@scalar/mock-server 0.2.14 → 0.2.15

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @scalar/mock-server
 
+## 0.2.15
+
+### Patch Changes
+
+- 6d2cfe8: chore: update build setup
+- 3f219f4: feat: add OpenAuth2 token endpoint
+- 3f219f4: feat: check whether OpenAuth2 password grant authentication is required
+
 ## 0.2.14
 
 ### Patch Changes

package/dist/createMockServer.d.ts

@@ -0,0 +1,13 @@
+import { type OpenAPI } from '@scalar/openapi-parser';
+import { type Context, Hono } from 'hono';
+/**
+ * Create a mock server instance
+ */
+export declare function createMockServer(options?: {
+    specification: string | Record<string, any>;
+    onRequest?: (data: {
+        context: Context;
+        operation: OpenAPI.Operation;
+    }) => void;
+}): Promise<Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">>;
+//# sourceMappingURL=createMockServer.d.ts.map

package/dist/createMockServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createMockServer.d.ts","sourceRoot":"","sources":["../src/createMockServer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,OAAO,EAAW,MAAM,wBAAwB,CAAA;AAC9D,OAAO,EAAE,KAAK,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAezC;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IAC/C,aAAa,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC3C,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAA;KAAE,KAAK,IAAI,CAAA;CAC/E,uFAiJA"}

package/dist/createMockServer.js

@@ -0,0 +1,122 @@
+import { getExampleFromSchema } from '@scalar/oas-utils/spec-getters';
+import { openapi } from '@scalar/openapi-parser';
+import { Hono } from 'hono';
+import { cors } from 'hono/cors';
+import { anyBasicAuthentication } from './utils/anyBasicAuthentication.js';
+import { anyOpenAuthPasswordGrantAuthentication } from './utils/anyOpenAuthPasswordGrantAuthentication.js';
+import { getOpenAuthTokenUrl } from './utils/getOpenAuthTokenUrl.js';
+import { isBasicAuthenticationRequired } from './utils/isBasicAuthenticationRequired.js';
+import { isOpenAuthPasswordGrantRequired } from './utils/isOpenAuthPasswordGrantRequired.js';
+import { routeFromPath } from './utils/routeFromPath.js';
+import { isAuthenticationRequired } from './utils/isAuthenticationRequired.js';
+import { findPreferredResponseKey } from './utils/findPreferredResponseKey.js';
+
+/**
+ * Create a mock server instance
+ */
+async function createMockServer(options) {
+    const app = new Hono();
+    // Resolve references
+    const result = await openapi()
+        .load(options?.specification ?? {})
+        .dereference()
+        .get();
+    // CORS headers
+    app.use(cors());
+    // OpenAPI JSON file
+    app.get('/openapi.json', async (c) => {
+        if (!options?.specification) {
+            return c.text('Not found', 404);
+        }
+        const { specification } = await openapi().load(options.specification).get();
+        return c.json(specification);
+    });
+    // OpenAPI YAML file
+    app.get('/openapi.yaml', async (c) => {
+        if (!options?.specification) {
+            return c.text('Not found', 404);
+        }
+        const specification = await openapi().load(options.specification).toYaml();
+        return c.text(specification);
+    });
+    // OpenAuth2 token endpoint
+    const tokenUrl = getOpenAuthTokenUrl(result?.schema);
+    if (typeof tokenUrl === 'string') {
+        app.post(tokenUrl, async (c) => {
+            return c.json({
+                access_token: 'super-secret-token',
+                token_type: 'Bearer',
+                expires_in: 3600,
+                refresh_token: 'secret-refresh-token',
+            }, 200, 
+            /**
+             * When responding with an access token, the server must also include the additional Cache-Control: no-store
+             * HTTP header to ensure clients do not cache this request.
+             * @see https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/
+             */
+            {
+                'Cache-Control': 'no-store',
+            });
+        });
+    }
+    // Paths
+    Object.keys(result.schema?.paths ?? {}).forEach((path) => {
+        // Operations
+        Object.keys(result.schema?.paths?.[path] ?? {}).forEach((method) => {
+            const route = routeFromPath(path);
+            // @ts-expect-error Needs a proper type
+            const operation = result.schema?.paths?.[path]?.[method];
+            // Check if authentication is required
+            const requiresAuthentication = isAuthenticationRequired(operation.security);
+            // Check whether we need basic authentication
+            const requiresBasicAuthentication = isBasicAuthenticationRequired(operation, result?.schema);
+            // Add HTTP basic authentication
+            if (requiresAuthentication && requiresBasicAuthentication) {
+                // @ts-expect-error Needs a proper type
+                app[method](route, anyBasicAuthentication());
+            }
+            // Check whether we need OpenAuth password grant authentication
+            const requiresOpenAuthPasswordGrant = isOpenAuthPasswordGrantRequired(operation, result?.schema);
+            // Add HTTP basic authentication
+            if (requiresAuthentication && requiresOpenAuthPasswordGrant) {
+                // @ts-expect-error Needs a proper type
+                app[method](route, anyOpenAuthPasswordGrantAuthentication());
+            }
+            // Route
+            // @ts-expect-error Needs a proper type
+            app[method](route, (c) => {
+                // Call onRequest callback
+                if (options?.onRequest) {
+                    options.onRequest({
+                        context: c,
+                        operation,
+                    });
+                }
+                // Response
+                // default, 200, 201 …
+                const preferredResponseKey = findPreferredResponseKey(Object.keys(operation.responses ?? {}));
+                // Focus on JSON for now
+                const jsonResponse = preferredResponseKey
+                    ? operation.responses?.[preferredResponseKey]?.content?.['application/json']
+                    : null;
+                // Get or generate JSON
+                const response = jsonResponse?.example
+                    ? jsonResponse.example
+                    : jsonResponse?.schema
+                        ? getExampleFromSchema(jsonResponse.schema, {
+                            emptyString: '…',
+                            variables: c.req.param(),
+                        })
+                        : null;
+                // Status code
+                const statusCode = parseInt(preferredResponseKey === 'default'
+                    ? '200'
+                    : preferredResponseKey ?? '200', 10);
+                return c.json(response, statusCode);
+            });
+        });
+    });
+    return app;
+}
+
+export { createMockServer };

package/dist/index.d.ts

@@ -1,32 +1,3 @@
-import * as hono_types from 'hono/types';
-import { OpenAPI, OpenAPIV3 } from '@scalar/openapi-parser';
-import { Context, Hono } from 'hono';
-
-/**
- * Create a mock server instance
- */
-declare function createMockServer(options?: {
-    specification: string | Record<string, any>;
-    onRequest?: (data: {
-        context: Context;
-        operation: OpenAPI.Operation;
-    }) => void;
-}): Promise<Hono<hono_types.BlankEnv, hono_types.BlankSchema, "/">>;
-
-/**
- * Find the preferred response key: default, 200, 201 …
- */
-declare function findPreferredResponseKey(responses?: string[]): string | undefined;
-
-/**
- * Convert path to route
- * Example: /posts/{id} -> /posts/:id
- */
-declare function routeFromPath(path: string): string;
-
-/**
- * Check whether the given security scheme key is in the `security` configuration for this operation.
- **/
-declare function isAuthenticationRequired(security?: OpenAPIV3.SecurityRequirementObject[]): boolean;
-
-export { createMockServer, findPreferredResponseKey, isAuthenticationRequired, routeFromPath };
+export * from './createMockServer.js';
+export * from './utils';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAA;AAClC,cAAc,SAAS,CAAA"}

