@trojs/openapi-server 1.5.2 → 1.6.0

package/README.md

@@ -92,11 +92,21 @@ const securityHandlers = [
   }
 ]
 
+const unauthorizedHandler = async (context, request, response) => {
+    response.status(401)
+    return {
+        status: 401,
+        timestamp: new Date(),
+        message: 'Unauthorized'
+    }
+}
+
 const api = new Api({
   version: 'v1',
   specification: openAPISpecification,
   controllers,
-  securityHandlers
+  securityHandlers,
+  unauthorizedHandler
 })
 ```
 

package/package.json

@@ -1,16 +1,16 @@
 {
     "name": "@trojs/openapi-server",
     "description": "OpenAPI Server",
-    "version": "1.5.2",
+    "version": "1.6.0",
     "author": {
         "name": "Pieter Wigboldus",
         "url": "https://trojs.org/"
     },
     "license": "MIT",
     "scripts": {
-        "lint": "eslint src/*.js --config .eslintrc",
-        "lint:report": "eslint src/*.js --config .eslintrc -f json -o report.json",
-        "lint:fix": "eslint src/*.js --config .eslintrc --fix",
+        "lint": "eslint",
+        "lint:report": "eslint src/*.js -f json -o report.json",
+        "lint:fix": "eslint --fix",
         "test": "c8 node --test src/*.test.js",
         "cpd": "node_modules/jscpd/bin/jscpd src",
         "vulnerabilities": "npm audit --omit=dev"
@@ -33,22 +33,21 @@
     ],
     "main": "src/server.js",
     "devDependencies": {
-        "@hckrnews/eslint-code-quality": "^0.2.1",
-        "@hckrnews/eslint-config": "^3.1.0",
+        "@eslint/js": "^9.15.0",
+        "@stylistic/eslint-plugin": "^2.11.0",
+        "@stylistic/eslint-plugin-js": "^2.11.0",
         "@types/express-serve-static-core": "^4.17.41",
-        "@types/node": "^20.14.9",
+        "@types/node": "^22.0.0",
         "c8": "^10.0.0",
-        "eslint": "^8.23.0",
-        "eslint-config-airbnb-base": "^15.0.0",
+        "eslint": "^9.15.0",
         "eslint-config-prettier": "^9.1.0",
-        "eslint-plugin-html": "^8.1.1",
-        "eslint-plugin-import": "^2.26.0",
-        "eslint-plugin-jsdoc": "^50.0.0",
-        "eslint-plugin-jsx-a11y": "^6.9.0",
-        "eslint-plugin-n": "^17.0.0",
-        "eslint-plugin-prettier": "^5.1.3",
-        "eslint-plugin-promise": "^7.0.0",
-        "eslint-plugin-sonarjs": "^0.25.1",
+        "eslint-plugin-import": "^2.31.0",
+        "eslint-plugin-jsdoc": "^50.5.0",
+        "eslint-plugin-n": "^17.14.0",
+        "eslint-plugin-prettier": "^5.2.1",
+        "eslint-plugin-promise": "^7.1.0",
+        "eslint-plugin-sonarjs": "^2.0.4",
+        "globals": "^15.12.0",
         "jscpd": "^4.0.0",
         "prettier": "^3.3.3",
         "supertest": "^7.0.0"
@@ -58,7 +57,7 @@
         "url": "https://github.com/trojs/openapi-server"
     },
     "engines": {
-        "node": ">= 18.13"
+        "node": ">= 20"
     },
     "keywords": [
         "openapi",
@@ -83,6 +82,13 @@
     "overrides": {
         "semver": "^7.5.3",
         "send": "^0.19.0",
-        "cookie@<=0.7.0": "0.7.0"
+        "cookie@<=0.7.0": "0.7.0",
+        "eslint-plugin-sonarjs": {
+            "eslint": "^9.15.0",
+            "@typescript-eslint/eslint-plugin": "^8.0.0",
+            "@typescript-eslint/utils": "^8.0.0",
+            "eslint-plugin-import": "^2.31.0",
+            "eslint-plugin-react-hooks": "^5.0.0"
+        }
     }
 }

package/src/api.js

@@ -1,6 +1,6 @@
-import express from 'express';
-import swaggerUi from 'swagger-ui-express';
-import { setupRouter } from './router.js';
+import express from 'express'
+import swaggerUi from 'swagger-ui-express'
+import { setupRouter } from './router.js'
 
 /**
  * @typedef {import('openapi-backend').Handler} Handler
