@terreno/api 0.0.18 → 0.1.0

package/dist/openApiValidator.js

@@ -0,0 +1,698 @@
+"use strict";
+/**
+ * OpenAPI Request Validator
+ *
+ * Provides runtime validation of incoming requests against OpenAPI schemas.
+ * Uses AJV for JSON Schema validation with OpenAPI-compatible settings.
+ *
+ * Validation is always installed as middleware but only activates after
+ * `configureOpenApiValidator()` is called. This makes it safe to include
+ * in modelRouter by default.
+ *
+ * @module openApiValidator
+ *
+ * @packageDocumentation
+ *
+ * @example
+ * ```typescript
+ * // Enable validation globally at server startup
+ * configureOpenApiValidator({
+ *   removeAdditional: true,
+ *   onAdditionalPropertiesRemoved: (props, req) => {
+ *     logger.warn(`Stripped: ${props.join(", ")} on ${req.method} ${req.path}`);
+ *   },
+ * });
+ *
+ * // modelRouter automatically validates when configured
+ * modelRouter(Todo, {
+ *   permissions: {...},
+ *   validation: {
+ *     validateCreate: true,
+ *     validateUpdate: true,
+ *     validateQuery: true,
+ *   },
+ * });
+ * ```
+ */
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isOpenApiValidatorConfigured = isOpenApiValidatorConfigured;
+exports.configureOpenApiValidator = configureOpenApiValidator;
+exports.getOpenApiValidatorConfig = getOpenApiValidatorConfig;
+exports.resetOpenApiValidatorConfig = resetOpenApiValidatorConfig;
+exports.validateRequestBody = validateRequestBody;
+exports.validateQueryParams = validateQueryParams;
+exports.createValidator = createValidator;
+exports.validateResponseData = validateResponseData;
+exports.getSchemaFromModel = getSchemaFromModel;
+exports.validateModelRequestBody = validateModelRequestBody;
+exports.createModelValidators = createModelValidators;
+exports.buildQuerySchemaFromFields = buildQuerySchemaFromFields;
+var ajv_1 = __importDefault(require("ajv"));
+var ajv_formats_1 = __importDefault(require("ajv-formats"));
+var mongoose_to_swagger_1 = __importDefault(require("mongoose-to-swagger"));
+var errors_1 = require("./errors");
+var logger_1 = require("./logger");
+// Whether configureOpenApiValidator() has been called
+var isConfigured = false;
+// Global validator configuration - can be modified at runtime
+var globalConfig = {
+    coerceTypes: true,
+    logValidationErrors: true,
+    removeAdditional: true,
+    validateRequests: true,
+    validateResponses: false,
+};
+/**
+ * Check whether `configureOpenApiValidator()` has been called.
+ * Validation middleware is a no-op when this returns false.
+ */
+function isOpenApiValidatorConfigured() {
+    return isConfigured;
+}
+/**
+ * Configure the global OpenAPI validator settings.
+ * Calling this function activates validation — middleware that was previously
+ * installed as a no-op will begin validating requests.
+ *
+ * @param config - Configuration options to merge with existing config
+ *
+ * @example
+ * ```typescript
+ * configureOpenApiValidator({
+ *   removeAdditional: true,
+ *   onAdditionalPropertiesRemoved: (props, req) => {
+ *     Sentry.captureMessage(`Stripped: ${props.join(", ")} on ${req.method} ${req.path}`);
+ *   },
+ * });
+ * ```
+ */
+function configureOpenApiValidator(config) {
+    if (config === void 0) { config = {}; }
+    isConfigured = true;
+    globalConfig = __assign(__assign({}, globalConfig), config);
+    // Clear cached AJV instances so new config takes effect
+    ajvCache.clear();
+    validatorCache.clear();
+    logger_1.logger.debug("OpenAPI validator configured: ".concat(JSON.stringify(globalConfig)));
+}
+/**
+ * Get the current global validator configuration.
+ */
+function getOpenApiValidatorConfig() {
+    return __assign({}, globalConfig);
+}
+/**
+ * Reset the global validator configuration to defaults.