package/dist/index.js

@@ -1,120 +1,4 @@
-import { getExampleFromSchema } from '@scalar/oas-utils/spec-getters';
-import { openapi } from '@scalar/openapi-parser';
-import { Hono } from 'hono';
-import { cors } from 'hono/cors';
-import { HTTPException } from 'hono/http-exception';
-
-function findPreferredResponseKey(responses) {
-  return ["default", "200", "201", "204", "404", "500"].find(
-    (key) => responses?.includes(key) ?? false
-  );
-}
-
-function routeFromPath(path) {
-  return path.replace(/{/g, ":").replace(/}/g, "");
-}
-
-function isAuthenticationRequired(security) {
-  if (!security) {
-    return false;
-  }
-  if (Array.isArray(security) && !security.length) {
-    return false;
-  }
-  if ((security ?? []).some(
-    (securityRequirement) => !Object.keys(securityRequirement).length
-  )) {
-    return false;
-  }
-  return true;
-}
-
-function anyBasicAuthentication() {
-  return async function(ctx, next) {
-    if (ctx.req.header("Authorization")?.startsWith("Basic ")) {
-      return await next();
-    }
-    throw new HTTPException(401, {
-      res: new Response("Unauthorized", {
-        status: 401,
-        headers: {
-          "WWW-Authenticate": 'Basic realm="Authentication Required"'
-        }
-      })
-    });
-  };
-}
-
-function isBasicAuthenticationRequired(operation, schema) {
-  const allowedSecuritySchemes = operation.security?.map(
-    (securityScheme) => {
-      return Object.keys(securityScheme)[0];
-    }
-  );
-  const httpBasicAuthIsRequired = allowedSecuritySchemes?.findIndex((securitySchemeKey) => {
-    const securityScheme = schema?.components?.securitySchemes?.[securitySchemeKey];
-    return securityScheme?.type === "http" && securityScheme?.scheme === "basic";
-  }) !== void 0;
-  return httpBasicAuthIsRequired;
-}
-
-async function createMockServer(options) {
-  const app = new Hono();
-  const result = await openapi().load(options?.specification ?? {}).dereference().get();
-  app.use(cors());
-  app.get("/openapi.json", async (c) => {
-    if (!options?.specification) {
-      return c.text("Not found", 404);
-    }
-    const { specification } = await openapi().load(options.specification).get();
-    return c.json(specification);
-  });
-  app.get("/openapi.yaml", async (c) => {
-    if (!options?.specification) {
-      return c.text("Not found", 404);
-    }
-    const specification = await openapi().load(options.specification).toYaml();
-    return c.text(specification);
-  });
-  Object.keys(result.schema?.paths ?? {}).forEach((path) => {
-    Object.keys(result.schema?.paths?.[path] ?? {}).forEach((method) => {
-      const route = routeFromPath(path);
-      const operation = result.schema?.paths?.[path]?.[method];
-      const requiresAuthentication = isAuthenticationRequired(
-        operation.security
-      );
-      const requiresBasicAuthentication = isBasicAuthenticationRequired(
-        operation,
-        result?.schema
-      );
-      if (requiresAuthentication && requiresBasicAuthentication) {
-        app[method](route, anyBasicAuthentication());
-      }
-      app[method](route, (c) => {
-        if (options?.onRequest) {
-          options.onRequest({
-            context: c,
-            operation
-          });
-        }
-        const preferredResponseKey = findPreferredResponseKey(
-          Object.keys(operation.responses ?? {})
-        );
-        const jsonResponse = preferredResponseKey ? operation.responses?.[preferredResponseKey]?.content?.["application/json"] : null;
-        const response = jsonResponse?.example ? jsonResponse.example : jsonResponse?.schema ? getExampleFromSchema(jsonResponse.schema, {
-          emptyString: "\u2026",
-          variables: c.req.param()
-        }) : null;
-        const statusCode = parseInt(
-          preferredResponseKey === "default" ? "200" : preferredResponseKey ?? "200",
-          10
-        );
-        return c.json(response, statusCode);
-      });
-    });
-  });
-  return app;
-}
-
-export { createMockServer, findPreferredResponseKey, isAuthenticationRequired, routeFromPath };
-//# sourceMappingURL=index.js.map
+export { createMockServer } from './createMockServer.js';
+export { findPreferredResponseKey } from './utils/findPreferredResponseKey.js';
+export { routeFromPath } from './utils/routeFromPath.js';
+export { isAuthenticationRequired } from './utils/isAuthenticationRequired.js';

package/dist/utils/anyBasicAuthentication.d.ts

@@ -0,0 +1,6 @@
+import type { Context } from 'hono';
+/**
+ * Middleware to check for any basic authentication header
+ */
+export declare function anyBasicAuthentication(): (ctx: Context, next: () => Promise<void>) => Promise<void>;
+//# sourceMappingURL=anyBasicAuthentication.d.ts.map

package/dist/utils/anyBasicAuthentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anyBasicAuthentication.d.ts","sourceRoot":"","sources":["../../src/utils/anyBasicAuthentication.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAGnC;;GAEG;AACH,wBAAgB,sBAAsB,UACR,OAAO,QAAQ,MAAM,OAAO,CAAC,IAAI,CAAC,mBAiB/D"}

package/dist/utils/anyBasicAuthentication.js

@@ -0,0 +1,25 @@
+import { HTTPException } from 'hono/http-exception';
+
+/**
+ * Middleware to check for any basic authentication header
+ */
+function anyBasicAuthentication() {
+    return async function (ctx, next) {
+        // Check if the request has an Authorization header
+        // Note: We don’t care *what* credentials are sent, though.
+        if (ctx.req.header('Authorization')?.startsWith('Basic ')) {
+            return await next();
+        }
+        // Unauthorized
+        throw new HTTPException(401, {
+            res: new Response('Unauthorized', {
+                status: 401,
+                headers: {
+                    'WWW-Authenticate': 'Basic realm="Authentication Required"',
+                },
+            }),
+        });
+    };
+}
+
+export { anyBasicAuthentication };

package/dist/utils/anyOpenAuthPasswordGrantAuthentication.d.ts

@@ -0,0 +1,6 @@
+import type { Context } from 'hono';
+/**
+ * Middleware to check for any bearer authentication header
+ */
+export declare function anyOpenAuthPasswordGrantAuthentication(): (ctx: Context, next: () => Promise<void>) => Promise<void>;
+//# sourceMappingURL=anyOpenAuthPasswordGrantAuthentication.d.ts.map

package/dist/utils/anyOpenAuthPasswordGrantAuthentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anyOpenAuthPasswordGrantAuthentication.d.ts","sourceRoot":"","sources":["../../src/utils/anyOpenAuthPasswordGrantAuthentication.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAGnC;;GAEG;AACH,wBAAgB,sCAAsC,UACxB,OAAO,QAAQ,MAAM,OAAO,CAAC,IAAI,CAAC,mBAc/D"}

package/dist/utils/anyOpenAuthPasswordGrantAuthentication.js

@@ -0,0 +1,22 @@
+import { HTTPException } from 'hono/http-exception';
+
+/**
+ * Middleware to check for any bearer authentication header
+ */
+function anyOpenAuthPasswordGrantAuthentication() {
+    return async function (ctx, next) {
+        // Check if the request has an Authorization header
+        // Note: We don’t care *what* credentials are sent, though.
+        if (ctx.req.header('Authorization')?.startsWith('Bearer ')) {
+            return await next();
+        }
+        // Unauthorized
+        throw new HTTPException(401, {
+            res: new Response('Unauthorized', {
+                status: 401,
+            }),
+        });
+    };
+}
+
+export { anyOpenAuthPasswordGrantAuthentication };

package/dist/utils/findPreferredResponseKey.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Find the preferred response key: default, 200, 201 …
+ */
+export declare function findPreferredResponseKey(responses?: string[]): string | undefined;
+//# sourceMappingURL=findPreferredResponseKey.d.ts.map

package/dist/utils/findPreferredResponseKey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"findPreferredResponseKey.d.ts","sourceRoot":"","sources":["../../src/utils/findPreferredResponseKey.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,sBAI5D"}

