vite-plugin-openapi-codegen 2.0.0 → 3.0.1

package/dist/cli.mjs

@@ -52,6 +52,40 @@ function renderOperationTypeAliases(typeAliases) {
 	if (typeAliases.length === 0) return "";
 	return `${typeAliases.map((alias) => `export type ${alias.typeName} = ${alias.definitionExpr};`).join("\n")}\n`;
 }
+function renderAccessPoliciesSource(entries, generatedHeader) {
+	if (entries.length === 0) return "";
+	const lines = [
+		...generatedHeader,
+		"",
+		"export type AccessPolicyKind = \"authenticated\" | \"internal\" | \"public\" | \"role\";",
+		"",
+		"export interface AccessPolicy {",
+		"  kind: AccessPolicyKind;",
+		"  roles?: readonly string[];",
+		"}",
+		"",
+		"export interface OperationAccessPolicy extends AccessPolicy {",
+		"  apiPath: string;",
+		"  method: string;",
+		"  operationId: string;",
+		"  path: string;",
+		"}",
+		"",
+		"export const accessPolicies = {"
+	];
+	for (const entry of entries) {
+		lines.push(`  ${entry.funcName}: {`);
+		lines.push(`    apiPath: ${JSON.stringify(entry.apiPath)},`);
+		lines.push(`    kind: ${JSON.stringify(entry.kind)},`);
+		lines.push(`    method: ${JSON.stringify(entry.methodUpper)},`);
+		lines.push(`    operationId: ${JSON.stringify(entry.operationId)},`);
+		lines.push(`    path: ${JSON.stringify(entry.strippedPath)},`);
+		if (entry.roles.length > 0) lines.push(`    roles: [${entry.roles.map((role) => JSON.stringify(role)).join(", ")}],`);
+		lines.push("  },");
+	}
+	lines.push("} as const satisfies Record<string, OperationAccessPolicy>;", "", "export type AccessPolicyKey = keyof typeof accessPolicies;", "");
+	return `${lines.join("\n")}`;
+}
 function printGeneratedFile(statements, generatedHeader) {
 	const sourceFile = ts.factory.createSourceFile(statements, ts.factory.createToken(ts.SyntaxKind.EndOfFileToken), ts.NodeFlags.None);
 	const printed = AST_PRINTER.printFile(sourceFile).trim();
@@ -613,6 +647,44 @@ function createClientRenderModel(model, useTypeAliases) {
 		}))
 	};
 }
+function createAccessPolicyEntries(operations, securitySchemes, topLevelSecurity) {
+	return operations.flatMap((entry) => {
+		const accessPolicy = readSecurityRequirement(entry, securitySchemes, topLevelSecurity);
+		if (!accessPolicy) return [];
+		return [{
+			apiPath: entry.apiPath,
+			funcName: entry.funcName,
+			kind: accessPolicy.kind,
+			methodUpper: entry.method.toUpperCase(),
+			operationId: entry.operationId,
+			roles: accessPolicy.roles ?? [],
+			strippedPath: entry.strippedPath
+		}];
+	});
+}
+function readSecurityRequirement(entry, securitySchemes, topLevelSecurity) {
+	const security = entry.operation.security ?? topLevelSecurity;
+	if (security === void 0) return null;
+	if (!Array.isArray(security)) throw new Error(`Operation "${entry.operationId}" has invalid security`);
+	if (security.length === 0) return { kind: "public" };
+	const requirement = security[0];
+	if (!isRecord(requirement)) throw new Error(`Operation "${entry.operationId}" has an invalid security requirement`);
+	for (const [schemeName, scopes] of Object.entries(requirement)) {
+		const type = securitySchemes?.[schemeName]?.type;
+		if (type === "apiKey") return { kind: "internal" };
+		if (type === "http") {
+			const roles = Array.isArray(scopes) ? scopes.filter((scope) => typeof scope === "string") : [];
+			return roles.length === 0 ? { kind: "authenticated" } : {
+				kind: "role",
+				roles
+			};
+		}
+	}
+	throw new Error(`Operation "${entry.operationId}" has an unrecognized security scheme`);
+}
+function isRecord(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
 function resolveChannel(channel, useTypeAliases) {
 	if (!channel.typeRef) return channel;
 	return {
@@ -628,14 +700,17 @@ function renderGeneratedArtifacts(spec, options, preCollectedOperations) {
 	const stripPrefix = options.stripPrefix ?? true;
 	const httpClient = resolveHttpClientConfig(options.httpClient);
 	const useTypeAliases = options.typeAliases ?? false;
-	const clientModel = buildClientRenderModelFromOperations(preCollectedOperations ?? collectOperations(spec, pathPrefix, stripPrefix), spec, {
+	const operations = preCollectedOperations ?? collectOperations(spec, pathPrefix, stripPrefix);
+	const clientModel = buildClientRenderModelFromOperations(operations, spec, {
 		json: httpClient.jsonFunction,
 		void: httpClient.voidFunction
 	});
 	if (clientModel.operations.length === 0) throw new Error(`No paths matching prefix "${pathPrefix}" found in openapi.json`);
+	const accessPolicies = renderAccessPoliciesSource(createAccessPolicyEntries(operations, spec.components?.securitySchemes, spec.security), GENERATED_HEADER);
 	return {
 		api: renderApiSource(createApiEntries(clientModel.operations, useTypeAliases), GENERATED_HEADER),
 		client: renderClientSource(createClientRenderModel(clientModel, useTypeAliases), GENERATED_HEADER, httpClient),
+		...accessPolicies ? { accessPolicies } : {},
 		...useTypeAliases && clientModel.typeAliases.length > 0 ? { apiTypes: renderOperationTypeAliases(clientModel.typeAliases) } : {}
 	};
 }
@@ -681,6 +756,7 @@ async function generateOpenAPIArtifacts(root, options) {
 	warnOnParameterLocationMismatch(operations);
 	await generateApiTypes(apiTypesSource, outputDir, options.typeAliases ?? false);
 	if (artifacts.apiTypes) writeFileSync(resolve(outputDir, "api-types.d.ts"), artifacts.apiTypes, { flag: "a" });
+	if (artifacts.accessPolicies) writeFileSync(resolve(outputDir, "access-policies.ts"), artifacts.accessPolicies);
 	writeFileSync(resolve(outputDir, "api.ts"), artifacts.api);
 	writeFileSync(resolve(outputDir, "client.ts"), artifacts.client);
 }

