1use super::generator::ConformanceConfig;
7use super::schema_validator::SchemaValidatorGenerator;
8use super::spec::ConformanceFeature;
9use crate::error::Result;
10use crate::request_gen::RequestGenerator;
11use crate::spec_parser::ApiOperation;
12use openapiv3::{
13 OpenAPI, Operation, Parameter, ParameterSchemaOrContent, ReferenceOr, RequestBody, Response,
14 Schema, SchemaKind, SecurityScheme, StringFormat, Type, VariantOrUnknownOrEmpty,
15};
16use std::collections::HashSet;
17
18mod ref_resolver {
20 use super::*;
21
22 pub fn resolve_parameter<'a>(
23 param_ref: &'a ReferenceOr<Parameter>,
24 spec: &'a OpenAPI,
25 ) -> Option<&'a Parameter> {
26 match param_ref {
27 ReferenceOr::Item(param) => Some(param),
28 ReferenceOr::Reference { reference } => {
29 let name = reference.strip_prefix("#/components/parameters/")?;
30 let components = spec.components.as_ref()?;
31 match components.parameters.get(name)? {
32 ReferenceOr::Item(param) => Some(param),
33 ReferenceOr::Reference {
34 reference: inner_ref,
35 } => {
36 let inner_name = inner_ref.strip_prefix("#/components/parameters/")?;
38 match components.parameters.get(inner_name)? {
39 ReferenceOr::Item(param) => Some(param),
40 ReferenceOr::Reference { .. } => None,
41 }
42 }
43 }
44 }
45 }
46 }
47
48 pub fn resolve_request_body<'a>(
49 body_ref: &'a ReferenceOr<RequestBody>,
50 spec: &'a OpenAPI,
51 ) -> Option<&'a RequestBody> {
52 match body_ref {
53 ReferenceOr::Item(body) => Some(body),
54 ReferenceOr::Reference { reference } => {
55 let name = reference.strip_prefix("#/components/requestBodies/")?;
56 let components = spec.components.as_ref()?;
57 match components.request_bodies.get(name)? {
58 ReferenceOr::Item(body) => Some(body),
59 ReferenceOr::Reference {
60 reference: inner_ref,
61 } => {
62 let inner_name = inner_ref.strip_prefix("#/components/requestBodies/")?;
64 match components.request_bodies.get(inner_name)? {
65 ReferenceOr::Item(body) => Some(body),
66 ReferenceOr::Reference { .. } => None,
67 }
68 }
69 }
70 }
71 }
72 }
73
74 pub fn resolve_schema<'a>(
75 schema_ref: &'a ReferenceOr<Schema>,
76 spec: &'a OpenAPI,
77 ) -> Option<&'a Schema> {
78 resolve_schema_with_visited(schema_ref, spec, &mut HashSet::new())
79 }
80
81 fn resolve_schema_with_visited<'a>(
82 schema_ref: &'a ReferenceOr<Schema>,
83 spec: &'a OpenAPI,
84 visited: &mut HashSet<String>,
85 ) -> Option<&'a Schema> {
86 match schema_ref {
87 ReferenceOr::Item(schema) => Some(schema),
88 ReferenceOr::Reference { reference } => {
89 if !visited.insert(reference.clone()) {
90 return None; }
92 let name = reference.strip_prefix("#/components/schemas/")?;
93 let components = spec.components.as_ref()?;
94 let nested = components.schemas.get(name)?;
95 resolve_schema_with_visited(nested, spec, visited)
96 }
97 }
98 }
99
100 pub fn resolve_boxed_schema<'a>(
102 schema_ref: &'a ReferenceOr<Box<Schema>>,
103 spec: &'a OpenAPI,
104 ) -> Option<&'a Schema> {
105 match schema_ref {
106 ReferenceOr::Item(schema) => Some(schema.as_ref()),
107 ReferenceOr::Reference { reference } => {
108 let name = reference.strip_prefix("#/components/schemas/")?;
110 let components = spec.components.as_ref()?;
111 let nested = components.schemas.get(name)?;
112 resolve_schema_with_visited(nested, spec, &mut HashSet::new())
113 }
114 }
115 }
116
117 pub fn resolve_response<'a>(
118 resp_ref: &'a ReferenceOr<Response>,
119 spec: &'a OpenAPI,
120 ) -> Option<&'a Response> {
121 match resp_ref {
122 ReferenceOr::Item(resp) => Some(resp),
123 ReferenceOr::Reference { reference } => {
124 let name = reference.strip_prefix("#/components/responses/")?;
125 let components = spec.components.as_ref()?;
126 match components.responses.get(name)? {
127 ReferenceOr::Item(resp) => Some(resp),
128 ReferenceOr::Reference {
129 reference: inner_ref,
130 } => {
131 let inner_name = inner_ref.strip_prefix("#/components/responses/")?;
133 match components.responses.get(inner_name)? {
134 ReferenceOr::Item(resp) => Some(resp),
135 ReferenceOr::Reference { .. } => None,
136 }
137 }
138 }
139 }
140 }
141 }
142}
143
144#[derive(Debug, Clone)]
146pub enum SecuritySchemeInfo {
147 Bearer,
149 Basic,
151 ApiKey {
153 location: ApiKeyLocation,
154 name: String,
155 },
156}
157
