@schmock/openapi 1.2.1 → 1.4.0

package/dist/normalizer.js

@@ -1,4 +1,4 @@
-/// <reference path="../../../types/schmock.d.ts" />
+/// <reference path="../../core/schmock.d.ts" />
 import { isRecord, toJsonSchema } from "./utils.js";
 /**
  * Normalize an OpenAPI schema to pure JSON Schema 7 that json-schema-faker understands.

package/dist/parser.d.ts

@@ -1,9 +1,35 @@
 import type { JSONSchema7 } from "json-schema";
+export interface SecurityScheme {
+    type: "apiKey" | "http" | "oauth2" | "openIdConnect";
+    /** For apiKey: header, query, or cookie */
+    in?: "header" | "query" | "cookie";
+    /** For apiKey: the header/query/cookie name */
+    name?: string;
+    /** For http: bearer, basic, etc. */
+    scheme?: string;
+}
 export interface ParsedSpec {
     title: string;
     version: string;
     basePath: string;
     paths: ParsedPath[];
+    securitySchemes?: Map<string, SecurityScheme>;
+    globalSecurity?: string[][];
+}
+export interface ParsedResponseEntry {
+    schema?: JSONSchema7;
+    description: string;
+    headers?: Record<string, Schmock.ResponseHeaderDef>;
+    examples?: Map<string, unknown>;
+    contentTypes?: string[];
+}
+export interface ParsedCallback {
+    /** Runtime expression for the callback URL (e.g. "{$request.body#/callbackUrl}") */
+    urlExpression: string;
+    /** HTTP method for the callback request */
+    method: Schmock.HttpMethod;
+    /** JSON Schema for the callback request body */
+    requestBody?: JSONSchema7;
 }
 export interface ParsedPath {
     /** Express-style path e.g. "/pets/:petId" */
@@ -12,11 +38,12 @@ export interface ParsedPath {
     operationId?: string;
     parameters: ParsedParameter[];
     requestBody?: JSONSchema7;
-    responses: Map<number, {
-        schema?: JSONSchema7;
-        description: string;
-    }>;
+    responses: Map<number, ParsedResponseEntry>;
     tags: string[];
+    /** Per-operation security requirements (each entry is OR, keys within are AND) */
+    security?: string[][];
+    /** OAS3 callbacks defined on this operation */
+    callbacks?: ParsedCallback[];
 }
 export interface ParsedParameter {
     name: string;

package/dist/parser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,UAAU,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IAChC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AA8CD;;;GAGG;AACH,wBAAsB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAuH5E"}
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,eAAe,CAAC;IACrD,2CAA2C;IAC3C,EAAE,CAAC,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,CAAC;IACnC,+CAA+C;IAC/C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAC9C,cAAc,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACpD,QAAQ,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,oFAAoF;IACpF,aAAa,EAAE,MAAM,CAAC;IACtB,2CAA2C;IAC3C,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC;IAC3B,gDAAgD;IAChD,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC5C,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,kFAAkF;IAClF,QAAQ,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC;IACtB,+CAA+C;IAC/C,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IAChC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AA8CD;;;GAGG;AACH,wBAAsB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CA2I5E"}