package/dist/utils/findPreferredResponseKey.js

@@ -0,0 +1,8 @@
+/**
+ * Find the preferred response key: default, 200, 201 …
+ */
+function findPreferredResponseKey(responses) {
+    return ['default', '200', '201', '204', '404', '500'].find((key) => responses?.includes(key) ?? false);
+}
+
+export { findPreferredResponseKey };

package/dist/utils/getOpenAuthTokenUrl.d.ts

@@ -0,0 +1,3 @@
+import type { OpenAPI } from '@scalar/openapi-parser';
+export declare function getOpenAuthTokenUrl(schema?: OpenAPI.Document): string | false | undefined;
+//# sourceMappingURL=getOpenAuthTokenUrl.d.ts.map

package/dist/utils/getOpenAuthTokenUrl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"getOpenAuthTokenUrl.d.ts","sourceRoot":"","sources":["../../src/utils/getOpenAuthTokenUrl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,wBAAwB,CAAA;AAE7E,wBAAgB,mBAAmB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,8BAgC5D"}

package/dist/utils/getOpenAuthTokenUrl.js

@@ -0,0 +1,21 @@
+function getOpenAuthTokenUrl(schema) {
+    const securitySchemes = schema?.components?.securitySchemes;
+    if (securitySchemes === undefined) {
+        return false;
+    }
+    // TODO: Make this work with other OpenAuth workflows
+    const openAuthPasswordGrant = Object.values(securitySchemes).filter((securityScheme) => {
+        if (securityScheme.type === 'oauth2' &&
+            securityScheme.flows?.password !== undefined) {
+            return true;
+        }
+        return false;
+    });
+    if (!openAuthPasswordGrant.length) {
+        return undefined;
+    }
+    // @ts-expect-error TypeScript, I know it’s there (or undefined, both is fine).
+    return openAuthPasswordGrant[0]?.flows?.password?.tokenUrl;
+}
+
+export { getOpenAuthTokenUrl };

package/dist/utils/index.d.ts

@@ -0,0 +1,4 @@
+export * from './findPreferredResponseKey.js';
+export * from './routeFromPath.js';
+export * from './isAuthenticationRequired.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,cAAc,iBAAiB,CAAA;AAC/B,cAAc,4BAA4B,CAAA"}

package/dist/utils/isAuthenticationRequired.d.ts

@@ -0,0 +1,6 @@
+import type { OpenAPIV3 } from '@scalar/openapi-parser';
+/**
+ * Check whether the given security scheme key is in the `security` configuration for this operation.
+ **/
+export declare function isAuthenticationRequired(security?: OpenAPIV3.SecurityRequirementObject[]): boolean;
+//# sourceMappingURL=isAuthenticationRequired.d.ts.map

package/dist/utils/isAuthenticationRequired.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isAuthenticationRequired.d.ts","sourceRoot":"","sources":["../../src/utils/isAuthenticationRequired.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAEvD;;IAEI;AACJ,wBAAgB,wBAAwB,CACtC,QAAQ,CAAC,EAAE,SAAS,CAAC,yBAAyB,EAAE,GAC/C,OAAO,CAqBT"}

package/dist/utils/isAuthenticationRequired.js

@@ -0,0 +1,20 @@
+/**
+ * Check whether the given security scheme key is in the `security` configuration for this operation.
+ **/
+function isAuthenticationRequired(security) {
+    // If security is not defined, auth is not required.
+    if (!security) {
+        return false;
+    }
+    // Don’t require auth if security is just an empty array []
+    if (Array.isArray(security) && !security.length) {
+        return false;
+    }
+    // Includes empty object = auth is not required
+    if ((security ?? []).some((securityRequirement) => !Object.keys(securityRequirement).length)) {
+        return false;
+    }
+    return true;
+}
+
+export { isAuthenticationRequired };

package/dist/utils/isBasicAuthenticationRequired.d.ts

@@ -0,0 +1,3 @@
+import type { OpenAPI } from '@scalar/openapi-parser';
+export declare function isBasicAuthenticationRequired(operation: OpenAPI.Operation, schema?: OpenAPI.Document): boolean;
+//# sourceMappingURL=isBasicAuthenticationRequired.d.ts.map

package/dist/utils/isBasicAuthenticationRequired.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isBasicAuthenticationRequired.d.ts","sourceRoot":"","sources":["../../src/utils/isBasicAuthenticationRequired.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,wBAAwB,CAAA;AAE7E,wBAAgB,6BAA6B,CAC3C,SAAS,EAAE,OAAO,CAAC,SAAS,EAC5B,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,WAwB1B"}

package/dist/utils/isBasicAuthenticationRequired.js

@@ -0,0 +1,13 @@
+function isBasicAuthenticationRequired(operation, schema) {
+    const allowedSecuritySchemes = operation.security?.map((securityScheme) => {
+        return Object.keys(securityScheme)[0];
+    });
+    // Check if one of them is HTTP Basic Auth
+    const httpBasicAuthIsRequired = allowedSecuritySchemes?.findIndex((securitySchemeKey) => {
+        const securityScheme = schema?.components?.securitySchemes?.[securitySchemeKey];
+        return (securityScheme?.type === 'http' && securityScheme?.scheme === 'basic');
+    }) >= 0;
+    return httpBasicAuthIsRequired;
+}
+
+export { isBasicAuthenticationRequired };

package/dist/utils/isOpenAuthPasswordGrantRequired.d.ts

@@ -0,0 +1,3 @@
+import type { OpenAPI } from '@scalar/openapi-parser';
+export declare function isOpenAuthPasswordGrantRequired(operation: OpenAPI.Operation, schema?: OpenAPI.Document): boolean;
+//# sourceMappingURL=isOpenAuthPasswordGrantRequired.d.ts.map

package/dist/utils/isOpenAuthPasswordGrantRequired.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isOpenAuthPasswordGrantRequired.d.ts","sourceRoot":"","sources":["../../src/utils/isOpenAuthPasswordGrantRequired.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,wBAAwB,CAAA;AAE7E,wBAAgB,+BAA+B,CAC7C,SAAS,EAAE,OAAO,CAAC,SAAS,EAC5B,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,WAyB1B"}

package/dist/utils/isOpenAuthPasswordGrantRequired.js

@@ -0,0 +1,14 @@
+function isOpenAuthPasswordGrantRequired(operation, schema) {
+    const allowedSecuritySchemes = operation.security?.map((securityScheme) => {
+        return Object.keys(securityScheme)[0];
+    });
+    // Check if one of them is OpenAuth2 Password Grant
+    const passwordGrantRequired = allowedSecuritySchemes?.findIndex((securitySchemeKey) => {
+        const securityScheme = schema?.components?.securitySchemes?.[securitySchemeKey];
+        return (securityScheme?.type === 'oauth2' &&
+            securityScheme?.flows?.password !== undefined);
+    }) >= 0;
+    return passwordGrantRequired;
+}
+
+export { isOpenAuthPasswordGrantRequired };

package/dist/utils/routeFromPath.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Convert path to route
+ * Example: /posts/{id} -> /posts/:id
+ */
+export declare function routeFromPath(path: string): string;
+//# sourceMappingURL=routeFromPath.d.ts.map

package/dist/utils/routeFromPath.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routeFromPath.d.ts","sourceRoot":"","sources":["../../src/utils/routeFromPath.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,UAEzC"}

package/dist/utils/routeFromPath.js

@@ -0,0 +1,9 @@
+/**
+ * Convert path to route
+ * Example: /posts/{id} -> /posts/:id
+ */
+function routeFromPath(path) {
+    return path.replace(/{/g, ':').replace(/}/g, '');
+}
+
+export { routeFromPath };