package/dist/index.d.mts

@@ -26,12 +26,18 @@ interface OpenAPIResponse {
   content?: Record<string, OpenAPIContent>;
   description?: string;
 }
+type OpenAPISecurityRequirement = Record<string, string[]>;
+interface OpenAPISecurityScheme {
+  type?: string;
+  scheme?: string;
+}
 interface OpenAPIOperation {
   operationId?: string;
   parameters?: OpenAPIParameter[];
   requestBody?: OpenAPIRequestBody;
   responses?: Record<string, OpenAPIResponse>;
   tags?: string[];
+  security?: OpenAPISecurityRequirement[];
 }
 type OpenAPIPathItem = Partial<Record<HttpMethod, OpenAPIOperation>>;
 interface OpenAPISchema {
@@ -42,8 +48,10 @@ interface OpenAPISchema {
 }
 interface OpenAPISpec {
   paths?: Record<string, OpenAPIPathItem>;
+  security?: OpenAPISecurityRequirement[];
   components?: {
     schemas?: Record<string, OpenAPISchema>;
+    securitySchemes?: Record<string, OpenAPISecurityScheme>;
   };
 }
 interface OperationEntry {
@@ -90,6 +98,7 @@ interface Options {
 interface GeneratedArtifacts {
   api: string;
   apiTypes?: string;
+  accessPolicies?: string;
   client: string;
 }
 declare function renderGeneratedArtifacts(spec: OpenAPISpec, options: Pick<Options, "httpClient" | "pathPrefix" | "stripPrefix" | "typeAliases">, preCollectedOperations?: OperationEntry[]): GeneratedArtifacts;