+ * Also resets `isConfigured` to false.
+ * Useful for testing.
+ */
+function resetOpenApiValidatorConfig() {
+    isConfigured = false;
+    globalConfig = {
+        coerceTypes: true,
+        logValidationErrors: true,
+        removeAdditional: true,
+        validateRequests: true,
+        validateResponses: false,
+    };
+    ajvCache.clear();
+    validatorCache.clear();
+}
+// Lazy AJV instance cache keyed by coerceTypes + removeAdditional
+var ajvCache = new Map();
+/**
+ * Get or create an AJV instance with the current config settings.
+ */
+function getAjvInstance() {
+    var _a, _b, _c, _d;
+    var key = "coerce:".concat((_a = globalConfig.coerceTypes) !== null && _a !== void 0 ? _a : true, ",remove:").concat((_b = globalConfig.removeAdditional) !== null && _b !== void 0 ? _b : true);
+    var instance = ajvCache.get(key);
+    if (!instance) {
+        instance = new ajv_1.default({
+            allErrors: true,
+            coerceTypes: (_c = globalConfig.coerceTypes) !== null && _c !== void 0 ? _c : true,
+            removeAdditional: (_d = globalConfig.removeAdditional) !== null && _d !== void 0 ? _d : true,
+            strict: false,
+            useDefaults: true,
+            validateSchema: false,
+        });
+        (0, ajv_formats_1.default)(instance);
+        ajvCache.set(key, instance);
+    }
+    return instance;
+}
+// Cache compiled validators by schema hash + config key
+var validatorCache = new Map();
+/**
+ * Generate a simple hash for a schema to use as a cache key.
+ */
+function hashSchema(schema) {
+    return JSON.stringify(schema);
+}
+var VALID_JSON_SCHEMA_TYPES = new Set([
+    "string",
+    "number",
+    "integer",
+    "boolean",
+    "array",
+    "object",
+    "null",
+]);
+// mongoose-to-swagger emits non-standard type strings for some Mongoose types
+var MONGOOSE_TYPE_MAP = {
+    dateonly: { format: "date", type: "string" },
+    schemaobjectid: { type: "string" },
+};
+/**
+ * Recursively replace non-standard mongoose-to-swagger types with valid JSON Schema types
+ * so AJV can compile the schema.
+ */
+function sanitizeSchemaForAjv(schema) {
+    var e_1, _a;
+    if (!schema || typeof schema !== "object") {
+        return schema;
+    }
+    var result = __assign({}, schema);
+    if (typeof result.type === "string" && !VALID_JSON_SCHEMA_TYPES.has(result.type)) {
+        var mapped = MONGOOSE_TYPE_MAP[result.type];
+        if (mapped) {
+            result.type = mapped.type;
+            if (mapped.format && !result.format) {
+                result.format = mapped.format;
+            }
+        }
+        else {
+            result.type = "string";
+        }
+    }
+    if (result.items && typeof result.items === "object") {
+        result.items = sanitizeSchemaForAjv(result.items);
+    }
+    if (result.properties && typeof result.properties === "object") {
+        var sanitizedProps = {};
+        try {
+            for (var _b = __values(Object.entries(result.properties)), _c = _b.next(); !_c.done; _c = _b.next()) {
+                var _d = __read(_c.value, 2), key = _d[0], value = _d[1];
+                sanitizedProps[key] =
+                    typeof value === "object" && value !== null
+                        ? sanitizeSchemaForAjv(value)
+                        : value;
+            }
+        }
+        catch (e_1_1) { e_1 = { error: e_1_1 }; }
+        finally {
+            try {
+                if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
+            }
+            finally { if (e_1) throw e_1.error; }
+        }
+        result.properties = sanitizedProps;
+    }
+    if (result.additionalProperties && typeof result.additionalProperties === "object") {
+        result.additionalProperties = sanitizeSchemaForAjv(result.additionalProperties);
+    }
+    return result;
+}
+/**
+ * Get or create a compiled validator for a schema.
+ * Uses the current config so changes take effect on next call.
+ * Sanitizes non-standard mongoose-to-swagger types before compilation.
