The devDependency snyk was updated from 1.111.1 to 1.112.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

snyk is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Hi all ,

Please remove the *.git inside the node_module before publishing the package
cause :
npm ERR! code EISGIT

npm ERR! git Refusing to remove it. Update manually,
npm ERR! git or move it out of the way first.

many thanks

Add a configuration option to disable the swagger-ui docs. It will be enabled by default.

Add Continuous Integration with Travis.CI

Responses are also being wrapped with JSON.stringify(); so returned CSV has been modified from what the server is trying to send.

In the OASRouter();
res.send = function (data)
override always calls
arguments[0] = JSON.stringify(arguments[0]);
When it should likely only be called inside the checkResponse() during this section
if (resultType && resultType.essence === 'application/json') {

The dependency validator was updated from 10.8.0 to 10.9.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

validator is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

I'm returning multiple content types from a single endpoint but my content-type is being overriden by
res.header("Content-Type", "application/json;charset=utf-8");
inside of oas-router.js

      responses:
        '200':
          description: OK
          content:
            text/csv:
              schema:
                $ref: '#/components/schemas/CSVResponse'
            application/json:
              schema:
                $ref: '#/components/schemas/JSONResponse'

Hi,

First, I'd like to congrats you, these two repositories: oas-generator and oas-tools are really amazing projects, I'm sure they will be so useful in my future projects.

In addition, I thought that could be a good idea having them in the 'awesome' lists which exist across GitHub in order to increment the visibility of them. Here I would like to give you guys these two that I've found:

• https://github.com/APIs-guru/awesome-openapi3

• https://github.com/marmelab/awesome-rest

Cheers.

Using the module 'accesscontrol', add the ability to specify roles and access restrictions and automatically allow or deny access to specific endpoints and resources.

As above,

Tested with

              id:
                type: integer
              topLevel:
                type: string
              middleLevel:
                type: string
                nullable: true
              lastLevel:
                type: string
                nullable: true
              url:
                type: string

{
          "id": 59,
          "topLevel": "Accessories",
          "middleLevel": null,
          "lastLevel": "",
          "url": "/accessories"
        }

"message": "Wrong data in the response. ",
    "error": [
      {
        "code": "INVALID_TYPE",
        "params": [
          "string",
          "null"
        ],
        "message": "Expected type string but found type null",
        "path": "#/webLinks/59/url/lastLevel/middleLevel"
      }
    ],

This appears to be in the validate function in Z-Schema.

Hi,

I had a route with the following response:

responses:
        "200":
            description: Service is healthy and all dependencies are up
            content:
                application/json:
                    schema:
                        type: array
                        items:
                            type: string

In swagger-tools, the following line of express code worked. res.status(200).json(["ok"]);

But when I look at what's being sent to your middleware, I see that it's getting the string "["ok"]" as opposed to the object ["ok"]

Is this a problem on your side? The express side? Am i not allowed to use res.json()? Any guidance would be much appreciated.

Thanks,
Jas

Suggested tools are:

• https://docusaurus.io/
• https://readthedocs.org/
• https://docsify.js.org/
• https://daux.io/

Is there any current method for splitting controllers into sub directories and have the
checkControllers function pass?

Set Apache 2.0 license

Add security middleware, which should work the same as swagger-security.

The devDependency snyk was updated from 1.99.0 to 1.99.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

snyk is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

I currently have my swagger files divided across multiple files and use $ref. Is there a way to pass this 'chopped up' version of the swagger file to the initialize function?

Thanks,
Jas

Hello,

Path may contain common parameters defined: https://swagger.io/docs/specification/describing-parameters/
Please ignore them during the app bootstrap, supported operations are the following: get, post, put, patch, delete, head, options, trace.

When a request body contains a primitive JSON (a number, a string...) an error is thrown.

Consider the following:

openapi: 3.0.0
security:
  - mySecurityScheme: []
  - myOtherSecurityScheme: []
components:
  securitySchemes:
    mySecurityScheme:
      name: X-Custom-Header
      type: apiKey
      in: header
    myOtherSecurityScheme:
      name: X-Custom-Header
      type: apiKey
      in: header

When this is passed through the oas-security middleware, the name of the definition is changed to the name of the key, in this case mySecurityScheme and myOtherSecurityScheme, and when getValue tries to pull out the value, it will look at headers for that value -- not the actual name of the header.

https://github.com/isa-group/oas-tools/blob/2.1.0/src/middleware/oas-security.js#L101
https://github.com/isa-group/oas-tools/blob/2.1.0/src/middleware/oas-security.js#L10
https://github.com/isa-group/oas-tools/blob/2.1.0/src/middleware/oas-security.js#L24

What ends up happening is req.headers["mySecurityScheme"] is provided to the verification function, not the actual header defined in the security scheme ("X-Custom-Header").

