@team-supercharge/oasg 15.0.0-feature-nestjs-auth-guard-508b1366.0 → 15.0.0

package/README.md

@@ -8,6 +8,7 @@ Design APIs in OpenAPI 3.0 format, lint them, and generate client/server package
   * [Create `.config.json`](#create-config.json)
   * [Configure Linter](#configure-linter)
   * [Use with Docker](#use-with-docker)
+* [Version Overview](#version-overview)
 * [Usage](#usage)
 * [Linter Rules](#linter-rules)
   * [Custom Rules](#custom-rules)
@@ -102,6 +103,47 @@ swaggerlint:
 
 ---
 
+# Version Overview
+
+The table below gives an overview of the changes (breaking, non-breaking, bug fixes) introduced in various major versions. For the resolution of breaking changes please consult the [Migration Guide](#migration-guide).
+
+| Component                    |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |
+|------------------------------|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|
+| **Internal**                 | 15 | 14 | 13 | 12 | 11 | 10 | 9  | 8  | 7  | 6  | 5   | 4  | 3  | 2  | 1  |
+| _Core_                       |🐛  |💥  |✨  |🐛  |✨  |➖  |✨  |🐛  |🐛  |➖  |💥  |💥  |✨  |💥  |🆕  |
+| _Linter_                     |➖  |➖  |➖  |➖  |💥  |➖  |➖  |➖  |➖  |🐛  |➖  |✨  |💥  |🆕  |
+| **Client Targets**           | 15 | 14 | 13 | 12 | 11 | 10 | 9  | 8  | 7  | 6  | 5   | 4  | 3  | 2  | 1  |
+| `android`                    |➖  |🐛  |💥  |➖  |➖  |💥  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |🆕  |
+| `angular`                    |➖  |🐛  |💥  |➖  |➖  |➖  |🐛  |➖  |➖  |➖  |💥  |➖  |➖  |➖  |🆕  |
+| `dotnet`                     |➖  |🆕  |
+| `feign`                      |➖  |➖  |➖  |➖  |➖  |✨  |💥  |💥  |➖  |➖  |🐛  |🐛  |🆕  |
+| `feign-kotlin`               |➖  |➖  |➖  |➖  |➖  |🆕  |
+| `flutter`                    |➖  |➖  |🆕  |
+| `ios`                        |➖  |➖  |💥  |🐛  |➖  |➖  |➖  |✨  |➖  |💥  |➖  |➖  |✨  |🆕  |
+| `kmp`                        |➖  |🆕  |
+| `python`                     |➖  |🐛  |💥  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |🆕  |
+| `react`                      |➖  |➖  |💥  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |🆕  |
+| **Server Targets**           | 15 | 14 | 13 | 12 | 11 | 10 | 9  | 8  | 7  | 6  | 5   | 4  | 3  | 2  | 1  |
+| `nestjs`                     |💥  |➖  |💥  |✨  |➖  |➖  |🐛  |➖  |➖  |✨  |🆕  |
+| `python-fastapi`             |➖  |🆕  |
+| `python-fastapi-raw-request` |➖  |🆕  |
+| `spring`                     |➖  |➖  |➖  |➖  |➖  |✨  |💥  |💥  |➖  |➖  |➖  |✨  |➖  |🆕  |
+| `spring-kotlin`              |➖  |➖  |➖  |➖  |➖  |✨  |💥  |💥  |➖  |➖  |🐛  |✨  |➖  |🆕  |
+| **Misc Targets**             | 15 | 14 | 13 | 12 | 11 | 10 | 9  | 8  | 7  | 6  | 5   | 4  | 3  | 2  | 1  |
+| `contract-testing`           |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |🆕  |
+| `openapi`                    |➖  |➖  |➖  |💥  |➖  |➖  |✨  |➖  |🆕  |
+| `stubby`                     |➖  |➖  |➖  |➖  |➖  |➖  |➖  |➖  |💥  |➖  |➖  |➖  |➖  |🆕  |
+| `postman`                    |🆕  |
+
+**Legend:**
+
+* 🆕 feature/target introduced
+* 💥 breaking changes
+* ✨ new features added
+* 🐛 bug fixes only
+
+---
+
 # Usage
 
 ## `lint`
@@ -216,11 +258,11 @@ rules:
 
 The following rules are defined in the custom _OASg Ruleset_.
 