package/package.json

@@ -16,7 +16,7 @@
     "swagger",
     "cli"
   ],
-  "version": "0.2.14",
+  "version": "0.2.15",
   "engines": {
     "node": ">=18"
   },
@@ -24,7 +24,10 @@
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "exports": {
-    "import": "./dist/index.js"
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
   },
   "files": [
     "./dist",
@@ -32,26 +35,22 @@
   ],
   "module": "dist/index.js",
   "dependencies": {
-    "@hono/node-server": "^1.11.0",
     "@scalar/openapi-parser": "^0.7.2",
     "hono": "^4.2.7",
     "@scalar/oas-utils": "0.2.14"
   },
   "devDependencies": {
+    "@hono/node-server": "^1.11.0",
     "@types/node": "^20.14.10",
-    "esbuild": "^0.21.1",
-    "rollup": "^4.16.4",
-    "rollup-plugin-delete": "^2.0.0",
-    "rollup-plugin-dts": "^6.1.0",
-    "rollup-plugin-esbuild": "^6.1.1",
-    "tslib": "^2.6.2",
     "vite-node": "^1.3.1",
-    "@scalar/galaxy": "0.2.4",
-    "@scalar/build-tooling": "0.1.9"
+    "@scalar/build-tooling": "0.1.9",
+    "@scalar/galaxy": "0.2.4"
   },
   "scripts": {
-    "build": "rm -Rf dist/ && rollup -c",
+    "build": "scalar-build-rollup",
+    "dev": "nodemon --exec \"vite-node playground/index.ts\" --ext ts --quiet",
     "test": "vitest",
-    "types:check": "tsc --noEmit --skipLibCheck"
+    "types:build": "scalar-types-build",
+    "types:check": "scalar-types-check"
   }
 }