It's fine if they are both named the same - but in our case we want to do different checks for authorization based upon which security scheme has been applied. We'll need the same header name to be used multiple times for different security schemes... our options look something like this:

//....
securityFile: {
  'mySecurityScheme': doVerification('role-name'),
  'myOtherSecurityScheme': doVerification('other-role-name')
}
//...

const doVerification = role => (req, definition, header, cb) => {
  verify(header, (err, user) => {
    if (err || user == null) { return cb(req.res.sendStatus(401)) }
    if (user.roles.indexOf(role) === -1) { return cb(req.res.sendStatus(403)) }
    cb()
  })
}

I've got a NODE_ENV=staging environment that crashes during load of the OASTools with the following error.

if (newConfigurations.controllers == undefined) { //TODO: Fix this!

TypeError: Cannot read property 'controllers' of undefined
   at Object._setConfigurations [as setConfigurations]
      (.../node_modules/oas-tools/src/configurations/index.js:67:25)

It appears the default initialization that runs before .configure(options_object).

const oasTools = require('oas-tools')

const options_object = {
  loglevel: debug
  customLogger: null
  strict: true
  router: true
  validator: true
  docs: true
  oasSecurity: false
  securityFile: null
  oasAuth: false
  grantsFile: null
  ignoreUnknownFormats: true
}
oasTools.configure(options_object)

I've hacked a fix by doing this, but it's ugly:
var newConfigurations = jsyaml.safeLoad(configString)[process.env.NODE_ENV === 'production' ? 'production' : 'development'];

I am getting a 404 when the path that was successfully registered is accessed. Could you please let me know where to look at?
I am just initializing express and passing as shown below with the assumption that 'oas-tools' would wire the controller to the path/request.
`

 const app = express();
 oasTools.initialize(oasDoc, app, function () {
     http.createServer(app).listen(8080, function () {
     console.log("App up and running!");
});

where options are:

{
  "checkControllers": true,
  "loglevel": "debug",
  "strict": false,
  "router": false,
  "validator": false,
  "docs": {
      "apiDocs": "/api-docs",
    "swaggerUi": "/docs"
  },
  "ignoreUnknownFormats": true
}

-- Please delete this issue as it was due to incorrect options. 

oas-router.js writes a warning to the log by catenating an array with a string.

logger.warning(msg + JSON.stringify(validator.getLastErrors()));

It produces output like this:

warning: [object Object][{"what":"ever"}]

Changing that line to
logger.warning(JSON.stringify(msg) + JSON.stringify(validator.getLastErrors()));
would produce a more readable warning.

Integration test keep running endless.

Hello,

is there a way how to combine pre-route middleware generated errors and my own validation errors thrown in controller/models?
Eg. returning to frontend one error object with "this parameter doesn't conform to OAS spec format" and "another param (ID for example) already exists in database" (which is not detectable by OAS-tools middleware)?

Thank for answer, you'll save my life.

Hi,

when using oasSecurity like

oasTools.configure({
  // ...
  oasSecurity: true,
  securityFile: {
    <secScheme>: async (req, secDef, key, next) => { return next() }
  }
});

the framework errors out with

Error: No handler was specified for security scheme ApiKeyAuth
    at async.map (/path/to/proj/node_modules/oas-tools/src/middleware/oas-security.js:109:45)

This seems due to an outdated version of lodash-compat being used for validating the <secScheme> cb in https://github.com/isa-group/oas-tools/blob/master/src/middleware/oas-security.js#L105 - see also lodash issue over at lodash/lodash#3603

Could you please bump lodash-compat to a more current version in order to allow async callbacks for security validations?

Thanks in advance!

The readme file has not been updated since the last version was released. Some new features should be explained in it.

Add more tests to improve code coverage so that it is greater than 80%.

Upgrade winston to latest version.
Needs some adjustment in code.

I am running into an error where I am hitting the error on line 136 of oas-validator.

