Continue implementing OpenAPI 3.2.0

Author: SamuelMarks

src/core/parser.ts

@@ -4,12 +4,13 @@
  * parsing, and providing a unified interface to OpenAPI (3.x) and Swagger (2.x) specifications.
  */
 
-import { GeneratorConfig, PathInfo, SecurityScheme, ServerObject, SwaggerDefinition, SwaggerSpec } from './types.js';
+import { GeneratorConfig, PathInfo, SecurityScheme, ServerObject, SwaggerDefinition, SwaggerSpec, LinkObject } from './types.js';
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { pathToFileURL } from 'node:url';
 import yaml from 'js-yaml';
 import { extractPaths, isUrl, pascalCase } from './utils.js';
+import { validateSpec } from './validator.js';
 
 /** Represents a `$ref` object in a JSON Schema. */
 interface RefObject {
@@ -59,6 +60,8 @@ export class SwaggerParser {
     public readonly webhooks: PathInfo[];
     /** A normalized record of all security schemes defined in the entry specification. */
     public readonly security: Record<string, SecurityScheme>;
+    /** A normalized record of all reusable links defined in the entry specification. */
+    public readonly links: Record<string, LinkObject>;
 
     /** A cache of all loaded specifications, keyed by their absolute URI. */
     private readonly specCache: Map<string, SwaggerSpec>;
@@ -77,6 +80,14 @@ export class SwaggerParser {
         specCache?: Map<string, SwaggerSpec>,
         documentUri: string = 'file://entry-spec.json'
     ) {
+        // 1. Fundamental Structure Validation
+        validateSpec(spec);
+
+        // 2. User-Configured Custom Validation
+        if (config.validateInput && !config.validateInput(spec)) {
+            throw new Error("Custom input validation failed.");
+        }
+
         this.spec = spec;
         this.config = config;
         this.documentUri = documentUri;
@@ -93,6 +104,7 @@ export class SwaggerParser {
         this.operations = extractPaths(this.spec.paths);
         this.webhooks = extractPaths(this.spec.webhooks);
         this.security = this.getSecuritySchemes();
+        this.links = this.getLinks();
     }
 
     /**
@@ -241,6 +253,21 @@ export class SwaggerParser {
         return (this.spec.components?.securitySchemes || this.spec.securityDefinitions || {}) as Record<string, SecurityScheme>;
     }
 
+    /** Retrieves all reusable link definitions from the entry specification. */
+    public getLinks(): Record<string, LinkObject> {
+        if (!this.spec.components?.links) return {};
+        const links: Record<string, LinkObject> = {};
+        for (const [key, val] of Object.entries(this.spec.components.links)) {
+            if ('$ref' in val) {
+                const resolved = this.resolveReference<LinkObject>(val.$ref);
+                if (resolved) links[key] = resolved;
+            } else {
+                links[key] = val as LinkObject;
+            }
+        }
+        return links;
+    }
+
     /**
      * Synchronously resolves a JSON reference (`$ref`) object to its corresponding definition.
      * If the provided object is not a `$ref`, it is returned as is.

