@scalar/mock-server 0.2.63 → 0.2.65

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @scalar/mock-server
 
+## 0.2.65
+
+### Patch Changes
+
+- 4cf8c52: feat: mock the OAuth code flow
+- Updated dependencies [7323370]
+- Updated dependencies [d7a6c55]
+- Updated dependencies [69bda25]
+  - @scalar/openapi-parser@0.8.8
+  - @scalar/oas-utils@0.2.61
+
+## 0.2.64
+
+### Patch Changes
+
+- Updated dependencies [2b540b9]
+  - @scalar/openapi-types@0.1.4
+  - @scalar/oas-utils@0.2.60
+  - @scalar/openapi-parser@0.8.7
+
 ## 0.2.63
 
 ### Patch Changes

package/README.md

@@ -19,7 +19,7 @@ A powerful Node.js server that generates and returns realistic mock data based o
 
 ## Quickstart
 
-It’s part of [our Scalar CLI](https://github.com/scalar/scalar/tree/main/packages/cli), sou can boot it literllay in seconds:
+It’s part of [our Scalar CLI](https://github.com/scalar/scalar/tree/main/packages/cli), you can boot it literllay in seconds:
 
 ```bash
 npx @scalar/cli mock openapi.json --watch

package/dist/createMockServer.d.ts

@@ -1,13 +1,7 @@
-import type { OpenAPI } from '@scalar/openapi-types';
-import { type Context, Hono } from 'hono';
+import { Hono } from 'hono';
+import type { MockServerOptions } from './types.js';
 /**
  * Create a mock server instance
  */
-export declare function createMockServer(options?: {
-    specification: string | Record<string, any>;
-    onRequest?: (data: {
-        context: Context;
-        operation: OpenAPI.Operation;
-    }) => void;
-}): Promise<Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">>;
+export declare function createMockServer(options: MockServerOptions): Promise<Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">>;
 //# sourceMappingURL=createMockServer.d.ts.map

package/dist/createMockServer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"createMockServer.d.ts","sourceRoot":"","sources":["../src/createMockServer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,KAAK,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAkBzC;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IAC/C,aAAa,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC3C,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAA;KAAE,KAAK,IAAI,CAAA;CAC/E,uFAqLA"}
+{"version":3,"file":"createMockServer.d.ts","sourceRoot":"","sources":["../src/createMockServer.ts"],"names":[],"mappings":"AAEA,OAAO,EAAgB,IAAI,EAAE,MAAM,MAAM,CAAA;AAKzC,OAAO,KAAK,EAAc,iBAAiB,EAAE,MAAM,SAAS,CAAA;AAQ5D;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,iBAAiB,uFAoDhE"}

package/dist/createMockServer.js

@@ -1,18 +1,14 @@
-import { getExampleFromSchema } from '@scalar/oas-utils/spec-getters';
 import { openapi } from '@scalar/openapi-parser';
 import { Hono } from 'hono';
-import { accepts } from 'hono/accepts';
 import { cors } from 'hono/cors';
-import objectToXML from 'object-to-xml';
-import { anyBasicAuthentication } from './utils/anyBasicAuthentication.js';
-import { anyOpenAuthPasswordGrantAuthentication } from './utils/anyOpenAuthPasswordGrantAuthentication.js';
-import { findPreferredResponseKey } from './utils/findPreferredResponseKey.js';
-import { getOpenAuthTokenUrl } from './utils/getOpenAuthTokenUrl.js';
+import { mockAnyResponse } from './routes/mockAnyResponse.js';
+import { respondWithOpenApiDocument } from './routes/respondWithOpenApiDocument.js';
 import { getOperations } from './utils/getOperations.js';
+import { handleAuthentication } from './utils/handleAuthentication.js';
 import { honoRouteFromPath } from './utils/honoRouteFromPath.js';
 import { isAuthenticationRequired } from './utils/isAuthenticationRequired.js';
-import { isBasicAuthenticationRequired } from './utils/isBasicAuthenticationRequired.js';
-import { isOpenAuthPasswordGrantRequired } from './utils/isOpenAuthPasswordGrantRequired.js';
+import { logAuthenticationInstructions } from './utils/logAuthenticationInstructions.js';
+import { setupAuthenticationRoutes } from './utils/setupAuthenticationRoutes.js';
 
 /**
  * Create a mock server instance
@@ -26,42 +22,10 @@ async function createMockServer(options) {
         .get();
     // CORS headers
     app.use(cors());
-    // OpenAPI JSON file
-    app.get('/openapi.json', async (c) => {
-        if (!options?.specification) {
-            return c.text('Not found', 404);
-        }
-        const { specification } = await openapi().load(options.specification).get();
-        return c.json(specification);
-    });
-    // OpenAPI YAML file
-    app.get('/openapi.yaml', async (c) => {
-        if (!options?.specification) {
-            return c.text('Not found', 404);
-        }
-        const specification = await openapi().load(options.specification).toYaml();
-        return c.text(specification);
-    });
-    // OpenAuth2 token endpoint
-    const tokenUrl = getOpenAuthTokenUrl(schema);
-    if (typeof tokenUrl === 'string') {
-        app.post(tokenUrl, async (c) => {
-            return c.json({
-                access_token: 'super-secret-token',
-                token_type: 'Bearer',
-                expires_in: 3600,
-                refresh_token: 'secret-refresh-token',
-            }, 200, 
-            /**
-             * When responding with an access token, the server must also include the additional Cache-Control: no-store
-             * HTTP header to ensure clients do not cache this request.