@@ -23,19 +23,21 @@ import { setupRouter } from './router.js';
  * @property {Logger=} logger
  * @property {object=} meta
  * @property {SecurityHandler[]=} securityHandlers
+ * @property {Handler=} unauthorizedHandler
  * @property {boolean=} swagger
  * @property {boolean=} apiDocs
  * @property {AjvOpts=} ajvOptions
  */
 
 /**
- * Setup the server for a specific API, so every server can run multiple instances of the API, like different versions, for e.g. different clients
+ * Setup the server for a specific API, so every server can run multiple instances of the API,
+ * like different versions, for e.g. different clients
  */
 
 export class Api {
     /**
      * Create a new instance of the API
-     * @constructor
+     * @class
      * @param {ApiSchema} params
      */
     constructor({
@@ -48,38 +50,40 @@ export class Api {
         logger,
         meta,
         securityHandlers,
+        unauthorizedHandler,
         swagger,
         apiDocs,
-        ajvOptions,
+        ajvOptions
     }) {
-        this.version = version;
-        this.specification = specification;
-        this.controllers = controllers;
-        this.apiRoot = apiRoot;
-        this.strictSpecification = strictSpecification;
-        this.errorDetails = errorDetails || false;
-        this.logger = logger || console;
-        this.meta = meta || {};
-        this.securityHandlers = securityHandlers || [];
-        this.swagger = swagger ?? true;
-        this.apiDocs = apiDocs ?? true;
-        this.ajvOptions = ajvOptions ?? { allErrors: false };
+        this.version = version
+        this.specification = specification
+        this.controllers = controllers
+        this.apiRoot = apiRoot
+        this.strictSpecification = strictSpecification
+        this.errorDetails = errorDetails || false
+        this.logger = logger || console
+        this.meta = meta || {}
+        this.securityHandlers = securityHandlers || []
+        this.unauthorizedHandler = unauthorizedHandler || undefined
+        this.swagger = swagger ?? true
+        this.apiDocs = apiDocs ?? true
+        this.ajvOptions = ajvOptions ?? { allErrors: false }
     }
 
     setup() {
-        const router = express.Router();
+        const router = express.Router()
 
         if (this.swagger) {
             router.use(
                 '/swagger',
                 swaggerUi.serveFiles(this.specification, {}),
                 swaggerUi.setup(this.specification)
-            );
+            )
         }
         if (this.apiDocs) {
             router.get('/api-docs', (_request, response) =>
                 response.json(this.specification)
-            );
+            )
         }
 
         const { api } = setupRouter({
@@ -91,14 +95,15 @@ export class Api {
             logger: this.logger,
             meta: this.meta,
             securityHandlers: this.securityHandlers,
-            ajvOptions: this.ajvOptions,
-        });
-        api.init();
+            unauthorizedHandler: this.unauthorizedHandler,
+            ajvOptions: this.ajvOptions
+        })
+        api.init()
 
         router.use((request, response) =>
             api.handleRequest(request, request, response)
-        );
+        )
 
-        return router;
+        return router
     }
 }

package/src/error-status.js

@@ -1,17 +1,17 @@
 const errorCodesStatus = [
     {
         type: TypeError,
-        status: 422,
+        status: 422
     },
     {
         type: RangeError,
-        status: 404,
+        status: 404
     },
     {
         type: Error,
-        status: 500,
-    },
-];
+        status: 500
+    }
+]
 
 /**
  * Get a http status when you send an error.
