@stackwright-pro/openapi 0.2.1 → 0.2.2-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +19 -25
  2. package/dist/index.d.ts +19 -25
  3. package/dist/index.js +244 -286
  4. package/dist/index.js.map +1 -0
  5. package/dist/index.mjs +144 -184
  6. package/dist/index.mjs.map +1 -0
  7. package/package.json +6 -3
package/dist/index.d.mts CHANGED
@@ -629,30 +629,6 @@ declare class ClientGenerator {
629
629
  private getAPIDescription;
630
630
  }
631
631
 
632
- /**
633
- * OpenAPICollectionProvider
634
- *
635
- * Runtime implementation of CollectionProvider for OpenAPI endpoints.
636
- * This is the runtime component that actually fetches data.
637
- */
638
- declare class OpenAPICollectionProvider {
639
- private baseUrl;
640
- private auth?;
641
- constructor(baseUrl: string, auth?: {
642
- type: string;
643
- token?: string;
644
- apiKey?: string;
645
- } | undefined);
646
- /**
647
- * Fetch items from an API endpoint
648
- */
649
- fetchItems(endpoint: string): Promise<unknown[]>;
650
- /**
651
- * Fetch a single item by slug
652
- */
653
- fetchItem(endpoint: string, slug: string): Promise<unknown>;
654
- }
655
-
656
632
  /**
657
633
  * Prebuild plugin types
658
634
  * TODO: Move to @stackwright/types package when created
@@ -728,6 +704,24 @@ declare class OpenAPIPlugin implements PrebuildPlugin {
728
704
  */
729
705
  declare function createOpenAPIPlugin(): PrebuildPlugin;
730
706
 
707
+ /**
708
+ * NOTE: Validates the URL structure and hostname at call time.
709
+ * Does NOT re-validate after DNS resolution (DNS rebinding).
710
+ * This is acceptable for build-time prebuild use.
711
+ * DO NOT reuse this function for runtime server-side request proxying
712
+ * without adding post-resolution IP validation.
713
+ */
714
+ /**
715
+ * Validates that a URL is safe to fetch (SSRF prevention).
716
+ * Exported for use by external consumers and tests.
717
+ *
718
+ * @throws Error if URL targets internal networks or disallowed protocols
719
+ */
720
+ declare function validateUrlSafe(baseUrl: string): URL;
721
+ /**
722
+ * Alias for validateUrlSafe — backward compatibility export
723
+ */
724
+ declare const isUrlSafe: typeof validateUrlSafe;
731
725
  /**
732
726
  * Configuration for OpenAPI source adapter
733
727
  */
@@ -960,4 +954,4 @@ declare class ApprovedSpecsValidator {
960
954
  clearCache(): void;
961
955
  }
962
956
 
963
- export { type ApprovedSpec, ApprovedSpecsValidator, type ClientGenerationOptions, ClientGenerator, type CollectionConfig, CollectionProviderGenerator, EndpointFilter, OpenAPICollectionProvider, type OpenAPICompilationResult, type OpenAPIConfig, type OpenAPIDocument, OpenAPIParser, OpenAPIPlugin, type OpenAPISourceConfig, type ParseOptions, type ParseResult, type PrebuildSecurityConfig, type ProviderGenerationOptions, type SchemaMapping, SchemaResolver, type SiteConfig, type TypeGenerationOptions, TypeGenerator, type ValidationResult, type ZodGenerationOptions, ZodSchemaGenerator, createOpenAPIFetcher, createOpenAPIPlugin };
957
+ export { type ApprovedSpec, ApprovedSpecsValidator, type ClientGenerationOptions, ClientGenerator, type CollectionConfig, CollectionProviderGenerator, EndpointFilter, type OpenAPICompilationResult, type OpenAPIConfig, type OpenAPIDocument, OpenAPIParser, OpenAPIPlugin, type OpenAPISourceConfig, type ParseOptions, type ParseResult, type PrebuildSecurityConfig, type ProviderGenerationOptions, type SchemaMapping, SchemaResolver, type SiteConfig, type TypeGenerationOptions, TypeGenerator, type ValidationResult, type ZodGenerationOptions, ZodSchemaGenerator, createOpenAPIFetcher, createOpenAPIPlugin, isUrlSafe, validateUrlSafe };
package/dist/index.d.ts CHANGED
@@ -629,30 +629,6 @@ declare class ClientGenerator {
629
629
  private getAPIDescription;
630
630
  }
631
631
 