-             * @see https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/
-             */
-            {
-                'Cache-Control': 'no-store',
-            });
-        });
-    }
+    /** Authentication methods defined in the OpenAPI document */
+    setupAuthenticationRoutes(app, schema);
+    logAuthenticationInstructions(schema?.components?.securitySchemes ||
+        {});
     /** Paths specified in the OpenAPI document */
     const paths = schema?.paths ?? {};
     Object.keys(paths).forEach((path) => {
@@ -70,78 +34,18 @@ async function createMockServer(options) {
         methods.forEach((method) => {
             const route = honoRouteFromPath(path);
             const operation = schema?.paths?.[path]?.[method];
-            // Check if authentication is required
-            const requiresAuthentication = isAuthenticationRequired(operation.security);
-            // Check whether we need basic authentication
-            const requiresBasicAuthentication = isBasicAuthenticationRequired(operation, schema);
-            // Add HTTP basic authentication
-            if (requiresAuthentication && requiresBasicAuthentication) {
-                app[method](route, anyBasicAuthentication());
-            }
-            // Check whether we need OpenAuth password grant authentication
-            const requiresOpenAuthPasswordGrant = isOpenAuthPasswordGrantRequired(operation, schema);
-            // Add HTTP basic authentication
-            if (requiresAuthentication && requiresOpenAuthPasswordGrant) {
-                app[method](route, anyOpenAuthPasswordGrantAuthentication());
+            // Check if authentication is required for this operation
+            if (isAuthenticationRequired(operation.security)) {
+                app[method](route, handleAuthentication(schema, operation));
             }
-            // Route
-            app[method](route, (c) => {
-                // Call onRequest callback
-                if (options?.onRequest) {
-                    options.onRequest({
-                        context: c,
-                        operation,
-                    });
-                }
-                // Response
-                // default, 200, 201 …
-                const preferredResponseKey = findPreferredResponseKey(Object.keys(operation.responses ?? {}));
-                const preferredResponse = preferredResponseKey
-                    ? operation.responses?.[preferredResponseKey]
-                    : null;
-                const supportedContentTypes = Object.keys(preferredResponse?.content ?? {});
-                // Headers
-                const headers = preferredResponse?.headers ?? {};
-                Object.keys(headers).forEach((header) => {
-                    c.header(header, headers[header].schema
-                        ? getExampleFromSchema(headers[header].schema)
-                        : null);
-                });
-                // Content-Type
-                const acceptedContentType = accepts(c, {
-                    header: 'Accept',
-                    supports: supportedContentTypes,
-                    default: supportedContentTypes.includes('application/json')
-                        ? 'application/json'
-                        : supportedContentTypes[0],
-                });
-                c.header('Content-Type', acceptedContentType);
-                const acceptedResponse = preferredResponse?.content?.[acceptedContentType];
-                // Body
-                const body = acceptedResponse?.example
-                    ? acceptedResponse.example
-                    : acceptedResponse?.schema
-                        ? getExampleFromSchema(acceptedResponse.schema, {
-                            emptyString: '…',
-                            variables: c.req.param(),
-                        })
-                        : null;
-                // Status code
-                const statusCode = parseInt(preferredResponseKey === 'default'
-                    ? '200'
-                    : (preferredResponseKey ?? '200'), 10);
-                c.status(statusCode);
-                return c.body(typeof body === 'object'
-                    ? // XML
-                        acceptedContentType?.includes('xml')
-                            ? `<?xml version="1.0" encoding="UTF-8"?>${objectToXML(body)}`
-                            : // JSON
-                                JSON.stringify(body, null, 2)
-                    : // String
-                        body);
-            });
+            // Actual route
+            app[method](route, (c) => mockAnyResponse(c, operation, options));
         });
     });
+    // OpenAPI JSON file
+    app.get('/openapi.json', (c) => respondWithOpenApiDocument(c, options?.specification, 'json'));
+    // OpenAPI YAML file
+    app.get('/openapi.yaml', (c) => respondWithOpenApiDocument(c, options?.specification, 'yaml'));
     return app;
 }
 

package/dist/routes/mockAnyResponse.d.ts

@@ -0,0 +1,8 @@
+import type { OpenAPI } from '@scalar/openapi-types';
+import type { Context } from 'hono';
+import type { MockServerOptions } from '../types.js';
+/**
+ * Mock any response
+ */
+export declare function mockAnyResponse(c: Context, operation: OpenAPI.Operation, options: MockServerOptions): Response;
+//# sourceMappingURL=mockAnyResponse.d.ts.map

package/dist/routes/mockAnyResponse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mockAnyResponse.d.ts","sourceRoot":"","sources":["../../src/routes/mockAnyResponse.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAMnC,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAA;AAGjD;;GAEG;AACH,wBAAgB,eAAe,CAC7B,CAAC,EAAE,OAAO,EACV,SAAS,EAAE,OAAO,CAAC,SAAS,EAC5B,OAAO,EAAE,iBAAiB,YAiF3B"}

package/dist/routes/mockAnyResponse.js

@@ -0,0 +1,72 @@
+import { getExampleFromSchema } from '@scalar/oas-utils/spec-getters';
+import { accepts } from 'hono/accepts';
+import objectToXML from 'object-to-xml';
+import { findPreferredResponseKey } from '../utils/findPreferredResponseKey.js';
+
+/**
+ * Mock any response
+ */
+function mockAnyResponse(c, operation, options) {
+    // Call onRequest callback
+    if (options?.onRequest) {
+        options.onRequest({
+            context: c,
+            operation,
+        });
+    }
+    // Response
+    // default, 200, 201 …
+    const preferredResponseKey = findPreferredResponseKey(Object.keys(operation.responses ?? {}));
+    const preferredResponse = preferredResponseKey
+        ? operation.responses?.[preferredResponseKey]
+        : null;
+    if (!preferredResponse) {
+        c.status(500);
+        return c.json({ error: 'No response defined for this operation.' });
+    }
+    const supportedContentTypes = Object.keys(preferredResponse?.content ?? {});
+    // Headers
+    const headers = preferredResponse?.headers ?? {};
+    Object.keys(headers).forEach((header) => {
+        const value = headers[header].schema
+            ? getExampleFromSchema(headers[header].schema)
+            : null;
+        if (value !== null) {
+            c.header(header, value);
+        }
+    });
+    // Content-Type
+    const acceptedContentType = accepts(c, {
+        header: 'Accept',
+        supports: supportedContentTypes,
+        default: supportedContentTypes.includes('application/json')
+            ? 'application/json'
+            : supportedContentTypes[0],
+    });
+    c.header('Content-Type', acceptedContentType);
+    const acceptedResponse = preferredResponse?.content?.[acceptedContentType];
+    // Body
+    const body = acceptedResponse?.example
+        ? acceptedResponse.example
+        : acceptedResponse?.schema
+            ? getExampleFromSchema(acceptedResponse.schema, {
+                emptyString: '…',
+                variables: c.req.param(),
+            })
+            : null;
+    // Status code
+    const statusCode = parseInt(preferredResponseKey === 'default'
+        ? '200'
+        : (preferredResponseKey ?? '200'), 10);
+    c.status(statusCode);
+    return c.body(typeof body === 'object'
+        ? // XML
+            acceptedContentType?.includes('xml')
+                ? `<?xml version="1.0" encoding="UTF-8"?>${objectToXML(body)}`
+                : // JSON
+                    JSON.stringify(body, null, 2)
+        : // String
+            body);
+}
+
+export { mockAnyResponse };

package/dist/routes/respondWithAuthorizePage.d.ts

@@ -0,0 +1,6 @@
+import type { Context } from 'hono';
+/**
+ * Responds with an HTML page that simulates an OAuth 2.0 authorization page.