-> ⚠️ From the rules in the same group only one can be enabled at a time as they are colliding with eachother. Please turn off the default one and enable the other if you intend to change the default behaviour.
+> ⚠️ From the rules in the same group only one can be enabled at a time as they are colliding with each other. Please turn off the default one and enable the other if you intend to change the default behaviour.
 
 | Group | Rule | Default | Description |
 |-|-|-|-|
-| | `oasg-object-names-pascal-case` | Y | Every object defined in the spec (schemas, requests, responses) shoud be `PascalCased`, as they are most likely to be converted into classes / enums / objects during code generation |
+| | `oasg-object-names-pascal-case` | Y | Every object defined in the spec (schemas, requests, responses) should be `PascalCased`, as they are most likely to be converted into classes / enums / objects during code generation |
 | | `oasg-object-names-api-model-suffix` | | makes sure every schema, request, response has the `ApiModel` suffix (used to avoid naming collision) |
 | | `oasg-operation-ids-camel-case` | Y | The `operationId` properties for paths should be `camelCased`, as they are converted to class methods during code generation |
 | path casing | `oasg-path-casing-kebab`  | Y | enforces `kebab-casing` for path segments |
@@ -242,7 +284,7 @@ The function enables to verify a value against a set of enumeration values defin
 
 Function parameters:
 * `schema` - Name of the schema to be validated against, must contain `enum` definition
-* `file` - (optional) YAML file with `components.schemas` defined, otherwise the currently linted documenet is used
+* `file` - (optional) YAML file with `components.schemas` defined, otherwise the currently linted document is used
 
 Example usage in a custom project ruleset:
 
@@ -278,7 +320,7 @@ export default {
 
 # Template Customization
 
-Using the comming `templateDir` config parameter there is a possibility to customize the templates used during generation.
+Using the coming `templateDir` config parameter there is a possibility to customize the templates used during generation.
 
 OASg offers two levels of customization:
 
@@ -290,7 +332,7 @@ The **"project level"** customization can be configured using the `templateDir`
   * if you specify a directory there, the contents of it will be __copied over__ the templates from the previous level
 
 > ⚠️ At any level if you want to introduce a customized template, always make sure you start from the **right version**:
-> 1. for **OASG level** customizations always theck the version field in `DEFAULT_GENERATOR_MAPPING` for your selected [Target](#target) and copy the [original template](https://github.com/OpenAPITools/openapi-generator/tree/master/modules/openapi-generator/src/main/resources) from the right tag!
+> 1. for **OASG level** customizations always check the version field in `DEFAULT_GENERATOR_MAPPING` for your selected [Target](#target) and copy the [original template](https://github.com/OpenAPITools/openapi-generator/tree/master/modules/openapi-generator/src/main/resources) from the right tag!
 > 2. for **project level** customizations check first if the selected template is already customized on **OASG level**, in that case copy the template from the OASg source code
 
 ---
@@ -315,7 +357,7 @@ Common source parameters
 
 The source specification is by default bundled into a single file (resolving external dependencies) using the [@redocly/cli package's](https://www.npmjs.com/package/@redocly/cli) `bundle` command.
 
-> ⚠️ It is higly recommended to keep `bundle` on if you plan to use the `openapi` target type, as external refs won't be part of the target artifact.
+> ⚠️ It is highly recommended to keep `bundle` on if you plan to use the `openapi` target type, as external refs won't be part of the target artifact.
 
 Decorator files must export a `decorate(document)` function which transforms the parsed OpenAPI document and returns it at the end of the function.
 
@@ -454,6 +496,20 @@ Common target parameters
 | packageName | Name of the generated NPM package | Y | - |
 | repository | URL of the NPM package registry | Y | - |
 