@@ -21,4 +21,4 @@ const errorCodesStatus = [
  */
 export default (error) =>
     errorCodesStatus.find((errorCode) => error instanceof errorCode.type)
-        .status;
+        .status

package/src/express-callback.js

@@ -1,5 +1,5 @@
-import getStatusByError from './error-status.js';
-import { parseParams } from './params.js';
+import getStatusByError from './error-status.js'
+import { parseParams } from './params.js'
 
 /**
  * @typedef {import('express-serve-static-core').Request} Request
@@ -29,68 +29,68 @@ export const makeExpressCallback =
      * @param {Response} response
      * @returns {Promise<any>}
      */
-    async (context, request, response) => {
-        try {
-            const allParameters = {
-                ...(context.request?.params || {}),
-                ...(context.request?.query || {}),
-            };
-            const parameters = parseParams({
-                query: allParameters,
-                spec: context.operation.parameters,
-                mock,
-            });
-            const url = `${request.protocol}://${request.get('Host')}${request.originalUrl}`;
+        async (context, request, response) => {
+            try {
+                const allParameters = {
+                    ...(context.request?.params || {}),
+                    ...(context.request?.query || {})
+                }
+                const parameters = parseParams({
+                    query: allParameters,
+                    spec: context.operation.parameters,
+                    mock
+                })
+                const url = `${request.protocol}://${request.get('Host')}${request.originalUrl}`
 
-            const responseBody = await controller({
-                context,
-                request,
-                response,
-                parameters,
-                specification,
-                post: request.body,
-                url,
-                logger,
-                meta,
-            });
-            logger.debug({
-                url,
-                parameters,
-                post: request.body,
-                response: responseBody,
-            });
+                const responseBody = await controller({
+                    context,
+                    request,
+                    response,
+                    parameters,
+                    specification,
+                    post: request.body,
+                    url,
+                    logger,
+                    meta
+                })
+                logger.debug({
+                    url,
+                    parameters,
+                    post: request.body,
+                    response: responseBody
+                })
 
-            return responseBody;
-        } catch (error) {
-            const errorCodeStatus = getStatusByError(error);
+                return responseBody
+            } catch (error) {
+                const errorCodeStatus = getStatusByError(error)
 
-            if (errorCodeStatus >= 500) {
-                logger.error(error);
-            } else {
-                logger.warn(error);
-            }
+                if (errorCodeStatus >= 500) {
+                    logger.error(error)
+                } else {
+                    logger.warn(error)
+                }
+
+                response.status(errorCodeStatus)
 
-            response.status(errorCodeStatus);
+                if (errorDetails) {
+                    return {
+                        errors: [
+                            {
+                                message: error.message,
+                                value: error.valueOf(),
+                                type: error.constructor.name
+                            }
+                        ],
+                        status: errorCodeStatus,
+                        timestamp: new Date(),
+                        message: error.message
+                    }
+                }
 
-            if (errorDetails) {
                 return {
-                    errors: [
-                        {
-                            message: error.message,
-                            value: error.valueOf(),
-                            type: error.constructor.name,
-                        },
-                    ],
                     status: errorCodeStatus,
                     timestamp: new Date(),
-                    message: error.message,
-                };
+                    message: error.message
+                }
             }
-
-            return {
-                status: errorCodeStatus,
-                timestamp: new Date(),
-                message: error.message,
-            };
         }
-    };

package/src/handlers/not-found.js

@@ -1,8 +1,8 @@
 export const notFound = (_context, request, response) => {
-  response.status(404)
-  return {
-    status: 404,
-    timestamp: new Date(),
-    message: 'Not found'
-  }
+    response.status(404)
+    return {
+        status: 404,
+        timestamp: new Date(),
+        message: 'Not found'
+    }
 }

