vite-plugin-openapi-codegen 3.2.1 → 4.0.0

package/dist/cli.mjs

@@ -57,11 +57,11 @@ function renderAccessPoliciesSource(entries, generatedHeader) {
 	const lines = [
 		...generatedHeader,
 		"",
-		"export type AccessPolicyKind = \"authenticated\" | \"internal\" | \"public\" | \"role\";",
+		"export type AccessPolicyKind = \"authenticated\" | \"internal\" | \"public\" | \"permission\";",
 		"",
 		"export interface AccessPolicy {",
 		"  kind: AccessPolicyKind;",
-		"  roles?: readonly string[];",
+		"  permissions?: readonly string[];",
 		"}",
 		"",
 		"export interface OperationAccessPolicy extends AccessPolicy {",
@@ -80,7 +80,7 @@ function renderAccessPoliciesSource(entries, generatedHeader) {
 		lines.push(`    method: ${JSON.stringify(entry.methodUpper)},`);
 		lines.push(`    operationId: ${JSON.stringify(entry.operationId)},`);
 		lines.push(`    path: ${JSON.stringify(entry.strippedPath)},`);
-		if (entry.roles.length > 0) lines.push(`    roles: [${entry.roles.map((role) => JSON.stringify(role)).join(", ")}],`);
+		if (entry.permissions.length > 0) lines.push(`    permissions: [${entry.permissions.map((permission) => JSON.stringify(permission)).join(", ")}],`);
 		lines.push("  },");
 	}
 	lines.push("} as const satisfies Record<string, OperationAccessPolicy>;", "", "export type AccessPolicyKey = keyof typeof accessPolicies;", "");
@@ -268,13 +268,45 @@ function collectOperations(spec, pathPrefix = "/api/", stripPrefix = true) {
 			});
 		}
 	}
-	return excludeInternalOperations(entries, spec);
+	const publicEntries = excludeInternalOperations(entries, spec);
+	if (entries.length > 0 && publicEntries.length === 0) throw new Error(`All ${entries.length} operation(s) matching prefix "${pathPrefix}" are internal-only and were excluded`);
+	const excludedCount = entries.length - publicEntries.length;
+	if (excludedCount > 0) console.info(`[openapi-codegen] excluded ${excludedCount} internal-only operation(s) from generated artifacts.`);
+	return publicEntries;
 }
 function excludeInternalOperations(entries, spec) {
 	const securitySchemes = spec.components?.securitySchemes;
 	if (!securitySchemes) return entries;
 	return entries.filter((entry) => readSecurityRequirement(entry, securitySchemes, spec.security)?.kind !== "internal");
 }
+function excludeInternalOperationsFromSpec(spec) {
+	const securitySchemes = spec.components?.securitySchemes;
+	if (!securitySchemes || !spec.paths) return {
+		excludedCount: 0,
+		spec
+	};
+	const clone = structuredClone(spec);
+	let excludedCount = 0;
+	for (const [path, pathItem] of Object.entries(clone.paths ?? {})) {
+		let removedFromPath = 0;
+		for (const method of HTTP_METHODS) {
+			const operation = pathItem[method];
+			if (!operation) continue;
+			if (readSecurityRequirement({
+				operation,
+				operationId: operation.operationId ?? `${method.toUpperCase()} ${path}`
+			}, securitySchemes, clone.security)?.kind !== "internal") continue;
+			delete pathItem[method];
+			removedFromPath += 1;
+		}
+		excludedCount += removedFromPath;
+		if (removedFromPath > 0 && !HTTP_METHODS.some((method) => pathItem[method])) delete clone.paths?.[path];
+	}
+	return {
+		excludedCount,
+		spec: clone
+	};
+}
 function readSecurityRequirement(entry, securitySchemes, topLevelSecurity) {
 	const security = entry.operation.security ?? topLevelSecurity;
 	if (security === void 0) return null;
@@ -291,10 +323,10 @@ function readSecurityRequirement(entry, securitySchemes, topLevelSecurity) {
 		const scheme = securitySchemes?.[schemeName];
 		if (scheme?.type === "apiKey" && scheme.in === "header") return { kind: "internal" };
 		if (scheme?.type === "http" || scheme?.type === "apiKey" && scheme.in === "cookie") {
-			const roles = readSecurityScopes(entry, schemeName, scopes);
