feat: add tests for applyRootSecurityToServices function and improve response handling

radist2s · radist2s · commit 6c6ada096aef · 2026-04-02T23:16:23.000+04:00
diff --git a/packages/openapi-plugin/src/lib/open-api/OpenAPISchemaType.ts b/packages/openapi-plugin/src/lib/open-api/OpenAPISchemaType.ts
@@ -24,7 +24,7 @@ export type OpenAPISchemaType = {
           required?: boolean;
         };
         responses: {
-          [statusCode in number | 'default']: {
+          [statusCode in number | 'default']?: {
             $ref?: string;
             description?: string;
             content?: {
diff --git a/packages/openapi-plugin/src/lib/open-api/getServices.ts b/packages/openapi-plugin/src/lib/open-api/getServices.ts
@@ -66,6 +66,7 @@ export const getServices = (
         >
       >(
         (acc, [statusCode, response]) => {
+          if (!response) return acc;
           if (response.$ref) {
             response = resolveDocumentLocalRef(
               response.$ref,
diff --git a/packages/tanstack-query-react-plugin/src/lib/applyRootSecurityToServices.spec.ts b/packages/tanstack-query-react-plugin/src/lib/applyRootSecurityToServices.spec.ts
@@ -0,0 +1,133 @@
+import type { OpenAPISchemaType } from '@openapi-qraft/plugin/lib/open-api/OpenAPISchemaType';
+import type { OpenAPIService } from '@openapi-qraft/plugin/lib/open-api/OpenAPIService';
+import { describe, expect, test } from 'vitest';
+import { applyRootSecurityToServices } from './applyRootSecurityToServices.js';
+
+function createSchema(
+  overrides: Partial<OpenAPISchemaType> = {}
+): OpenAPISchemaType {
+  return {
+    openapi: '3.0.0',
+    info: { title: 'API', version: '1' },
+    paths: {},
+    components: { parameters: undefined },
+    ...overrides,
+  };
+}
+
+function createOperation(
+  path: string,
+  method: OpenAPIService['operations'][number]['method'] = 'get'
+): OpenAPIService['operations'][number] {
+  return {
+    method,
+    path,
+    name: 'op',
+    description: undefined,
+    summary: undefined,
+    deprecated: undefined,
+    errors: {},
+    success: {},
+    parameters: undefined,
+    requestBody: undefined,
+    security: undefined,
+  };
+}
+
+function createService(
+  operations: OpenAPIService['operations']
+): OpenAPIService {
+  return {
+    name: 'svc',
+    variableName: 'svc',
+    typeName: 'Svc',
+    fileBaseName: 'svc',
+    operations,
+  };
+}
+
+describe('applyRootSecurityToServices', () => {
+  test('sets operation security from root schema when operation omits security', () => {
+    const rootSecurity = [{ bearerAuth: [] as string[] | undefined }];
+    const schema = createSchema({
+      security: rootSecurity,
+      paths: {
+        '/items': {
+          get: {
+            responses: { 200: { description: 'ok' } },
+          },
+        },
+      },
+    });
+    const services = [createService([createOperation('/items', 'get')])];
+
+    const result = applyRootSecurityToServices({ services, schema });
+
+    expect(result[0].operations[0].security).toEqual(rootSecurity);
+  });
+
+  test('keeps operation-level security and does not fall back to root', () => {
+    const rootSecurity = [{ bearerAuth: [] as string[] | undefined }];
+    const opSecurity = [{ apiKey: ['write'] }];
+    const schema = createSchema({
+      security: rootSecurity,
+      paths: {
+        '/items': {
+          get: {
+            security: opSecurity,
+            responses: { 200: { description: 'ok' } },
+          },
+        },
+      },
+    });
+    const services = [createService([createOperation('/items', 'get')])];
+
+    const result = applyRootSecurityToServices({ services, schema });
+
+    expect(result[0].operations[0].security).toEqual(opSecurity);
+  });
+
+  test('uses explicit empty security on operation instead of root', () => {
+    const rootSecurity = [{ bearerAuth: [] as string[] | undefined }];
+    const schema = createSchema({
+      security: rootSecurity,
+      paths: {
+        '/public': {
+          get: {
+            security: [],
+            responses: { 200: { description: 'ok' } },
+          },
+        },
+      },
+    });
+    const services = [createService([createOperation('/public', 'get')])];
+
+    const result = applyRootSecurityToServices({ services, schema });
+
+    expect(result[0].operations[0].security).toEqual([]);
+  });
+
+  test('returns undefined security when path or method is missing in schema', () => {
+    const schema = createSchema({
+      security: [{ bearerAuth: [] as string[] | undefined }],
+      paths: {
+        '/other': {
+          get: {
+            responses: { 200: { description: 'ok' } },
+          },
+        },
+      },
+    });
+    const services = [
+      createService([
+        createOperation('/unknown', 'get'),
+        createOperation('/other', 'post'),
+      ]),
+    ];
+
+    const result = applyRootSecurityToServices({ services, schema });
+
+    expect(result[0].operations[0].security).toBeUndefined();
+    expect(result[0].operations[1].security).toBeUndefined();
+  });
+});

Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,7 @@ export const getServices = (`
`66`	`66`	`>`
`67`	`67`	`>(`
`68`	`68`	`(acc, [statusCode, response]) => {`
	`69`	`+ if (!response) return acc;`
`69`	`70`	`if (response.$ref) {`
`70`	`71`	`response = resolveDocumentLocalRef(`
`71`	`72`	`response.$ref,`