🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
DemoInstallSign in
Socket
DemoInstallSign in

openapi-backend

Package Overview
Dependencies
Maintainers
1
Versions
127
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

openapi-backend - npm Package Compare versions

Comparing version

5.3.0
to
5.5.0

23

backend.js

@@ -233,15 +233,15 @@ "use strict";

const securityHandlerResults = {};
await Promise.all(securitySchemes.map((name) => {
await Promise.all(securitySchemes.map(async (name) => {
securityHandlerResults[name] = undefined;
if (this.securityHandlers[name]) {
// return a promise that will set the security handler result
return (Promise.resolve()
.then(async () => await this.securityHandlers[name](context, ...handlerArgs))
return await Promise.resolve()
.then(() => this.securityHandlers[name](context, ...handlerArgs))
.then((result) => {
securityHandlerResults[name] = result;
})
// save error as result, if thrown
// save rejected error as result, if thrown
.catch((error) => {
securityHandlerResults[name] = { error };
}));
});
}

@@ -255,3 +255,2 @@ else {

const requirementsSatisfied = securityRequirements.map((requirementObject) => {
var _a;
/*

@@ -261,6 +260,12 @@ * Security Requirement Objects that contain multiple schemes require

*/
for (const requirement of _.keys(requirementObject)) {
if (!Boolean(securityHandlerResults[requirement]) || Boolean((_a = securityHandlerResults[requirement]) === null || _a === void 0 ? void 0 : _a.error)) {
for (const requirement of Object.keys(requirementObject)) {
const requirementResult = securityHandlerResults[requirement];
// falsy return values are treated as auth fail
if (Boolean(requirementResult) === false) {
return false;
}
// handle error object passed earlier
if (typeof requirementResult === 'object' && Object.keys(requirementResult).includes('error') && Object.keys(requirementResult).length === 1) {
return false;
}
}

@@ -274,3 +279,3 @@ return true;

*/
const authorized = _.includes(requirementsSatisfied, true);
const authorized = requirementsSatisfied.some((securityResult) => securityResult === true);
// add the results and authorized state to the context object

@@ -277,0 +282,0 @@ context.security = {

10

package.json
{
"name": "openapi-backend",
"description": "Build, Validate, Route, Authenticate and Mock using OpenAPI definitions. Framework-agnostic",
"version": "5.3.0",
"version": "5.5.0",
"author": "Viljami Kuosmanen <viljami@viljami.io>",

@@ -47,6 +47,6 @@ "license": "MIT",

"bath-es5": "^3.0.3",
"cookie": "^0.4.0",
"cookie": "^0.5.0",
"lodash": "^4.17.15",
"mock-json-schema": "^1.0.7",
"openapi-schema-validator": "^10.0.0",
"openapi-schema-validator": "^12.0.0",
"openapi-types": "^10.0.0",

@@ -56,7 +56,7 @@ "qs": "^6.9.3"

"devDependencies": {
"@types/cookie": "^0.3.2",
"@types/cookie": "^0.5.1",
"@types/jest": "^27.0.3",
"@types/json-schema": "^7.0.7",
"@types/lodash": "^4.14.122",
"@types/node": "^17.0.14",
"@types/node": "^18.0.3",
"@types/qs": "^6.9.1",

@@ -63,0 +63,0 @@ "jest": "^27.0.4",

8

validation.d.ts

@@ -133,3 +133,3 @@ import Ajv, { Options as AjvOpts, ErrorObject, ValidateFunction } from 'ajv';

*/
getRequestValidatorsForOperation(operationId: string): ValidateFunction<unknown>[] | null;
getRequestValidatorsForOperation(operationId: string): ValidateFunction<unknown>[];
/**

@@ -164,3 +164,3 @@ * Compiles a schema with Ajv instance and handles circular references.

*/
getResponseValidatorForOperation(operationId: string): ValidateFunction<unknown> | null;
getResponseValidatorForOperation(operationId: string): ValidateFunction<unknown>;
/**

@@ -181,3 +181,3 @@ * Builds an ajv response validator function for an operation and registers it to responseValidators

*/
getStatusBasedResponseValidatorForOperation(operationId: string): StatusBasedResponseValidatorsFunctionMap | null;
getStatusBasedResponseValidatorForOperation(operationId: string): StatusBasedResponseValidatorsFunctionMap;
/**

@@ -198,3 +198,3 @@ * Builds an ajv response validator function for an operation and registers it to responseHeadersValidators

*/
getResponseHeadersValidatorForOperation(operationId: string): ResponseHeadersValidateFunctionMap | null;
getResponseHeadersValidatorForOperation(operationId: string): ResponseHeadersValidateFunctionMap;
/**

@@ -201,0 +201,0 @@ * Builds an ajv response validator function for an operation and returns it

7

validation.js

@@ -511,2 +511,9 @@ "use strict";

target.properties = target.properties || {};
const paramSchema = param.schema;
// Assign the target schema's additionalProperties to the param schema's additionalProperties if the param's additionalProperties is set.
// This is to support free-form query params where `additionalProperties` is an object.
// https://swagger.io/specification/?sbsearch=free%20form
if (paramSchema && (paramSchema === null || paramSchema === void 0 ? void 0 : paramSchema.additionalProperties) !== undefined) {
target.additionalProperties = paramSchema.additionalProperties;
}
if (param.content && param.content['application/json']) {

@@ -513,0 +520,0 @@ target.properties[normalizedParamName] = param.content['application/json'].schema;

backend.js.map

Sorry, the diff of this file is not supported yet

validation.js.map

Sorry, the diff of this file is not supported yet