+ * Returns null if the schema still cannot be compiled after sanitization.
+ */
+function getValidator(schema) {
+    var _a, _b;
+    var ajv = getAjvInstance();
+    var configKey = "coerce:".concat((_a = globalConfig.coerceTypes) !== null && _a !== void 0 ? _a : true, ",remove:").concat((_b = globalConfig.removeAdditional) !== null && _b !== void 0 ? _b : true);
+    var hash = "".concat(configKey, ":").concat(hashSchema(schema));
+    var cached = validatorCache.get(hash);
+    if (cached !== undefined) {
+        return cached;
+    }
+    var sanitized = sanitizeSchemaForAjv(schema);
+    try {
+        var validator = ajv.compile(sanitized);
+        validatorCache.set(hash, validator);
+        return validator;
+    }
+    catch (err) {
+        logger_1.logger.debug("Could not compile validation schema after sanitization: ".concat(err.message));
+        validatorCache.set(hash, null);
+        return null;
+    }
+}
+/**
+ * Format AJV errors into a human-readable string.
+ */
+function formatValidationErrors(errors) {
+    return errors
+        .map(function (err) {
+        var path = err.instancePath || "/";
+        var message = err.message || "validation failed";
+        return "".concat(path, ": ").concat(message);
+    })
+        .join("; ");
+}
+/**
+ * Convert OpenApiSchemaProperty to a full OpenApiSchema suitable for AJV.
+ * Strips `required` from individual properties (OpenAPI-style) and moves it
+ * to the schema-level `required` array (JSON Schema-style) for AJV compatibility.
+ */
+function propertiesToSchema(properties, requiredFields) {
+    var e_2, _a;
+    // Extract required fields from properties that have required: true
+    var autoRequired = Object.entries(properties)
+        .filter(function (_a) {
+        var _b = __read(_a, 2), _ = _b[0], prop = _b[1];
+        return prop.required;
+    })
+        .map(function (_a) {
+        var _b = __read(_a, 1), key = _b[0];
+        return key;
+    });
+    var allRequired = __spreadArray([], __read(new Set(__spreadArray(__spreadArray([], __read((requiredFields !== null && requiredFields !== void 0 ? requiredFields : [])), false), __read(autoRequired), false))), false);
+    // Strip `required` from individual properties — AJV only accepts `required` at schema level
+    var cleanedProperties = {};
+    try {
+        for (var _b = __values(Object.entries(properties)), _c = _b.next(); !_c.done; _c = _b.next()) {
+            var _d = __read(_c.value, 2), key = _d[0], prop = _d[1];
+            var _1 = prop.required, rest = __rest(prop, ["required"]);
+            cleanedProperties[key] = rest;
+        }
+    }
+    catch (e_2_1) { e_2 = { error: e_2_1 }; }
+    finally {
+        try {
+            if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
+        }
+        finally { if (e_2) throw e_2.error; }
+    }
+    var schema = {
+        properties: cleanedProperties,
+        required: allRequired.length > 0 ? allRequired : undefined,
+        type: "object",
+    };
+    // When removeAdditional is enabled, set additionalProperties: false
+    // so AJV knows to strip unknown properties
+    if (globalConfig.removeAdditional) {
+        schema.additionalProperties = false;
+    }
+    return schema;
+}
+/**
+ * Creates middleware that validates the request body against an OpenAPI schema.
+ *
+ * The middleware checks `isConfigured` at request time — if `configureOpenApiValidator()`
+ * has not been called, the middleware is a no-op.