-			return roles.length === 0 ? { kind: "authenticated" } : {
-				kind: "role",
-				roles
+			const permissions = readSecurityScopes(entry, schemeName, scopes);
+			return permissions.length === 0 ? { kind: "authenticated" } : {
+				kind: "permission",
+				permissions
 			};
 		}
 	}
@@ -302,12 +334,12 @@ function readSecurityRequirement(entry, securitySchemes, topLevelSecurity) {
 }
 function readSecurityScopes(entry, schemeName, scopes) {
 	if (!Array.isArray(scopes)) throw new Error(`Operation "${entry.operationId}" has non-array scopes for security scheme "${schemeName}"`);
-	const roles = [];
+	const permissions = [];
 	for (const scope of scopes) {
 		if (typeof scope !== "string") throw new Error(`Operation "${entry.operationId}" has a non-string scope for security scheme "${schemeName}"`);
-		roles.push(scope);
+		permissions.push(scope);
 	}
-	return roles;
+	return permissions;
 }
 function isRecord(value) {
 	return typeof value === "object" && value !== null && !Array.isArray(value);
@@ -646,9 +678,10 @@ function resolveHttpClientConfig(config) {
 	};
 }
 const GENERATED_HEADER = ["// This file is auto-generated by vite-plugin-openapi-codegen.", "// Do not edit manually. Changes will be overwritten on next build."];
-async function generateApiTypes(source, outputDir, useTypeAliases) {
+async function generateApiTypes(input, outputDir, useTypeAliases) {
 	const { default: openapiTS, astToString } = await import("openapi-typescript");
-	const contents = astToString(await openapiTS(source, useTypeAliases ? {
+	const { excludedCount, spec } = excludeInternalOperationsFromSpec(input.spec);
+	const contents = astToString(await openapiTS(excludedCount > 0 ? spec : input.apiTypesSource, useTypeAliases ? {
 		rootTypes: true,
 		rootTypesKeepCasing: true,
 		rootTypesNoSchemaPrefix: true
@@ -699,7 +732,7 @@ function createAccessPolicyEntries(operations, securitySchemes, topLevelSecurity
 			kind: accessPolicy.kind,
 			methodUpper: entry.method.toUpperCase(),
 			operationId: entry.operationId,
-			roles: accessPolicy.roles ?? [],
+			permissions: accessPolicy.permissions ?? [],
 			strippedPath: entry.strippedPath
 		}];
 	});
@@ -769,11 +802,13 @@ function parseOpenAPISpec(sourceText, inputLabel) {
 async function generateOpenAPIArtifacts(root, options) {
 	const outputDir = resolve(root, options.output);
 	mkdirSync(outputDir, { recursive: true });
-	const { apiTypesSource, spec } = await loadOpenAPIInput(root, options.input);
-	const operations = collectOperations(spec, options.pathPrefix ?? "/api/", options.stripPrefix ?? true);
-	const artifacts = renderGeneratedArtifacts(spec, options, operations);
+	const input = await loadOpenAPIInput(root, options.input);
+	const pathPrefix = options.pathPrefix ?? "/api/";
+	const stripPrefix = options.stripPrefix ?? true;
+	const operations = collectOperations(input.spec, pathPrefix, stripPrefix);
+	const artifacts = renderGeneratedArtifacts(input.spec, options, operations);
 	warnOnParameterLocationMismatch(operations);
-	await generateApiTypes(apiTypesSource, outputDir, options.typeAliases ?? false);
+	await generateApiTypes(input, outputDir, options.typeAliases ?? false);
 	if (artifacts.apiTypes) writeFileSync(resolve(outputDir, "api-types.d.ts"), artifacts.apiTypes, { flag: "a" });
 	if (artifacts.accessPolicies) writeFileSync(resolve(outputDir, "access-policies.ts"), artifacts.accessPolicies);
 	writeFileSync(resolve(outputDir, "api.ts"), artifacts.api);

package/dist/index.mjs

@@ -55,11 +55,11 @@ function renderAccessPoliciesSource(entries, generatedHeader) {
 	const lines = [
 		...generatedHeader,
 		"",
-		"export type AccessPolicyKind = \"authenticated\" | \"internal\" | \"public\" | \"role\";",