src/core/runtime-expressions.ts

@@ -0,0 +1,168 @@
+/**
+ * @fileoverview
+ * Implements the OpenAPI Runtime Expression evaluator defined in OAS 3.x.
+ * Used for dynamically deriving values for Links and Callbacks from HTTP messages.
+ *
+ * @see https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.2.0.md#runtime-expressions
+ */
+
+/**
+ * Context required to evaluate a runtime expression.
+ * Represents the state of the HTTP interaction (Request/Response).
+ */
+export interface RuntimeContext {
+    url: string;
+    method: string;
+    statusCode: number;
+    request: {
+        headers: Record<string, string | string[] | undefined>;
+        query: Record<string, string | string[] | undefined>;
+        path: Record<string, string | undefined>;
+        body?: any;
+    };
+    response?: {
+        headers: Record<string, string | string[] | undefined>;
+        body?: any;
+    };
+}
+
+/**
+ * Resolves a JSON Pointer (RFC 6901) against a target object.
+ * Used internally for processing `$request.body#/foo` style expressions.
+ *
+ * @param data The target object (body).
+ * @param pointer The JSON pointer string (e.g., "/user/0/id").
+ * @returns The resolved value or undefined if not found.
+ */
+export function evaluateJsonPointer(data: any, pointer: string): any {
+    if (pointer === '' || pointer === '#') return data;
+
+    // Remove leading # if present (URI fragment style)
+    const cleanPointer = pointer.startsWith('#') ? pointer.substring(1) : pointer;
+
+    if (!cleanPointer.startsWith('/')) return undefined;
+
+    const tokens = cleanPointer.split('/').slice(1).map(token =>
+        token.replace(/~1/g, '/').replace(/~0/g, '~')
+    );
+
+    let current = data;
+    for (const token of tokens) {
+        if (current === null || typeof current !== 'object') {
+            return undefined;
+        }
+        // Arrays handling: standard JSON pointer can access array indices
+        if (Array.isArray(current)) {
+            if (!/^\d+$/.test(token)) return undefined;
+            const index = parseInt(token, 10);
+            if (index < 0 || index >= current.length) {
+                return undefined;
+            }
+            current = current[index];
+        } else {
+            if (!(token in current)) {
+                return undefined;
+            }
+            current = current[token];
+        }
+    }
+    return current;
+}
+
+/**
+ * Helper to extract a header value case-insensitively (RFC 7230).
+ */
+function getHeader(headers: Record<string, string | string[] | undefined>, key: string): string | undefined {
+    const lowerKey = key.toLowerCase();
+    const foundKey = Object.keys(headers).find(k => k.toLowerCase() === lowerKey);
+    if (!foundKey) return undefined;
+    const val = headers[foundKey];
+    return Array.isArray(val) ? val[0] : val;
+}
+
+/**
+ * Helper to extract a query parameter (Case-sensitive).
+ */
+function getQuery(query: Record<string, string | string[] | undefined>, key: string): string | undefined {
+    const val = query[key];
+    return Array.isArray(val) ? val[0] : val;
+}
+
+/**
+ * Resolves a single, bare runtime expression (e.g. "$request.body#/id").
+ * Preserves the type of the referenced value (e.g. boolean, number, object).
+ */
+function resolveSingleExpression(expr: string, context: RuntimeContext): any {
+    if (expr === '$url') return context.url;
+    if (expr === '$method') return context.method;
+    if (expr === '$statusCode') return context.statusCode;
+
+    if (expr.startsWith('$request.')) {
+        const part = expr.substring(9); // remove "$request."
+        if (part.startsWith('header.')) {
+            return getHeader(context.request.headers, part.substring(7));
+        }
+        if (part.startsWith('query.')) {
+            return getQuery(context.request.query, part.substring(6));
+        }
+        if (part.startsWith('path.')) {
+            return context.request.path[part.substring(5)];
+        }
+        if (part.startsWith('body')) {
+            if (part === 'body') return context.request.body;
+            if (part.startsWith('body#')) {
+                return evaluateJsonPointer(context.request.body, part.substring(5));
+            }
+        }
+    }
+
+    if (expr.startsWith('$response.')) {
+        if (!context.response) return undefined;
+        const part = expr.substring(10); // remove "$response."
+        if (part.startsWith('header.')) {
+            return getHeader(context.response.headers, part.substring(7));
+        }
+        if (part.startsWith('body')) {
+            if (part === 'body') return context.response.body;
+            if (part.startsWith('body#')) {
+                return evaluateJsonPointer(context.response.body, part.substring(5));
+            }
+        }
+    }
+
+    return undefined;
+}
+
+/**
+ * Evaluates a runtime expression against a given connection context.
+ *
+ * Supports:
+ * 1. Direct expressions: "$request.query.id" -> returns the value (preserving type).
+ * 2. Embedded string expressions: "https://example.com/{$request.path.id}" -> returns interpolated string.
+ *
+ * @param expression The expression string defined in the OpenAPI Link or Callback.
+ * @param context The runtime data (request info, response info).
+ * @returns The evaluated result.
+ */
+export function evaluateRuntimeExpression(expression: string, context: RuntimeContext): any {
+    const hasBraces = expression.includes('{') && expression.includes('}');
+
+    // Case 1: Bare expression (must start with $)
+    if (expression.startsWith('$') && !hasBraces) {
+        return resolveSingleExpression(expression, context);
+    }
+
+    // Case 2: Constant string (no braces, no $)
+    if (!expression.includes('{')) {
+        return expression;
+    }
+
+    // Case 3: Embedded template string (e.g., "foo/{$url}/bar")
+    return expression.replace(/\{([^}]+)\}/g, (_, innerExpr) => {
+        const trimmed = innerExpr.trim();
+        // Only interpolate if it looks like a variable we recognize, otherwise leave it?
+        // OAS implies logical expressions inside braces.
+        const val = resolveSingleExpression(trimmed, context);
+        return val !== undefined ? String(val) : '';
+    });
+}

src/core/types.ts

@@ -128,6 +128,47 @@ export interface ExternalDocumentationObject {
     url: string;
 }
 