+ *
+ * @param schema - The schema to validate against (same format as withRequestBody)
+ * @param options - Optional configuration for this validator
+ * @returns Express middleware function
+ */
+function validateRequestBody(schema, options) {
+    var fullSchema = propertiesToSchema(schema, options === null || options === void 0 ? void 0 : options.required);
+    return function (req, _res, next) {
+        var _a, _b, _c;
+        // No-op if not configured
+        if (!isConfigured) {
+            next();
+            return;
+        }
+        // Check if validation is enabled (route override takes precedence)
+        var isEnabled = (_a = options === null || options === void 0 ? void 0 : options.enabled) !== null && _a !== void 0 ? _a : globalConfig.validateRequests;
+        if (!isEnabled) {
+            next();
+            return;
+        }
+        // Capture keys before validation for removeAdditional detection
+        var keysBefore = req.body && typeof req.body === "object" ? Object.keys(req.body) : [];
+        // Get validator at request time so config changes take effect
+        var validator = getValidator(fullSchema);
+        // If schema couldn't be compiled (e.g., non-standard types), skip validation
+        if (!validator) {
+            next();
+            return;
+        }
+        // Clone body if we might modify it (coercion or removeAdditional)
+        var bodyToValidate = __assign({}, req.body);
+        var valid = validator(bodyToValidate);
+        if (!valid && validator.errors) {
+            var errors = validator.errors;
+            if (globalConfig.logValidationErrors) {
+                logger_1.logger.warn("Request body validation failed for ".concat(req.method, " ").concat(req.path, ": ").concat(formatValidationErrors(errors)));
+            }
+            // Use custom error handler if provided
+            var errorHandler = (_b = options === null || options === void 0 ? void 0 : options.onError) !== null && _b !== void 0 ? _b : globalConfig.onValidationError;
+            if (errorHandler) {
+                errorHandler(errors, req);
+                next();
+                return;
+            }
+            // Default: throw APIError
+            throw new errors_1.APIError({
+                detail: formatValidationErrors(errors),
+                disableExternalErrorTracking: true,
+                meta: {
+                    validationErrors: JSON.stringify(errors.map(function (e) { return ({
+                        message: e.message,
+                        params: e.params,
+                        path: e.instancePath,
+                    }); })),
+                },
+                source: {
+                    pointer: "/body",
+                },
+                status: 400,
+                title: "Request validation failed",
+            });
+        }
+        // Update req.body with coerced/stripped values
+        if (valid) {
+            // Detect removed properties (top-level only)
+            if (globalConfig.removeAdditional) {
+                var keysAfter_1 = Object.keys(bodyToValidate);
+                var removedProperties = keysBefore.filter(function (k) { return !keysAfter_1.includes(k); });
+                if (removedProperties.length > 0) {
+                    var hook = (_c = options === null || options === void 0 ? void 0 : options.onAdditionalPropertiesRemoved) !== null && _c !== void 0 ? _c : globalConfig.onAdditionalPropertiesRemoved;
+                    if (hook) {
+                        hook(removedProperties, req);
+                    }
+                    if (globalConfig.logValidationErrors) {
+                        logger_1.logger.debug("Stripped additional properties from ".concat(req.method, " ").concat(req.path, ": ").concat(removedProperties.join(", ")));
+                    }
+                }
+            }
+            req.body = bodyToValidate;
+        }
+        next();
+    };
+}
+/**
+ * Creates middleware that validates query parameters against an OpenAPI schema.