158#[derive(Debug, Clone, PartialEq)]
160pub enum ApiKeyLocation {
161 Header,
162 Query,
163 Cookie,
164}
165
166#[derive(Debug, Clone)]
168pub struct AnnotatedOperation {
169 pub path: String,
170 pub method: String,
171 pub features: Vec<ConformanceFeature>,
172 pub request_body_content_type: Option<String>,
173 pub sample_body: Option<String>,
174 pub query_params: Vec<(String, String)>,
175 pub header_params: Vec<(String, String)>,
176 pub path_params: Vec<(String, String)>,
177 pub response_schema: Option<Schema>,
179 pub response_schemas: std::collections::BTreeMap<u16, serde_json::Value>,
187 pub request_body_schema: Option<Schema>,
193 pub security_schemes: Vec<SecuritySchemeInfo>,
195}
196
197pub struct SpecDrivenConformanceGenerator {
199 config: ConformanceConfig,
200 operations: Vec<AnnotatedOperation>,
201}
202
203impl SpecDrivenConformanceGenerator {
204 pub fn new(config: ConformanceConfig, operations: Vec<AnnotatedOperation>) -> Self {
205 Self { config, operations }
206 }
207
208 pub fn annotate_operations(
210 operations: &[ApiOperation],
211 spec: &OpenAPI,
212 ) -> Vec<AnnotatedOperation> {
213 operations.iter().map(|op| Self::annotate_operation(op, spec)).collect()
214 }
215
216 fn annotate_operation(op: &ApiOperation, spec: &OpenAPI) -> AnnotatedOperation {
218 let mut features = Vec::new();
219 let mut query_params = Vec::new();
220 let mut header_params = Vec::new();
221 let mut path_params = Vec::new();
222
223 match op.method.to_uppercase().as_str() {
225 "GET" => features.push(ConformanceFeature::MethodGet),
226 "POST" => features.push(ConformanceFeature::MethodPost),
227 "PUT" => features.push(ConformanceFeature::MethodPut),
228 "PATCH" => features.push(ConformanceFeature::MethodPatch),
229 "DELETE" => features.push(ConformanceFeature::MethodDelete),
230 "HEAD" => features.push(ConformanceFeature::MethodHead),
231 "OPTIONS" => features.push(ConformanceFeature::MethodOptions),
232 _ => {}
233 }
234
235 for param_ref in &op.operation.parameters {
237 if let Some(param) = ref_resolver::resolve_parameter(param_ref, spec) {
238 Self::annotate_parameter(
239 param,
240 spec,
241 &mut features,
242 &mut query_params,
243 &mut header_params,
244 &mut path_params,
245 );
246 }
247 }
248
249 for segment in op.path.split('/') {
251 if segment.starts_with('{') && segment.ends_with('}') {
252 let name = &segment[1..segment.len() - 1];
253 if !path_params.iter().any(|(n, _)| n == name) {
255 path_params.push((name.to_string(), "test-value".to_string()));
256 if !features.contains(&ConformanceFeature::PathParamString)
258 && !features.contains(&ConformanceFeature::PathParamInteger)
259 {
260 features.push(ConformanceFeature::PathParamString);
261 }
262 }
263 }
264 }
265
266 let mut request_body_content_type = None;
268 let mut sample_body = None;
269 let mut request_body_schema: Option<Schema> = None;
270
271 let resolved_body = op
272 .operation
273 .request_body
274 .as_ref()
275 .and_then(|b| ref_resolver::resolve_request_body(b, spec));
276
277 if let Some(body) = resolved_body {
278 for (content_type, _media) in &body.content {
279 match content_type.as_str() {
280 "application/json" => {
281 features.push(ConformanceFeature::BodyJson);
282 request_body_content_type = Some("application/json".to_string());
283 if let Ok(template) = RequestGenerator::generate_template(op) {
285 if let Some(body_val) = &template.body {
286 sample_body = Some(body_val.to_string());
287 }
288 }
289 }
290 "application/x-www-form-urlencoded" => {
291 features.push(ConformanceFeature::BodyFormUrlencoded);
292 request_body_content_type =
293 Some("application/x-www-form-urlencoded".to_string());
294 }
295 "multipart/form-data" => {
296 features.push(ConformanceFeature::BodyMultipart);
297 request_body_content_type = Some("multipart/form-data".to_string());
298 }
299 _ => {}
300 }
301 }
302
303 if let Some(media) = body.content.get("application/json") {
305 if let Some(schema_ref) = &media.schema {
306 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
307 Self::annotate_schema(schema, spec, &mut features);
308 request_body_schema = Some(schema.clone());
312 }
313 }
314 }
315 }
316
317 Self::annotate_responses(&op.operation, spec, &mut features);
319