+##### Known issue: breaking dependencies
+
+The Angular target has a known issue related to dependency versioning. The generated Angular project's `package.json` currently defines multiple dependencies with flexible versions (e.g., using `^` or `~` in version constraints). This flexibility allows newer versions of dependencies (not to mention the transitive dependencies), to be pulled in, which can occasionally lead to breaking changes.
+
+A notable instance of this issue occurred with **Angular version 12**, which introduced changes that broke the build of generated projects. To address this specific case, we implemented a **temporary fix** in the `targets/angular/generate.sh` script. This script now manually installs problematic dependencies with fixed, validated versions.
+
+###### Long-Term Solution
+
+We are actively discussing a long-term solution to this issue. Potential approaches include implementing dependency version locking mechanisms (`package-lock.json`) per Angular versions.
+
+The temporary fix may not cover all future breaking changes from other dependencies. Projects using different versions of Angular may encounter issues if the fix does not align with their specific requirements.
+
+We welcome feedback and contributions to help address this issue.
+
 #### `react`
 
 ```json
@@ -681,7 +737,7 @@ TBD
 | packageName | Package nem for the project (convention: snake_case) | Y | - |
 | repositoryUrl | URL of the PyPI repository | Y | - |
 
-Publishing the PyPI packages is done with Twine. For authentication againts the PiPI repository you need to set the `TWINE_USERNAME` and `TWINE_PASSWORD` environment variables.
+Publishing the PyPI packages is done with Twine. For authentication against the PiPI repository you need to set the `TWINE_USERNAME` and `TWINE_PASSWORD` environment variables.
 
 
 #### `python-fastapi`
@@ -702,7 +758,7 @@ Publishing the PyPI packages is done with Twine. For authentication againts the
 | repositoryUrl | URL of the PyPI repository | Y | - |
 
 Building the distribution package requires Flit.
-Publishing the PyPI packages is done with Twine. For authentication againts the PiPI repository you need to set the `TWINE_USERNAME` and `TWINE_PASSWORD` environment variables.
+Publishing the PyPI packages is done with Twine. For authentication against the PiPI repository you need to set the `TWINE_USERNAME` and `TWINE_PASSWORD` environment variables.
 
 #### `python-fastapi-raw-request`
 
@@ -722,7 +778,7 @@ Publishing the PyPI packages is done with Twine. For authentication againts the
 | repositoryUrl | URL of the PyPI repository | Y | - |
 
 Building the distribution package requires Flit.
-Publishing the PyPI packages is done with Twine. For authentication againts the PiPI repository you need to set the `TWINE_USERNAME` and `TWINE_PASSWORD` environment variables.
+Publishing the PyPI packages is done with Twine. For authentication against the PiPI repository you need to set the `TWINE_USERNAME` and `TWINE_PASSWORD` environment variables.
 
 #### `contract-testing`
 
@@ -821,15 +877,74 @@ describe('Auth', function () {
 | packageName | Name of the generated NPM package | Y | - |
 | repository | URL of the NPM package registry | Y | - |
 
-##### Authentication
+**Authorisation**<br>
 The package generates an AuthGuard and applies to endpoints, where a security scheme is defined.
-// TODO - rest of the description and how to use it
 
+AuthGuard usage:
+Implement the `AuthServiceInterface`, which will receive a validation request for each security scheme added to the checked endpoint and define the validation per scheme.
+Finally provide the service in the context of the module the controller is defined in with the `AUTH_SERVICE_TOKEN` token.
+
+If there is already an authorisation service setup for the controllers, the below dummy implementation could be used as a step over until full implementation.
+
+```ts
+@Module(
+  providers:[
+    {
+      provide: AUTH_SERVICE_TOKEN,
+      useValue: { validate: () => true },
+    },
+  ]
+)
+export class RootModule {}
+```
+Future improvements:
+- with analyzing the request in the guard, only call the validation service with the relevant scheme (i.e: both ApiKey and Bearer Auth defined, but only API_KEY is present in the header, call only with ApiKey scheme )
 
 **Known limitations:**
 - array of enums in query/header/path/form parameters are not validated (stay as string)
 - no multidimensional array validation in DTOs
 
+**Validation availability:**
+<br> _List is not comprehensive, missing items are definitely not currently supported_
+
+Validations in General:
+| Validation             | DTO | Query | Header | Path |
+| ---------------------- | :-: | :---: | :----: | :--: |
+| multidimensional array | ❌  |  ❌   |   ❌   |  ❌  |
+| enum arrays            | ✅  |  ❌   |   ❌   |  ❌  |
+
+Validations from OpenAPI spec:
+| OpenApi Validation | Corresponding `class-validator` | DTO | Query | Header | Path | Workaround suggestion   |
+| ------------------ | ------------------------------- | :-: | :---: | :----: | :--: | ----------------------- |
+| **Common**         |                                 |     |       |        |      |                         |
+| required           | IsDefined                       | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| !required          | IsOptional                      | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| **Types**          |                                 |     |       |        |      |                         |
+| isBoolean          | IsBoolean                       | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isString           | IsString                        | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isNumber           | IsNumber                        | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isFloat            | IsNumber                        | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isDouble           | IsNumber                        | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isEnum             | IsEnum                          | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isArray            | IsArray                         | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isDate             |                                 | ❌  |  ❌   |   ❌   |  ❌  | `pattern`, `isDateTime` |
+| isDateTime         | IsISO8601                       | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| **String**         |                                 |     |       |        |      |                         |
+| pattern            | Matches                         | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| minLength          |                                 | ❌  |  ❌   |   ❌   |  ❌  | `pattern`               |
+| maxLength          |                                 | ❌  |  ❌   |   ❌   |  ❌  | `pattern`               |
+| isUuid             | IsUUID                          | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isUri              |                                 | ❌  |  ❌   |   ❌   |  ❌  | `pattern`               |
+| isEmail            | IsEmail                         | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| **Number**         |                                 |     |       |        |      |                         |
+| isInt              | IsInt                           | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isLong             | IsInt                           | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isShort            | IsInt                           | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| isUnboundedInteger |                                 | ❌  |  ❌   |   ❌   |  ❌  | `isInt`                 |
+| minimum            | Min                             | ✅  |  ✅   |   ✅   |  ✅  |                         |
+| maximum            | Max                             | ✅  |  ✅   |   ✅   |  ✅  |                         |
+
+
 #### `openapi`
 