+ *
+ * @param schema - The schema to validate against
+ * @param options - Optional configuration for this validator
+ * @returns Express middleware function
+ */
+function validateQueryParams(schema, options) {
+    var fullSchema = propertiesToSchema(schema);
+    return function (req, _res, next) {
+        var _a, _b, _c, _d;
+        // No-op if not configured
+        if (!isConfigured) {
+            next();
+            return;
+        }
+        var isEnabled = (_a = options === null || options === void 0 ? void 0 : options.enabled) !== null && _a !== void 0 ? _a : globalConfig.validateRequests;
+        if (!isEnabled) {
+            next();
+            return;
+        }
+        // Get validator at request time
+        var validator = getValidator(fullSchema);
+        // If schema couldn't be compiled, skip validation
+        if (!validator) {
+            next();
+            return;
+        }
+        var queryToValidate = globalConfig.coerceTypes ? __assign({}, req.query) : req.query;
+        var valid = validator(queryToValidate);
+        if (!valid && validator.errors) {
+            var errors = validator.errors;
+            if (globalConfig.logValidationErrors) {
+                logger_1.logger.warn("Query parameter validation failed for ".concat(req.method, " ").concat(req.path, ": ").concat(formatValidationErrors(errors)));
+            }
+            var errorHandler = (_b = options === null || options === void 0 ? void 0 : options.onError) !== null && _b !== void 0 ? _b : globalConfig.onValidationError;
+            if (errorHandler) {
+                errorHandler(errors, req);
+                next();
+                return;
+            }
+            throw new errors_1.APIError({
+                detail: formatValidationErrors(errors),
+                disableExternalErrorTracking: true,
+                meta: {
+                    validationErrors: JSON.stringify(errors.map(function (e) { return ({
+                        message: e.message,
+                        params: e.params,
+                        path: e.instancePath,
+                    }); })),
+                },
+                source: {
+                    parameter: ((_d = (_c = errors[0]) === null || _c === void 0 ? void 0 : _c.instancePath) === null || _d === void 0 ? void 0 : _d.replace("/", "")) || "unknown",
+                },
+                status: 400,
+                title: "Query parameter validation failed",
+            });
+        }
+        if (globalConfig.coerceTypes && valid) {
+            // Note: req.query is read-only in some Express versions,
+            // so we may need to work around this
+            Object.assign(req.query, queryToValidate);
+        }
+        next();
+    };
+}
+/**
+ * Creates a combined validation middleware for both body and query parameters.
+ *
+ * @param options - Configuration for what to validate
+ * @returns Express middleware function
+ *
+ * @example
+ * ```typescript
+ * router.post("/search", [
+ *   openApiMiddleware,
+ *   createValidator({
+ *     body: {query: {type: "string", required: true}},
+ *     query: {limit: {type: "number"}},
+ *   }),
+ * ], handler);
+ * ```
+ */
+function createValidator(options) {
+    var bodyValidator = options.body
+        ? validateRequestBody(options.body, { enabled: options.enabled })
+        : null;
+    var queryValidator = options.query
+        ? validateQueryParams(options.query, { enabled: options.enabled })
+        : null;
+    return function (req, res, next) {
+        // Run body validation first
+        if (bodyValidator) {
+            bodyValidator(req, res, (function (err) {
+                if (err) {
+                    next(err);
+                    return;
+                }
+                // Then run query validation
+                if (queryValidator) {
+                    queryValidator(req, res, next);
+                }
+                else {
+                    next();
+                }
+            }));
+        }
+        else if (queryValidator) {
+            queryValidator(req, res, next);
+        }
+        else {
+            next();
+        }
+    };
+}
+/**
+ * Validates response data against a schema.
+ * This is primarily for development/testing to ensure responses match documentation.
+ *
+ * @param data - The response data to validate
+ * @param schema - The expected schema
+ * @returns Object with valid flag and any errors
+ */
+function validateResponseData(data, schema) {
+    if (!globalConfig.validateResponses) {
+        return { valid: true };
+    }
+    var fullSchema = propertiesToSchema(schema);
+    var validator = getValidator(fullSchema);
+    if (!validator) {
+        return { valid: true };
+    }
+    var valid = validator(data);
+    if (!valid && validator.errors) {
+        if (globalConfig.logValidationErrors) {
+            logger_1.logger.warn("Response validation failed: ".concat(formatValidationErrors(validator.errors)));
+        }
+        return { errors: validator.errors, valid: false };
+    }
+    return { valid: true };
+}
+var m2sOptions = {
+    props: ["readOnly", "required", "enum", "default"],
+};
+/**
+ * Extract an OpenAPI-compatible schema from a Mongoose model.
+ * This allows you to use the same schema definitions for both documentation
+ * and runtime validation.
+ *
+ * @param model - A Mongoose model
+ * @returns Schema properties suitable for validation
+ */
+function getSchemaFromModel(model) {
+    var modelSwagger = (0, mongoose_to_swagger_1.default)(model, m2sOptions);
+    return modelSwagger.properties;
+}
+/**
+ * Extract required field names from a Mongoose model's swagger schema.
