@velajs/vela 1.8.7 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -278,14 +278,32 @@ export function createOpenApiDocument(rootModule, options = {}) {
278
278
  description: options.info.description
279
279
  } : {}
280
280
  },
281
+ // servers sits between info and paths (OpenAPI convention). Omitted when
282
+ // the caller passes none, mirroring the components/tags handling below.
283
+ ...options.servers?.length ? {
284
+ servers: options.servers
285
+ } : {},
281
286
  paths
282
287
  };
288
+ // components.schemas (generated from DTOs) and components.securitySchemes
289
+ // (caller-supplied) share the same `components` object — attach it when
290
+ // either is present so neither clobbers the other.
283
291
  const schemas = registry.build();
284
- if (schemas) {
292
+ if (schemas || options.securitySchemes) {
285
293
  document.components = {
286
- schemas
294
+ ...schemas ? {
295
+ schemas
296
+ } : {},
297
+ ...options.securitySchemes ? {
298
+ securitySchemes: options.securitySchemes
299
+ } : {}
287
300
  };
288
301
  }
302
+ // Document-level default security requirements (each operation may override).
303
+ // Omitted entirely when the caller passes none.
304
+ if (options.security?.length) {
305
+ document.security = options.security;
306
+ }
289
307
  // Only attach `tags` when non-empty. Emitting `tags: []` on a tag-less
290
308
  // spec is the exact symptom the consumer reported, so omit the key
291
309
  // entirely in that case (mirrors the `components` handling above).
@@ -46,6 +46,13 @@ export interface OpenApiResponse {
46
46
  schema: JsonSchema;
47
47
  }>;
48
48
  }
49
+ /**
50
+ * A single security requirement: maps a securityScheme name to the scopes it
51
+ * requires (empty array for apiKey/http schemes). An operation- or document-
52
+ * level array is an OR of these objects. Kept as a plain record so callers can
53
+ * build them inline (`{ cookieAuth: [] }`).
54
+ */
55
+ export type OpenApiSecurityRequirement = Record<string, string[]>;
49
56
  export interface OpenApiOperation {
50
57
  summary?: string;
51
58
  description?: string;
@@ -55,6 +62,35 @@ export interface OpenApiOperation {
55
62
  parameters?: OpenApiParameter[];
56
63
  requestBody?: OpenApiRequestBody;
57
64
  responses: Record<string, OpenApiResponse>;
65
+ /** Per-operation security requirements (overrides the document-level array). */
66
+ security?: OpenApiSecurityRequirement[];
67
+ }
68
+ /** An OpenAPI Server Object. Kept loose so callers can add `variables`. */
69
+ export interface OpenApiServer {
70
+ url: string;
71
+ description?: string;
72
+ variables?: Record<string, {
73
+ enum?: string[];
74
+ default: string;
75
+ description?: string;
76
+ }>;
77
+ [key: string]: unknown;
78
+ }
79
+ /**
80
+ * An OpenAPI Security Scheme Object (apiKey / http / oauth2 / openIdConnect /
81
+ * mutualTLS). Index signature keeps it open so any valid scheme shape passes
82
+ * without fighting the types (mirrors JsonSchema above).
83
+ */
84
+ export interface OpenApiSecurityScheme {
85
+ type: 'apiKey' | 'http' | 'oauth2' | 'openIdConnect' | 'mutualTLS';
86
+ description?: string;
87
+ name?: string;
88
+ in?: 'query' | 'header' | 'cookie';
89
+ scheme?: string;
90
+ bearerFormat?: string;
91
+ flows?: Record<string, unknown>;
92
+ openIdConnectUrl?: string;
93
+ [key: string]: unknown;
58
94
  }
59
95
  export type HttpVerb = 'get' | 'post' | 'put' | 'patch' | 'delete' | 'options' | 'head';
60
96
  export type OpenApiPathItem = {
@@ -63,10 +99,13 @@ export type OpenApiPathItem = {
63
99
  export interface OpenApiDocument {
64
100
  openapi: '3.1.0';
65
101
  info: OpenApiInfo;
102
+ servers?: OpenApiServer[];
66
103
  paths: Record<string, OpenApiPathItem>;
67
104
  components?: {
68
105
  schemas?: Record<string, JsonSchema>;
106
+ securitySchemes?: Record<string, OpenApiSecurityScheme>;
69
107
  };
108
+ security?: OpenApiSecurityRequirement[];
70
109
  tags?: Array<{
71
110
  name: string;
72
111
  description?: string;
@@ -101,6 +140,21 @@ export interface CreateOpenApiDocumentOptions {
101
140
  name: string;
102
141
  description?: string;
103
142
  }>;
143
+ /**
144
+ * Top-level `servers` array (base URLs the API is served from). Emitted
145
+ * verbatim between `info` and `paths` when non-empty; omitted otherwise.
146
+ */
147
+ servers?: OpenApiServer[];
148
+ /**
149
+ * Named security schemes, emitted under `components.securitySchemes` (merged
150
+ * with generated `components.schemas`). Reference them from `security`.
151
+ */
152
+ securitySchemes?: Record<string, OpenApiSecurityScheme>;
153
+ /**
154
+ * Document-level default security requirements (applies to every operation
155
+ * unless the operation overrides it). Emitted verbatim when non-empty.
156
+ */
157
+ security?: OpenApiSecurityRequirement[];
104
158
  }
105
159
  export type OpenApiUi = 'swagger' | 'scalar' | 'redoc';
106
160
  export interface MountOpenApiOptions {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@velajs/vela",
3
- "version": "1.8.7",
3
+ "version": "1.9.0",
4
4
  "description": "NestJS-compatible framework for edge runtimes, powered by Hono",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -29,16 +29,10 @@
29
29
  "LICENSE",
30
30
  "CHANGELOG.md"
31
31
  ],
32
- "scripts": {
33
- "build": "rm -rf dist && swc src -d dist --strip-leading-paths && tsc --emitDeclarationOnly",
34
- "test": "vitest run",
35
- "test:workers": "vitest run --config vitest.config.workers.ts",
36
- "typecheck": "tsc --noEmit",
37
- "prepare": "swc src -d dist --strip-leading-paths && tsc --emitDeclarationOnly",
38
- "prepublishOnly": "pnpm run typecheck && pnpm test"
39
- },
40
32
  "sideEffects": [
41
- "./dist/index.js"
33
+ "./dist/index.js",
34
+ "./dist/metadata.js",
35
+ "./dist/schedule-node/index.js"
42
36
  ],
43
37
  "keywords": [
44
38
  "edge",
@@ -68,14 +62,6 @@
68
62
  "dependencies": {
69
63
  "hono": "^4.12.26"
70
64
  },
71
- "packageManager": "pnpm@10.20.0",
72
- "pnpm": {
73
- "onlyBuiltDependencies": [
74
- "@swc/core",
75
- "esbuild",
76
- "workerd"
77
- ]
78
- },
79
65
  "devDependencies": {
80
66
  "@cloudflare/vitest-pool-workers": "^0.16.18",
81
67
  "@swc/cli": "^0.8.1",
@@ -87,5 +73,11 @@
87
73
  "unplugin-swc": "^1.5.9",
88
74
  "vitest": "^4.1.9",
89
75
  "zod": "^4.4.3"
76
+ },
77
+ "scripts": {
78
+ "build": "rm -rf dist && swc src -d dist --strip-leading-paths && tsc --emitDeclarationOnly",
79
+ "test": "vitest run",
80
+ "test:workers": "vitest run --config vitest.config.workers.ts",
81
+ "typecheck": "tsc --noEmit"
90
82
  }
91
- }
83
+ }