+/**
+ * The Link Object represents a possible design-time link for a response.
+ * @see https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#linkObject
+ */
+export interface LinkObject {
+    /** A URI reference to an OAS operation. Mutually exclusive with operationId. */
+    operationRef?: string;
+    /** The name of an existing, resolvable OAS operation. Mutually exclusive with operationRef. */
+    operationId?: string;
+    /** A map representing parameters to pass to an operation. Keys are param names, values are expressions or constants. */
+    parameters?: { [name: string]: any | string; };
+    /** A literal value or expression to use as a request body when calling the target operation. */
+    requestBody?: any | string;
+    /** A description of the link. */
+    description?: string;
+    /** A server object to be used by the target operation. */
+    server?: ServerObject;
+}
+
+/**
+ * The Header Object follows the structure of the Parameter Object with the following changes:
+ *   1. `name` MUST NOT be specified, it is given in the corresponding `headers` map.
+ *   2. `in` MUST NOT be specified, it is implicitly in `header`.
+ * @see https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#headerObject
+ */
+export interface HeaderObject {
+    description?: string;
+    required?: boolean;
+    deprecated?: boolean;
+    schema?: SwaggerDefinition | { $ref: string };
+    type?: 'string' | 'number' | 'integer' | 'boolean' | 'array';
+    format?: string;
+    items?: SwaggerDefinition | { $ref: string };
+    style?: string;
+    explode?: boolean;
+    allowReserved?: boolean;
+    content?: Record<string, { schema?: SwaggerDefinition | { $ref: string } }>;
+    example?: any;
+    examples?: Record<string, any>;
+}
+
 /** A simplified, normalized representation of an operation parameter. */
 export interface Parameter {
     /** The name of the parameter. */
@@ -157,6 +198,8 @@ export interface Parameter {
     allowEmptyValue?: boolean;
     /** A map containing the representations for the parameter. For complex serialization scenarios. */
     content?: Record<string, { schema?: SwaggerDefinition | { $ref: string } }>;
+    /** Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. */
+    deprecated?: boolean;
 }
 
 /** A processed, unified representation of a single API operation (e.g., GET /users/{id}). */
@@ -171,6 +214,11 @@ export interface PathInfo {
     summary?: string;
     /** A verbose explanation of the operation behavior. */
     description?: string;
+    /**
+     * Declares this operation to be deprecated.
+     * Consumers SHOULD refrain from usage of the declared operation.
+     */
+    deprecated?: boolean;
     /** External documentation link. */
     externalDocs?: ExternalDocumentationObject;
     /** A list of tags for API documentation control. */
@@ -187,6 +235,10 @@ export interface PathInfo {
     methodName?: string;
     /** Security requirements specific to this operation. keys are definitions, values are scopes. */
     security?: { [key: string]: string[] }[];
+    /** An alternate server array to service this operation. (OAS 3+) */
+    servers?: ServerObject[];
+    /** A map of possible out-of band callbacks related to the parent operation. (OAS 3+) */
+    callbacks?: Record<string, PathItem | { $ref: string }>;
 }
 
 /** A single encoding definition for a multipart property. */
@@ -221,6 +273,10 @@ export interface SwaggerResponse {
     description?: string;
     /** A map of media types to their corresponding schemas for the response. */
     content?: Record<string, { schema?: SwaggerDefinition | { $ref: string } }>;
+    /** A map of operations links that can be followed from the response. */
+    links?: Record<string, LinkObject | { $ref: string }>;
+    /** Maps a header name to its definition. */
+    headers?: Record<string, HeaderObject | { $ref: string }>;
 }
 
 /**
@@ -265,6 +321,8 @@ export interface SwaggerDefinition {
     anyOf?: SwaggerDefinition[];
     additionalProperties?: SwaggerDefinition | boolean;
     properties?: { [propertyName: string]: SwaggerDefinition };
+    /** A map of regex patterns to schemas for properties key validation. */
+    patternProperties?: { [pattern: string]: SwaggerDefinition };
     discriminator?: DiscriminatorObject;
     readOnly?: boolean;
     writeOnly?: boolean;
@@ -304,6 +362,8 @@ export interface SpecOperation {
     schemes?: string[];
     deprecated?: boolean;
     security?: Record<string, string[]>[];
+    servers?: ServerObject[]; // OAS 3 (Operation-level override)
+    callbacks?: Record<string, PathItem | { $ref: string }>; // OAS 3
     [key: string]: any;
 }
 
@@ -324,6 +384,7 @@ export interface PathItem {
     trace?: SpecOperation;
     query?: SpecOperation; // OAS 3.2 draft
     parameters?: any[];
+    servers?: ServerObject[]; // OAS 3 (Path-level override)
     [key: string]: any;
 }
 
@@ -347,6 +408,8 @@ export interface SwaggerSpec {
         schemas?: Record<string, SwaggerDefinition>;
         securitySchemes?: Record<string, SecurityScheme>;
         pathItems?: Record<string, PathItem>;
+        links?: Record<string, LinkObject | { $ref: string }>;
+        headers?: Record<string, HeaderObject | { $ref: string }>;
     };
     /** Security definitions (Swagger 2.0). */
     securityDefinitions?: { [securityDefinitionName: string]: SecurityScheme };