320 let response_schema = Self::extract_response_schema(&op.operation, spec);
322 if response_schema.is_some() {
323 features.push(ConformanceFeature::ResponseValidation);
324 }
325 let response_schemas = Self::extract_response_schemas_per_status(&op.operation, spec);
327
328 Self::annotate_content_negotiation(&op.operation, spec, &mut features);
330
331 let mut security_schemes = Vec::new();
333 Self::annotate_security(&op.operation, spec, &mut features, &mut security_schemes);
334
335 features.sort_by_key(|f| f.check_name());
337 features.dedup_by_key(|f| f.check_name());
338
339 AnnotatedOperation {
340 path: op.path.clone(),
341 method: op.method.to_uppercase(),
342 features,
343 request_body_content_type,
344 sample_body,
345 query_params,
346 header_params,
347 path_params,
348 response_schema,
349 response_schemas,
350 request_body_schema,
351 security_schemes,
352 }
353 }
354
355 fn annotate_parameter(
357 param: &Parameter,
358 spec: &OpenAPI,
359 features: &mut Vec<ConformanceFeature>,
360 query_params: &mut Vec<(String, String)>,
361 header_params: &mut Vec<(String, String)>,
362 path_params: &mut Vec<(String, String)>,
363 ) {
364 let (location, data) = match param {
365 Parameter::Query { parameter_data, .. } => ("query", parameter_data),
366 Parameter::Path { parameter_data, .. } => ("path", parameter_data),
367 Parameter::Header { parameter_data, .. } => ("header", parameter_data),
368 Parameter::Cookie { .. } => {
369 features.push(ConformanceFeature::CookieParam);
370 return;
371 }
372 };
373
374 let is_integer = Self::param_schema_is_integer(data, spec);
376 let is_array = Self::param_schema_is_array(data, spec);
377
378 let sample = if is_integer {
380 "42".to_string()
381 } else if is_array {
382 "a,b".to_string()
383 } else {
384 "test-value".to_string()
385 };
386
387 match location {
388 "path" => {
389 if is_integer {
390 features.push(ConformanceFeature::PathParamInteger);
391 } else {
392 features.push(ConformanceFeature::PathParamString);
393 }
394 path_params.push((data.name.clone(), sample));
395 }
396 "query" => {
397 if is_array {
398 features.push(ConformanceFeature::QueryParamArray);
399 } else if is_integer {
400 features.push(ConformanceFeature::QueryParamInteger);
401 } else {
402 features.push(ConformanceFeature::QueryParamString);
403 }
404 query_params.push((data.name.clone(), sample));
405 }
406 "header" => {
407 features.push(ConformanceFeature::HeaderParam);
408 header_params.push((data.name.clone(), sample));
409 }
410 _ => {}
411 }
412
413 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
415 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
416 Self::annotate_schema(schema, spec, features);
417 }
418 }
419
420 if data.required {
422 features.push(ConformanceFeature::ConstraintRequired);
423 } else {
424 features.push(ConformanceFeature::ConstraintOptional);
425 }
426 }
427
428 fn param_schema_is_integer(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
429 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
430 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
431 return matches!(&schema.schema_kind, SchemaKind::Type(Type::Integer(_)));
432 }
433 }
434 false
435 }
436
437 fn param_schema_is_array(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
438 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
439 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
440 return matches!(&schema.schema_kind, SchemaKind::Type(Type::Array(_)));
441 }
442 }
443 false
444 }
445
446 fn annotate_schema(schema: &Schema, spec: &OpenAPI, features: &mut Vec<ConformanceFeature>) {
448 match &schema.schema_kind {
449 SchemaKind::Type(Type::String(s)) => {
450 features.push(ConformanceFeature::SchemaString);
451 match &s.format {
453 VariantOrUnknownOrEmpty::Item(StringFormat::Date) => {
454 features.push(ConformanceFeature::FormatDate);
455 }
456 VariantOrUnknownOrEmpty::Item(StringFormat::DateTime) => {
457 features.push(ConformanceFeature::FormatDateTime);
458 }
459 VariantOrUnknownOrEmpty::Unknown(fmt) => match fmt.as_str() {
460 "email" => features.push(ConformanceFeature::FormatEmail),
461 "uuid" => features.push(ConformanceFeature::FormatUuid),
462 "uri" | "url" => features.push(ConformanceFeature::FormatUri),
