UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 6.25 kB
1
2
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.validateOpenApiSchema=validateOpenApiSchema;var core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp};function parseOpenApiJson(schema,schemaName,errors){try{return JSON.parse(schema)}catch(e){return errors.push(`${schemaName} must be in JSON format. YAML is not supported. Error: ${e instanceof Error?e.message:String(e)}`),null}}function validateOpenApiVersion(schemaObj,schemaName,errors){if(!schemaObj.openapi)errors.push(`${schemaName} must include an 'openapi' field specifying the version`);else{const version=schemaObj.openapi;typeof version!="string"?errors.push(`${schemaName} 'openapi' field must be a string`):!version.startsWith("3.0.")&&!version.startsWith("3.1.")&&errors.push(`${schemaName} version ${version} is not supported. Only OpenAPI 3.0.x and 3.1.x are supported`)}}function validateServerUrls(schemaObj,schemaName,errors){!schemaObj.servers||!Array.isArray(schemaObj.servers)||schemaObj.servers.length===0?errors.push(`${schemaName} must include at least one server with a valid URL`):schemaObj.servers.forEach((server,index)=>{if(!server.url||typeof server.url!="string")errors.push(`${schemaName} server[${index}] must have a valid URL`);else if(!server.url.includes("://"))errors.push(`${schemaName} server[${index}] URL must contain a protocol (e.g., http:// or https://)`);else{const protocolEnd=server.url.indexOf("://"),protocol=server.url.substring(0,protocolEnd);protocol.includes("{")||protocol.toLowerCase()!=="http"&&protocol.toLowerCase()!=="https"&&errors.push(`${schemaName} server[${index}] URL must use HTTP or HTTPS protocol`)}})}function validatePathsAndOperations(schemaObj,schemaName,errors){if(!schemaObj.paths||typeof schemaObj.paths!="object")errors.push(`${schemaName} must include a 'paths' object`);else{const operationsMissingId=[],unsupportedMediaTypes=new Set,pathsWithComplexSerializers=[];if(Object.entries(schemaObj.paths).forEach(([path,pathItem])=>{(path.includes("{;")||path.includes("{?")||path.includes("{*}"))&&pathsWithComplexSerializers.push(path),pathItem&&typeof pathItem=="object"&&["get","post","put","delete","patch","head","options"].forEach(method=>{if(pathItem[method]){const operation=pathItem[method];operation.operationId||operationsMissingId.push(`${method.toUpperCase()} ${path}`),operation.requestBody?.content&&Object.keys(operation.requestBody.content).forEach(mediaType=>{mediaType!=="application/json"&&mediaType!=="application/xml"&&mediaType!=="multipart/form-data"&&mediaType!=="application/x-www-form-urlencoded"&&unsupportedMediaTypes.add(mediaType)}),operation.responses&&Object.values(operation.responses).forEach(response=>{response.content&&Object.keys(response.content).forEach(mediaType=>{mediaType!=="application/json"&&mediaType!=="application/xml"&&unsupportedMediaTypes.add(mediaType)})}),operation.parameters&&operation.parameters.forEach((param,idx)=>{param.style&&["matrix","label","deepObject"].includes(param.style)&&errors.push(`${schemaName} ${method.toUpperCase()} ${path} parameter[${idx}] uses unsupported serialization style: ${param.style}`)})}})}),operationsMissingId.length>0&&errors.push(`${schemaName} operations must include 'operationId' field. Missing in: ${operationsMissingId.join(", ")}`),pathsWithComplexSerializers.length>0&&errors.push(`${schemaName} contains unsupported complex path parameter serializers in: ${pathsWithComplexSerializers.join(", ")}`),unsupportedMediaTypes.size>0){const mediaTypesList=Array.from(unsupportedMediaTypes).join(", ");errors.push(`${schemaName} uses unsupported media types: ${mediaTypesList}. Only application/json, application/xml, multipart/form-data, and application/x-www-form-urlencoded are supported`)}}}function checkSchemaComposition(obj,schemaName,errors,path=""){!obj||typeof obj!="object"||("oneOf"in obj&&errors.push(`${schemaName} contains unsupported 'oneOf' schema composition at ${path||"root"}`),"anyOf"in obj&&errors.push(`${schemaName} contains unsupported 'anyOf' schema composition at ${path||"root"}`),"allOf"in obj&&errors.push(`${schemaName} contains unsupported 'allOf' schema composition at ${path||"root"}`),Object.entries(obj).forEach(([key,value])=>{if(key!=="oneOf"&&key!=="anyOf"&&key!=="allOf"&&value&&typeof value=="object"){const newPath=path?`${path}.${key}`:key;Array.isArray(value)?value.forEach((item,index)=>{checkSchemaComposition(item,schemaName,errors,`${newPath}[${index}]`)}):checkSchemaComposition(value,schemaName,errors,newPath)}}))}function validateSchemaComposition(schemaObj,schemaName,errors){schemaObj.components?.schemas&&checkSchemaComposition(schemaObj.components.schemas,schemaName,errors,"components.schemas"),schemaObj.definitions&&checkSchemaComposition(schemaObj.definitions,schemaName,errors,"definitions"),schemaObj.paths&&checkSchemaComposition(schemaObj.paths,schemaName,errors,"paths")}function validateSecuritySchemes(schemaObj,schemaName,errors){schemaObj.security&&Array.isArray(schemaObj.security)&&schemaObj.security.length>0&&errors.push(`${schemaName} contains security schemes at the OpenAPI specification level. Authentication must be configured using the Gateway's outbound authorization configuration instead`)}function validateCallbacksAndWebhooks(schemaObj,schemaName,errors){schemaObj.paths&&Object.entries(schemaObj.paths).forEach(([path,pathItem])=>{pathItem&&typeof pathItem=="object"&&Object.values(pathItem).forEach(operation=>{operation&&typeof operation=="object"&&operation.callbacks&&errors.push(`${schemaName} contains unsupported 'callbacks' in path ${path}`)})}),schemaObj.webhooks&&errors.push(`${schemaName} contains unsupported 'webhooks'`)}function validateOpenApiSchema(params){const errors=[],{schema,schemaName="OpenAPI schema"}=params;if(core_1().Token.isUnresolved(schema))return errors;const schemaObj=parseOpenApiJson(schema,schemaName,errors);return schemaObj&&(validateOpenApiVersion(schemaObj,schemaName,errors),validateServerUrls(schemaObj,schemaName,errors),validatePathsAndOperations(schemaObj,schemaName,errors),validateSchemaComposition(schemaObj,schemaName,errors),validateSecuritySchemes(schemaObj,schemaName,errors),validateCallbacksAndWebhooks(schemaObj,schemaName,errors)),errors}