+		"export type AccessPolicyKind = \"authenticated\" | \"internal\" | \"public\" | \"permission\";",
 		"",
 		"export interface AccessPolicy {",
 		"  kind: AccessPolicyKind;",
-		"  roles?: readonly string[];",
+		"  permissions?: readonly string[];",
 		"}",
 		"",
 		"export interface OperationAccessPolicy extends AccessPolicy {",
@@ -78,7 +78,7 @@ function renderAccessPoliciesSource(entries, generatedHeader) {
 		lines.push(`    method: ${JSON.stringify(entry.methodUpper)},`);
 		lines.push(`    operationId: ${JSON.stringify(entry.operationId)},`);
 		lines.push(`    path: ${JSON.stringify(entry.strippedPath)},`);
-		if (entry.roles.length > 0) lines.push(`    roles: [${entry.roles.map((role) => JSON.stringify(role)).join(", ")}],`);
+		if (entry.permissions.length > 0) lines.push(`    permissions: [${entry.permissions.map((permission) => JSON.stringify(permission)).join(", ")}],`);
 		lines.push("  },");
 	}
 	lines.push("} as const satisfies Record<string, OperationAccessPolicy>;", "", "export type AccessPolicyKey = keyof typeof accessPolicies;", "");
@@ -266,13 +266,45 @@ function collectOperations(spec, pathPrefix = "/api/", stripPrefix = true) {
 			});
 		}
 	}
-	return excludeInternalOperations(entries, spec);
+	const publicEntries = excludeInternalOperations(entries, spec);
+	if (entries.length > 0 && publicEntries.length === 0) throw new Error(`All ${entries.length} operation(s) matching prefix "${pathPrefix}" are internal-only and were excluded`);
+	const excludedCount = entries.length - publicEntries.length;
+	if (excludedCount > 0) console.info(`[openapi-codegen] excluded ${excludedCount} internal-only operation(s) from generated artifacts.`);
+	return publicEntries;
 }
 function excludeInternalOperations(entries, spec) {
 	const securitySchemes = spec.components?.securitySchemes;
 	if (!securitySchemes) return entries;
 	return entries.filter((entry) => readSecurityRequirement(entry, securitySchemes, spec.security)?.kind !== "internal");
 }
+function excludeInternalOperationsFromSpec(spec) {
+	const securitySchemes = spec.components?.securitySchemes;
+	if (!securitySchemes || !spec.paths) return {
+		excludedCount: 0,
+		spec
+	};
+	const clone = structuredClone(spec);
+	let excludedCount = 0;
+	for (const [path, pathItem] of Object.entries(clone.paths ?? {})) {
+		let removedFromPath = 0;
+		for (const method of HTTP_METHODS) {
+			const operation = pathItem[method];
+			if (!operation) continue;
+			if (readSecurityRequirement({
+				operation,
+				operationId: operation.operationId ?? `${method.toUpperCase()} ${path}`
+			}, securitySchemes, clone.security)?.kind !== "internal") continue;
+			delete pathItem[method];
+			removedFromPath += 1;
+		}
+		excludedCount += removedFromPath;
+		if (removedFromPath > 0 && !HTTP_METHODS.some((method) => pathItem[method])) delete clone.paths?.[path];
+	}
+	return {
+		excludedCount,
+		spec: clone
+	};
+}
 function readSecurityRequirement(entry, securitySchemes, topLevelSecurity) {
 	const security = entry.operation.security ?? topLevelSecurity;
 	if (security === void 0) return null;
@@ -289,10 +321,10 @@ function readSecurityRequirement(entry, securitySchemes, topLevelSecurity) {
 		const scheme = securitySchemes?.[schemeName];
 		if (scheme?.type === "apiKey" && scheme.in === "header") return { kind: "internal" };
 		if (scheme?.type === "http" || scheme?.type === "apiKey" && scheme.in === "cookie") {
-			const roles = readSecurityScopes(entry, schemeName, scopes);
-			return roles.length === 0 ? { kind: "authenticated" } : {
-				kind: "role",
-				roles
+			const permissions = readSecurityScopes(entry, schemeName, scopes);
+			return permissions.length === 0 ? { kind: "authenticated" } : {
+				kind: "permission",
+				permissions
 			};
 		}
 	}