package/dist/index.cjs

@@ -1,125 +0,0 @@
-'use strict';
-
-var specGetters = require('@scalar/oas-utils/spec-getters');
-var openapiParser = require('@scalar/openapi-parser');
-var hono = require('hono');
-var cors = require('hono/cors');
-var httpException = require('hono/http-exception');
-
-function findPreferredResponseKey(responses) {
-  return ["default", "200", "201", "204", "404", "500"].find(
-    (key) => responses?.includes(key) ?? false
-  );
-}
-
-function routeFromPath(path) {
-  return path.replace(/{/g, ":").replace(/}/g, "");
-}
-
-function isAuthenticationRequired(security) {
-  if (!security) {
-    return false;
-  }
-  if (Array.isArray(security) && !security.length) {
-    return false;
-  }
-  if ((security ?? []).some(
-    (securityRequirement) => !Object.keys(securityRequirement).length
-  )) {
-    return false;
-  }
-  return true;
-}
-
-function anyBasicAuthentication() {
-  return async function(ctx, next) {
-    if (ctx.req.header("Authorization")?.startsWith("Basic ")) {
-      return await next();
-    }
-    throw new httpException.HTTPException(401, {
-      res: new Response("Unauthorized", {
-        status: 401,
-        headers: {
-          "WWW-Authenticate": 'Basic realm="Authentication Required"'
-        }
-      })
-    });
-  };
-}
-
-function isBasicAuthenticationRequired(operation, schema) {
-  const allowedSecuritySchemes = operation.security?.map(
-    (securityScheme) => {
-      return Object.keys(securityScheme)[0];
-    }
-  );
-  const httpBasicAuthIsRequired = allowedSecuritySchemes?.findIndex((securitySchemeKey) => {
-    const securityScheme = schema?.components?.securitySchemes?.[securitySchemeKey];
-    return securityScheme?.type === "http" && securityScheme?.scheme === "basic";
-  }) !== void 0;
-  return httpBasicAuthIsRequired;
-}
-
-async function createMockServer(options) {
-  const app = new hono.Hono();
-  const result = await openapiParser.openapi().load(options?.specification ?? {}).dereference().get();
-  app.use(cors.cors());
-  app.get("/openapi.json", async (c) => {
-    if (!options?.specification) {
-      return c.text("Not found", 404);
-    }
-    const { specification } = await openapiParser.openapi().load(options.specification).get();
-    return c.json(specification);
-  });
-  app.get("/openapi.yaml", async (c) => {
-    if (!options?.specification) {
-      return c.text("Not found", 404);
-    }
-    const specification = await openapiParser.openapi().load(options.specification).toYaml();
-    return c.text(specification);
-  });
-  Object.keys(result.schema?.paths ?? {}).forEach((path) => {
-    Object.keys(result.schema?.paths?.[path] ?? {}).forEach((method) => {
-      const route = routeFromPath(path);
-      const operation = result.schema?.paths?.[path]?.[method];
-      const requiresAuthentication = isAuthenticationRequired(
-        operation.security
-      );
-      const requiresBasicAuthentication = isBasicAuthenticationRequired(
-        operation,
-        result?.schema
-      );
-      if (requiresAuthentication && requiresBasicAuthentication) {
-        app[method](route, anyBasicAuthentication());
-      }
-      app[method](route, (c) => {
-        if (options?.onRequest) {
-          options.onRequest({
-            context: c,
-            operation
-          });
-        }
-        const preferredResponseKey = findPreferredResponseKey(
-          Object.keys(operation.responses ?? {})
-        );
-        const jsonResponse = preferredResponseKey ? operation.responses?.[preferredResponseKey]?.content?.["application/json"] : null;
-        const response = jsonResponse?.example ? jsonResponse.example : jsonResponse?.schema ? specGetters.getExampleFromSchema(jsonResponse.schema, {
-          emptyString: "\u2026",
-          variables: c.req.param()
-        }) : null;
-        const statusCode = parseInt(
-          preferredResponseKey === "default" ? "200" : preferredResponseKey ?? "200",
-          10
-        );
-        return c.json(response, statusCode);
-      });
-    });
-  });
-  return app;
-}
-
-exports.createMockServer = createMockServer;
-exports.findPreferredResponseKey = findPreferredResponseKey;
-exports.isAuthenticationRequired = isAuthenticationRequired;
-exports.routeFromPath = routeFromPath;
-//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.cjs","sources":["../src/utils/findPreferredResponseKey.ts","../src/utils/routeFromPath.ts","../src/utils/isAuthenticationRequired.ts","../src/utils/anyBasicAuthentication.ts","../src/utils/isBasicAuthenticationRequired.ts","../src/createMockServer.ts"],"sourcesContent":["/**\n * Find the preferred response key: default, 200, 201 …\n */\nexport function findPreferredResponseKey(responses?: string[]) {\n  return ['default', '200', '201', '204', '404', '500'].find(\n    (key) => responses?.includes(key) ?? false,\n  )\n}\n","/**\n * Convert path to route\n * Example: /posts/{id} -> /posts/:id\n */\nexport function routeFromPath(path: string) {\n  return path.replace(/{/g, ':').replace(/}/g, '')\n}\n","import type { OpenAPIV3 } from '@scalar/openapi-parser'\n\n/**\n * Check whether the given security scheme key is in the `security` configuration for this operation.\n **/\nexport function isAuthenticationRequired(\n  security?: OpenAPIV3.SecurityRequirementObject[],\n): boolean {\n  // If security is not defined, auth is not required.\n  if (!security) {\n    return false\n  }\n\n  // Don’t require auth if security is just an empty array []\n  if (Array.isArray(security) && !security.length) {\n    return false\n  }\n\n  // Includes empty object = auth is not required\n  if (\n    (security ?? []).some(\n      (securityRequirement) => !Object.keys(securityRequirement).length,\n    )\n  ) {\n    return false\n  }\n\n  return true\n}\n","import type { Context } from 'hono'\nimport { HTTPException } from 'hono/http-exception'\n\n/**\n * Middleware to check for any basic authentication header\n */\nexport function anyBasicAuthentication() {\n  return async function (ctx: Context, next: () => Promise<void>) {\n    // Check if the request has an Authorization header\n    // Note: We don’t care *what* credentials are sent, though.\n    if (ctx.req.header('Authorization')?.startsWith('Basic ')) {\n      return await next()\n    }\n\n    // Unauthorized\n    throw new HTTPException(401, {\n      res: new Response('Unauthorized', {\n        status: 401,\n        headers: {\n          'WWW-Authenticate': 'Basic realm=\"Authentication Required\"',\n        },\n      }),\n    })\n  }\n}\n","import type { OpenAPI, OpenAPIV3_1 } from '@scalar/openapi-parser'\n\nexport function isBasicAuthenticationRequired(\n  operation: OpenAPI.Operation,\n  schema?: OpenAPI.Document,\n) {\n  const allowedSecuritySchemes = operation.security?.map(\n    (securityScheme: OpenAPIV3_1.SecurityRequirementObject) => {\n      return Object.keys(securityScheme)[0]\n    },\n  )\n  // Check if one of them is HTTP Basic Auth\n  const httpBasicAuthIsRequired =\n    allowedSecuritySchemes?.findIndex((securitySchemeKey: string) => {\n      const securityScheme =\n        schema?.components?.securitySchemes?.[securitySchemeKey]\n\n      return (\n        securityScheme?.type === 'http' && securityScheme?.scheme === 'basic'\n      )\n    }) !