 ```json
@@ -861,16 +976,36 @@ The package generates an AuthGuard and applies to endpoints, where a security sc
 |Parameter| Description| Required | Default |
 |-|-|-|-|
 | sourceUrl | Url to where the package will be published | Y | - |
-| apiKey | Apikey of nuget source | Y | - |
+| apiKey | Api key of nuget source | Y | - |
 | packageName | Name of the generated package | Y | - |
 | generatorCustomArgs | Custom arguments of the generator (--global-property, --additional-properties) | N | - |
 
+#### `postman`
+
+```json
+{
+  "id": "postman-collection",
+  "type": "postman",
+  "source": "source-simple",
+}
+```
+
+|Parameter| Description| Required | Default |
+|-|-|-|-|
+| fileName | Name of the generated file | N | `collection.json` |
+
 ---
 
 # Migration Guide
 
 This section covers the breaking changes and their migrations across major version upgrades.
 
+## From `14.x.x` to `15.0.0`
+
+In this version the `nestjs` generator has been upgraded to support verifying different security schemes from generated code. This means that a new [Guard](https://docs.nestjs.com/guards) has been introduced on the API oprerations which need to be implemented and checks for valid authentication credentials.
+
+If you wish to change your authentication handling at a later date, use the [dummy implementation](#nestjs) mentioned above in the documentation.
+
 ## From `13.x.x` to `14.0.0`
 
 Several dependencies have been upgraded, and OASg now uses `node` version 20.15.0 and `npm` version 10 by default. If your project still uses `node@18`, you should upgrade first.
@@ -977,7 +1112,7 @@ Take the following schema:
       properties:                 # users have a company, and firstName and lastName
         company:
           type: object
-          properties:             # copmanies have id and name
+          properties:             # companies have id and name
             id:
               type: string
             name:
@@ -1089,7 +1224,7 @@ For older Angular versions it was necessary to install the `typescript@3.9.5` pa
 
 ## From `3.x.x` to `4.0.0`
 
-Starting from version `4.0.0` OASg became open-source. Thus future packages are (only) available from the official npmjs.org registry without any authenticaiton.
+Starting from version `4.0.0` OASg became open-source. Thus future packages are (only) available from the official npmjs.org registry without any authentication.
 