@@ -300,12 +332,12 @@ function readSecurityRequirement(entry, securitySchemes, topLevelSecurity) {
 }
 function readSecurityScopes(entry, schemeName, scopes) {
 	if (!Array.isArray(scopes)) throw new Error(`Operation "${entry.operationId}" has non-array scopes for security scheme "${schemeName}"`);
-	const roles = [];
+	const permissions = [];
 	for (const scope of scopes) {
 		if (typeof scope !== "string") throw new Error(`Operation "${entry.operationId}" has a non-string scope for security scheme "${schemeName}"`);
-		roles.push(scope);
+		permissions.push(scope);
 	}
-	return roles;
+	return permissions;
 }
 function isRecord(value) {
 	return typeof value === "object" && value !== null && !Array.isArray(value);
@@ -644,9 +676,10 @@ function resolveHttpClientConfig(config) {
 	};
 }
 const GENERATED_HEADER = ["// This file is auto-generated by vite-plugin-openapi-codegen.", "// Do not edit manually. Changes will be overwritten on next build."];
-async function generateApiTypes(source, outputDir, useTypeAliases) {
+async function generateApiTypes(input, outputDir, useTypeAliases) {
 	const { default: openapiTS, astToString } = await import("openapi-typescript");
-	const contents = astToString(await openapiTS(source, useTypeAliases ? {
+	const { excludedCount, spec } = excludeInternalOperationsFromSpec(input.spec);
+	const contents = astToString(await openapiTS(excludedCount > 0 ? spec : input.apiTypesSource, useTypeAliases ? {
 		rootTypes: true,
 		rootTypesKeepCasing: true,
 		rootTypesNoSchemaPrefix: true
@@ -697,7 +730,7 @@ function createAccessPolicyEntries(operations, securitySchemes, topLevelSecurity
 			kind: accessPolicy.kind,
 			methodUpper: entry.method.toUpperCase(),
 			operationId: entry.operationId,
-			roles: accessPolicy.roles ?? [],
+			permissions: accessPolicy.permissions ?? [],
 			strippedPath: entry.strippedPath
 		}];
 	});
@@ -767,11 +800,13 @@ function parseOpenAPISpec(sourceText, inputLabel) {
 async function generateOpenAPIArtifacts(root, options) {
 	const outputDir = resolve(root, options.output);
 	mkdirSync(outputDir, { recursive: true });
-	const { apiTypesSource, spec } = await loadOpenAPIInput(root, options.input);
-	const operations = collectOperations(spec, options.pathPrefix ?? "/api/", options.stripPrefix ?? true);
-	const artifacts = renderGeneratedArtifacts(spec, options, operations);
+	const input = await loadOpenAPIInput(root, options.input);
+	const pathPrefix = options.pathPrefix ?? "/api/";
+	const stripPrefix = options.stripPrefix ?? true;
+	const operations = collectOperations(input.spec, pathPrefix, stripPrefix);
+	const artifacts = renderGeneratedArtifacts(input.spec, options, operations);
 	warnOnParameterLocationMismatch(operations);
-	await generateApiTypes(apiTypesSource, outputDir, options.typeAliases ?? false);
+	await generateApiTypes(input, outputDir, options.typeAliases ?? false);
 	if (artifacts.apiTypes) writeFileSync(resolve(outputDir, "api-types.d.ts"), artifacts.apiTypes, { flag: "a" });
 	if (artifacts.accessPolicies) writeFileSync(resolve(outputDir, "access-policies.ts"), artifacts.accessPolicies);
 	writeFileSync(resolve(outputDir, "api.ts"), artifacts.api);
@@ -790,7 +825,7 @@ function openapiCodegen(options) {
 		},
 		async buildStart() {
 			if (command === "serve" && options.generateOnDev !== false) {
-				runDevelopmentGeneration(root, options, { onError: resolvePluginErrorRaiser(this) });
+				runDevelopmentGeneration(root, options, { onError: resolvePluginErrorRaiser(this) }).catch(() => {});
 				return;
 			}
 		},

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vite-plugin-openapi-codegen",
-  "version": "3.2.1",
+  "version": "4.0.0",
   "description": "Vite plugin that generates typed API clients and route builders from OpenAPI specs",
   "keywords": [
     "api-client",