+ */
+export declare function respondWithAuthorizePage(c: Context, title?: string): Response;
+//# sourceMappingURL=respondWithAuthorizePage.d.ts.map

package/dist/routes/respondWithAuthorizePage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"respondWithAuthorizePage.d.ts","sourceRoot":"","sources":["../../src/routes/respondWithAuthorizePage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAKnC;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,GAAE,MAAW,YAoCtE"}

package/dist/routes/respondWithAuthorizePage.js

@@ -0,0 +1,105 @@
+/** Always responds with this code */
+const EXAMPLE_AUTHORIZATION_CODE = 'super-secret-token';
+/**
+ * Responds with an HTML page that simulates an OAuth 2.0 authorization page.
+ */
+function respondWithAuthorizePage(c, title = '') {
+    const redirectUri = c.req.query('redirect_uri');
+    const state = c.req.query('state');
+    if (!redirectUri) {
+        return c.html(generateErrorHtml('Missing redirect_uri parameter', 'This parameter is required for the OAuth 2.0 authorization flow to function correctly. Please provide a valid redirect URI in your request.'), 400);
+    }
+    try {
+        // Validate redirect URI against allowed domains
+        const redirectUrl = new URL(redirectUri);
+        redirectUrl.searchParams.set('code', EXAMPLE_AUTHORIZATION_CODE);
+        if (state) {
+            redirectUrl.searchParams.set('state', state);
+        }
+        const htmlContent = generateAuthorizationHtml(redirectUrl.toString(), title);
+        return c.html(htmlContent);
+    }
+    catch (error) {
+        return c.html(generateErrorHtml('Invalid redirect_uri format', 'Please provide a valid URL. The redirect_uri parameter must be a properly formatted URL that includes the protocol (e.g., https://) and a valid domain. This is essential for the OAuth 2.0 flow to securely redirect after authorization.'), 400);
+    }
+}
+function generateAuthorizationHtml(redirectUrl, title = '') {
+    return `
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>OAuth 2.0 Authorization</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+  </head>
+  <body class="flex justify-center items-center h-screen bg-gray-100">
+
+    <div class="flex flex-col">
+      <div class="mb-5 flex justify-center items-center gap-2">
+        <img src="https://scalar.com/logo-dark.svg" class="w-6 inline-block" />
+        <div class="font-medium truncate max-w-[26ch] text-lg">
+          ${title}
+        </div>
+      </div>
+      <div class="bg-gray-50 rounded-lg p-1 rounded-lg w-[28rem] shadow">
+        <div class="">
+          <h1 class="text font-medium text-gray-800 px-6 pt-2 pb-3 flex gap-3 rounded-t-lg">
+            OAuth 2.0 Authorization
+          </h1>
+          <div class="bg-white rounded">
+            <div class="text-gray-600 text-base px-6 py-5 flex flex-col gap-3">
+              <p>
+                This application is requesting access to your account. By granting authorization, you allow the application to perform certain actions on your behalf.
+              </p>
+              <p>
+                If you’re comfortable with the access being requested, click the button below to grant authorization:
+              </p>
+            </div>
+            <div class="px-6 py-4 pt-0 flex justify-between">
+              <a href="javascript:history.back()" class="inline-block px-6 py-2 text-gray-600 rounded border" aria-label="Cancel authorization">
+                Cancel
+              </a>
+              <a href="${redirectUrl}" class="inline-block px-6 py-2 bg-black text-white rounded transition-colors duration-300 hover:bg-gray-800" aria-label="Authorize application">
+                Authorize
+              </a>
+            </div>
+          </div>
+        </div>
+      </div>
+
+      <p class="text-xs text-gray-400 mt-5 text-center">
+        This authorization page is provided by @scalar/mock-server
+      </p>
+
+    </div>
+  </body>
+</html>
+  `;
+}
+function generateErrorHtml(title, message) {
+    return `<html>
+  <html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>OAuth 2.0 Authorization</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+  </head>
+  <body>
+    <div class="p-4 m-8 flex flex-col gap-4 text-lg">
+      <h1 class="font-bold">
+        Error: ${title}
+      </h1>
+      <p>
+        ${message}
+      </p>
+      <p>
+        Example: <code class="bg-gray-100 py-1 px-2 rounded text-base"><a href="?redirect_uri=https://example.com/callback">?redirect_uri=https://example.com/callback</a></code>
+      </p>
+    </div>
+  </body>
+</html>`;
+}
+
+export { respondWithAuthorizePage };

package/dist/routes/respondWithOpenApiDocument.d.ts

@@ -0,0 +1,14 @@
+import type { Context } from 'hono';
+/**
+ * OpenAPI endpoints
+ */
+export declare function respondWithOpenApiDocument(c: Context, input?: string | Record<string, any>, format?: 'json' | 'yaml'): Promise<(Response & import("hono").TypedResponse<{
+    [x: string]: any;
+}, import("hono/utils/http-status").StatusCode, "json">) | (Response & import("hono").TypedResponse<string, import("hono/utils/http-status").StatusCode, "text">) | (Response & import("hono").TypedResponse<{
+    error: string;
+    message: string;
+}, 500, "json">) | (Response & import("hono").TypedResponse<{
+    error: string;
+    message: string;
+}, 400, "json">)>;
+//# sourceMappingURL=respondWithOpenApiDocument.d.ts.map

package/dist/routes/respondWithOpenApiDocument.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"respondWithOpenApiDocument.d.ts","sourceRoot":"","sources":["../../src/routes/respondWithOpenApiDocument.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAEnC;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,CAAC,EAAE,OAAO,EACV,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACpC,MAAM,GAAE,MAAM,GAAG,MAAe;;;;;;;;kBAwCjC"}

package/dist/routes/respondWithOpenApiDocument.js

@@ -0,0 +1,38 @@
+import { openapi } from '@scalar/openapi-parser';
+
+/**
+ * OpenAPI endpoints
+ */
+async function respondWithOpenApiDocument(c, input, format = 'json') {
+    if (!input) {
+        return c.text('Not found', 404);
+    }
+    try {
+        const { specification } = await openapi().load(input).get();
+        // JSON
+        if (format === 'json') {
+            c.header('Content-Type', 'application/json');
+            return c.json(specification);
+        }
+        // YAML
+        try {
+            const yamlSpecification = await openapi().load(input).toYaml();
+            c.header('Content-Type', 'text/yaml');
+            return c.text(yamlSpecification);
+        }
+        catch (error) {
+            return c.json({
+                error: 'Failed to convert specification to YAML',
+                message: error instanceof Error ? error.message : 'Unknown error occurred',
+            }, 500);
+        }
+    }
+    catch (error) {
+        return c.json({
+            error: 'Failed to parse OpenAPI specification',
+            message: error instanceof Error ? error.message : 'Unknown error occurred',
+        }, 400);
+    }
+}
+
+export { respondWithOpenApiDocument };

package/dist/routes/respondWithToken.d.ts

@@ -0,0 +1,15 @@
+import type { Context } from 'hono';
+/**
+ * Responds with a JSON object simulating an OAuth 2.0 token response.