463 "ipv4" => features.push(ConformanceFeature::FormatIpv4),
464 "ipv6" => features.push(ConformanceFeature::FormatIpv6),
465 _ => {}
466 },
467 _ => {}
468 }
469 if s.pattern.is_some() {
471 features.push(ConformanceFeature::ConstraintPattern);
472 }
473 if !s.enumeration.is_empty() {
474 features.push(ConformanceFeature::ConstraintEnum);
475 }
476 if s.min_length.is_some() || s.max_length.is_some() {
477 features.push(ConformanceFeature::ConstraintMinMax);
478 }
479 }
480 SchemaKind::Type(Type::Integer(i)) => {
481 features.push(ConformanceFeature::SchemaInteger);
482 if i.minimum.is_some() || i.maximum.is_some() {
483 features.push(ConformanceFeature::ConstraintMinMax);
484 }
485 if !i.enumeration.is_empty() {
486 features.push(ConformanceFeature::ConstraintEnum);
487 }
488 }
489 SchemaKind::Type(Type::Number(n)) => {
490 features.push(ConformanceFeature::SchemaNumber);
491 if n.minimum.is_some() || n.maximum.is_some() {
492 features.push(ConformanceFeature::ConstraintMinMax);
493 }
494 }
495 SchemaKind::Type(Type::Boolean(_)) => {
496 features.push(ConformanceFeature::SchemaBoolean);
497 }
498 SchemaKind::Type(Type::Array(arr)) => {
499 features.push(ConformanceFeature::SchemaArray);
500 if let Some(item_ref) = &arr.items {
501 if let Some(item_schema) = ref_resolver::resolve_boxed_schema(item_ref, spec) {
502 Self::annotate_schema(item_schema, spec, features);
503 }
504 }
505 }
506 SchemaKind::Type(Type::Object(obj)) => {
507 features.push(ConformanceFeature::SchemaObject);
508 if !obj.required.is_empty() {
510 features.push(ConformanceFeature::ConstraintRequired);
511 }
512 for (_name, prop_ref) in &obj.properties {
514 if let Some(prop_schema) = ref_resolver::resolve_boxed_schema(prop_ref, spec) {
515 Self::annotate_schema(prop_schema, spec, features);
516 }
517 }
518 }
519 SchemaKind::OneOf { .. } => {
520 features.push(ConformanceFeature::CompositionOneOf);
521 }
522 SchemaKind::AnyOf { .. } => {
523 features.push(ConformanceFeature::CompositionAnyOf);
524 }
525 SchemaKind::AllOf { .. } => {
526 features.push(ConformanceFeature::CompositionAllOf);
527 }
528 _ => {}
529 }
530 }
531
532 fn annotate_responses(
534 operation: &Operation,
535 spec: &OpenAPI,
536 features: &mut Vec<ConformanceFeature>,
537 ) {
538 for (status_code, resp_ref) in &operation.responses.responses {
539 if ref_resolver::resolve_response(resp_ref, spec).is_some() {
541 match status_code {
542 openapiv3::StatusCode::Code(200) => {
543 features.push(ConformanceFeature::Response200)
544 }
545 openapiv3::StatusCode::Code(201) => {
546 features.push(ConformanceFeature::Response201)
547 }
548 openapiv3::StatusCode::Code(204) => {
549 features.push(ConformanceFeature::Response204)
550 }
551 openapiv3::StatusCode::Code(400) => {
552 features.push(ConformanceFeature::Response400)
553 }
554 openapiv3::StatusCode::Code(404) => {
555 features.push(ConformanceFeature::Response404)
556 }
557 _ => {}
558 }
559 }
560 }
561 }
562
563 fn extract_response_schemas_per_status(
569 operation: &Operation,
570 spec: &OpenAPI,
571 ) -> std::collections::BTreeMap<u16, serde_json::Value> {
572 let mut out = std::collections::BTreeMap::new();
573 for (code, resp_ref) in &operation.responses.responses {
574 let openapiv3::StatusCode::Code(n) = code else {
575 continue; };
577 let Some(response) = ref_resolver::resolve_response(resp_ref, spec) else {
578 continue;
579 };
580 let Some(media) = response.content.get("application/json") else {
581 continue;
582 };
583 let Some(schema_ref) = &media.schema else {
584 continue;
585 };
586 let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) else {
587 continue;
588 };
589 if let Ok(value) = serde_json::to_value(schema) {
592 out.insert(*n, value);
593 }
594 }
595 out
596 }
597
598 fn extract_response_schema(operation: &Operation, spec: &OpenAPI) -> Option<Schema> {
601 for code in [200u16, 201] {
603 if let Some(resp_ref) =
604 operation.responses.responses.get(&openapiv3::StatusCode::Code(code))
605 {
606 if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
607 if let Some(media) = response.content.get("application/json") {
608 if let Some(schema_ref) = &media.schema {
609 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
610 return Some(schema.clone());
611 }
