchToHttp();
+    try {
+      const errors = this.validatorService.validateRequest(httpContext, validationConfig);
+      if (errors.length > 0) {
+        if (this.validatorService.validationOptions.requestValidation?.onValidationFailed) {
+          this.validatorService.validationOptions.requestValidation.onValidationFailed(context, errors);
+        } else {
+          this.defaultOnValidationFailed(errors);
+        }
+      }
+    } catch (error) {
+      this.debugLog("Thrown error onValidationFailed", error);
+      throw error;
+    }
+    return next.handle();
+  }
+  getValidationDecorator(context) {
+    const validateMetadata = this.reflector.getAllAndOverride(
+      VALIDATE_KEY,
+      [context.getHandler(), context.getClass()]
+    );
+    if (validateMetadata) {
+      const { request } = validateMetadata;
+      if (request === false) return false;
+      if (request === true) {
+        return { params: true, query: true, body: true };
+      }
+      if (typeof request === "object" && request !== null) {
+        return {
+          params: request.params ?? true,
+          query: request.query ?? true,
+          body: request.body ?? true
+        };
+      }
+    }
+    return { params: true, query: true, body: true };
+  }
+  defaultOnValidationFailed(errors) {
+    throw new import_common3.BadRequestException({
+      message: "Validation failed",
+      errors
+    });
+  }
+};
+RequestValidationInterceptor = __decorateClass([
+  (0, import_common3.Injectable)(),
+  __decorateParam(0, (0, import_common3.Inject)(OPENAPI_VALIDATOR)),
+  __decorateParam(1, (0, import_common3.Inject)(import_core.Reflector))
+], RequestValidationInterceptor);
+
+// src/interceptors/response-validation.interceptor.ts
+var import_common4 = require("@nestjs/common");
+var import_operators = require("rxjs/operators");
+var import_core2 = require("@nestjs/core");
+var import_runtime5 = require("@nest-openapi/runtime");
+var ResponseValidationInterceptor = class {
+  constructor(validatorService, reflector) {
+    this.validatorService = validatorService;
+    this.reflector = reflector;
+    this.debugLog = import_runtime5.DebugUtil.createDebugFn(this.logger, this.validatorService.validationOptions.debug || false);
+  }
+  logger = new import_common4.Logger("OpenApiValidator");
+  debugLog;
+  intercept(context, next) {
+    if (!this.validatorService.openApiSpec) {
+      this.debugLog("Skipped response validation - OpenAPI spec not loaded");
+      return next.handle();
+    }
+    const shouldValidateResponse = this.shouldValidateResponse(context);
+    if (!shouldValidateResponse) {
+      this.debugLog("Skipped response validation due to configuration");
+      return next.handle();
+    }
+    const httpContext = context.switchToHttp();
+    const response = context.switchToHttp().getResponse();
+    return next.handle().pipe(
+      (0, import_operators.map)((data) => {
+        try {
+          const shouldSkipErrorResponses = this.validatorService.validationOptions.responseValidation?.skipErrorResponses;
+          if (shouldSkipErrorResponses && response.statusCode >= 400) {
+            this.debugLog(`Skipped response validation for error status code "${response.statusCode}"`);
+            return data;
+          }
+          const errors = this.validatorService.validateResponse(httpContext, response.statusCode, data);
+          if (errors.length > 0) {
+            if (this.validatorService.validationOptions.responseValidation?.onValidationFailed) {
+              this.validatorService.validationOptions.responseValidation.onValidationFailed(context, errors);
+            } else {
+              this.defaultOnValidationFailed(data, errors);
+            }
+          }
+        } catch (error) {
+          this.debugLog("Thrown error onValidationFailed", error);
+          throw error;
+        }
+        return data;
+      })
+    );
+  }
+  shouldValidateResponse(context) {
+    const validateMetadata = this.reflector.getAllAndOverride(
+      VALIDATE_KEY,
+      [context.getHandler(), context.getClass()]
+    );
+    if (validateMetadata) {
+      const { response } = validateMetadata;
+      if (response !== void 0) return response === true;
+    }
+    return this.validatorService.validationOptions.responseValidation?.enable === true;
+  }
+  defaultOnValidationFailed(data, errors) {
+    this.logger.warn(`Response validation failed:
+Data: ${JSON.stringify(data)}
+Errors: ${JSON.stringify(errors)}`);
+    throw new import_common4.InternalServerErrorException({ message: "Internal server error: Response validation failed" });
+  }
+};
+ResponseValidationInterceptor = __decorateClass([
+  (0, import_common4.Injectable)(),
+  __decorateParam(0, (0, import_common4.Inject)(OPENAPI_VALIDATOR)),