+ */
+export declare function respondWithToken(c: Context): (Response & import("hono").TypedResponse<{
+    error: string;
+    error_description: string;
+}, 400, "json">) | (Response & import("hono").TypedResponse<{
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token: string;
+    scope: string;
+}, import("hono/utils/http-status").StatusCode, "json">);
+//# sourceMappingURL=respondWithToken.d.ts.map

package/dist/routes/respondWithToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"respondWithToken.d.ts","sourceRoot":"","sources":["../../src/routes/respondWithToken.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAKnC;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,OAAO;;;;;;;;;yDAuD1C"}

package/dist/routes/respondWithToken.js

@@ -0,0 +1,47 @@
+/** Always responds with this token */
+const EXAMPLE_ACCESS_TOKEN = 'super-secret-access-token';
+/**
+ * Responds with a JSON object simulating an OAuth 2.0 token response.
+ */
+function respondWithToken(c) {
+    const grantType = c.req.query('grant_type');
+    if (!grantType) {
+        return c.json({
+            error: 'invalid_request',
+            error_description: 'Missing grant_type parameter',
+        }, 400);
+    }
+    // Validate supported grant types
+    const supportedGrantTypes = [
+        'authorization_code',
+        'client_credentials',
+        'refresh_token',
+    ];
+    if (!supportedGrantTypes.includes(grantType)) {
+        return c.json({
+            error: 'unsupported_grant_type',
+            error_description: `Grant type must be one of: ${supportedGrantTypes.join(', ')}`,
+        }, 400);
+    }
+    // Validate required parameters for each grant type
+    if (grantType === 'authorization_code' && !c.req.query('code')) {
+        return c.json({
+            error: 'invalid_request',
+            error_description: 'Missing code parameter',
+        }, 400);
+    }
+    // Simulate token generation
+    const tokenResponse = {
+        access_token: EXAMPLE_ACCESS_TOKEN,
+        token_type: 'Bearer',
+        expires_in: 3600,
+        refresh_token: 'example-refresh-token',
+        scope: c.req.query('scope') ?? 'read write',
+    };
+    // Security headers
+    c.header('Cache-Control', 'no-store');
+    c.header('Pragma', 'no-cache');
+    return c.json(tokenResponse);
+}
+
+export { respondWithToken };

package/dist/types.d.ts

@@ -1,5 +1,21 @@
+import type { OpenAPI } from '@scalar/openapi-types';
+import { type Context } from 'hono';
 /** Available HTTP methods for Hono routes */
 export declare const httpMethods: readonly ["get", "put", "post", "delete", "options", "patch"];
 /** Valid HTTP method */
 export type HttpMethod = (typeof httpMethods)[number];
+export type MockServerOptions = {
+    /**
+     * The OpenAPI specification to use for mocking.
+     * Can be a string (URL or file path) or an object.
+     */
+    specification: string | Record<string, any>;
+    /**
+     * Callback function to be called before each request is processed.
+     */
+    onRequest?: (data: {
+        context: Context;
+        operation: OpenAPI.Operation;
+    }) => void;
+};
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,eAAO,MAAM,WAAW,+DAOd,CAAA;AAEV,wBAAwB;AACxB,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAA"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,KAAK,OAAO,EAAQ,MAAM,MAAM,CAAA;AAEzC,6CAA6C;AAC7C,eAAO,MAAM,WAAW,+DAOd,CAAA;AAEV,wBAAwB;AACxB,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAA;AAErD,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;;OAGG;IACH,aAAa,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAE3C;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAA;KAAE,KAAK,IAAI,CAAA;CAC/E,CAAA"}

package/dist/utils/createOpenAPIDocument.d.ts

@@ -0,0 +1,4 @@
+import type { OpenAPIV3, OpenAPIV3_1 } from '@scalar/openapi-types';
+/** Helper function create an OpenAPI document with security schemss */
+export declare function createOpenAPIDocument(securitySchemes: Record<string, OpenAPIV3.SecuritySchemeObject | OpenAPIV3_1.SecuritySchemeObject>): OpenAPIV3.Document;
+//# sourceMappingURL=createOpenAPIDocument.d.ts.map

package/dist/utils/createOpenAPIDocument.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createOpenAPIDocument.d.ts","sourceRoot":"","sources":["../../src/utils/createOpenAPIDocument.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAEnE,uEAAuE;AACvE,wBAAgB,qBAAqB,CACnC,eAAe,EAAE,MAAM,CACrB,MAAM,EACN,SAAS,CAAC,oBAAoB,GAAG,WAAW,CAAC,oBAAoB,CAClE,GACA,SAAS,CAAC,QAAQ,CAMpB"}

package/dist/utils/getOpenAuthTokenUrls.d.ts

@@ -0,0 +1,7 @@
+import type { OpenAPI } from '@scalar/openapi-types';
+/**
+ * Extract path from URL
+ */
+export declare function getPathFromUrl(url: string): string;
+export declare function getOpenAuthTokenUrls(schema?: OpenAPI.Document): string[];
+//# sourceMappingURL=getOpenAuthTokenUrls.d.ts.map

package/dist/utils/getOpenAuthTokenUrls.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"getOpenAuthTokenUrls.d.ts","sourceRoot":"","sources":["../../src/utils/getOpenAuthTokenUrls.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,uBAAuB,CAAA;AAE5E;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAclD;AAiBD,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,GAAG,MAAM,EAAE,CAgCxE"}

package/dist/utils/getOpenAuthTokenUrls.js

@@ -0,0 +1,55 @@
+/**
+ * Extract path from URL
+ */
+function getPathFromUrl(url) {
+    try {
+        // Handle relative URLs by prepending a base
+        const urlObject = url.startsWith('http')
+            ? new URL(url)
+            : new URL(url, 'http://example.com');
+        // Normalize: remove trailing slash except for root path
+        const path = urlObject.pathname;
+        return path === '/' ? path : path.replace(/\/$/, '');
+    }
+    catch (error) {
+        // If URL is invalid, return the original string
+        return url;
+    }
+}
+/**
+ * Returns all token URLs mentioned in the securitySchemes, without the domain
+ */
+// Type guard for OAuth2 security scheme
+function isOAuth2Scheme(scheme) {
+    return scheme.type === 'oauth2';
+}
+// Validate token URL
+function isValidTokenUrl(url) {
+    return url.trim().length > 0;
+}
+function getOpenAuthTokenUrls(schema) {
+    if (!schema?.components?.securitySchemes) {
+        return [];
+    }
+    const securitySchemes = schema.components.securitySchemes;
+    // Use Set from the start for better memory efficiency
+    const tokenUrls = new Set();
+    // Iterate through all security schemes
+    for (const scheme of Object.values(securitySchemes)) {
+        if (!isOAuth2Scheme(scheme))
+            continue;
+        const flows = scheme.flows; // Type assertion no longer needed
+        // Helper to safely add valid token URLs
+        const addTokenUrl = (url) => {
+            if (url && isValidTokenUrl(url)) {
+                tokenUrls.add(getPathFromUrl(url));
+            }
+        };
+        addTokenUrl(flows?.password?.tokenUrl);
+        addTokenUrl(flows?.clientCredentials?.tokenUrl);
+        addTokenUrl(flows?.authorizationCode?.tokenUrl);
+    }
+    return Array.from(tokenUrls);
+}
+
+export { getOpenAuthTokenUrls, getPathFromUrl };

package/dist/utils/handleAuthentication.d.ts

@@ -0,0 +1,10 @@
+import type { OpenAPI } from '@scalar/openapi-types';
+import type { Context } from 'hono';
+/**
+ * Handles authentication for incoming requests based on the OpenAPI specification.