612 }
613 }
614 }
615 }
616 }
617 None
618 }
619
620 fn annotate_content_negotiation(
622 operation: &Operation,
623 spec: &OpenAPI,
624 features: &mut Vec<ConformanceFeature>,
625 ) {
626 for (_status_code, resp_ref) in &operation.responses.responses {
627 if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
628 if response.content.len() > 1 {
629 features.push(ConformanceFeature::ContentNegotiation);
630 return; }
632 }
633 }
634 }
635
636 fn annotate_security(
640 operation: &Operation,
641 spec: &OpenAPI,
642 features: &mut Vec<ConformanceFeature>,
643 security_schemes: &mut Vec<SecuritySchemeInfo>,
644 ) {
645 let security_reqs = operation.security.as_ref().or(spec.security.as_ref());
647
648 if let Some(security) = security_reqs {
649 for security_req in security {
650 for scheme_name in security_req.keys() {
651 if let Some(resolved) = Self::resolve_security_scheme(scheme_name, spec) {
653 match resolved {
654 SecurityScheme::HTTP { ref scheme, .. } => {
655 if scheme.eq_ignore_ascii_case("bearer") {
656 features.push(ConformanceFeature::SecurityBearer);
657 security_schemes.push(SecuritySchemeInfo::Bearer);
658 } else if scheme.eq_ignore_ascii_case("basic") {
659 features.push(ConformanceFeature::SecurityBasic);
660 security_schemes.push(SecuritySchemeInfo::Basic);
661 }
662 }
663 SecurityScheme::APIKey { location, name, .. } => {
664 features.push(ConformanceFeature::SecurityApiKey);
665 let loc = match location {
666 openapiv3::APIKeyLocation::Query => ApiKeyLocation::Query,
667 openapiv3::APIKeyLocation::Header => ApiKeyLocation::Header,
668 openapiv3::APIKeyLocation::Cookie => ApiKeyLocation::Cookie,
669 };
670 security_schemes.push(SecuritySchemeInfo::ApiKey {
671 location: loc,
672 name: name.clone(),
673 });
674 }
675 _ => {}
677 }
678 } else {
679 let name_lower = scheme_name.to_lowercase();
681 if name_lower.contains("bearer") || name_lower.contains("jwt") {
682 features.push(ConformanceFeature::SecurityBearer);
683 security_schemes.push(SecuritySchemeInfo::Bearer);
684 } else if name_lower.contains("api") && name_lower.contains("key") {
685 features.push(ConformanceFeature::SecurityApiKey);
686 security_schemes.push(SecuritySchemeInfo::ApiKey {
687 location: ApiKeyLocation::Header,
688 name: "X-API-Key".to_string(),
689 });
690 } else if name_lower.contains("basic") {
691 features.push(ConformanceFeature::SecurityBasic);
692 security_schemes.push(SecuritySchemeInfo::Basic);
693 }
694 }
695 }
696 }
697 }
698 }
699
700 fn resolve_security_scheme<'a>(name: &str, spec: &'a OpenAPI) -> Option<&'a SecurityScheme> {
702 let components = spec.components.as_ref()?;
703 match components.security_schemes.get(name)? {
704 ReferenceOr::Item(scheme) => Some(scheme),
705 ReferenceOr::Reference { .. } => None,
706 }
707 }
708
709 pub fn operation_count(&self) -> usize {
711 self.operations.len()
712 }
713
714 pub fn generate(&self) -> Result<(String, usize)> {
717 let mut script = String::with_capacity(16384);
718
719 script.push_str("import http from 'k6/http';\n");
721 script.push_str("import { check, group } from 'k6';\n");
722 if self.config.request_delay_ms > 0 {
723 script.push_str("import { sleep } from 'k6';\n");
724 }
725 script.push('\n');
726
727 script.push_str(
731 "http.setResponseCallback(http.expectedStatuses({ min: 100, max: 599 }));\n\n",
732 );
733
734 script.push_str("export const options = {\n");
736 script.push_str(" vus: 1,\n");
737 script.push_str(" iterations: 1,\n");
738 if self.config.skip_tls_verify {
739 script.push_str(" insecureSkipTLSVerify: true,\n");
740 }
741 script.push_str(" thresholds: {\n");
742 script.push_str(" checks: ['rate>0'],\n");
743 script.push_str(" },\n");
744 script.push_str("};\n\n");
745
746 script.push_str(&format!("const BASE_URL = '{}';\n\n", self.config.effective_base_url()));
748 script.push_str("const JSON_HEADERS = { 'Content-Type': 'application/json' };\n\n");
749
750 let custom_emit = self.config.generate_custom_group()?;
754 if let Some(emit) = &custom_emit {
755 if !emit.init_code.is_empty() {
756 script.push_str("// Round 39 (#79) — preloaded upload bytes for custom checks\n");
757 script.push_str(&emit.init_code);
758 script.push('\n');
759 }
760 }
761
762 script