== undefined\n  return httpBasicAuthIsRequired\n}\n","import { getExampleFromSchema } from '@scalar/oas-utils/spec-getters'\nimport { type OpenAPI, openapi } from '@scalar/openapi-parser'\nimport { type Context, Hono } from 'hono'\nimport { cors } from 'hono/cors'\nimport type { StatusCode } from 'hono/utils/http-status'\n\nimport {\n  findPreferredResponseKey,\n  isAuthenticationRequired,\n  routeFromPath,\n} from './utils'\nimport { anyBasicAuthentication } from './utils/anyBasicAuthentication'\nimport { isBasicAuthenticationRequired } from './utils/isBasicAuthenticationRequired'\n\n/**\n * Create a mock server instance\n */\nexport async function createMockServer(options?: {\n  specification: string | Record<string, any>\n  onRequest?: (data: { context: Context; operation: OpenAPI.Operation }) => void\n}) {\n  const app = new Hono()\n\n  // Resolve references\n  const result = await openapi()\n    .load(options?.specification ?? {})\n    .dereference()\n    .get()\n\n  // CORS headers\n  app.use(cors())\n\n  // OpenAPI JSON file\n  app.get('/openapi.json', async (c) => {\n    if (!options?.specification) {\n      return c.text('Not found', 404)\n    }\n\n    const { specification } = await openapi().load(options.specification).get()\n\n    return c.json(specification)\n  })\n\n  // OpenAPI YAML file\n  app.get('/openapi.yaml', async (c) => {\n    if (!options?.specification) {\n      return c.text('Not found', 404)\n    }\n\n    const specification = await openapi().load(options.specification).toYaml()\n\n    return c.text(specification)\n  })\n\n  // Paths\n  Object.keys(result.schema?.paths ?? {}).forEach((path) => {\n    // Operations\n    Object.keys(result.schema?.paths?.[path] ?? {}).forEach((method) => {\n      const route = routeFromPath(path)\n\n      // @ts-expect-error Needs a proper type\n      const operation = result.schema?.paths?.[path]?.[method]\n\n      // Check if authentication is required\n      const requiresAuthentication = isAuthenticationRequired(\n        operation.security,\n      )\n      // Get all available authentication methods\n      const requiresBasicAuthentication = isBasicAuthenticationRequired(\n        operation,\n        result?.schema,\n      )\n\n      // Add HTTP basic authentication\n      if (requiresAuthentication && requiresBasicAuthentication) {\n        // @ts-expect-error Needs a proper type\n        app[method](route, anyBasicAuthentication())\n      }\n\n      // Route\n      // @ts-expect-error Needs a proper type\n      app[method](route, (c: Context) => {\n        // Call onRequest callback\n        if (options?.onRequest) {\n          options.onRequest({\n            context: c,\n            operation,\n          })\n        }\n\n        // Response\n        // default, 200, 201 …\n        const preferredResponseKey = findPreferredResponseKey(\n          Object.keys(operation.responses ?? {}),\n        )\n\n        // Focus on JSON for now\n        const jsonResponse = preferredResponseKey\n          ? operation.responses?.[preferredResponseKey]?.content?.[\n              'application/json'\n            ]\n          : null\n\n        // Get or generate JSON\n        const response = jsonResponse?.example\n          ? jsonResponse.example\n          : jsonResponse?.schema\n            ? getExampleFromSchema(jsonResponse.schema, {\n                emptyString: '…',\n                variables: c.req.param(),\n              })\n            : null\n\n        // Status code\n        const statusCode = parseInt(\n          preferredResponseKey === 'default'\n            ? '200'\n            : preferredResponseKey ?? '200',\n          10,\n        ) as StatusCode\n\n        return c.json(response, statusCode)\n      })\n    })\n  })\n\n  return app\n}\n"],"names":["HTTPException","Hono","openapi","cors","getExampleFromSchema"],"mappings":";;;;;;;;AAGO,SAAS,yBAAyB,SAAsB,EAAA;AAC7D,EAAA,OAAO,CAAC,SAAW,EAAA,KAAA,EAAO,OAAO,KAAO,EAAA,KAAA,EAAO,KAAK,CAAE,CAAA,IAAA;AAAA,IACpD,CAAC,GAAA,KAAQ,SAAW,EAAA,QAAA,CAAS,GAAG,CAAK,IAAA,KAAA;AAAA,GACvC,CAAA;AACF;;ACHO,SAAS,cAAc,IAAc,EAAA;AAC1C,EAAA,OAAO,KAAK,OAAQ,CAAA,IAAA,EAAM,GAAG,CAAE,CAAA,OAAA,CAAQ,MAAM,EAAE,CAAA,CAAA;AACjD;;ACDO,SAAS,yBACd,QACS,EAAA;AAET,EAAA,IAAI,CAAC,QAAU,EAAA;AACb,IAAO,OAAA,KAAA,CAAA;AAAA,GACT;AAGA,EAAA,IAAI,MAAM,OAAQ,CAAA,QAAQ,CAAK,IAAA,CAAC,SAAS,MAAQ,EAAA;AAC/C,IAAO,OAAA,KAAA,CAAA;AAAA,GACT;AAGA,EACG,IAAA,CAAA,QAAA,IAAY,EAAI,EAAA,IAAA;AAAA,IACf,CAAC,mBAAwB,KAAA,CAAC,MAAO,CAAA,IAAA,CAAK,mBAAmB,CAAE,CAAA,MAAA;AAAA,GAE7D,EAAA;AACA,IAAO,OAAA,KAAA,CAAA;AAAA,GACT;AAEA,EAAO,OAAA,IAAA,CAAA;AACT;;ACtBO,SAAS,sBAAyB,GAAA;AACvC,EAAO,OAAA,eAAgB,KAAc,IAA2B,EAAA;AAG9D,IAAA,IAAI,IAAI,GAAI,CAAA,MAAA,CAAO,eAAe,CAAG,EAAA,UAAA,CAAW,QAAQ,CAAG,EAAA;AACzD,MAAA,OAAO,MAAM,IAAK,EAAA,CAAA;AAAA,KACpB;AAGA,IAAM,MAAA,IAAIA,4BAAc,GAAK,EAAA;AAAA,MAC3B,GAAA,EAAK,IAAI,QAAA,CAAS,cAAgB,EAAA;AAAA,QAChC,MAAQ,EAAA,GAAA;AAAA,QACR,OAAS,EAAA;AAAA,UACP,kBAAoB,EAAA,uCAAA;AAAA,SACtB;AAAA,OACD,CAAA;AAAA,KACF,CAAA,CAAA;AAAA,GACH,CAAA;AACF;;ACtBgB,SAAA,6BAAA,CACd,WACA,MACA,EAAA;AACA,EAAM,MAAA,sBAAA,GAAyB,UAAU,QAAU,EAAA,GAAA;AAAA,IACjD,CAAC,cAA0D,KAAA;AACzD,MAAA,OAAO,MAAO,CAAA,IAAA,CAAK,cAAc,CAAA,CAAE,CAAC,CAAA,CAAA;AAAA,KACtC;AAAA,GACF,CAAA;AAEA,EAAA,MAAM,uBACJ,GAAA,sBAAA,EAAwB,SAAU,CAAA,CAAC,iBAA8B,KAAA;AAC/D,IAAA,MAAM,cACJ,GAAA,MAAA,EAAQ,UAAY,EAAA,eAAA,GAAkB,iBAAiB,CAAA,CAAA;AAEzD,IAAA,OACE,cAAgB,EAAA,IAAA,KAAS,MAAU,IAAA,cAAA,EAAgB,MAAW,KAAA,OAAA,CAAA;AAAA,GAEjE,CAAM,KAAA,KAAA,CAAA,CAAA;AACT,EAAO,OAAA,uBAAA,CAAA;AACT;;ACLA,eAAsB,iBAAiB,OAGpC,EAAA;AACD,EAAM,MAAA,GAAA,GAAM,IAAIC,SAAK,EAAA,CAAA;AAGrB,EAAA,MAAM,MAAS,GAAA,MAAMC,qBAAQ,EAAA,CAC1B,IAAK,CAAA,OAAA,EAAS,aAAiB,IAAA,EAAE,CAAA,CACjC,WAAY,EAAA,CACZ,GAAI,EAAA,CAAA;AAGP,EAAI,GAAA,CAAA,GAAA,CAAIC,WAAM,CAAA,CAAA;AAGd,EAAI,GAAA,CAAA,GAAA,CAAI,eAAiB,EAAA,OAAO,CAAM,KAAA;AACpC,IAAI,IAAA,CAAC,SAAS,aAAe,EAAA;AAC3B,MAAO,OAAA,CAAA,CAAE,IAAK,CAAA,WAAA,EAAa,GAAG,CAAA,CAAA;AAAA,KAChC;AAEA,IAAM,MAAA,EAAE,aAAc,EAAA,GAAI,MAAMD,qBAAA,GAAU,IAAK,CAAA,OAAA,CAAQ,aAAa,CAAA,CAAE,GAAI,EAAA,CAAA;AAE1E,IAAO,OAAA,CAAA,CAAE,KAAK,aAAa,CAAA,CAAA;AAAA,GAC5B,CAAA,CAAA;AAGD,EAAI,GAAA,CAAA,GAAA,CAAI,eAAiB,EAAA,OAAO,CAAM,KAAA;AACpC,IAAI,IAAA,CAAC,SAAS,aAAe,EAAA;AAC3B,MAAO,OAAA,CAAA,CAAE,IAAK,CAAA,WAAA,EAAa,GAAG,CAAA,CAAA;AAAA,KAChC;AAEA,IAAM,MAAA,aAAA,GAAgB,MAAMA,qBAAQ,EAAA,CAAE,KAAK,OAAQ,CAAA,aAAa,EAAE,MAAO,EAAA,CAAA;AAEzE,IAAO,OAAA,CAAA,CAAE,KAAK,aAAa,CAAA,CAAA;AAAA,GAC5B,CAAA,CAAA;AAGD,EAAO,MAAA,CAAA,IAAA,CAAK,OAAO,MAAQ,EAAA,KAAA,IAAS,EAAE,CAAA,CAAE,OAAQ,CAAA,CAAC,IAAS,KAAA;AAExD,IAAO,MAAA,CAAA,IAAA,CAAK,MAAO,CAAA,MAAA,EAAQ,KAAQ,GAAA,IAAI,CAAK,IAAA,EAAE,CAAA,CAAE,OAAQ,CAAA,CAAC,MAAW,KAAA;AAClE,MAAM,MAAA,KAAA,GAAQ,cAAc,IAAI,CAAA,CAAA;AAGhC,MAAA,MAAM,YAAY,MAAO,CAAA,MAAA,EAAQ,KAAQ,GAAA,IAAI,IAAI,MAAM,CAAA,CAAA;AAGvD,MAAA,MAAM,sBAAyB,GAAA,wBAAA;AAAA,QAC7B,SAAU,CAAA,QAAA;AAAA,OACZ,CAAA;AAEA,MAAA,MAAM,2BAA8B,GAAA,6BAAA;AAAA,QAClC,SAAA;AAAA,QACA,MAAQ,EAAA,MAAA;AAAA,OACV,CAAA;AAGA,MAAA,IAAI,0BAA0B,2BAA6B,EAAA;AAEzD,QAAA,GAAA,CAAI,MAAM,CAAA,CAAE,KAAO,EAAA,sBAAA,EAAwB,CAAA,CAAA;AAAA,OAC7C;AAIA,MAAA,GAAA,CAAI,MAAM,CAAA,CAAE,KAAO,EAAA,CAAC,CAAe,KAAA;AAEjC,QAAA,IAAI,SAAS,SAAW,EAAA;AACtB,UAAA,OAAA,CAAQ,SAAU,CAAA;AAAA,YAChB,OAAS,EAAA,CAAA;AAAA,YACT,SAAA;AAAA,WACD,CAAA,CAAA;AAAA,SACH;AAIA,QAAA,MAAM,oBAAuB,GAAA,wBAAA;AAAA,UAC3B,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA,SAAA,IAAa,EAAE,CAAA;AAAA,SACvC,CAAA;AAGA,QAAM,MAAA,YAAA,GAAe,uBACjB,SAAU,CAAA,SAAA,GAAY,oBAAoB,CAAG,EAAA,OAAA,GAC3C,kBACF,CACA,GAAA,IAAA,CAAA;AAGJ,QAAM,MAAA,QAAA,GAAW,cAAc,OAC3B,GAAA,YAAA,CAAa,UACb,YAAc,EAAA,MAAA,GACZE,gCAAqB,CAAA,YAAA,CAAa,MAAQ,EAAA;AAAA,UACxC,WAAa,EAAA,QAAA;AAAA,UACb,SAAA,EAAW,CAAE,CAAA,GAAA,CAAI,KAAM,EAAA;AAAA,SACxB,CACD,GAAA,IAAA,CAAA;AAGN,QAAA,MAAM,UAAa,GAAA,QAAA;AAAA,UACjB,oBAAA,KAAyB,SACrB,GAAA,KAAA,GACA,oBAAwB,IAAA,KAAA;AAAA,UAC5B,EAAA;AAAA,SACF,CAAA;AAEA,QAAO,OAAA,CAAA,CAAE,IAAK,CAAA,QAAA,EAAU,UAAU,CAAA,CAAA;AAAA,OACnC,CAAA,CAAA;AAAA,KACF,CAAA,CAAA;AAAA,GACF,CAAA,CAAA;AAED,EAAO,OAAA,GAAA,CAAA;AACT;;;;;;;"}