 Please take the following steps:
 

package/bin/dump-json.js

@@ -0,0 +1,9 @@
+const fs = require('fs');
+
+async function dumpJSON(document, fileName) {
+  const content = JSON.stringify(document, null, 2);
+  fs.writeFileSync(fileName, content);
+  return fileName;
+}
+
+exports.dumpJSON = dumpJSON;

package/bin/oasg

@@ -19,6 +19,7 @@ const { bash } = require(`${__dirname}/exec.js`);
 const { merge } = require(`${__dirname}/merger.js`);
 const { applyOverrides } = require(`${__dirname}/overrider.js`);
 const { openApiTarget } = require(`${__dirname}/openapi-target.js`);
+const { postmanTarget } = require(`${__dirname}/postman-target.js`);
 const { processSource } = require(`${__dirname}/process-source.js`);
 const { globSync } = require('glob');
 
@@ -54,6 +55,7 @@ const DEFAULT_GENERATOR_MAPPING = {
   "contract-testing":             { version: '4.3.1',   generator: 'typescript-node' },
   "openapi":                      { version: undefined, generator: undefined },
   "stubby":                       { version: '4.3.1',   generator: 'stubby' },
+  "postman":                      { version: undefined, generator: undefined },
 };
 const DEFAULT_KTLINT_VERSION = '1.0.0';
 const BIN_FOLDER = 'out/.bin';
@@ -483,6 +485,12 @@ async function generate(argv) {
       return;
     }
 
+    // handle postman target
+    if (target.type === 'postman') {
+      postmanTarget(target, sources[target.source]);
+      return;
+    }
+
     const binary = fetchBinary(target);
     let formatter;
 
@@ -516,6 +524,12 @@ async function publish(argv) {
       return;
     }
 
+    // handle postman target
+    if (target.type === 'postman') {
+      console.log('publishing need to be implemented manuallly for `postman` targets');
+      return;
+    }
+
     const binary = fetchBinary(target);
     let formatter;
 

package/bin/postman-target.js

@@ -0,0 +1,65 @@
+const fs = require('fs');
+const PostmanParser = require('openapi-to-postmanv2');
+const yaml = require('js-yaml');
+
+const { dumpJSON } = require(`${__dirname}/dump-json.js`);
+
+const defaultFileName = 'collection.json';
+
+async function postmanTarget(target, source) {
+  const outDir = `out/${target.id}`;
+  let outFile = target.fileName || defaultFileName;
+  outFile = `${outDir}/${outFile}`;
+
+  if (fs.existsSync(outDir)) {
+    fs.rmSync(outDir, { recursive: true })
+  }
+  fs.mkdirSync(outDir, { recursive: true });
+
+  // Conversion options
+  const defaultOptions = {
+    requestNameSource: 'fallback',
+    requestParametersResolution: 'schema',
+    exampleParametersResolution: 'schema',
+    parametersResolution: 'schema',
+    collapseFolders: false,
+    folderStrategy: 'tags',
+    schemaFaker: false,
+    optimizeConversion: false,
+    includeAuthInfoInExample: false,
+  };
+
+   // Parse YAML to JavaScript object
+  const spec = yaml.load(fs.readFileSync(source, 'utf8'));
+
+  // Add version number in collection title
+  spec.info.title = `${spec.info.title} (${spec.info.version})`;
+
+  // Remove responses to avoid Example generation
+  for (const pathKey in spec.paths) {
+    const path = spec.paths[pathKey];
+    for (const methodKey in path) {
+      const operation = path[methodKey];
+
+      operation.responses = [];
+    }
+  }
+
+  // target-specific functions, e.g. write as JSON
+  PostmanParser.convert({ type: 'string', data: spec },
+    defaultOptions, (err, conversionResult) => {
+      if (err) {
+        console.error('Conversion error', err);
+      }
+      else if (!conversionResult.result) {
+        console.log('Could not convert', conversionResult.reason);
+      }
+      else {
+        // write file
+        dumpJSON(conversionResult.output[0].data, outFile);
+      }
+    }
+  );
+}
+
+exports.postmanTarget = postmanTarget;

package/config.schema.yml

@@ -28,6 +28,7 @@ properties:
         - $ref: '#/targets/Flutter'
         - $ref: '#/targets/Kmp'
         - $ref: '#/targets/Dotnet'
+        - $ref: '#/targets/Postman'
 required:
   - targets
 additionalProperties: false
@@ -420,6 +421,15 @@ targets:
         - artifactId
         - repository
 