765 .push_str("function __captureFailure(checkName, res, expected, schemaViolations) {\n");
766 script.push_str(" let bodyStr = '';\n");
767 script.push_str(" try { bodyStr = res.body ? res.body.substring(0, 2000) : ''; } catch(e) { bodyStr = '<unreadable>'; }\n");
768 script.push_str(" let reqHeaders = {};\n");
769 script.push_str(
770 " if (res.request && res.request.headers) { reqHeaders = res.request.headers; }\n",
771 );
772 script.push_str(" let reqBody = '';\n");
773 script.push_str(" if (res.request && res.request.body) { try { reqBody = res.request.body.substring(0, 2000); } catch(e) {} }\n");
774 script.push_str(" let payload = {\n");
775 script.push_str(" check: checkName,\n");
776 script.push_str(" request: {\n");
777 script.push_str(" method: res.request ? res.request.method : 'unknown',\n");
778 script.push_str(" url: res.request ? res.request.url : res.url || 'unknown',\n");
779 script.push_str(" headers: reqHeaders,\n");
780 script.push_str(" body: reqBody,\n");
781 script.push_str(" },\n");
782 script.push_str(" response: {\n");
783 script.push_str(" status: res.status,\n");
784 script.push_str(" headers: res.headers ? Object.fromEntries(Object.entries(res.headers).slice(0, 20)) : {},\n");
785 script.push_str(" body: bodyStr,\n");
786 script.push_str(" },\n");
787 script.push_str(" expected: expected,\n");
788 script.push_str(" };\n");
789 script.push_str(" if (schemaViolations && schemaViolations.length > 0) { payload.schema_violations = schemaViolations; }\n");
790 script.push_str(" console.log('MOCKFORGE_FAILURE:' + JSON.stringify(payload));\n");
791 script.push_str("}\n\n");
792
793 if self.config.export_requests {
795 script.push_str("function __captureExchange(checkName, res) {\n");
796 script.push_str(" let bodyStr = '';\n");
797 script.push_str(" try { bodyStr = res.body ? res.body.substring(0, 2000) : ''; } catch(e) { bodyStr = '<unreadable>'; }\n");
798 script.push_str(" let reqHeaders = {};\n");
799 script.push_str(
800 " if (res.request && res.request.headers) { reqHeaders = res.request.headers; }\n",
801 );
802 script.push_str(" let reqBody = '';\n");
803 script.push_str(" if (res.request && res.request.body) { try { reqBody = res.request.body.substring(0, 2000); } catch(e) {} }\n");
804 script.push_str(" console.log('MOCKFORGE_EXCHANGE:' + JSON.stringify({\n");
805 script.push_str(" check: checkName,\n");
806 script.push_str(" request: {\n");
807 script.push_str(" method: res.request ? res.request.method : 'unknown',\n");
808 script.push_str(" url: res.request ? res.request.url : res.url || 'unknown',\n");
809 script.push_str(" headers: reqHeaders,\n");
810 script.push_str(" body: reqBody,\n");
811 script.push_str(" },\n");
812 script.push_str(" response: {\n");
813 script.push_str(" status: res.status,\n");
814 script.push_str(" headers: res.headers ? Object.fromEntries(Object.entries(res.headers).slice(0, 30)) : {},\n");
815 script.push_str(" body: bodyStr,\n");
816 script.push_str(" },\n");
817 script.push_str(" }));\n");
818 script.push_str("}\n\n");
819 }
820
821 script.push_str("export default function () {\n");
823
824 if self.config.has_cookie_header() {
825 script.push_str(
826 " // Clear cookie jar to prevent server Set-Cookie from duplicating custom Cookie header\n",
827 );
828 script.push_str(" http.cookieJar().clear(BASE_URL);\n\n");
829 }
830
831 let mut category_ops: std::collections::BTreeMap<
833 &'static str,
834 Vec<(&AnnotatedOperation, &ConformanceFeature)>,
835 > = std::collections::BTreeMap::new();
836
837 for op in &self.operations {
838 for feature in &op.features {
839 let category = feature.category();
840 if self.config.should_include_category(category) {
841 category_ops.entry(category).or_default().push((op, feature));
842 }
843 }
844 }
845
846 let mut total_checks = 0usize;
848 for (category, ops) in &category_ops {
849 script.push_str(&format!(" group('{}', function () {{\n", category));
850
851 if self.config.all_operations {
852 let mut emitted_checks: HashSet<String> = HashSet::new();
854 for (op, feature) in ops {
855 let qualified = format!("{}:{}", feature.check_name(), op.path);
856 if emitted_checks.insert(qualified.clone()) {
857 self.emit_check_named(&mut script, op, feature, &qualified);
858 total_checks += 1;
