@uphold/fastify-openapi-router-plugin 0.8.0 → 1.0.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@uphold/fastify-openapi-router-plugin",
-  "version": "0.8.0",
+  "version": "1.0.1",
   "description": "A plugin for Fastify to connect routes with a OpenAPI 3.x specification",
   "main": "./src/index.js",
   "types": "./types/index.d.ts",

package/src/index.test.js

@@ -164,4 +164,58 @@ describe('Fastify plugin', () => {
       );
     });
   });
+
+  describe('encapsulation', () => {
+    it('should use the correct fastify instance when calling oas.route() from a child plugin', async () => {
+      const app = fastify({ logger: false });
+
+      await app.register(OpenAPIRouter, { spec });
+
+      await app.register(async childFastify => {
+        childFastify.decorateRequest('customProperty', null);
+        childFastify.addHook('onRequest', async request => {
+          request.customProperty = 'decorated-value';
+        });
+
+        childFastify.oas.route({
+          handler: async request => {
+            return { customProperty: request.customProperty };
+          },
+          operationId: 'getPets'
+        });
+      });
+
+      const result = await app.inject({ url: '/pets' });
+
+      expect(result.json()).toMatchObject({
+        customProperty: 'decorated-value'
+      });
+    });
+
+    it('should use the correct fastify instance when calling oas.installNotImplementedRoutes() from a child plugin', async () => {
+      const app = fastify({ logger: false });
+
+      await app.register(OpenAPIRouter, { spec });
+
+      await app.register(async childFastify => {
+        childFastify.decorateRequest('customProperty', null);
+        childFastify.addHook('onRequest', async request => {
+          request.customProperty = 'decorated-value';
+        });
+
+        childFastify.oas.route({
+          handler: async request => {
+            return { customProperty: request.customProperty };
+          },
+          operationId: 'getPets'
+        });
+
+        childFastify.oas.installNotImplementedRoutes();
+      });
+
+      const postPetsResult = await app.inject({ method: 'POST', url: '/pets' });
+
+      expect(postPetsResult.statusCode).toBe(501);
+    });
+  });
 });

package/src/parser/index.js

@@ -21,16 +21,20 @@ export const parse = async options => {
     for (const method in methods) {
       const operation = methods[method];
 
+      const securityFn = applySecurity(operation, spec, options.securityHandlers, options.securityErrorMapper);
+      const paramsCoercingFn = applyParamsCoercing(operation);
+
       // Build fastify route.
       const route = {
         method: method.toUpperCase(),
         onRequest: [
-          async function (request) {
+          async function openApiRouterOnRequestHook(request) {
             request[DECORATOR_NAME].operation = operation;
-          },
-          applySecurity(operation, spec, options.securityHandlers, options.securityErrorMapper),
-          applyParamsCoercing(operation)
-        ].filter(Boolean),
+
+            await securityFn?.(request);
+            paramsCoercingFn?.(request);
+          }
+        ],
         schema: {
           headers: parseParams(operation.parameters, 'header'),
           params: parseParams(operation.parameters, 'path'),

package/src/parser/params.js

@@ -87,7 +87,7 @@ export const applyParamsCoercing = operation => {
     })
     .filter(Boolean);
 
-  return async request => {
+  return request => {
     coerceArrayParametersFns.forEach(fn => fn(request));
   };
 };

package/src/parser/security.test.js

@@ -103,9 +103,9 @@ describe('applySecurity()', () => {
   });
 
   it('should return undefined if `security` is disabled in operation', async () => {
-    const onRequest = applySecurity({ security: [] }, { security: [{ OAuth2: [] }] }, {});
+    const securityFn = applySecurity({ security: [] }, { security: [{ OAuth2: [] }] }, {});
 
-    expect(onRequest).toBeUndefined();
+    expect(securityFn).toBeUndefined();
   });
 
   it('should stop at the first successful security block', async () => {
@@ -135,9 +135,9 @@ describe('applySecurity()', () => {
       OAuth2: vi.fn(async () => ({ data: 'OAuth2 data', scopes: [] }))
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
-    await onRequest(request);
+    await securityFn(request);
 
     expect(securityHandlers.ApiKey).toHaveBeenCalledTimes(1);
     expect(securityHandlers.ApiKey).toHaveBeenCalledWith('api key', request);
@@ -190,9 +190,9 @@ describe('applySecurity()', () => {
       OAuth2: vi.fn(async () => ({ data: 'OAuth2 data', scopes: [] }))
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
-    await onRequest(request);
+    await securityFn(request);
 
     expect(securityHandlers.ApiKey).toHaveBeenCalledTimes(1);
     expect(securityHandlers.ApiKey).toHaveBeenCalledWith('api key', request);
@@ -249,10 +249,10 @@ describe('applySecurity()', () => {
       OAuth2: vi.fn(async () => ({ data: 'OAuth2 data', scopes: [] }))
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
     try {
-      await onRequest(request);
+      await securityFn(request);
     } catch (error) {
       expect(error).toBeInstanceOf(errors.UnauthorizedError);
       expect(error.securityReport).toMatchInlineSnapshot(`
@@ -299,12 +299,12 @@ describe('applySecurity()', () => {
       })
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
     expect.assertions(2);
 
     try {
-      await onRequest(request);
+      await securityFn(request);
     } catch (err) {
       expect(err).toBeInstanceOf(errors.UnauthorizedError);
       expect(err.securityReport).toMatchInlineSnapshot(`
@@ -354,9 +354,9 @@ describe('applySecurity()', () => {
       OAuth2: vi.fn(async () => ({ data: 'OAuth2 data', scopes: ['write'] }))
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
-    await onRequest(request);
+    await securityFn(request);
 
     expect(securityHandlers.OAuth2).toHaveBeenCalledTimes(1);
   });
@@ -385,12 +385,12 @@ describe('applySecurity()', () => {
       })
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
     expect.assertions(2);
 
     try {
-      await onRequest(request);
+      await securityFn(request);
     } catch (err) {
       expect(err).toBeInstanceOf(errors.UnauthorizedError);
       expect(securityHandlers.OAuth2).toHaveBeenCalledTimes(1);
@@ -420,11 +420,11 @@ describe('applySecurity()', () => {
       OAuth2: vi.fn(async () => ({ data: 'OAuth2 data', scopes: [] }))
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
     expect.assertions(3);
 