+ */
+function getRequiredFieldsFromModel(model) {
+    var _a;
+    var modelSwagger = (0, mongoose_to_swagger_1.default)(model, m2sOptions);
+    return (_a = modelSwagger.required) !== null && _a !== void 0 ? _a : [];
+}
+/**
+ * Creates a request body validator middleware from a Mongoose model.
+ * This is a convenience function that combines getSchemaFromModel and validateRequestBody.
+ *
+ * @param model - A Mongoose model to derive the schema from
+ * @param options - Optional configuration for the validator
+ * @returns Express middleware function
+ */
+function validateModelRequestBody(model, options) {
+    var _a, _b;
+    var schema = getSchemaFromModel(model);
+    var requiredFields = getRequiredFieldsFromModel(model);
+    if ((_a = options === null || options === void 0 ? void 0 : options.excludeFields) === null || _a === void 0 ? void 0 : _a.length) {
+        var excluded_1 = new Set(options.excludeFields);
+        schema = Object.fromEntries(Object.entries(schema).filter(function (_a) {
+            var _b = __read(_a, 1), key = _b[0];
+            return !excluded_1.has(key);
+        }));
+        requiredFields = requiredFields.filter(function (f) { return !excluded_1.has(f); });
+    }
+    return validateRequestBody(schema, __assign(__assign({}, options), { required: __spreadArray(__spreadArray([], __read(((_b = options === null || options === void 0 ? void 0 : options.required) !== null && _b !== void 0 ? _b : [])), false), __read(requiredFields), false) }));
+}
+/**
+ * Creates validation middleware for use with modelRouter.
+ * Returns an object with middleware for each operation type.
+ *
+ * @param model - The Mongoose model
+ * @param options - Configuration options
+ * @returns Object with create and update validation middleware
+ */
+function createModelValidators(model, options) {
+    var schema = getSchemaFromModel(model);
+    return {
+        create: validateRequestBody(schema, {
+            enabled: options === null || options === void 0 ? void 0 : options.validateCreate,
+            onAdditionalPropertiesRemoved: options === null || options === void 0 ? void 0 : options.onAdditionalPropertiesRemoved,
+            onError: options === null || options === void 0 ? void 0 : options.onError,
+        }),
+        update: validateRequestBody(schema, {
+            enabled: options === null || options === void 0 ? void 0 : options.validateUpdate,
+            onAdditionalPropertiesRemoved: options === null || options === void 0 ? void 0 : options.onAdditionalPropertiesRemoved,
+            onError: options === null || options === void 0 ? void 0 : options.onError,
+        }),
+    };
+}
+/**
+ * Build a query parameter schema from a model's Mongoose schema and queryFields array.
+ * Always includes pagination parameters (limit, page, sort).
+ *
+ * @param model - A Mongoose model
+ * @param queryFields - Array of field names allowed for querying
+ * @returns Schema properties suitable for query validation
+ */
+function buildQuerySchemaFromFields(model, queryFields) {
+    var e_3, _a;
+    if (queryFields === void 0) { queryFields = []; }
+    var modelSchema = getSchemaFromModel(model);
+    var querySchema = {
+        limit: { type: "number" },
+        page: { type: "number" },
+        sort: { type: "string" },
+    };
+    try {
+        for (var queryFields_1 = __values(queryFields), queryFields_1_1 = queryFields_1.next(); !queryFields_1_1.done; queryFields_1_1 = queryFields_1.next()) {
+            var field = queryFields_1_1.value;
+            var modelField = modelSchema[field];
+            if (modelField) {
+                // Use the model's type info, but mark as not required for queries
+                querySchema[field] = __assign(__assign({}, modelField), { required: false });
+            }
+            else {
+                // Field not in model schema — allow as string
+                querySchema[field] = { type: "string" };
+            }
+        }
+    }
+    catch (e_3_1) { e_3 = { error: e_3_1 }; }
+    finally {
+        try {
+            if (queryFields_1_1 && !queryFields_1_1.done && (_a = queryFields_1.return)) _a.call(queryFields_1);
+        }
+        finally { if (e_3) throw e_3.error; }
+    }
+    return querySchema;
+}

package/dist/openApiValidator.test.d.ts

@@ -0,0 +1 @@
+export {};