859 }
860 }
861 } else {
862 let mut emitted_features: HashSet<&str> = HashSet::new();
865 for (op, feature) in ops {
866 if emitted_features.insert(feature.check_name()) {
867 let qualified = format!("{}:{}", feature.check_name(), op.path);
868 self.emit_check_named(&mut script, op, feature, &qualified);
869 total_checks += 1;
870 }
871 }
872 }
873
874 script.push_str(" });\n\n");
875 }
876
877 if let Some(emit) = custom_emit {
881 script.push_str(&emit.group_body);
882 }
883
884 script.push_str("}\n\n");
885
886 self.generate_handle_summary(&mut script);
888
889 Ok((script, total_checks))
890 }
891
892 fn emit_check_named(
894 &self,
895 script: &mut String,
896 op: &AnnotatedOperation,
897 feature: &ConformanceFeature,
898 check_name: &str,
899 ) {
900 let check_name = check_name.replace('\'', "\\'");
902 let check_name = check_name.as_str();
903
904 script.push_str(" {\n");
905
906 let mut url_path = op.path.clone();
908 for (name, value) in &op.path_params {
909 url_path = url_path.replace(&format!("{{{}}}", name), value);
910 }
911
912 if !op.query_params.is_empty() {
914 let qs: Vec<String> =
915 op.query_params.iter().map(|(k, v)| format!("{}={}", k, v)).collect();
916 url_path = format!("{}?{}", url_path, qs.join("&"));
917 }
918
919 let full_url = format!("${{BASE_URL}}{}", url_path);
920
921 let mut effective_headers = self.effective_headers(&op.header_params);
924
925 if matches!(feature, ConformanceFeature::Response400 | ConformanceFeature::Response404) {
928 let expected_code = match feature {
929 ConformanceFeature::Response400 => "400",
930 ConformanceFeature::Response404 => "404",
931 _ => unreachable!(),
932 };
933 effective_headers
934 .push(("X-Mockforge-Response-Status".to_string(), expected_code.to_string()));
935 }
936
937 let needs_auth = matches!(
941 feature,
942 ConformanceFeature::SecurityBearer
943 | ConformanceFeature::SecurityBasic
944 | ConformanceFeature::SecurityApiKey
945 ) || !op.security_schemes.is_empty();
946
947 if needs_auth {
948 self.inject_security_headers(&op.security_schemes, &mut effective_headers);
949 }
950
951 let has_headers = !effective_headers.is_empty();
952 let headers_obj = if has_headers {
953 Self::format_headers(&effective_headers)
954 } else {
955 String::new()
956 };
957
958 match op.method.as_str() {
960 "GET" => {
961 if has_headers {
962 script.push_str(&format!(
963 " let res = http.get(`{}`, {{ headers: {} }});\n",
964 full_url, headers_obj
965 ));
966 } else {
967 script.push_str(&format!(" let res = http.get(`{}`);\n", full_url));
968 }
969 }
970 "POST" => {
971 self.emit_request_with_body(script, "post", &full_url, op, &effective_headers);
972 }
973 "PUT" => {
974 self.emit_request_with_body(script, "put", &full_url, op, &effective_headers);
975 }
976 "PATCH" => {
977 self.emit_request_with_body(script, "patch", &full_url, op, &effective_headers);
978 }
979 "DELETE" => {
980 if has_headers {
981 script.push_str(&format!(
982 " let res = http.del(`{}`, null, {{ headers: {} }});\n",
983 full_url, headers_obj
984 ));
985 } else {
986 script.push_str(&format!(" let res = http.del(`{}`);\n", full_url));
987 }
988 }
989 "HEAD" => {
990 if has_headers {
991 script.push_str(&format!(
992 " let res = http.head(`{}`, {{ headers: {} }});\n",
993 full_url, headers_obj
994 ));
995 } else {
996 script.push_str(&format!(" let res = http.head(`{}`);\n", full_url));
997 }
998 }
999 "OPTIONS" => {
1000 if has_headers {
1001 script.push_str(&format!(
1002 " let res = http.options(`{}`, null, {{ headers: {} }});\n",
1003 full_url, headers_obj
1004 ));
1005 } else {
1006 script.push_str(&format!(" let res = http.options(`{}`);\n", full_url));
1007 }
1008 }
1009 _ => {
1010 if has_headers {
1011 script.push_str(&format!(
1012 " let res = http.get(`{}`, {{ headers: {} }});\n",
1013 full_url, headers_obj
1014 ));
1015 } else {
1016 script.push_str(&format!(" let res = http.get(`{}`);\n", full_url));
1017 }
1018 }
1019 }
1020
1021 if self.config.export_requests {
1024 script.push_str(&format!(
1025 " if (typeof __captureExchange === 'function') __captureExchange('{}', res);\n",
1026 check_name
1027 ));
1028 }
1029
1030 if matches!(
1032 feature,
1033 ConformanceFeature::Response200
1034 | ConformanceFeature::Response201