package/src/handlers/request-validation.js

@@ -1,9 +1,9 @@
 export const requestValidation = (context, request, response) => {
-  response.status(400)
-  return {
-    errors: context.validation.errors,
-    status: 400,
-    timestamp: new Date(),
-    message: 'Bad Request'
-  }
+    response.status(400)
+    return {
+        errors: context.validation.errors,
+        status: 400,
+        timestamp: new Date(),
+        message: 'Bad Request'
+    }
 }

package/src/handlers/response-validation.js

@@ -1,30 +1,30 @@
 export const responseValidation = (context, request, response) => {
-  const responseDoesntNeedValidation = response.statusCode >= 400
-  if (responseDoesntNeedValidation) {
-    return response.json(context.response)
-  }
+    const responseDoesntNeedValidation = response.statusCode >= 400
+    if (responseDoesntNeedValidation) {
+        return response.json(context.response)
+    }
 
-  const valid = context.api.validateResponse(
-    context.response,
-    context.operation
-  )
-  if (valid?.errors) {
-    return response.status(502).json({
-      errors: valid.errors,
-      status: 502,
-      timestamp: new Date(),
-      message: 'Bad response'
-    })
-  }
+    const valid = context.api.validateResponse(
+        context.response,
+        context.operation
+    )
+    if (valid?.errors) {
+        return response.status(502).json({
+            errors: valid.errors,
+            status: 502,
+            timestamp: new Date(),
+            message: 'Bad response'
+        })
+    }
 
-  if (!context.response) {
-    return response.end()
-  }
+    if (!context.response) {
+        return response.end()
+    }
 
-  const contentType = request?.headers?.accept ?? 'application/json'
-  if (contentType === 'application/json') {
-    return response.json(context.response)
-  }
+    const contentType = request?.headers?.accept ?? 'application/json'
+    if (contentType === 'application/json') {
+        return response.json(context.response)
+    }
 
-  return response.send(context.response)
+    return response.send(context.response)
 }

package/src/handlers/unauthorized.js

@@ -1,8 +1,8 @@
 export const unauthorized = async (context, request, response) => {
-  response.status(401)
-  return {
-    status: 401,
-    timestamp: new Date(),
-    message: 'Unauthorized'
-  }
+    response.status(401)
+    return {
+        status: 401,
+        timestamp: new Date(),
+        message: 'Unauthorized'
+    }
 }

package/src/openapi.js

@@ -1,4 +1,4 @@
-import { readFile } from 'node:fs/promises';
+import { readFile } from 'node:fs/promises'
 
 /**
  * Get the OpenAPI specification from the file.
@@ -9,7 +9,7 @@ import { readFile } from 'node:fs/promises';
  * @returns {Promise<{ openAPISpecification: object; }>}
  */
 export const openAPI = async ({ file, base = import.meta.url }) => {
-    const fileUrl = new URL(file, base);
-    const openAPISpecification = JSON.parse(await readFile(fileUrl, 'utf8'));
-    return { openAPISpecification };
-};
+    const fileUrl = new URL(file, base)
+    const openAPISpecification = JSON.parse(await readFile(fileUrl, 'utf8'))
+    return { openAPISpecification }
+}

package/src/operation-ids.js

@@ -1,4 +1,4 @@
-const operations = ['get', 'put', 'patch', 'post', 'delete'];
+const operations = ['get', 'put', 'patch', 'post', 'delete']
 
 /**
  * Get all operation ID's from the specification.
@@ -13,4 +13,4 @@ export const operationIds = ({ specification }) =>
                 operations.includes(operation) ? data.operationId : null
             )
         )
-        .flat();
+        .flat()

package/src/params.js

@@ -1,4 +1,4 @@
-import { types } from './types.js';
+import { types } from './types.js'
 
 /**
  * Parse params to the types defined in the spec
@@ -11,39 +11,39 @@ import { types } from './types.js';
 export const parseParams = ({ query, spec, mock = false }) =>
     spec
         .map((parameter) => {
-            const { name, schema } = parameter;
+            const { name, schema } = parameter
             const {
                 type,
                 default: defaultValue,
-                example: exampleValue,
-            } = schema;
-            const Type = types[type];
-            const paramName = query?.[name];
+                example: exampleValue
+            } = schema
+            const Type = types[type]
+            const paramName = query?.[name]
 
             if (!paramName && defaultValue !== undefined) {
-                return { name, value: defaultValue };
+                return { name, value: defaultValue }
             }
 
             if (!paramName && mock && exampleValue !== undefined) {
-                return { name, value: exampleValue };
+                return { name, value: exampleValue }
             }
 
             if (!paramName) {
-                return undefined;
+                return undefined
             }
 
             if (Type === Boolean) {
                 return {
                     name,
-                    value: JSON.parse(paramName.toLowerCase()),