package/dist/index.mjs

@@ -50,6 +50,40 @@ function renderOperationTypeAliases(typeAliases) {
 	if (typeAliases.length === 0) return "";
 	return `${typeAliases.map((alias) => `export type ${alias.typeName} = ${alias.definitionExpr};`).join("\n")}\n`;
 }
+function renderAccessPoliciesSource(entries, generatedHeader) {
+	if (entries.length === 0) return "";
+	const lines = [
+		...generatedHeader,
+		"",
+		"export type AccessPolicyKind = \"authenticated\" | \"internal\" | \"public\" | \"role\";",
+		"",
+		"export interface AccessPolicy {",
+		"  kind: AccessPolicyKind;",
+		"  roles?: readonly string[];",
+		"}",
+		"",
+		"export interface OperationAccessPolicy extends AccessPolicy {",
+		"  apiPath: string;",
+		"  method: string;",
+		"  operationId: string;",
+		"  path: string;",
+		"}",
+		"",
+		"export const accessPolicies = {"
+	];
+	for (const entry of entries) {
+		lines.push(`  ${entry.funcName}: {`);
+		lines.push(`    apiPath: ${JSON.stringify(entry.apiPath)},`);
+		lines.push(`    kind: ${JSON.stringify(entry.kind)},`);
+		lines.push(`    method: ${JSON.stringify(entry.methodUpper)},`);
+		lines.push(`    operationId: ${JSON.stringify(entry.operationId)},`);
+		lines.push(`    path: ${JSON.stringify(entry.strippedPath)},`);
+		if (entry.roles.length > 0) lines.push(`    roles: [${entry.roles.map((role) => JSON.stringify(role)).join(", ")}],`);
+		lines.push("  },");
+	}
+	lines.push("} as const satisfies Record<string, OperationAccessPolicy>;", "", "export type AccessPolicyKey = keyof typeof accessPolicies;", "");
+	return `${lines.join("\n")}`;
+}
 function printGeneratedFile(statements, generatedHeader) {
 	const sourceFile = ts.factory.createSourceFile(statements, ts.factory.createToken(ts.SyntaxKind.EndOfFileToken), ts.NodeFlags.None);
 	const printed = AST_PRINTER.printFile(sourceFile).trim();
@@ -611,6 +645,44 @@ function createClientRenderModel(model, useTypeAliases) {
 		}))
 	};
 }
+function createAccessPolicyEntries(operations, securitySchemes, topLevelSecurity) {
+	return operations.flatMap((entry) => {
+		const accessPolicy = readSecurityRequirement(entry, securitySchemes, topLevelSecurity);
+		if (!accessPolicy) return [];
+		return [{
+			apiPath: entry.apiPath,
+			funcName: entry.funcName,
+			kind: accessPolicy.kind,
+			methodUpper: entry.method.toUpperCase(),
+			operationId: entry.operationId,
+			roles: accessPolicy.roles ?? [],
+			strippedPath: entry.strippedPath
+		}];
+	});
+}
+function readSecurityRequirement(entry, securitySchemes, topLevelSecurity) {
+	const security = entry.operation.security ?? topLevelSecurity;
+	if (security === void 0) return null;
+	if (!Array.isArray(security)) throw new Error(`Operation "${entry.operationId}" has invalid security`);
+	if (security.length === 0) return { kind: "public" };
+	const requirement = security[0];
+	if (!isRecord(requirement)) throw new Error(`Operation "${entry.operationId}" has an invalid security requirement`);
+	for (const [schemeName, scopes] of Object.entries(requirement)) {
+		const type = securitySchemes?.[schemeName]?.type;
+		if (type === "apiKey") return { kind: "internal" };
+		if (type === "http") {
+			const roles = Array.isArray(scopes) ? scopes.filter((scope) => typeof scope === "string") : [];
+			return roles.length === 0 ? { kind: "authenticated" } : {
+				kind: "role",
+				roles
+			};
+		}
+	}
+	throw new Error(`Operation "${entry.operationId}" has an unrecognized security scheme`);
+}
+function isRecord(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
 function resolveChannel(channel, useTypeAliases) {
 	if (!channel.typeRef) return channel;
 	return {
@@ -626,14 +698,17 @@ function renderGeneratedArtifacts(spec, options, preCollectedOperations) {
 	const stripPrefix = options.stripPrefix ?? true;
 	const httpClient = resolveHttpClientConfig(options.httpClient);
 	const useTypeAliases = options.typeAliases ?? false;
-	const clientModel = buildClientRenderModelFromOperations(preCollectedOperations ?? collectOperations(spec, pathPrefix, stripPrefix), spec, {
+	const operations = preCollectedOperations ?? collectOperations(spec, pathPrefix, stripPrefix);
+	const clientModel = buildClientRenderModelFromOperations(operations, spec, {
 		json: httpClient.jsonFunction,
 		void: httpClient.voidFunction
 	});
 	if (clientModel.operations.length === 0) throw new Error(`No paths matching prefix "${pathPrefix}" found in openapi.json`);
+	const accessPolicies = renderAccessPoliciesSource(createAccessPolicyEntries(operations, spec.components?.securitySchemes, spec.security), GENERATED_HEADER);
 	return {
 		api: renderApiSource(createApiEntries(clientModel.operations, useTypeAliases), GENERATED_HEADER),
 		client: renderClientSource(createClientRenderModel(clientModel, useTypeAliases), GENERATED_HEADER, httpClient),
+		...accessPolicies ? { accessPolicies } : {},
 		...useTypeAliases && clientModel.typeAliases.length > 0 ? { apiTypes: renderOperationTypeAliases(clientModel.typeAliases) } : {}
 	};
 }
@@ -679,6 +754,7 @@ async function generateOpenAPIArtifacts(root, options) {
 	warnOnParameterLocationMismatch(operations);
 	await generateApiTypes(apiTypesSource, outputDir, options.typeAliases ?? false);
 	if (artifacts.apiTypes) writeFileSync(resolve(outputDir, "api-types.d.ts"), artifacts.apiTypes, { flag: "a" });
+	if (artifacts.accessPolicies) writeFileSync(resolve(outputDir, "access-policies.ts"), artifacts.accessPolicies);
 	writeFileSync(resolve(outputDir, "api.ts"), artifacts.api);
 	writeFileSync(resolve(outputDir, "client.ts"), artifacts.client);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vite-plugin-openapi-codegen",
-  "version": "2.0.0",
+  "version": "3.0.1",
   "description": "Vite plugin that generates typed API clients and route builders from OpenAPI specs",
   "keywords": [
     "api-client",