+  Postman:
+    allOf:
+      - $ref: '#/targets/Base'
+      - properties:
+          type:
+            pattern: "^postman$"
+          fileName:
+            type: string
+
 definitions:
   # default
   SourceOverrides:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@team-supercharge/oasg",
-  "version": "15.0.0-feature-nestjs-auth-guard-508b1366.0",
+  "version": "15.0.0",
   "description": "Node-based tool to lint OpenAPI documents and generate clients, servers and documentation from them",
   "author": "Supercharge",
   "license": "MIT",
@@ -28,9 +28,9 @@
   "dependencies": {
     "@apidevtools/json-schema-ref-parser": "^10.1.0",
     "@apidevtools/swagger-parser": "^10.1.0",
-    "@redocly/cli": "1.17.1",
-    "@stoplight/prism-cli": "5.8.2",
-    "@stoplight/spectral-cli": "6.11.1",
+    "@redocly/cli": "1.25.11",
+    "@stoplight/prism-cli": "5.12.0",
+    "@stoplight/spectral-cli": "6.14.1",
     "ajv": "^8.12.0",
     "command-exists": "^1.2.9",
     "express": "^4.18.2",
@@ -38,6 +38,7 @@
     "glob": "^10.2.1",
     "js-yaml": "^4.1.0",
     "json-schema-merge-allof": "^0.8.1",
+    "openapi-to-postmanv2": "4.24.0",
     "openapi-typescript-validator-ext-ref": "^3.2.0-external-ref-support",
     "swagger-ui-express": "^5.0.1",
     "yamljs": "^0.3.0",

package/targets/angular/generate.sh

@@ -15,5 +15,9 @@ java -jar $binary generate \
 
 cd out/$targetId
 npm install
+# This is a workaround for an issue with the angular generator. Root cause is the missing package-lock.json: https://github.com/OpenAPITools/openapi-generator/tree/master/modules/openapi-generator/src/main/resources/typescript-angular
+# some of the transitive dependency has @types/node@": "*" in their package.json
+# use "npm explain @types/node" in the generated folder (./out/$TARGET) to get more info
+npm install --save-dev @types/node@20.15.0
 npm run build
 cd ../..

package/targets/nestjs/generator-config.json

@@ -15,8 +15,10 @@
     "pipes.ts": {
       "templateType": "SupportingFiles"
     },
-    "auth.guard.ts": {
-      "templateType": "SupportingFiles"
+    "auth.guard.mustache": {
+      "templateType": "SupportingFiles",
+      "folder": "",
+      "destinationFilename": "auth.guard.ts"
     },
     "exceptions.ts": {
       "templateType": "SupportingFiles"
@@ -43,6 +45,7 @@
   "inlineSchemaOptions": {
     "ARRAY_ITEM_SUFFIX": "",
     "MAP_ITEM_SUFFIX": "",
-    "SKIP_SCHEMA_REUSE": "true"
+    "SKIP_SCHEMA_REUSE": "true",
+    "RESOLVE_INLINE_ENUMS": "true"
   }
 }

package/targets/nestjs/templates/api.service.mustache

@@ -10,7 +10,7 @@ import { FileInterceptor } from '@nestjs/platform-express';
 
 import { OptionalParseIntPipe, OptionalParseFloatPipe, OptionalParseBoolPipe, OptionalParseEnumPipe, RequiredPipe } from '../pipes';
 import { ApiParseArrayPipe, ApiValidationPipe } from '../pipes';
-import { AuthGuard, AuthSchemes } from '../auth.guard';
+import { AuthGuard, AuthSchemes, SecurityScheme } from '../auth.guard';
 
 {{#imports}}
 // @ts-ignore
@@ -46,7 +46,7 @@ export abstract class {{classname}} {
    */
 
   {{#authMethods}}{{#-first}}
-  @AuthSchemes([{{#authMethods}}'{{name}}'{{^-last}}, {{/-last}}{{/authMethods}}])
+  @AuthSchemes([{{#authMethods}}SecurityScheme.{{name}}{{^-last}}, {{/-last}}{{/authMethods}}])
   @UseGuards(AuthGuard) {{/-first}}{{/authMethods}}
   //// @{{httpMethod}}('{{path}}'){{#isMultipart}}
   @UseInterceptors(FileInterceptor({{#formParams}}{{#isFile}}'{{paramName}}'{{/isFile}}{{/formParams}})){{/isMultipart}}

package/targets/nestjs/templates/{auth.guard.ts → auth.guard.mustache}

@@ -3,15 +3,22 @@ import {
   ExecutionContext,
   Inject,
   Injectable,
+  UnauthorizedException,
 } from "@nestjs/common";
 import { Reflector } from "@nestjs/core";
 import { Observable } from "rxjs";
 