-    await onRequest(request);
+    await securityFn(request);
 
     expect(securityHandlers.ApiKey).not.toHaveBeenCalled();
     expect(securityHandlers.OAuth2).toHaveBeenCalledTimes(1);
@@ -468,12 +468,12 @@ describe('applySecurity()', () => {
       OAuth2: vi.fn(() => ({ data: 'OAuth2 data', scopes: ['read'] }))
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
     expect.assertions(2);
 
     try {
-      await onRequest(request);
+      await securityFn(request);
     } catch (err) {
       expect(err).toBeInstanceOf(errors.UnauthorizedError);
       expect(err.securityReport).toMatchInlineSnapshot(`
@@ -513,9 +513,9 @@ describe('applySecurity()', () => {
       OAuth2: vi.fn(() => {})
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
-    await onRequest(request);
+    await securityFn(request);
 
     expect(request[DECORATOR_NAME].security).toMatchObject({ OAuth2: undefined });
     expect(request[DECORATOR_NAME].securityReport).toMatchInlineSnapshot(`
@@ -554,12 +554,12 @@ describe('applySecurity()', () => {
       OAuth2: vi.fn(() => {})
     };
 
-    const onRequest = applySecurity(operation, spec, securityHandlers);
+    const securityFn = applySecurity(operation, spec, securityHandlers);
 
     expect.assertions(2);
 
     try {
-      await onRequest(request);
+      await securityFn(request);
     } catch (err) {
       expect(err).toBeInstanceOf(errors.UnauthorizedError);
       expect(err.securityReport).toMatchInlineSnapshot(`
@@ -603,12 +603,12 @@ describe('applySecurity()', () => {
     const customError = new Error('Mapped error');
     const securityErrorMapper = vi.fn(() => customError);
 
-    const onRequest = applySecurity(operation, spec, securityHandlers, securityErrorMapper);
+    const securityFn = applySecurity(operation, spec, securityHandlers, securityErrorMapper);
 
     expect.assertions(3);
 
     try {
-      await onRequest(request);
+      await securityFn(request);
     } catch (err) {
       expect(err).toBe(customError);
       expect(securityErrorMapper).toHaveBeenCalledTimes(1);

package/src/plugin.js

@@ -2,10 +2,10 @@ import { DECORATOR_NAME } from './utils/constants.js';
 import { createNotImplementedError, errors } from './errors/index.js';
 import { parse } from './parser/index.js';
 
-const createRoute = (fastify, routes, notImplementedErrorMapper) => {
+const createRouting = (routes, notImplementedErrorMapper) => {
   const missingRoutes = new Set(Object.values(routes));
 
-  const addMissingRoutes = () => {
+  const addMissingRoutes = fastify => {
     missingRoutes.forEach(route => {
       fastify.route({
         ...route,
@@ -28,7 +28,7 @@ const createRoute = (fastify, routes, notImplementedErrorMapper) => {
     missingRoutes.clear();
   };
 
-  const addRoute = ({ method, onRequest, operationId, schema, url, ...routeOptions }) => {
+  const addRoute = (fastify, { method, onRequest, operationId, schema, url, ...routeOptions }) => {
     const route = routes[operationId];
 
     // Throw an error if the operation is unknown.
@@ -44,6 +44,8 @@ const createRoute = (fastify, routes, notImplementedErrorMapper) => {
     // Check if there is a routeOptions.onRequest hook.
     if (typeof onRequest === 'function') {
       route.onRequest.push(onRequest);
+    } else if (Array.isArray(onRequest)) {
+      route.onRequest.push(...onRequest);
     }
 
     // Register a new route.
@@ -66,13 +68,19 @@ const plugin = async (fastify, options) => {
 
   const routes = await parse(options);
 
-  const { addMissingRoutes, addRoute } = createRoute(fastify, routes, options.notImplementedErrorMapper);
+  const { addMissingRoutes, addRoute } = createRouting(routes, options.notImplementedErrorMapper);
 
   // Decorate fastify object.
   fastify.decorate(DECORATOR_NAME, {
-    errors,
-    installNotImplementedRoutes: addMissingRoutes,
-    route: addRoute
+    getter: function () {
+      const fastify = this;
+
+      return {
+        errors,
+        installNotImplementedRoutes: () => addMissingRoutes(fastify),
+        route: route => addRoute(fastify, route)
+      };
+    }
   });
 
   // Avoid decorating the request with reference types.
@@ -80,7 +88,7 @@ const plugin = async (fastify, options) => {
   fastify.decorateRequest(DECORATOR_NAME, null);
 
   // Instead, decorate each incoming request.
-  fastify.addHook('onRequest', async request => {
+  fastify.addHook('onRequest', async function openApiRouterGlobalOnRequestHook(request) {
     request[DECORATOR_NAME] = {
       operation: {},
       security: {},