+  __decorateParam(1, (0, import_common4.Inject)(import_core2.Reflector))
+], ResponseValidationInterceptor);
+
+// src/modules/openapi-validator.module.ts
+var import_runtime7 = require("@nest-openapi/runtime");
+var OpenApiValidatorModule = class {
+  /**
+   * Configure the OpenAPI validator module with static options
+   */
+  static forRoot(options) {
+    const defaultOptions = {
+      debug: false,
+      requestValidation: { enable: true },
+      responseValidation: { enable: false, skipErrorResponses: true }
+    };
+    const mergedOptions = { ...defaultOptions, ...options };
+    const providers = [
+      // Validator options
+      { provide: OPENAPI_VALIDATOR_OPTIONS, useValue: mergedOptions },
+      // Bridge validator options -> runtime options
+      {
+        provide: import_runtime7.OPENAPI_RUNTIME_OPTIONS,
+        useValue: {
+          specSource: mergedOptions.specSource,
+          debug: mergedOptions.debug
+        }
+      },
+      // Core services
+      {
+        provide: import_runtime7.OpenApiRuntimeService,
+        useFactory: async (runtimeOptions) => {
+          const svc = new import_runtime7.OpenApiRuntimeService(runtimeOptions);
+          await svc.onModuleInit();
+          return svc;
+        },
+        inject: [import_runtime7.OPENAPI_RUNTIME_OPTIONS]
+      },
+      OpenApiValidatorService,
+      { provide: OPENAPI_VALIDATOR, useExisting: OpenApiValidatorService },
+      // Interceptors
+      { provide: import_core3.APP_INTERCEPTOR, useClass: RequestValidationInterceptor }
+    ];
+    if (mergedOptions.responseValidation?.enable) {
+      providers.push({
+        provide: import_core3.APP_INTERCEPTOR,
+        useClass: ResponseValidationInterceptor
+      });
+    }
+    return {
+      module: OpenApiValidatorModule,
+      providers,
+      exports: [
+        OPENAPI_VALIDATOR_OPTIONS,
+        OPENAPI_VALIDATOR,
+        import_runtime7.OpenApiRuntimeService,
+        OpenApiValidatorService
+      ]
+    };
+  }
+  /**
+   * Configure the OpenAPI validator module with async options
+   */
+  static forRootAsync(options) {
+    const defaultOptions = {
+      debug: false,
+      requestValidation: { enable: true },
+      responseValidation: { enable: false, skipErrorResponses: true }
+    };
+    const providers = [
+      // Build validator options first
+      {
+        provide: OPENAPI_VALIDATOR_OPTIONS,
+        useFactory: async (...args) => {
+          const user = options.useFactory ? await options.useFactory(...args) : {};
+          return { ...defaultOptions, ...user };
+        },
+        inject: options.inject || []
+      },
+      // Map validator options -> runtime options (no user config for runtime)
+      {
+        provide: import_runtime7.OPENAPI_RUNTIME_OPTIONS,
+        useFactory: (validatorOpts) => ({
+          specSource: validatorOpts.specSource,
+          debug: validatorOpts.debug,
+          precompileSchemas: validatorOpts.precompileSchemas
+        }),
+        inject: [OPENAPI_VALIDATOR_OPTIONS]
+      },
+      // Core services
+      {
+        provide: import_runtime7.OpenApiRuntimeService,
+        useFactory: async (runtimeOptions) => {
+          const svc = new import_runtime7.OpenApiRuntimeService(runtimeOptions);
+          await svc.onModuleInit();
+          return svc;
+        },
+        inject: [import_runtime7.OPENAPI_RUNTIME_OPTIONS]
+      },
+      OpenApiValidatorService,
+      { provide: OPENAPI_VALIDATOR, useExisting: OpenApiValidatorService },
+      // Interceptors
+      { provide: import_core3.APP_INTERCEPTOR, useClass: RequestValidationInterceptor },
+      // Conditionally add response validation
+      {
+        provide: import_core3.APP_INTERCEPTOR,
+        useFactory: (validatorOptions, validatorService, reflector) => {
+          if (validatorOptions.responseValidation?.enable) {
+            return new ResponseValidationInterceptor(validatorService, reflector);
+          }
+          return { intercept: (_ctx, next) => next.handle() };
+        },
+        inject: [OPENAPI_VALIDATOR_OPTIONS, OpenApiValidatorService, import_core3.Reflector]
+      }
+    ];
+    return {
+      module: OpenApiValidatorModule,
+      imports: options.imports || [],
+      providers,
+      exports: [
+        OPENAPI_VALIDATOR_OPTIONS,
+        OPENAPI_VALIDATOR,
+        import_runtime7.OpenApiRuntimeService,
+        OpenApiValidatorService
+      ]
+    };
+  }
+};
+OpenApiValidatorModule = __decorateClass([
+  (0, import_common5.Global)(),
+  (0, import_common5.Module)({})
+], OpenApiValidatorModule);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  OPENAPI_VALIDATOR,
+  OpenApiValidatorModule,
+  OpenApiValidatorService,
+  Validate
+});