package/dist/parser.js

@@ -1,4 +1,4 @@
-/// <reference path="../../../types/schmock.d.ts" />
+/// <reference path="../../core/schmock.d.ts" />
 import SwaggerParser from "@apidevtools/swagger-parser";
 import { toHttpMethod } from "@schmock/core";
 import { normalizeSchema } from "./normalizer.js";
@@ -89,10 +89,14 @@ export async function parseSpec(source) {
     if (basePath.endsWith("/") && basePath !== "/") {
         basePath = basePath.slice(0, -1);
     }
+    // Extract security schemes
+    const securitySchemes = extractSecuritySchemes(api, isSwagger2);
+    const globalSecurityRaw = "security" in api ? api.security : undefined;
+    const globalSecurity = extractSecurityRequirements(Array.isArray(globalSecurityRaw) ? globalSecurityRaw : undefined);
     const paths = [];
     const rawPaths = "paths" in api && isRecord(api.paths) ? api.paths : undefined;
     if (!rawPaths) {
-        return { title, version, basePath, paths };
+        return { title, version, basePath, paths, securitySchemes, globalSecurity };
     }
     for (const [pathTemplate, pathItemRaw] of Object.entries(rawPaths)) {
         if (!isRecord(pathItemRaw))
@@ -125,6 +129,14 @@ export async function parseSpec(source) {
             const tags = Array.isArray(operation.tags)
                 ? operation.tags.filter((t) => typeof t === "string")
                 : [];
+            // Extract per-operation security
+            const operationSecurity = Array.isArray(operation.security)
+                ? extractSecurityRequirements(operation.security)
+                : undefined;
+            // Extract OAS3 callbacks
+            const callbacks = !isSwagger2 && isRecord(operation.callbacks)
+                ? extractCallbacks(operation.callbacks)
+                : undefined;
             // Filter out body parameters from the final parameter list (Swagger 2.0)
             const filteredParams = mergedParams.filter(isNotBodyParam);
             paths.push({
@@ -135,10 +147,12 @@ export async function parseSpec(source) {
                 requestBody,
                 responses,
                 tags,
+                security: operationSecurity,
+                callbacks,
             });
         }
     }
-    return { title, version, basePath, paths };
+    return { title, version, basePath, paths, securitySchemes, globalSecurity };
 }
 function isValidParamLocation(location, isSwagger2) {
     const validLocations = isSwagger2
@@ -237,26 +251,87 @@ function extractResponses(responses, isSwagger2) {
             continue;
         const description = getString(response.description) ?? "";
         let schema;
+        let examples;
+        let contentTypes;
         if (isSwagger2) {
-            // Swagger 2.0: schema is directly on the response
             if (isRecord(response.schema)) {
                 schema = normalizeSchema(response.schema, "response");
             }
+            // Swagger 2.0 single example
+            if (response.examples !== undefined && isRecord(response.examples)) {
+                examples = new Map();
+                for (const [key, value] of Object.entries(response.examples)) {
+                    examples.set(key, value);
+                }
+            }
         }
         else {
-            // OpenAPI 3.x: schema is nested in content
             const content = isRecord(response.content) ? response.content : undefined;
             if (content) {
+                contentTypes = Object.keys(content);
                 const jsonEntry = findJsonContent(content);
                 if (jsonEntry && isRecord(jsonEntry.schema)) {
                     schema = normalizeSchema(jsonEntry.schema, "response");
                 }
+                // OAS3 named examples
+                if (jsonEntry) {
+                    examples = extractExamples(jsonEntry);
+                }
             }
         }
-        result.set(code, { schema, description });
+        const headers = extractResponseHeaders(response, isSwagger2);
+        result.set(code, { schema, description, headers, examples, contentTypes });
     }
     return result;
 }
+function extractExamples(contentEntry) {
+    const result = new Map();
+    // Single `example` value
+    if ("example" in contentEntry && contentEntry.example !== undefined) {
+        result.set("default", contentEntry.example);
+    }
+    // Named `examples` map
+    if (isRecord(contentEntry.examples)) {
+        for (const [name, exampleObj] of Object.entries(contentEntry.examples)) {
+            if (isRecord(exampleObj) && "value" in exampleObj) {
+                result.set(name, exampleObj.value);
+            }
+        }
+    }
+    return result.size > 0 ? result : undefined;
+}
+function extractResponseHeaders(response, isSwagger2) {
+    const rawHeaders = isRecord(response.headers) ? response.headers : undefined;
+    if (!rawHeaders)
+        return undefined;
+    const headers = {};
+    let hasHeaders = false;
+    for (const [name, headerRaw] of Object.entries(rawHeaders)) {
+        if (!isRecord(headerRaw))
+            continue;
+        const desc = getString(headerRaw.description) ?? "";
+        let headerSchema;
+        if (isSwagger2) {
+            // Swagger 2.0: type/format/enum are inline on the header
+            if (headerRaw.type) {
+                headerSchema = normalizeSchema({
+                    type: headerRaw.type,
+                    format: headerRaw.format,
+                    enum: headerRaw.enum,
+                }, "response");
+            }
+        }
+        else {
+            // OpenAPI 3.x: schema is nested
+            if (isRecord(headerRaw.schema)) {
+                headerSchema = normalizeSchema(headerRaw.schema, "response");
+            }
+        }
+        headers[name] = { schema: headerSchema, description: desc };
+        hasHeaders = true;
+    }
+    return hasHeaders ? headers : undefined;
+}
 /**
  * Find the best JSON-like content type entry from an OpenAPI content map.
  * Prefers application/json, then any *+json or *json* type.
@@ -278,3 +353,130 @@ function findJsonContent(content) {
 function convertPathTemplate(path) {
     return path.replace(/\{([^}]+)\}/g, ":$1");
 }
+function extractSecuritySchemes(api, isSwagger2) {
+    const schemes = new Map();
+    let rawSchemes;
+    if (isSwagger2) {
+        // Swagger 2.0: securityDefinitions
+        if ("securityDefinitions" in api) {
+            const defs = api.securityDefinitions;
+            if (isRecord(defs)) {
+                rawSchemes = defs;
+            }
+        }
+    }
+    else {
+        // OpenAPI 3.x: components.securitySchemes
+        if ("components" in api && isRecord(api.components)) {
+            const comp = api.components;
+            if ("securitySchemes" in comp && isRecord(comp.securitySchemes)) {
+                rawSchemes = comp.securitySchemes;
+            }
+        }
+    }
+    if (!rawSchemes)
+        return schemes.size > 0 ? schemes : undefined;
+    for (const [name, schemeDef] of Object.entries(rawSchemes)) {
+        if (!isRecord(schemeDef))
+            continue;
+        const type = getString(schemeDef.type);
+        if (!type)
+            continue;
+        const scheme = toSecurityScheme(type, schemeDef, isSwagger2);
+        if (scheme) {
+            schemes.set(name, scheme);
+        }
+    }
+    return schemes.size > 0 ? schemes : undefined;
+}
+const SECURITY_SCHEME_TYPES = new Set([
+    "apiKey",
+    "http",
+    "oauth2",
+    "openIdConnect",
+]);
+const API_KEY_LOCATIONS = new Set(["header", "query", "cookie"]);
+function toSecurityScheme(type, def, isSwagger2) {
+    // Handle Swagger 2.0 basic auth
+    if (isSwagger2 && type === "basic") {
+        return { type: "http", scheme: "basic" };
+    }
+    if (!SECURITY_SCHEME_TYPES.has(type))
+        return undefined;
+    const scheme = {
+        type: type === "apiKey"
+            ? "apiKey"
+            : type === "http"
+                ? "http"
+                : type === "oauth2"
+                    ? "oauth2"
+                    : "openIdConnect",
+    };
+    if (type === "apiKey") {
+        const location = getString(def.in);
+        if (location && API_KEY_LOCATIONS.has(location)) {
+            scheme.in =
+                location === "header"
+                    ? "header"
+                    : location === "query"
+                        ? "query"
+                        : "cookie";
+        }
+        scheme.name = getString(def.name);
+    }
+    else if (type === "http") {
+        scheme.scheme = getString(def.scheme);
+    }
+    return scheme;
+}
+/**
+ * Extract security requirements from a security array.
+ * Each entry in the array is an OR condition (any can match).
+ * Each entry is an object where keys are scheme names (AND within).
+ * Returns array of string arrays: [[schemeA, schemeB], [schemeC]] means (A AND B) OR C.
+ * An empty array entry means "no auth required" (public).
+ */
+function extractSecurityRequirements(security) {
+    if (!security || security.length === 0)
+        return undefined;
+    const result = [];
+    for (const entry of security) {
+        if (!isRecord(entry))
+            continue;
+        result.push(Object.keys(entry));
+    }
+    return result.length > 0 ? result : undefined;
+}
+/**
+ * Extract OAS3 callbacks from an operation.
+ * Callbacks structure: { callbackName: { urlExpression: { method: { requestBody, ... } } } }
+ */
+function extractCallbacks(callbacks) {
+    const result = [];
+    for (const callbackObj of Object.values(callbacks)) {
+        if (!isRecord(callbackObj))
+            continue;
+        // Each key is a URL expression like "{$request.body#/callbackUrl}"
+        for (const [urlExpression, pathItem] of Object.entries(callbackObj)) {
+            if (!isRecord(pathItem))
+                continue;
+            for (const methodKey of Object.keys(pathItem)) {
+                if (!HTTP_METHOD_KEYS.has(methodKey))
+                    continue;
+                const operation = pathItem[methodKey];
+                if (!isRecord(operation))
+                    continue;
+                let reqBody;
+                if (isRecord(operation.requestBody)) {
+                    reqBody = extractOpenApi3RequestBody(operation.requestBody);
+                }
+                result.push({
+                    urlExpression,
+                    method: toHttpMethod(methodKey.toUpperCase()),
+                    requestBody: reqBody,
+                });
+            }
+        }
+    }
+    return result.length > 0 ? result : undefined;
+}