+ */
+export declare function handleAuthentication(schema?: OpenAPI.Document, operation?: OpenAPI.Operation): (c: Context, next: () => Promise<void>) => Promise<(Response & import("hono").TypedResponse<{
+    error: string;
+    message: string;
+}, 401, "json">) | undefined>;
+//# sourceMappingURL=handleAuthentication.d.ts.map

package/dist/utils/handleAuthentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handleAuthentication.d.ts","sourceRoot":"","sources":["../../src/utils/handleAuthentication.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAGnC;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,EACzB,SAAS,CAAC,EAAE,OAAO,CAAC,SAAS,OAEZ,OAAO,QAAQ,MAAM,OAAO,CAAC,IAAI,CAAC;;;8BA8GpD"}

package/dist/utils/handleAuthentication.js

@@ -0,0 +1,103 @@
+import { getCookie } from 'hono/cookie';
+
+/**
+ * Handles authentication for incoming requests based on the OpenAPI specification.
+ */
+function handleAuthentication(schema, operation) {
+    return async (c, next) => {
+        const operationSecuritySchemes = operation?.security || schema?.security;
+        if (operationSecuritySchemes && operationSecuritySchemes.length > 0) {
+            let isAuthenticated = false;
+            let authScheme = '';
+            for (const securityRequirement of operationSecuritySchemes) {
+                let securitySchemeAuthenticated = true;
+                for (const [schemeName] of Object.entries(securityRequirement)) {
+                    const scheme = schema?.components?.securitySchemes?.[schemeName];
+                    if (scheme) {
+                        switch (scheme.type) {
+                            case 'http':
+                                if (scheme.scheme === 'basic') {
+                                    authScheme = 'Basic';
+                                    const authHeader = c.req.header('Authorization');
+                                    if (authHeader?.startsWith('Basic ')) {
+                                        isAuthenticated = true;
+                                    }
+                                }
+                                else if (scheme.scheme === 'bearer') {
+                                    authScheme = 'Bearer';
+                                    const authHeader = c.req.header('Authorization');
+                                    if (authHeader?.startsWith('Bearer ')) {
+                                        isAuthenticated = true;
+                                    }
+                                }
+                                break;
+                            case 'apiKey':
+                                authScheme = `ApiKey ${scheme.name}`;
+                                if (scheme.in === 'header') {
+                                    const apiKey = c.req.header(scheme.name);
+                                    if (apiKey) {
+                                        isAuthenticated = true;
+                                    }
+                                }
+                                else if (scheme.in === 'query') {
+                                    const apiKey = c.req.query(scheme.name);
+                                    if (apiKey) {
+                                        isAuthenticated = true;
+                                    }
+                                }
+                                else if (scheme.in === 'cookie') {
+                                    const apiKey = getCookie(c, scheme.name);
+                                    if (apiKey) {
+                                        isAuthenticated = true;
+                                    }
+                                }
+                                break;
+                            case 'oauth2':
+                                authScheme = 'Bearer';
+                                // Handle OAuth 2.0 flows, including password grant
+                                if (c.req.header('Authorization')?.startsWith('Bearer ')) {
+                                    isAuthenticated = true;
+                                }
+                                break;
+                        }
+                    }
+                    if (!isAuthenticated) {
+                        securitySchemeAuthenticated = false;
+                        break;
+                    }
+                }
+                if (securitySchemeAuthenticated) {
+                    isAuthenticated = true;
+                    break;
+                }
+            }
+            if (!isAuthenticated) {
+                let wwwAuthenticateValue = authScheme;
+                switch (authScheme) {
+                    case 'Basic':
+                        wwwAuthenticateValue +=
+                            ' realm="Scalar Mock Server", charset="UTF-8"';
+                        break;
+                    case 'Bearer':
+                        wwwAuthenticateValue +=
+                            ' realm="Scalar Mock Server", error="invalid_token", error_description="The access token is invalid or has expired"';
+                        break;
+                    case 'ApiKey':
+                        wwwAuthenticateValue += ` realm="Scalar Mock Server", error="invalid_token", error_description="Invalid or missing API key"`;
+                        break;
+                    default:
+                        wwwAuthenticateValue = 'Bearer realm="Scalar Mock Server"';
+                }
+                c.header('WWW-Authenticate', wwwAuthenticateValue);
+                return c.json({
+                    error: 'Unauthorized',
+                    message: 'Authentication is required to access this resource.',
+                }, 401);
+            }
+        }
+        // If all checks pass, continue to the next middleware
+        await next();
+    };
+}
+
+export { handleAuthentication };

package/dist/utils/index.d.ts

@@ -1,12 +1,6 @@
-export * from './anyBasicAuthentication.js';
-export * from './anyOpenAuthPasswordGrantAuthentication.js';
-export * from './findPreferredResponseKey.test';
 export * from './findPreferredResponseKey.js';
-export * from './getOpenAuthTokenUrl.js';
+export * from './getOpenAuthTokenUrls.js';
 export * from './getOperations.js';
-export * from './honoRouteFromPath.test';
 export * from './honoRouteFromPath.js';
 export * from './isAuthenticationRequired.js';
-export * from './isBasicAuthenticationRequired.js';
-export * from './isOpenAuthPasswordGrantRequired.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/utils/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,0BAA0B,CAAA;AACxC,cAAc,0CAA0C,CAAA;AACxD,cAAc,iCAAiC,CAAA;AAC/C,cAAc,4BAA4B,CAAA;AAC1C,cAAc,uBAAuB,CAAA;AACrC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,0BAA0B,CAAA;AACxC,cAAc,qBAAqB,CAAA;AACnC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,mCAAmC,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,cAAc,wBAAwB,CAAA;AACtC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,qBAAqB,CAAA;AACnC,cAAc,4BAA4B,CAAA"}

package/dist/utils/logAuthenticationInstructions.d.ts

@@ -0,0 +1,6 @@
+import type { OpenAPIV3_1 } from '@scalar/openapi-types';
+/**
+ * Log authentication instructions for different security schemes
+ */
+export declare function logAuthenticationInstructions(securitySchemes: Record<string, OpenAPIV3_1.SecuritySchemeObject>): void;
+//# sourceMappingURL=logAuthenticationInstructions.d.ts.map

package/dist/utils/logAuthenticationInstructions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logAuthenticationInstructions.d.ts","sourceRoot":"","sources":["../../src/utils/logAuthenticationInstructions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAIxD;;GAEG;AACH,wBAAgB,6BAA6B,CAC3C,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,oBAAoB,CAAC,QAoIlE"}

package/dist/utils/logAuthenticationInstructions.js

@@ -0,0 +1,112 @@
+import { getPathFromUrl } from './getOpenAuthTokenUrls.js';
+
+/**