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sources":["../src/utils/findPreferredResponseKey.ts","../src/utils/routeFromPath.ts","../src/utils/isAuthenticationRequired.ts","../src/utils/anyBasicAuthentication.ts","../src/utils/isBasicAuthenticationRequired.ts","../src/createMockServer.ts"],"sourcesContent":["/**\n * Find the preferred response key: default, 200, 201 …\n */\nexport function findPreferredResponseKey(responses?: string[]) {\n  return ['default', '200', '201', '204', '404', '500'].find(\n    (key) => responses?.includes(key) ?? false,\n  )\n}\n","/**\n * Convert path to route\n * Example: /posts/{id} -> /posts/:id\n */\nexport function routeFromPath(path: string) {\n  return path.replace(/{/g, ':').replace(/}/g, '')\n}\n","import type { OpenAPIV3 } from '@scalar/openapi-parser'\n\n/**\n * Check whether the given security scheme key is in the `security` configuration for this operation.\n **/\nexport function isAuthenticationRequired(\n  security?: OpenAPIV3.SecurityRequirementObject[],\n): boolean {\n  // If security is not defined, auth is not required.\n  if (!security) {\n    return false\n  }\n\n  // Don’t require auth if security is just an empty array []\n  if (Array.isArray(security) && !security.length) {\n    return false\n  }\n\n  // Includes empty object = auth is not required\n  if (\n    (security ?? []).some(\n      (securityRequirement) => !Object.keys(securityRequirement).length,\n    )\n  ) {\n    return false\n  }\n\n  return true\n}\n","import type { Context } from 'hono'\nimport { HTTPException } from 'hono/http-exception'\n\n/**\n * Middleware to check for any basic authentication header\n */\nexport function anyBasicAuthentication() {\n  return async function (ctx: Context, next: () => Promise<void>) {\n    // Check if the request has an Authorization header\n    // Note: We don’t care *what* credentials are sent, though.\n    if (ctx.req.header('Authorization')?.startsWith('Basic ')) {\n      return await next()\n    }\n\n    // Unauthorized\n    throw new HTTPException(401, {\n      res: new Response('Unauthorized', {\n        status: 401,\n        headers: {\n          'WWW-Authenticate': 'Basic realm=\"Authentication Required\"',\n        },\n      }),\n    })\n  }\n}\n","import type { OpenAPI, OpenAPIV3_1 } from '@scalar/openapi-parser'\n\nexport function isBasicAuthenticationRequired(\n  operation: OpenAPI.Operation,\n  schema?: OpenAPI.Document,\n) {\n  const allowedSecuritySchemes = operation.security?.map(\n    (securityScheme: OpenAPIV3_1.SecurityRequirementObject) => {\n      return Object.keys(securityScheme)[0]\n    },\n  )\n  // Check if one of them is HTTP Basic Auth\n  const httpBasicAuthIsRequired =\n    allowedSecuritySchemes?.findIndex((securitySchemeKey: string) => {\n      const securityScheme =\n        schema?.components?.securitySchemes?.[securitySchemeKey]\n\n      return (\n        securityScheme?.type === 'http' && securityScheme?.scheme === 'basic'\n      )\n    }) !== undefined\n  return httpBasicAuthIsRequired\n}\n","import { getExampleFromSchema } from '@scalar/oas-utils/spec-getters'\nimport { type OpenAPI, openapi } from '@scalar/openapi-parser'\nimport { type Context, Hono } from 'hono'\nimport { cors } from 'hono/cors'\nimport type { StatusCode } from 'hono/utils/http-status'\n\nimport {\n  findPreferredResponseKey,\n  isAuthenticationRequired,\n  routeFromPath,\n} from './utils'\nimport { anyBasicAuthentication } from './utils/anyBasicAuthentication'\nimport { isBasicAuthenticationRequired } from './utils/isBasicAuthenticationRequired'\n\n/**\n * Create a mock server instance\n */\nexport async function createMockServer(options?: {\n  specification: string | Record<string, any>\n  onRequest?: (data: { context: Context; operation: OpenAPI.Operation }) => void\n}) {\n  const app = new Hono()\n\n  // Resolve references\n  const result = await openapi()\n    .load(options?.specification ?? {})\n    .dereference()\n    .get()\n\n  // CORS headers\n  app.use(cors())\n\n  // OpenAPI JSON file\n  app.get('/openapi.json', async (c) => {\n    if (!options?.specification) {\n      return c.text('Not found', 404)\n    }\n\n    const { specification } = await openapi().load(options.specification).get()\n\n    return c.json(specification)\n  })\n\n  // OpenAPI YAML file\n  app.get('/openapi.yaml', async (c) => {\n    if (!options?.specification) {\n      return c.text('Not found', 404)\n    }\n\n    const specification = await openapi().load(options.specification).toYaml()\n\n    return c.text(specification)\n  })\n\n  // Paths\n  Object.keys(result.schema?.paths ?? {}).forEach((path) => {\n    // Operations\n    Object.keys(result.schema?.paths?.[path] ?? {}).forEach((method) => {\n      const route = routeFromPath(path)\n\n      // @ts-expect-error Needs a proper type\n      const operation = result.schema?.paths?.[path]?.