-export const AuthSchemes = Reflector.createDecorator<string[]>();
+// export securityScheme names as enum
+export enum SecurityScheme { {{#authMethods}}
+  {{name}} = "{{name}}",{{/authMethods}}{{^authMethods}}
+  NoScheme = "none",{{/authMethods}}
+}
+
+export const AuthSchemes = Reflector.createDecorator<SecurityScheme[]>();
 
 export interface AuthServiceInterface {
   validate: (
-    scheme: string,
+    scheme: SecurityScheme,
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     request: any
   ) => boolean | Promise<boolean> | Observable<boolean>;
@@ -30,9 +37,12 @@ export class AuthGuard implements CanActivate {
   canActivate(
     context: ExecutionContext
   ): boolean | Promise<boolean> | Observable<boolean> {
-    const schemes = this.reflector.get(AuthSchemes, context.getHandler());
+    const schemes = this.reflector.get<SecurityScheme[]>(AuthSchemes, context.getHandler());
     const request = context.switchToHttp().getRequest();
 
-    return schemes.some((scheme) => this.authService.validate(scheme, request));
+    if (schemes.some((scheme) => this.authService.validate(scheme, request)))
+      return true;
+
+    throw new UnauthorizedException();
   }
 }

package/targets/nestjs/templates/configuration.mustache

@@ -0,0 +1,5 @@
+// export securityScheme names as enum
+export enum SecurityScheme { {{#authMethods}}
+  {{name}} = "{{name}}",{{/authMethods}}{{^authMethods}}
+  NoScheme = "none",{{/authMethods}}
+}

package/targets/nestjs/templates/index.mustache

@@ -1,3 +1,4 @@
 export * from './api/api';
 export * from './model/models';
 export * from './exceptions';
+export * from './auth.guard';

package/targets/nestjs/templates/modelGeneric.mustache

@@ -1,8 +1,10 @@
 import { Type } from 'class-transformer';
 
 import { IsOptional, IsDefined } from 'class-validator';
-import { IsString, IsInt, IsNumber, IsBoolean, IsEnum, IsArray, ValidateNested } from 'class-validator';
-import { Matches } from 'class-validator';
+import { IsString, IsNumber, IsBoolean, IsEnum, IsArray, ValidateNested } from 'class-validator';
+import { Max, Min, IsInt } from 'class-validator';
+import { Matches, IsEmail, IsUUID } from 'class-validator';
+import { IsISO8601 } from 'class-validator';
 
