feat: implement root security application to services in OpenAPI generation

Author: radist2s

packages/openapi-plugin/src/lib/QraftCommand.ts

@@ -147,7 +147,6 @@ export class QraftCommand extends QraftCommandBase<OpenAPIQraftCommandActionOpti
     let services = getServices(schema as OpenAPISchemaType, {
       postfixServices: args.postfixServices,
       serviceNameBase: args.serviceNameBase,
-      rootSecurity: args.rootSecurity,
     });
 
     if (args.operationNameModifier) {

packages/openapi-plugin/src/lib/open-api/OpenAPISchemaType.ts

@@ -24,7 +24,7 @@ export type OpenAPISchemaType = {
           required?: boolean;
         };
         responses: {
-          [statusCode in number | 'default']?: {
+          [statusCode in number | 'default']: {
             $ref?: string;
             description?: string;
             content?: {

packages/openapi-plugin/src/lib/open-api/getServices.spec.ts

@@ -1,4 +1,3 @@
-import type { OpenAPISchemaType } from './OpenAPISchemaType.js';
 import openAPI from '@openapi-qraft/test-fixtures/openapi.json' with { type: 'json' };
 import { describe, expect, it } from 'vitest';
 import { filterDocumentPaths } from '../filterDocumentPaths.js';
@@ -32,126 +31,4 @@ describe('getServices', () => {
   it('matches snapshot with "serviceNameBase: tags"', () => {
     expect(getServices(openAPI, { serviceNameBase: 'tags' })).toMatchSnapshot();
   });
-
-  it('inherits root-level security when `rootSecurity` is enabled and operation-level security is omitted', () => {
-    const document: OpenAPISchemaType = {
-      openapi: '3.1.0',
-      info: {
-        title: 'Fixture API',
-        version: '1.0.0',
-      },
-      security: [{ jwtUserToken: [] }],
-      paths: {
-        '/accounts': {
-          get: {
-            operationId: 'getAccounts',
-            responses: {
-              200: {
-                description: 'Successful response',
-              },
-            },
-          },
-        },
-      },
-      components: {
-        parameters: undefined,
-      },
-    };
-
-    expect(
-      getServices(document, { rootSecurity: true })[0]?.operations[0]?.security
-    ).toEqual([{ jwtUserToken: [] }]);
-  });
-
-  it('does not inherit root-level security when `rootSecurity` is disabled', () => {
-    const document: OpenAPISchemaType = {
-      openapi: '3.1.0',
-      info: {
-        title: 'Fixture API',
-        version: '1.0.0',
-      },
-      security: [{ jwtUserToken: [] }],
-      paths: {
-        '/accounts': {
-          get: {
-            operationId: 'getAccounts',
-            responses: {
-              200: {
-                description: 'Successful response',
-              },
-            },
-          },
-        },
-      },
-      components: {
-        parameters: undefined,
-      },
-    };
-
-    expect(
-      getServices(document, { rootSecurity: false })[0]?.operations[0]?.security
-    ).toBeUndefined();
-  });
-
-  it('prefers operation-level security over root-level security when `rootSecurity` is enabled', () => {
-    const document: OpenAPISchemaType = {
-      openapi: '3.1.0',
-      info: {
-        title: 'Fixture API',
-        version: '1.0.0',
-      },
-      security: [{ jwtUserToken: [] }],
-      paths: {
-        '/accounts': {
-          get: {
-            operationId: 'getAccounts',
-            security: [{ apiKey: [] }],
-            responses: {
-              200: {
-                description: 'Successful response',
-              },
-            },
-          },
-        },
-      },
-      components: {
-        parameters: undefined,
-      },
-    };
-
-    expect(
-      getServices(document, { rootSecurity: true })[0]?.operations[0]?.security
-    ).toEqual([{ apiKey: [] }]);
-  });
-
-  it('treats empty operation-level security as an explicit override when `rootSecurity` is enabled', () => {
-    const document: OpenAPISchemaType = {
-      openapi: '3.1.0',
-      info: {
-        title: 'Fixture API',
-        version: '1.0.0',
-      },
-      security: [{ jwtUserToken: [] }],
-      paths: {
-        '/health': {
-          get: {
-            operationId: 'getHealth',
-            security: [],
-            responses: {
-              200: {
-                description: 'Successful response',
-              },
-            },
-          },
-        },
-      },
-      components: {
-        parameters: undefined,
-      },
-    };
-
-    expect(
-      getServices(document, { rootSecurity: true })[0]?.operations[0]?.security
-    ).toEqual([]);
-  });
 });