+ * Log authentication instructions for different security schemes
+ */
+function logAuthenticationInstructions(securitySchemes) {
+    if (!securitySchemes || Object.keys(securitySchemes).length === 0) {
+        return;
+    }
+    console.log('Authentication:');
+    console.log();
+    Object.entries(securitySchemes).forEach(([_, scheme]) => {
+        switch (scheme.type) {
+            case 'apiKey':
+                if (scheme.in === 'header') {
+                    console.log('✅ API Key Authentication');
+                    console.log(`   Use any API key in the ${scheme.name} header`);
+                    console.log();
+                    console.log(`   ${scheme.name}: YOUR_API_KEY_HERE`);
+                    console.log();
+                }
+                else if (scheme.in === 'query') {
+                    console.log(`✅ API Key Authentication`);
+                    console.log(`   Use any API key in the ${scheme.name} query parameter:`);
+                    console.log();
+                    console.log(`   ?${scheme.name}=YOUR_API_KEY_HERE`);
+                    console.log();
+                }
+                else if (scheme.in === 'cookie') {
+                    console.log(`✅ API Key Authentication`);
+                    console.log(`   Use any API key in the ${scheme.name} cookie:`);
+                    console.log();
+                    console.log(`   Cookie: ${scheme.name}=YOUR_API_KEY_HERE`);
+                    console.log();
+                }
+                else {
+                    console.error(`❌ Unsupported API Key Location: ${scheme.in}`);
+                }
+                break;
+            case 'http':
+                if (scheme.scheme === 'basic') {
+                    console.log('✅ HTTP Basic Authentication');
+                    console.log('   Use an Authorization header with any credentials ("username:password" in base64):');
+                    console.log();
+                    console.log('   Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=');
+                    console.log();
+                }
+                else if (scheme.scheme === 'bearer') {
+                    console.log('✅ Bearer Token Authentication');
+                    console.log('   Use an Authorization header with any bearer token');
+                    console.log();
+                    console.log('   Authorization: Bearer YOUR_TOKEN_HERE');
+                    console.log();
+                }
+                else {
+                    console.error('❌ Unknown Security Scheme:', scheme);
+                }
+                break;
+            case 'oauth2':
+                if (scheme.flows) {
+                    Object.keys(scheme.flows).forEach((flow) => {
+                        switch (flow) {
+                            case 'implicit':
+                                console.log('✅ OAuth 2.0 Implicit Flow');
+                                console.log('   Use the following URL to initiate the OAuth 2.0 Implicit Flow:');
+                                console.log();
+                                console.log(`   GET ${scheme?.flows?.implicit?.authorizationUrl || '/oauth/authorize'}?response_type=token&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&scope=YOUR_SCOPES`);
+                                console.log();
+                                break;
+                            case 'password':
+                                console.log('✅ OAuth 2.0 Password Flow');
+                                console.log('   Use the following URL to obtain an access token:');
+                                console.log();
+                                console.log(`   POST ${getPathFromUrl(scheme?.flows?.password?.tokenUrl || '/oauth/token')}`);
+                                console.log('   Content-Type: application/x-www-form-urlencoded');
+                                console.log();
+                                console.log('   grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET');
+                                console.log();
+                                break;
+                            case 'clientCredentials':
+                                console.log('✅ OAuth 2.0 Client Credentials Flow');
+                                console.log('   Use the following URL to obtain an access token:');
+                                console.log();
+                                console.log(`   POST ${getPathFromUrl(scheme?.flows?.clientCredentials?.tokenUrl || '/oauth/token')}`);
+                                console.log('   Content-Type: application/x-www-form-urlencoded');
+                                console.log();
+                                console.log('   grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET');
+                                console.log();
+                                break;
+                            case 'authorizationCode':
+                                console.log('✅ OAuth 2.0 Authorization Code Flow');
+                                console.log('   Use the following URL to initiate the OAuth 2.0 Authorization Code Flow:');
+                                console.log();
+                                console.log('   GET', `${getPathFromUrl(scheme?.flows?.authorizationCode?.authorizationUrl || '/oauth/authorize')}?redirect_uri=https://YOUR_REDIRECT_URI_HERE`);
+                                console.log();
+                                break;
+                            default:
+                                console.warn(`Unsupported OAuth 2.0 flow: ${flow}`);
+                        }
+                    });
+                }
+                break;
+            case 'openIdConnect':
+                console.log('⚠️ OpenID Connect Authentication');
+                break;
+            default:
+                console.warn(`Unsupported security scheme type: ${scheme.type}`);
+        }
+    });
+}
+
+export { logAuthenticationInstructions };

package/dist/utils/setupAuthenticationRoutes.d.ts

@@ -0,0 +1,7 @@
+import type { OpenAPI } from '@scalar/openapi-types';
+import type { Hono } from 'hono';
+/**
+ * Helper function to set up authentication routes for OAuth 2.0 flows
+ */
+export declare function setupAuthenticationRoutes(app: Hono, schema?: OpenAPI.Document): void;
+//# sourceMappingURL=setupAuthenticationRoutes.d.ts.map

package/dist/utils/setupAuthenticationRoutes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setupAuthenticationRoutes.d.ts","sourceRoot":"","sources":["../../src/utils/setupAuthenticationRoutes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,uBAAuB,CAAA;AAC5E,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAMhC;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,IAAI,EACT,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,QA6E1B"}

package/dist/utils/setupAuthenticationRoutes.js

@@ -0,0 +1,64 @@
+import { respondWithAuthorizePage } from '../routes/respondWithAuthorizePage.js';
+import { respondWithToken } from '../routes/respondWithToken.js';
+import { getOpenAuthTokenUrls, getPathFromUrl } from './getOpenAuthTokenUrls.js';
+
+/**
+ * Helper function to set up authentication routes for OAuth 2.0 flows
+ */
+function setupAuthenticationRoutes(app, schema) {
+    const securitySchemes = schema?.components?.securitySchemes || {};
+    // Set up authentication routes for OAuth 2.0 flows
+    getOpenAuthTokenUrls(schema).forEach((tokenUrl) => {
+        app.post(tokenUrl, (c) => {
+            return c.json({
+                access_token: 'super-secret-access-token',
+                token_type: 'Bearer',
+                expires_in: 3600,
+                refresh_token: 'example-refresh-token',
+            }, 200, {
+                /**
+                 * When responding with an access token, the server must also include the additional
+                 * Cache-Control: no-store HTTP header to ensure clients do not cache this request.