-                };
+                    value: JSON.parse(paramName.toLowerCase())
+                }
             }
 
-            const value = new Type(paramName).valueOf();
-            return { name, value };
+            const value = new Type(paramName).valueOf()
+            return { name, value }
         })
         .filter(Boolean)
         .reduce((acc, { name, value }) => {
-            acc[name] = value;
-            return acc;
-        }, {});
+            acc[name] = value
+            return acc
+        }, {})

package/src/router.js

@@ -1,15 +1,16 @@
-import { OpenAPIBackend } from 'openapi-backend';
-import addFormats from 'ajv-formats';
-import { makeExpressCallback } from './express-callback.js';
-import { operationIds } from './operation-ids.js';
-import { notFound } from './handlers/not-found.js';
-import { requestValidation } from './handlers/request-validation.js';
-import { responseValidation } from './handlers/response-validation.js';
-import { unauthorized } from './handlers/unauthorized.js';
+import { OpenAPIBackend } from 'openapi-backend'
+import addFormats from 'ajv-formats'
+import { makeExpressCallback } from './express-callback.js'
+import { operationIds } from './operation-ids.js'
+import { notFound } from './handlers/not-found.js'
+import { requestValidation } from './handlers/request-validation.js'
+import { responseValidation } from './handlers/response-validation.js'
+import { unauthorized } from './handlers/unauthorized.js'
 
 /**
  * @typedef {import('./api.js').Logger} Logger
  * @typedef {import('./api.js').SecurityHandler} SecurityHandler
+ * @typedef {import('./api.js').Handler} Handler
  * @typedef {import('ajv').Options} AjvOpts
  */
 
@@ -24,6 +25,7 @@ import { unauthorized } from './handlers/unauthorized.js';
  * @param {Logger=} params.logger
  * @param {object=} params.meta
  * @param {SecurityHandler[]=} params.securityHandlers
+ * @param {Handler=} params.unauthorizedHandler
  * @param {AjvOpts=} params.ajvOptions
  * @param {boolean=} params.mock
  * @returns {{ api: OpenAPIBackend<any>, openAPISpecification: object }}
@@ -37,8 +39,9 @@ export const setupRouter = ({
     logger,
     meta,
     securityHandlers = [],
+    unauthorizedHandler,
     ajvOptions = {},
-    mock,
+    mock
 }) => {
     const api = new OpenAPIBackend({
         definition: openAPISpecification,
@@ -46,22 +49,22 @@ export const setupRouter = ({
         strict: strictSpecification,
         ajvOpts: ajvOptions,
         customizeAjv: (originalAjv) => {
-            addFormats(originalAjv);
-            return originalAjv;
-        },
-    });
+            addFormats(originalAjv)
+            return originalAjv
+        }
+    })
 
     api.register({
-        unauthorizedHandler: unauthorized,
+        unauthorizedHandler: unauthorizedHandler || unauthorized,
         validationFail: requestValidation,
         notFound,
-        postResponseHandler: responseValidation,
-    });
+        postResponseHandler: responseValidation
+    })
 
     operationIds({ specification: openAPISpecification }).forEach(
         (operationId) => {
             if (!Object.hasOwn(controllers, operationId)) {
-                return;
+                return
             }
             api.register(
                 operationId,
@@ -71,24 +74,24 @@ export const setupRouter = ({
                     errorDetails,
                     logger,
                     meta,
-                    mock,
+                    mock
                 })
-            );
+            )
         }
-    );
+    )
 
     api.register('notImplemented', (context) => {
         const { mock: mockImplementation } =
-            context.api.mockResponseForOperation(context.operation.operationId);
-        return mockImplementation;
-    });
+            context.api.mockResponseForOperation(context.operation.operationId)
+        return mockImplementation
+    })
 
     securityHandlers.forEach((securityHandler) => {
         api.registerSecurityHandler(
             securityHandler.name,
             securityHandler.handler
-        );
-    });
+        )
+    })
 
-    return { api, openAPISpecification };
-};
+    return { api, openAPISpecification }
+}

package/src/server.js

@@ -1,11 +1,13 @@
-import express from 'express';
-import cors from 'cors';
-import compression from 'compression';
-import helmet from 'helmet';
-import * as Sentry from '@sentry/node';
-import bodyParser from 'body-parser';
-import { openAPI } from './openapi.js';
-import { Api } from './api.js';
+import express from 'express'
+import cors from 'cors'
+import compression from 'compression'
+import helmet from 'helmet'
+import * as Sentry from '@sentry/node'
+import bodyParser from 'body-parser'
+import { openAPI } from './openapi.js'
+import { Api } from './api.js'
+
+/* eslint-disable sonarjs/cors */
 
 /**
  * Get the origin resource policy
@@ -17,10 +19,10 @@ const getOriginResourcePolicy = (origin) => ({
         policy: origin === '*' ? 'cross-origin' : 'same-origin',
         directives: {
             // ...