package/dist/plugin.d.ts

@@ -5,7 +5,7 @@ export interface OpenApiOptions {
     spec: string | object;
     /** Optional seed data per resource */
     seed?: SeedConfig;
-    /** Validate request bodies (default: true) */
+    /** Validate request bodies (default: false) */
     validateRequests?: boolean;
     /** Validate response bodies (default: false) */
     validateResponses?: boolean;
@@ -15,6 +15,14 @@ export interface OpenApiOptions {
         sorting?: boolean;
         filtering?: boolean;
     };
+    /** Override auto-detected response format per resource */
+    resources?: Record<string, Schmock.ResourceOverride>;
+    /** Log auto-detection decisions to console (default: false) */
+    debug?: boolean;
+    /** Seed for deterministic random generation */
+    fakerSeed?: number;
+    /** Validate security schemes (API key, Bearer, Basic) (default: false) */
+    security?: boolean;
 }
 /**
  * Create an OpenAPI plugin that auto-registers CRUD routes from a spec.

package/dist/plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAIxD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AAEvC,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,sCAAsC;IACtC,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,8CAA8C;IAC9C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,gDAAgD;IAChD,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,wCAAwC;IACxC,aAAa,CAAC,EAAE;QACd,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,CAAC;CACH;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAwCzB"}
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAyBA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAIxD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AAEvC,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,sCAAsC;IACtC,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,gDAAgD;IAChD,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,wCAAwC;IACxC,aAAa,CAAC,EAAE;QACd,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,0DAA0D;IAC1D,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACrD,+DAA+D;IAC/D,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,+CAA+C;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CA0GzB"}