+                 *
+                 * @see https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/
+                 */
+                'Cache-Control': 'no-store',
+            });
+        });
+    });
+    // Set up routes for different OAuth 2.0 flows
+    const authorizeUrls = new Set();
+    const tokenUrls = new Set();
+    Object.entries(securitySchemes).forEach(([_, scheme]) => {
+        if (scheme.type === 'oauth2') {
+            if (scheme.flows?.authorizationCode) {
+                const authorizeRoute = scheme.flows.authorizationCode.authorizationUrl ?? '/oauth/authorize';
+                const tokenRoute = scheme.flows.authorizationCode.tokenUrl ?? '/oauth/token';
+                authorizeUrls.add(getPathFromUrl(authorizeRoute));
+                tokenUrls.add(tokenRoute);
+            }
+            if (scheme.flows?.implicit) {
+                const authorizeRoute = scheme.flows.implicit.authorizationUrl ?? '/oauth/authorize';
+                authorizeUrls.add(getPathFromUrl(authorizeRoute));
+            }
+            if (scheme.flows?.password) {
+                const tokenRoute = scheme.flows.password.tokenUrl ?? '/oauth/token';
+                tokenUrls.add(tokenRoute);
+            }
+            if (scheme.flows?.clientCredentials) {
+                const tokenRoute = scheme.flows.clientCredentials.tokenUrl ?? '/oauth/token';
+                tokenUrls.add(tokenRoute);
+            }
+        }
+    });
+    // Set up unique authorization routes
+    authorizeUrls.forEach((authorizeUrl) => {
+        app.get(authorizeUrl, (c) => respondWithAuthorizePage(c, schema?.info?.title));
+    });
+    // Set up unique token routes
+    tokenUrls.forEach((tokenUrl) => {
+        app.post(tokenUrl, respondWithToken);
+    });
+}
+
+export { setupAuthenticationRoutes };

package/package.json

@@ -16,7 +16,7 @@
     "swagger",
     "cli"
   ],
-  "version": "0.2.63",
+  "version": "0.2.65",
   "engines": {
     "node": ">=18"
   },
@@ -38,15 +38,15 @@
   "dependencies": {
     "hono": "^4.6.5",
     "object-to-xml": "^2.0.0",
-    "@scalar/oas-utils": "0.2.59",
-    "@scalar/openapi-parser": "0.8.7",
-    "@scalar/openapi-types": "0.1.3"
+    "@scalar/oas-utils": "0.2.61",
+    "@scalar/openapi-parser": "0.8.8",
+    "@scalar/openapi-types": "0.1.4"
   },
   "devDependencies": {
     "@hono/node-server": "^1.11.0",
     "@types/node": "^20.14.10",
-    "@scalar/build-tooling": "0.1.11",
-    "@scalar/hono-api-reference": "0.5.155"
+    "@scalar/hono-api-reference": "0.5.156",
+    "@scalar/build-tooling": "0.1.11"
   },
   "scripts": {
     "build": "scalar-build-rollup",

package/dist/utils/anyBasicAuthentication.d.ts

@@ -1,6 +0,0 @@
-import type { Context } from 'hono';
-/**
- * Middleware to check for any basic authentication header
- */
-export declare function anyBasicAuthentication(): (ctx: Context, next: () => Promise<void>) => Promise<void>;
-//# sourceMappingURL=anyBasicAuthentication.d.ts.map

package/dist/utils/anyBasicAuthentication.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"anyBasicAuthentication.d.ts","sourceRoot":"","sources":["../../src/utils/anyBasicAuthentication.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAGnC;;GAEG;AACH,wBAAgB,sBAAsB,UACR,OAAO,QAAQ,MAAM,OAAO,CAAC,IAAI,CAAC,mBAiB/D"}

package/dist/utils/anyBasicAuthentication.js

@@ -1,25 +0,0 @@
-import { HTTPException } from 'hono/http-exception';
-
-/**
- * Middleware to check for any basic authentication header
- */
-function anyBasicAuthentication() {
-    return async function (ctx, next) {
-        // Check if the request has an Authorization header
-        // Note: We don’t care *what* credentials are sent, though.
-        if (ctx.req.header('Authorization')?.startsWith('Basic ')) {
-            return await next();
-        }
-        // Unauthorized
-        throw new HTTPException(401, {
-            res: new Response('Unauthorized', {
-                status: 401,
-                headers: {
-                    'WWW-Authenticate': 'Basic realm="Authentication Required"',
-                },
-            }),
-        });
-    };
-}
-
-export { anyBasicAuthentication };

package/dist/utils/anyOpenAuthPasswordGrantAuthentication.d.ts

@@ -1,6 +0,0 @@
-import type { Context } from 'hono';
-/**
- * Middleware to check for any bearer authentication header
- */
-export declare function anyOpenAuthPasswordGrantAuthentication(): (ctx: Context, next: () => Promise<void>) => Promise<void>;
-//# sourceMappingURL=anyOpenAuthPasswordGrantAuthentication.d.ts.map

package/dist/utils/anyOpenAuthPasswordGrantAuthentication.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"anyOpenAuthPasswordGrantAuthentication.d.ts","sourceRoot":"","sources":["../../src/utils/anyOpenAuthPasswordGrantAuthentication.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAGnC;;GAEG;AACH,wBAAgB,sCAAsC,UACxB,OAAO,QAAQ,MAAM,OAAO,CAAC,IAAI,CAAC,mBAc/D"}

package/dist/utils/anyOpenAuthPasswordGrantAuthentication.js

@@ -1,22 +0,0 @@
-import { HTTPException } from 'hono/http-exception';
-
-/**
- * Middleware to check for any bearer authentication header
- */
-function anyOpenAuthPasswordGrantAuthentication() {
-    return async function (ctx, next) {
-        // Check if the request has an Authorization header
-        // Note: We don’t care *what* credentials are sent, though.