-            'require-trusted-types-for': ["'script'"],
-        },
-    },
-});
+            'require-trusted-types-for': ["'script'"]
+        }
+    }
+})
 
 /**
  * @typedef {import('express-serve-static-core').Request} Request
@@ -75,56 +77,56 @@ export const setupServer = async ({
     poweredBy = 'TroJS',
     version = '1.0.0',
     middleware = [],
-    maximumBodySize = undefined,
+    maximumBodySize = undefined
 }) => {
     const corsOptions = {
-        origin,
-    };
+        origin
+    }
 
-    const app = express();
+    const app = express()
 
     if (sentry) {
         Sentry.init({
             dsn: sentry.dsn,
             integrations: [
                 new Sentry.Integrations.Http({ tracing: true }),
-                new Sentry.Integrations.Express({ app }),
+                new Sentry.Integrations.Express({ app })
             ],
             tracesSampleRate: sentry.tracesSampleRate || 1.0,
             profilesSampleRate: sentry.profilesSampleRate || 1.0,
-            release: sentry.release,
-        });
+            release: sentry.release
+        })
 
-        app.use(Sentry.Handlers.requestHandler());
+        app.use(Sentry.Handlers.requestHandler())
     }
 
-    app.use(cors(corsOptions));
-    app.use(compression());
-    app.use(helmet(getOriginResourcePolicy(origin)));
-    app.use(express.json({ limit: maximumBodySize }));
-    middleware.forEach((fn) => app.use(fn));
-    app.use(bodyParser.urlencoded({ extended: false, limit: maximumBodySize }));
+    app.use(cors(corsOptions))
+    app.use(compression())
+    app.use(helmet(getOriginResourcePolicy(origin)))
+    app.use(express.json({ limit: maximumBodySize }))
+    middleware.forEach((fn) => app.use(fn))
+    app.use(bodyParser.urlencoded({ extended: false, limit: maximumBodySize }))
     app.use((_request, response, next) => {
-        response.setHeader('X-Powered-By', poweredBy);
-        response.setHeader('X-Version', version);
-        next();
-    });
+        response.setHeader('X-Powered-By', poweredBy)
+        response.setHeader('X-Version', version)
+        next()
+    })
 
     if (staticFolder) {
-        app.use(express.static(staticFolder));
+        app.use(express.static(staticFolder))
     }
 
     apis.forEach((api) => {
-        const apiRoutes = new Api(api);
-        const routes = apiRoutes.setup();
-        app.use(`/${api.version}`, routes);
-    });
+        const apiRoutes = new Api(api)
+        const routes = apiRoutes.setup()
+        app.use(`/${api.version}`, routes)
+    })
 
     if (sentry) {
-        app.use(Sentry.Handlers.errorHandler());
+        app.use(Sentry.Handlers.errorHandler())
     }
 
-    return { app };
-};
+    return { app }
+}
 
-export { openAPI, Api };
+export { openAPI, Api }

package/src/types.js

@@ -6,7 +6,7 @@ const types = {
     integer: Number,
     boolean: Boolean,
     url: URL,
-    date: Date,
-};
+    date: Date
+}
 
-export { types };
+export { types }