632
- /**
633
- * OpenAPICollectionProvider
634
- *
635
- * Runtime implementation of CollectionProvider for OpenAPI endpoints.
636
- * This is the runtime component that actually fetches data.
637
- */
638
- declare class OpenAPICollectionProvider {
639
- private baseUrl;
640
- private auth?;
641
- constructor(baseUrl: string, auth?: {
642
- type: string;
643
- token?: string;
644
- apiKey?: string;
645
- } | undefined);
646
- /**
647
- * Fetch items from an API endpoint
648
- */
649
- fetchItems(endpoint: string): Promise<unknown[]>;
650
- /**
651
- * Fetch a single item by slug
652
- */
653
- fetchItem(endpoint: string, slug: string): Promise<unknown>;
654
- }
655
-
656
632
  /**
657
633
  * Prebuild plugin types
658
634
  * TODO: Move to @stackwright/types package when created
@@ -728,6 +704,24 @@ declare class OpenAPIPlugin implements PrebuildPlugin {
728
704
  */
729
705
  declare function createOpenAPIPlugin(): PrebuildPlugin;
730
706
 
707
+ /**
708
+ * NOTE: Validates the URL structure and hostname at call time.
709
+ * Does NOT re-validate after DNS resolution (DNS rebinding).
710
+ * This is acceptable for build-time prebuild use.
711
+ * DO NOT reuse this function for runtime server-side request proxying
712
+ * without adding post-resolution IP validation.
713
+ */
714
+ /**
715
+ * Validates that a URL is safe to fetch (SSRF prevention).
716
+ * Exported for use by external consumers and tests.
717
+ *
718
+ * @throws Error if URL targets internal networks or disallowed protocols
719
+ */
720
+ declare function validateUrlSafe(baseUrl: string): URL;
721
+ /**
722
+ * Alias for validateUrlSafe — backward compatibility export
723
+ */
724
+ declare const isUrlSafe: typeof validateUrlSafe;
731
725
  /**
732
726
  * Configuration for OpenAPI source adapter
733
727
  */
@@ -960,4 +954,4 @@ declare class ApprovedSpecsValidator {
960
954
  clearCache(): void;
961
955
  }
962
956
 
963
- export { type ApprovedSpec, ApprovedSpecsValidator, type ClientGenerationOptions, ClientGenerator, type CollectionConfig, CollectionProviderGenerator, EndpointFilter, OpenAPICollectionProvider, type OpenAPICompilationResult, type OpenAPIConfig, type OpenAPIDocument, OpenAPIParser, OpenAPIPlugin, type OpenAPISourceConfig, type ParseOptions, type ParseResult, type PrebuildSecurityConfig, type ProviderGenerationOptions, type SchemaMapping, SchemaResolver, type SiteConfig, type TypeGenerationOptions, TypeGenerator, type ValidationResult, type ZodGenerationOptions, ZodSchemaGenerator, createOpenAPIFetcher, createOpenAPIPlugin };
957
+ export { type ApprovedSpec, ApprovedSpecsValidator, type ClientGenerationOptions, ClientGenerator, type CollectionConfig, CollectionProviderGenerator, EndpointFilter, type OpenAPICompilationResult, type OpenAPIConfig, type OpenAPIDocument, OpenAPIParser, OpenAPIPlugin, type OpenAPISourceConfig, type ParseOptions, type ParseResult, type PrebuildSecurityConfig, type ProviderGenerationOptions, type SchemaMapping, SchemaResolver, type SiteConfig, type TypeGenerationOptions, TypeGenerator, type ValidationResult, type ZodGenerationOptions, ZodSchemaGenerator, createOpenAPIFetcher, createOpenAPIPlugin, isUrlSafe, validateUrlSafe };