[method]\n\n      // Check if authentication is required\n      const requiresAuthentication = isAuthenticationRequired(\n        operation.security,\n      )\n      // Get all available authentication methods\n      const requiresBasicAuthentication = isBasicAuthenticationRequired(\n        operation,\n        result?.schema,\n      )\n\n      // Add HTTP basic authentication\n      if (requiresAuthentication && requiresBasicAuthentication) {\n        // @ts-expect-error Needs a proper type\n        app[method](route, anyBasicAuthentication())\n      }\n\n      // Route\n      // @ts-expect-error Needs a proper type\n      app[method](route, (c: Context) => {\n        // Call onRequest callback\n        if (options?.onRequest) {\n          options.onRequest({\n            context: c,\n            operation,\n          })\n        }\n\n        // Response\n        // default, 200, 201 …\n        const preferredResponseKey = findPreferredResponseKey(\n          Object.keys(operation.responses ?? {}),\n        )\n\n        // Focus on JSON for now\n        const jsonResponse = preferredResponseKey\n          ? operation.responses?.[preferredResponseKey]?.content?.[\n              'application/json'\n            ]\n          : null\n\n        // Get or generate JSON\n        const response = jsonResponse?.example\n          ? jsonResponse.example\n          : jsonResponse?.schema\n            ? getExampleFromSchema(jsonResponse.schema, {\n                emptyString: '…',\n                variables: c.req.param(),\n              })\n            : null\n\n        // Status code\n        const statusCode = parseInt(\n          preferredResponseKey === 'default'\n            ? '200'\n            : preferredResponseKey ?? '200',\n          10,\n        ) as StatusCode\n\n        return c.json(response, statusCode)\n      })\n    })\n  })\n\n  return app\n}\n"],"names":[],"mappings":";;;;;;AAGO,SAAS,yBAAyB,SAAsB,EAAA;AAC7D,EAAA,OAAO,CAAC,SAAW,EAAA,KAAA,EAAO,OAAO,KAAO,EAAA,KAAA,EAAO,KAAK,CAAE,CAAA,IAAA;AAAA,IACpD,CAAC,GAAA,KAAQ,SAAW,EAAA,QAAA,CAAS,GAAG,CAAK,IAAA,KAAA;AAAA,GACvC,CAAA;AACF;;ACHO,SAAS,cAAc,IAAc,EAAA;AAC1C,EAAA,OAAO,KAAK,OAAQ,CAAA,IAAA,EAAM,GAAG,CAAE,CAAA,OAAA,CAAQ,MAAM,EAAE,CAAA,CAAA;AACjD;;ACDO,SAAS,yBACd,QACS,EAAA;AAET,EAAA,IAAI,CAAC,QAAU,EAAA;AACb,IAAO,OAAA,KAAA,CAAA;AAAA,GACT;AAGA,EAAA,IAAI,MAAM,OAAQ,CAAA,QAAQ,CAAK,IAAA,CAAC,SAAS,MAAQ,EAAA;AAC/C,IAAO,OAAA,KAAA,CAAA;AAAA,GACT;AAGA,EACG,IAAA,CAAA,QAAA,IAAY,EAAI,EAAA,IAAA;AAAA,IACf,CAAC,mBAAwB,KAAA,CAAC,MAAO,CAAA,IAAA,CAAK,mBAAmB,CAAE,CAAA,MAAA;AAAA,GAE7D,EAAA;AACA,IAAO,OAAA,KAAA,CAAA;AAAA,GACT;AAEA,EAAO,OAAA,IAAA,CAAA;AACT;;ACtBO,SAAS,sBAAyB,GAAA;AACvC,EAAO,OAAA,eAAgB,KAAc,IAA2B,EAAA;AAG9D,IAAA,IAAI,IAAI,GAAI,CAAA,MAAA,CAAO,eAAe,CAAG,EAAA,UAAA,CAAW,QAAQ,CAAG,EAAA;AACzD,MAAA,OAAO,MAAM,IAAK,EAAA,CAAA;AAAA,KACpB;AAGA,IAAM,MAAA,IAAI,cAAc,GAAK,EAAA;AAAA,MAC3B,GAAA,EAAK,IAAI,QAAA,CAAS,cAAgB,EAAA;AAAA,QAChC,MAAQ,EAAA,GAAA;AAAA,QACR,OAAS,EAAA;AAAA,UACP,kBAAoB,EAAA,uCAAA;AAAA,SACtB;AAAA,OACD,CAAA;AAAA,KACF,CAAA,CAAA;AAAA,GACH,CAAA;AACF;;ACtBgB,SAAA,6BAAA,CACd,WACA,MACA,EAAA;AACA,EAAM,MAAA,sBAAA,GAAyB,UAAU,QAAU,EAAA,GAAA;AAAA,IACjD,CAAC,cAA0D,KAAA;AACzD,MAAA,OAAO,MAAO,CAAA,IAAA,CAAK,cAAc,CAAA,CAAE,CAAC,CAAA,CAAA;AAAA,KACtC;AAAA,GACF,CAAA;AAEA,EAAA,MAAM,uBACJ,GAAA,sBAAA,EAAwB,SAAU,CAAA,CAAC,iBAA8B,KAAA;AAC/D,IAAA,MAAM,cACJ,GAAA,MAAA,EAAQ,UAAY,EAAA,eAAA,GAAkB,iBAAiB,CAAA,CAAA;AAEzD,IAAA,OACE,cAAgB,EAAA,IAAA,KAAS,MAAU,IAAA,cAAA,EAAgB,MAAW,KAAA,OAAA,CAAA;AAAA,GAEjE,CAAM,KAAA,KAAA,CAAA,CAAA;AACT,EAAO,OAAA,uBAAA,CAAA;AACT;;ACLA,eAAsB,iBAAiB,OAGpC,EAAA;AACD,EAAM,MAAA,GAAA,GAAM,IAAI,IAAK,EAAA,CAAA;AAGrB,EAAA,MAAM,MAAS,GAAA,MAAM,OAAQ,EAAA,CAC1B,IAAK,CAAA,OAAA,EAAS,aAAiB,IAAA,EAAE,CAAA,CACjC,WAAY,EAAA,CACZ,GAAI,EAAA,CAAA;AAGP,EAAI,GAAA,CAAA,GAAA,CAAI,MAAM,CAAA,CAAA;AAGd,EAAI,GAAA,CAAA,GAAA,CAAI,eAAiB,EAAA,OAAO,CAAM,KAAA;AACpC,IAAI,IAAA,CAAC,SAAS,aAAe,EAAA;AAC3B,MAAO,OAAA,CAAA,CAAE,IAAK,CAAA,WAAA,EAAa,GAAG,CAAA,CAAA;AAAA,KAChC;AAEA,IAAM,MAAA,EAAE,aAAc,EAAA,GAAI,MAAM,OAAA,GAAU,IAAK,CAAA,OAAA,CAAQ,aAAa,CAAA,CAAE,GAAI,EAAA,CAAA;AAE1E,IAAO,OAAA,CAAA,CAAE,KAAK,aAAa,CAAA,CAAA;AAAA,GAC5B,CAAA,CAAA;AAGD,EAAI,GAAA,CAAA,GAAA,CAAI,eAAiB,EAAA,OAAO,CAAM,KAAA;AACpC,IAAI,IAAA,CAAC,SAAS,aAAe,EAAA;AAC3B,MAAO,OAAA,CAAA,CAAE,IAAK,CAAA,WAAA,EAAa,GAAG,CAAA,CAAA;AAAA,KAChC;AAEA,IAAM,MAAA,aAAA,GAAgB,MAAM,OAAQ,EAAA,CAAE,KAAK,OAAQ,CAAA,aAAa,EAAE,MAAO,EAAA,CAAA;AAEzE,IAAO,OAAA,CAAA,CAAE,KAAK,aAAa,CAAA,CAAA;AAAA,GAC5B,CAAA,CAAA;AAGD,EAAO,MAAA,CAAA,IAAA,CAAK,OAAO,MAAQ,EAAA,KAAA,IAAS,EAAE,CAAA,CAAE,OAAQ,CAAA,CAAC,IAAS,KAAA;AAExD,IAAO,MAAA,CAAA,IAAA,CAAK,MAAO,CAAA,MAAA,EAAQ,KAAQ,GAAA,IAAI,CAAK,IAAA,EAAE,CAAA,CAAE,OAAQ,CAAA,CAAC,MAAW,KAAA;AAClE,MAAM,MAAA,KAAA,GAAQ,cAAc,IAAI,CAAA,CAAA;AAGhC,MAAA,MAAM,YAAY,MAAO,CAAA,MAAA,EAAQ,KAAQ,GAAA,IAAI,IAAI,MAAM,CAAA,CAAA;AAGvD,MAAA,MAAM,sBAAyB,GAAA,wBAAA;AAAA,QAC7B,SAAU,CAAA,QAAA;AAAA,OACZ,CAAA;AAEA,MAAA,MAAM,2BAA8B,GAAA,6BAAA;AAAA,QAClC,SAAA;AAAA,QACA,MAAQ,EAAA,MAAA;AAAA,OACV,CAAA;AAGA,MAAA,IAAI,0BAA0B,2BAA6B,EAAA;AAEzD,QAAA,GAAA,CAAI,MAAM,CAAA,CAAE,KAAO,EAAA,sBAAA,EAAwB,CAAA,CAAA;AAAA,OAC7C;AAIA,MAAA,GAAA,CAAI,MAAM,CAAA,CAAE,KAAO,EAAA,CAAC,CAAe,KAAA;AAEjC,QAAA,IAAI,SAAS,SAAW,EAAA;AACtB,UAAA,OAAA,CAAQ,SAAU,CAAA;AAAA,YAChB,OAAS,EAAA,CAAA;AAAA,YACT,SAAA;AAAA,WACD,CAAA,CAAA;AAAA,SACH;AAIA,QAAA,MAAM,oBAAuB,GAAA,wBAAA;AAAA,UAC3B,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA,SAAA,IAAa,EAAE,CAAA;AAAA,SACvC,CAAA;AAGA,QAAM,MAAA,YAAA,GAAe,uBACjB,SAAU,CAAA,SAAA,GAAY,oBAAoB,CAAG,EAAA,OAAA,GAC3C,kBACF,CACA,GAAA,IAAA,CAAA;AAGJ,QAAM,MAAA,QAAA,GAAW,cAAc,OAC3B,GAAA,YAAA,CAAa,UACb,YAAc,EAAA,MAAA,GACZ,oBAAqB,CAAA,YAAA,CAAa,MAAQ,EAAA;AAAA,UACxC,WAAa,EAAA,QAAA;AAAA,UACb,SAAA,EAAW,CAAE,CAAA,GAAA,CAAI,KAAM,EAAA;AAAA,SACxB,CACD,GAAA,IAAA,CAAA;AAGN,QAAA,MAAM,UAAa,GAAA,QAAA;AAAA,UACjB,oBAAA,KAAyB,SACrB,GAAA,KAAA,GACA,oBAAwB,IAAA,KAAA;AAAA,UAC5B,EAAA;AAAA,SACF,CAAA;AAEA,QAAO,OAAA,CAAA,CAAE,IAAK,CAAA,QAAA,EAAU,UAAU,CAAA,CAAA;AAAA,OACnC,CAAA,CAAA;AAAA,KACF,CAAA,CAAA;AAAA,GACF,CAAA,CAAA;AAED,EAAO,OAAA,GAAA,CAAA;AACT;;;;"}