-        if (ctx.req.header('Authorization')?.startsWith('Bearer ')) {
-            return await next();
-        }
-        // Unauthorized
-        throw new HTTPException(401, {
-            res: new Response('Unauthorized', {
-                status: 401,
-            }),
-        });
-    };
-}
-
-export { anyOpenAuthPasswordGrantAuthentication };

package/dist/utils/findPreferredResponseKey.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=findPreferredResponseKey.test.d.ts.map

package/dist/utils/findPreferredResponseKey.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"findPreferredResponseKey.test.d.ts","sourceRoot":"","sources":["../../src/utils/findPreferredResponseKey.test.ts"],"names":[],"mappings":""}

package/dist/utils/getOpenAuthTokenUrl.d.ts

@@ -1,3 +0,0 @@
-import type { OpenAPI } from '@scalar/openapi-types';
-export declare function getOpenAuthTokenUrl(schema?: OpenAPI.Document): string | false | undefined;
-//# sourceMappingURL=getOpenAuthTokenUrl.d.ts.map

package/dist/utils/getOpenAuthTokenUrl.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"getOpenAuthTokenUrl.d.ts","sourceRoot":"","sources":["../../src/utils/getOpenAuthTokenUrl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,uBAAuB,CAAA;AAE5E,wBAAgB,mBAAmB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,8BAgC5D"}

package/dist/utils/getOpenAuthTokenUrl.js

@@ -1,21 +0,0 @@
-function getOpenAuthTokenUrl(schema) {
-    const securitySchemes = schema?.components?.securitySchemes;
-    if (securitySchemes === undefined) {
-        return false;
-    }
-    // TODO: Make this work with other OpenAuth workflows
-    const openAuthPasswordGrant = Object.values(securitySchemes).filter((securityScheme) => {
-        if (securityScheme.type === 'oauth2' &&
-            securityScheme.flows?.password !== undefined) {
-            return true;
-        }
-        return false;
-    });
-    if (!openAuthPasswordGrant.length) {
-        return undefined;
-    }
-    // @ts-expect-error TypeScript, I know it’s there (or undefined, both is fine).
-    return openAuthPasswordGrant[0]?.flows?.password?.tokenUrl;
-}
-
-export { getOpenAuthTokenUrl };

package/dist/utils/honoRouteFromPath.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=honoRouteFromPath.test.d.ts.map

package/dist/utils/honoRouteFromPath.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"honoRouteFromPath.test.d.ts","sourceRoot":"","sources":["../../src/utils/honoRouteFromPath.test.ts"],"names":[],"mappings":""}

package/dist/utils/isBasicAuthenticationRequired.d.ts

@@ -1,3 +0,0 @@
-import type { OpenAPI } from '@scalar/openapi-types';
-export declare function isBasicAuthenticationRequired(operation: OpenAPI.Operation, schema?: OpenAPI.Document): boolean;
-//# sourceMappingURL=isBasicAuthenticationRequired.d.ts.map

package/dist/utils/isBasicAuthenticationRequired.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"isBasicAuthenticationRequired.d.ts","sourceRoot":"","sources":["../../src/utils/isBasicAuthenticationRequired.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,uBAAuB,CAAA;AAE5E,wBAAgB,6BAA6B,CAC3C,SAAS,EAAE,OAAO,CAAC,SAAS,EAC5B,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,WAwB1B"}

package/dist/utils/isBasicAuthenticationRequired.js

@@ -1,13 +0,0 @@
-function isBasicAuthenticationRequired(operation, schema) {
-    const allowedSecuritySchemes = operation.security?.map((securityScheme) => {
-        return Object.keys(securityScheme)[0];
-    });
-    // Check if one of them is HTTP Basic Auth
-    const httpBasicAuthIsRequired = allowedSecuritySchemes?.findIndex((securitySchemeKey) => {
-        const securityScheme = schema?.components?.securitySchemes?.[securitySchemeKey];
-        return (securityScheme?.type === 'http' && securityScheme?.scheme === 'basic');
-    }) >= 0;
-    return httpBasicAuthIsRequired;
-}
-
-export { isBasicAuthenticationRequired };

package/dist/utils/isOpenAuthPasswordGrantRequired.d.ts

@@ -1,3 +0,0 @@
-import type { OpenAPI } from '@scalar/openapi-types';
-export declare function isOpenAuthPasswordGrantRequired(operation: OpenAPI.Operation, schema?: OpenAPI.Document): boolean;
-//# sourceMappingURL=isOpenAuthPasswordGrantRequired.d.ts.map

package/dist/utils/isOpenAuthPasswordGrantRequired.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"isOpenAuthPasswordGrantRequired.d.ts","sourceRoot":"","sources":["../../src/utils/isOpenAuthPasswordGrantRequired.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,uBAAuB,CAAA;AAE5E,wBAAgB,+BAA+B,CAC7C,SAAS,EAAE,OAAO,CAAC,SAAS,EAC5B,MAAM,CAAC,EAAE,OAAO,CAAC,QAAQ,WAyB1B"}

package/dist/utils/isOpenAuthPasswordGrantRequired.js

@@ -1,14 +0,0 @@
-function isOpenAuthPasswordGrantRequired(operation, schema) {
-    const allowedSecuritySchemes = operation.security?.map((securityScheme) => {
-        return Object.keys(securityScheme)[0];
-    });
-    // Check if one of them is OpenAuth2 Password Grant
-    const passwordGrantRequired = allowedSecuritySchemes?.findIndex((securitySchemeKey) => {
-        const securityScheme = schema?.components?.securitySchemes?.[securitySchemeKey];
-        return (securityScheme?.type === 'oauth2' &&
-            securityScheme?.flows?.password !== undefined);
-    }) >= 0;
-    return passwordGrantRequired;
-}
-
-export { isOpenAuthPasswordGrantRequired };