Relevant yaml

/branch/:deviceID:
    get:
      x-router-controller: secure
      tags:
        - secure
      summary: gets branch details
      operationId: getBranch
      description: Returns a array of objects of branch
      parameters:
        - in: header
          name: X-deviceToken
          schema:
            type: string
          required: true
        - in: path
          name: deviceID
          schema:
            type: string
          required: true

It looks like req[location][name] is always returned undefined when this is in header

curl -X GET "http://localhost:3000/branch/:deviceID" -H "accept: application/json" -H "X-deviceToken: asdasd"

console.log(params[i])

{ in: 'header',
  name: 'X-deviceToken',
  schema: { type: 'string' },
  required: true }
{ in: 'path',
  name: 'deviceID',
  schema: { type: 'string' },
  required: true }

console.log(location)
header
params

console.log(req[location][name])
undefined
:deviceID

Hi all , following open api 3.0 spec as below
https://swagger.io/docs/specification/serialization/

• in: query
  name: options
  style: form
  explode :false
  allowReserved :true
  schema:
  type: string .

result :
debug info

Requested method-url pair: get - /PostlabAI/PostlabAI/1.0.0/run/container/1/command/1?options=0%3D-i%257B%252Fapp%252Finput%252Ffile.txt%257D

should be : options=-i{/app/input/file.txt}
with reserved word like : ' { } /' allowed... but the uri is malformed when I parse that.

Additionally, the allowReserved keyword specifies whether the reserved characters :/?#[]@!$&'()*+,;=

If the spec file has a relative URL as the first server, the API base path is not detected correctly.

Add a message to show where the swagger-ui docs can be found.

The devDependency publish-please was updated from 5.4.2 to 5.4.3.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

publish-please is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Goal: Reduce size from 8 Mb to less than 2 Mb

• Remove *.map files
• Remove source JS not used (bundle version is enough)

Hello,

It would be great to provide preconfigured logger instead of loglevel and logfile options.

1. Mode production code under /src
2. Delete unused files

Using a relative server URL works correctly in Swagger UI. Add it automatically if no localhost server is found.

Hi,

I am trying use the oneOf keyword in the OpenApi 3.0 specs. I am using the example on Swagger site (https://swagger.io/docs/specification/data-models/oneof-anyof-allof-not/). My swagger.yml has the following in it:

 /testschema:
    post:
      description: Create app data storage
      operationId: testSchema
      security:
        []
      x-security-scopes:
        - Admin
      x-swagger-router-controller: public        
      requestBody:
        content:
          application/json:
            schema:
              oneOf:
                - $ref: '#/components/schemas/Cat'
                - $ref: '#/components/schemas/Dog'
        description: The app data schema
        required: true
      responses:
        "200":
          description: The app data schema was already initialized

components:
  schemas:
    Dog:
      type: object
      properties:
        bark:
          type: boolean
        breed:
          type: string
          enum: [Dingo, Husky, Retriever, Shepherd]
    Cat:
      type: object
      properties:
        hunts:
          type: boolean
        age:
          type: integer  

While trying to a Postman call with the following body, it is not recognizing and giving the below error. If I change the oneOf to anyOf, then everything passes (which also does not seem to be the correct behavior)

{
  "bark": true,
  "breed": "Dingo"
}

Error received:

[
    {
        "message": "Wrong data in the body of the request. ",
        "error": [
            {
                "code": "ONE_OF_MULTIPLE",
                "params": [],
                "message": "Data is valid against more than one schema from 'oneOf'",
                "path": "#/"
            }
        ],
        "content": {
            "bark": "true",
            "breed": "Dingo"
        }
    }
]

Integrate swagger-ui so that the APIs can be easily documented and tested.

Hi,

If i have the following, which is taken from https://swagger.io/docs/specification/describing-responses/:

      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
        # Definition of all error statuses
        default:
          description: Unexpected error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'

If we send a response, with response code 500 for example, oas-tools is giving the following error:

[
  {
    "message": "Wrong response code: 500"
  }
] 

Any fixes?

Thanks,
Jas

Hi,

As long as you report errors right from the framework, please define json schema of these erorrs in order to include it into application API.
It's pretty safe to define json schema, there's https://www.npmjs.com/package/speccy tool for json schema to open api conversion.
If you need a help with schema, don't hesitate to ask me.

Google Appengine uses a write only file except for /tmp, so I'm getting this error:

Error: EROFS: read-only file system, open '/srv/node_modules/oas-tools/swagger-ui/index.html'
    at Object.openSync (fs.js:439:3)
    at Object.writeFileSync (fs.js:1190:35)
    at registerPaths (/srv/node_modules/oas-tools/src/index.js:358:10)
    at Object.initializeMiddleware (/srv/node_modules/oas-tools/src/index.js:409:3)
    at Object.<anonymous> (/srv/index.js:26:10)
    at Module._compile (internal/modules/cjs/loader.js:689:30)

Is there a config setting to change the directory oas-tools writes to?

The devDependency mongoose was updated from 5.4.13 to 5.4.14.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

mongoose is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Run: npm run lint to ge the full list.