 export class {{classname}}{{#allParents}}{{#-first}} extends {{/-first}}{{{.}}}{{^-last}}, {{/-last}}{{/allParents}} { {{>modelGenericAdditionalProperties}}
 {{#vars}}
@@ -11,10 +13,44 @@ export class {{classname}}{{#allParents}}{{#-first}} extends {{/-first}}{{{.}}}{
      * {{{.}}}
      */
     {{/description}}
-    {{#required}}@IsDefined(){{/required}}{{^required}}@IsOptional(){{/required}}{{^isArray}}
-    {{#isString}}@IsString(){{#pattern}} @Matches({{{.}}}){{/pattern}}{{/isString}}{{#isInteger}}@IsInt(){{/isInteger}}{{#isLong}}@IsInt(){{/isLong}}{{#isNumber}}@IsNumber(){{/isNumber}}{{#isFloat}}@IsNumber(){{/isFloat}}{{#isDouble}}@IsNumber(){{/isDouble}}{{#isBoolean}}@IsBoolean(){{/isBoolean}}{{#allowableValues}}{{^enumVars.empty}}@IsEnum({{{dataType}}}){{/enumVars.empty}}{{/allowableValues}}{{#isModel}}@ValidateNested() @Type(() => {{{dataType}}}){{/isModel}}{{/isArray}}{{#isArray}}
-    @IsArray()
-    {{#items}}{{#isString}}@IsString({ each: true }){{#pattern}} @Matches({{{.}}}, { each: true }){{/pattern}}{{/isString}}{{#isInteger}}@IsInt({ each: true }){{/isInteger}}{{#isLong}}@IsInt({ each: true }){{/isLong}}{{#isNumber}}@IsNumber({}, { each: true }){{/isNumber}}{{#isFloat}}@IsNumber({}, { each: true }){{/isFloat}}{{#isDouble}}@IsNumber({}, { each: true }){{/isDouble}}{{#isBoolean}}@IsBoolean({ each: true }){{/isBoolean}}{{#allowableValues}}{{^enumVars.empty}}@IsEnum({{{dataType}}}, { each: true }){{/enumVars.empty}}{{/allowableValues}}{{#isModel}}@ValidateNested({ each: true }) @Type(() => {{{dataType}}}){{/isModel}}{{#isArray}}// type validation not supported{{/isArray}}{{/items}}{{/isArray}}
+    {{#required}}@IsDefined(){{/required}}{{^required}}@IsOptional(){{/required}}{{^isArray}}{{#isString}}
+    @IsString(){{#pattern}}
+    @Matches({{{.}}}){{/pattern}}{{#isEmail}}
+    @IsEmail(){{/isEmail}}{{#isUuid}}
+    @IsUUID(){{/isUuid}}{{/isString}}{{#isDateTime}}
+    @IsString()
+    @IsISO8601({ strict: true, strictSeparator: true }){{/isDateTime}}{{#isInteger}}
+    @IsInt(){{/isInteger}}{{#isLong}}
+    @IsInt(){{/isLong}}{{#isShort}}
+    @IsInt(){{/isShort}}{{#isNumber}}
+    @IsNumber(){{/isNumber}}{{#isFloat}}
+    @IsNumber(){{/isFloat}}{{#isDouble}}
+    @IsNumber(){{/isDouble}}{{#isBoolean}}
+    @IsBoolean(){{/isBoolean}}{{#minimum}}
+    @Min({{minimum}}){{/minimum}}{{#maximum}}
+    @Max({{maximum}}){{/maximum}}{{#allowableValues}}{{^enumVars.empty}}
+    @IsEnum({{{dataType}}}){{/enumVars.empty}}{{/allowableValues}}{{#isModel}}
+    @ValidateNested()
+    @Type(() => {{{dataType}}}){{/isModel}}{{/isArray}}{{#isArray}}
+    @IsArray(){{#items}}{{#isString}}
+    @IsString({ each: true }){{#pattern}}
+    @Matches({{{.}}}, { each: true }){{/pattern}}{{#isEmail}}
+    @IsEmail(undefined, { each: true}){{/isEmail}}{{#isUuid}}
+    @IsUUID(undefined, { each: true}){{/isUuid}}{{/isString}}{{#isDateTime}}
+    @IsString({ each: true })
+    @IsISO8601({ strict: true, strictSeparator: true }, { each: true }){{/isDateTime}}{{#isInteger}}
+    @IsInt({ each: true }){{/isInteger}}{{#isLong}}
+    @IsInt({ each: true }){{/isLong}}{{#isShort}}
+    @IsInt({ each: true }){{/isShort}}{{#isNumber}}
+    @IsNumber(undefined, { each: true }){{/isNumber}}{{#isFloat}}
+    @IsNumber(undefined, { each: true }){{/isFloat}}{{#isDouble}}
+    @IsNumber(undefined, { each: true }){{/isDouble}}{{#isBoolean}}
+    @IsBoolean({ each: true }){{/isBoolean}}{{#minimum}}
+    @Min({{minimum}}, { each: true }){{/minimum}}{{#maximum}}
+    @Max({{maximum}}, { each: true }){{/maximum}}{{#allowableValues}}{{^enumVars.empty}}
+    @IsEnum({{{dataType}}}, { each: true }){{/enumVars.empty}}{{/allowableValues}}{{#isModel}}
+    @ValidateNested({ each: true }) @Type(() => {{{dataType}}}){{/isModel}}{{#isArray}}
+    // Multidimensional array validation not supported{{/isArray}}{{/items}}{{/isArray}}
     {{#isReadOnly}}readonly {{/isReadOnly}}{{{name}}}{{^required}}?{{/required}}: {{{dataType}}}{{#isNullable}} | null{{/isNullable}};
 
 {{/vars}}

package/targets/nestjs/templates/package.mustache

@@ -22,7 +22,7 @@
     "rxjs": "^7.2.0"
   },
   "dependencies": {
-    "@types/validator": "13.11.7",
+    "@types/validator": "13.11.7"
   },
   "devDependencies": {
     "@types/multer": "^1.4.7",