packages/openapi-plugin/src/lib/open-api/getServices.ts

@@ -29,15 +29,13 @@ export type ServiceOperation = ServiceOperationStable;
 export interface ServiceOutputOptions {
   postfixServices?: string; // todo::rename to `postfixService`
   serviceNameBase?: ServiceBaseName;
-  rootSecurity?: boolean;
 }
 
 export const getServices = (
   openApiJson: OpenAPISchemaType,
   {
     postfixServices = 'Service',
     serviceNameBase = 'endpoint[0]',
-    rootSecurity,
   }: ServiceOutputOptions = {}
 ) => {
   const paths = openApiJson.paths;
@@ -58,11 +56,6 @@ export const getServices = (
       }
 
       const methodOperation = paths[path][method];
-      const operationSecurity = resolveOperationSecurity(
-        openApiJson.security,
-        methodOperation,
-        rootSecurity
-      );
 
       const { success, errors } = Object.entries(
         methodOperation.responses
@@ -73,8 +66,6 @@ export const getServices = (
         >
       >(
         (acc, [statusCode, response]) => {
-          if (!response) return acc;
-
           if (response.$ref) {
             response = resolveDocumentLocalRef(
               response.$ref,
@@ -154,7 +145,7 @@ export const getServices = (
                 )
               : methodOperation.requestBody) ?? undefined,
           success: success,
-          security: operationSecurity,
+          security: methodOperation.security,
         });
       }
     }
@@ -163,18 +154,6 @@ export const getServices = (
   return Array.from(services.values());
 };
 
-const resolveOperationSecurity = (
-  rootSecurity: OpenAPISchemaType['security'],
-  methodOperation: OpenAPISchemaType['paths'][string][string],
-  shouldUseRootSecurity?: boolean
-) => {
-  if (shouldUseRootSecurity && !('security' in methodOperation)) {
-    return rootSecurity;
-  }
-
-  return methodOperation.security;
-};
-
 export const supportedMethod = (
   method: unknown
 ): method is (typeof supportedHTTPMethods)[number] =>

packages/tanstack-query-react-plugin/src/lib/applyRootSecurityToServices.ts

@@ -0,0 +1,40 @@
+import type { OpenAPISchemaType } from '@openapi-qraft/plugin/lib/open-api/OpenAPISchemaType';
+import type { OpenAPIService } from '@openapi-qraft/plugin/lib/open-api/OpenAPIService';
+
+export function applyRootSecurityToServices({
+  services,
+  schema,
+}: {
+  services: OpenAPIService[];
+  schema: OpenAPISchemaType;
+}) {
+  return services.map((service) => ({
+    ...service,
+    operations: service.operations.map((operation) => ({
+      ...operation,
+      security: resolveOperationSecurity(
+        schema,
+        operation.path,
+        operation.method
+      ),
+    })),
+  }));
+}
+
+function resolveOperationSecurity(
+  schema: OpenAPISchemaType,
+  path: OpenAPIService['operations'][number]['path'],
+  method: OpenAPIService['operations'][number]['method']
+) {
+  const methodOperation = schema.paths[path]?.[method];
+
+  if (!methodOperation) {
+    return undefined;
+  }
+
+  if ('security' in methodOperation) {
+    return methodOperation.security;
+  }
+
+  return schema.security;
+}

packages/tanstack-query-react-plugin/src/plugin.ts

@@ -7,6 +7,7 @@ import { QraftCommand } from '@openapi-qraft/plugin/lib/QraftCommand';
 import { QraftCommandPlugin } from '@openapi-qraft/plugin/lib/QraftCommandPlugin';
 import { CommanderError, Option } from 'commander';
 import { generateCode } from './generateCode.js';
+import { applyRootSecurityToServices } from './lib/applyRootSecurityToServices.js';
 import { parseOptionSubValues } from './lib/parseOptionSubValues.js';
 import { getAllAvailableCallbackNames } from './ts-factory/getCallbackNames.js';
 import { CreateAPIClientFnOptions } from './ts-factory/getIndexFactory.js';
@@ -70,9 +71,13 @@ export const plugin: QraftCommandPlugin = {
         ).argParser(parseOperationParametersType)
       )
       .action(async ({ spinner, output, args, services, schema }, resolve) => {
+        const resolvedServices = args.rootSecurity
+          ? applyRootSecurityToServices({ services, schema })
+          : services;
+
         return void (await generateCode({
           spinner,
-          services,
+          services: resolvedServices,
           serviceOptions: {
             openapiTypesImportPath: args.openapiTypesImportPath,
             queryableWriteOperations: args.queryableWriteOperations,