• Fix undefined symbols on file middleware/oas-validator.js
• Fix post/put test
• Delete unused files
• Review lines marked with // eslint-disable-line

openapi: 3.0.0
info:
  title: Swagger Petstore
  description: 'This is a sample server Petstore server.  You can find out more about     Swagger
    at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/).      For
    this sample, you can use the api key `special-key` to test the authorization     filters.'
  termsOfService: http://swagger.io/terms/
  contact:
    email: [email protected]
  license:
    name: Apache 2.0
    url: http://www.apache.org/licenses/LICENSE-2.0.html
  version: 1.0.0
externalDocs:
  description: Find out more about Swagger
  url: http://swagger.io
servers:
- url: http://127.0.0.1:8080
tags:
- name: pet
  description: Everything about your Pets
  externalDocs:
    description: Find out more
    url: http://swagger.io
- name: store
  description: Access to Petstore orders
- name: user
  description: Operations about user
  externalDocs:
    description: Find out more about our store
    url: http://swagger.io
paths:
  /pet:
    put:
      tags:
      - pet
      summary: Update an existing pet
      operationId: updatePet
      requestBody:
        description: Pet object that needs to be added to the store
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Pet'
          application/xml:
            schema:
              $ref: '#/components/schemas/Pet'
        required: true
      responses:
        400:
          description: Invalid ID supplied
          content: {}
        404:
          description: Pet not found
          content: {}
        405:
          description: Validation exception
          content: {}
      security:
      - petstore_auth:
        - write:pets
        - read:pets
      x-router-controller: Pet
    post:
      tags:
      - pet
      summary: Add a new pet to the store
      operationId: addPet
      requestBody:
        description: Pet object that needs to be added to the store
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Pet'
          application/xml:
            schema:
              $ref: '#/components/schemas/Pet'
        required: true
      responses:
        405:
          description: Invalid input
          content: {}
      security:
      - petstore_auth:
        - write:pets
        - read:pets
      x-router-controller: Pet
components:
  schemas:
    Order:
      type: object
      properties:
        id:
          type: integer
          format: int64
        petId:
          type: integer
          format: int64
        quantity:
          type: integer
          format: int32
        shipDate:
          type: string
          format: date-time
        status:
          type: string
          description: Order Status
          enum:
          - placed
          - approved
          - delivered
        complete:
          type: boolean
          default: false
      xml:
        name: Order
    Category:
      type: object
      properties:
        id:
          type: integer
          format: int64
        name:
          type: string
      xml:
        name: Category
    User:
      type: object
      properties:
        id:
          type: integer
          format: int64
        username:
          type: string
        firstName:
          type: string
        lastName:
          type: string
        email:
          type: string
        password:
          type: string
        phone:
          type: string
        userStatus:
          type: integer
          description: User Status
          format: int32
      xml:
        name: User
    Tag:
      type: object
      properties:
        id:
          type: integer
          format: int64
        name:
          type: string
      xml:
        name: Tag
    Pet:
      required:
      - name
      - photoUrls
      type: object
      properties:
        id:
          type: integer
          format: int64
        category:
          $ref: '#/components/schemas/Category'
        name:
          type: string
          example: doggie
        photoUrls:
          type: array
          xml:
            name: photoUrl
            wrapped: true
          items:
            type: string
        tags:
          type: array
          xml:
            name: tag
            wrapped: true
          items:
            $ref: '#/components/schemas/Tag'
        status:
          type: string
          description: pet status in the store
          enum:
          - available
          - pending
          - sold
      xml:
        name: Pet
    ApiResponse:
      type: object
      properties:
        code:
          type: integer
          format: int32
        type:
          type: string
        message:
          type: string
  securitySchemes:
    petstore_auth:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: http://petstore.swagger.io/oauth/dialog
          scopes:
            write:pets: modify pets in your account
            read:pets: read your pets
    api_key:
      type: apiKey
      name: api_key
      in: header

Server will not handle any requests, because we define

servers:
- url: http://127.0.0.1:8080

for

servers:
- url: http://localhost:8080

it works fine

fix post & put tests

swagger-tools had the ability to configure swagger-ui.

app.use(middleware.swaggerUi({
    apiDocs: '/foo/docs',
    swaggerUi: `/foo`,
    apiDocsPrefix: '',
    swaggerUiPrefix: ''
  }));

It would be nice to use the "docs" configuration option to pass an object through to swagger-ui to override default configuration

var options_object = {
  controllers: path.join(__dirname, './controllers'),
  loglevel: 'info',
  strict: false,
  router: true,
  validator: true,
  docs: {
    apiDocs: '/foo/docs',
    swaggerUi: `/foo`,
    apiDocsPrefix: '',
    swaggerUiPrefix: ''
  }
};