1035 | ConformanceFeature::Response204
1036 | ConformanceFeature::Response400
1037 | ConformanceFeature::Response404
1038 ) {
1039 let expected_code = match feature {
1040 ConformanceFeature::Response200 => 200,
1041 ConformanceFeature::Response201 => 201,
1042 ConformanceFeature::Response204 => 204,
1043 ConformanceFeature::Response400 => 400,
1044 ConformanceFeature::Response404 => 404,
1045 _ => 200,
1046 };
1047 script.push_str(&format!(
1048 " {{ let ok = check(res, {{ '{}': (r) => r.status === {} }}); if (!ok) __captureFailure('{}', res, 'status === {}'); }}\n",
1049 check_name, expected_code, check_name, expected_code
1050 ));
1051 } else if matches!(feature, ConformanceFeature::ResponseValidation) {
1052 if let Some(schema) = &op.response_schema {
1057 let validation_js = SchemaValidatorGenerator::generate_validation(schema);
1058 let schema_json = serde_json::to_string(schema).unwrap_or_default();
1059 let schema_json_escaped = schema_json.replace('\\', "\\\\").replace('`', "\\`");
1061 script.push_str(&format!(
1062 concat!(
1063 " try {{\n",
1064 " let body = res.json();\n",
1065 " let ok = check(res, {{ '{check}': (r) => ( {validation} ) }});\n",
1066 " if (!ok) {{\n",
1067 " let __violations = [];\n",
1068 " try {{\n",
1069 " let __schema = JSON.parse(`{schema}`);\n",
1070 " function __collectErrors(schema, data, path) {{\n",
1071 " if (!schema || typeof schema !== 'object') return;\n",
1072 " let st = schema.type || (schema.schema_kind && schema.schema_kind.Type && Object.keys(schema.schema_kind.Type)[0]);\n",
1073 " if (st) {{ st = st.toLowerCase(); }}\n",
1074 " if (st === 'object') {{\n",
1075 " if (typeof data !== 'object' || data === null) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'object', actual: typeof data }}); return; }}\n",
1076 " let props = schema.properties || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Object && schema.schema_kind.Type.Object.properties) || {{}};\n",
1077 " let req = schema.required || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Object && schema.schema_kind.Type.Object.required) || [];\n",
1078 " for (let f of req) {{ if (!(f in data)) {{ __violations.push({{ field_path: path + '/' + f, violation_type: 'required', expected: 'present', actual: 'missing' }}); }} }}\n",
1079 " for (let [k, v] of Object.entries(props)) {{ if (data[k] !== undefined) {{ let ps = v.Item || v; __collectErrors(ps, data[k], path + '/' + k); }} }}\n",
1080 " }} else if (st === 'array') {{\n",
1081 " if (!Array.isArray(data)) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'array', actual: typeof data }}); return; }}\n",
1082 " let items = schema.items || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Array && schema.schema_kind.Type.Array.items);\n",
1083 " if (items) {{ let is = items.Item || items; for (let i = 0; i < Math.min(data.length, 5); i++) {{ __collectErrors(is, data[i], path + '/' + i); }} }}\n",
1084 " }} else if (st === 'string') {{\n",
1085 " if (typeof data !== 'string') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'string', actual: typeof data }}); }}\n",
1086 " }} else if (st === 'integer') {{\n",
1087 " if (typeof data !== 'number' || !Number.isInteger(data)) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'integer', actual: typeof data }}); }}\n",
1088 " }} else if (st === 'number') {{\n",
1089 " if (typeof data !== 'number') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'number', actual: typeof data }}); }}\n",
1090 " }} else if (st === 'boolean') {{\n",
1091 " if (typeof data !== 'boolean') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'boolean', actual: typeof data }}); }}\n",
1092 " }}\n",
1093 " }}\n",
1094 " __collectErrors(__schema, body, '');\n",
1095 " }} catch(_e) {{}}\n",
1096 " __captureFailure('{check}', res, 'schema validation', __violations);\n",
1097 " }}\n",
1098 " }} catch(e) {{ check(res, {{ '{check}': () => false }}); __captureFailure('{check}', res, 'JSON parse failed: ' + e.message); }}\n",
1099 ),
1100 check = check_name,
1101 validation = validation_js,
1102 schema = schema_json_escaped,
1103 ));
1104 }
1105 } else if matches!(
1106 feature,
1107 ConformanceFeature::SecurityBearer
1108 | ConformanceFeature::SecurityBasic
1109 | ConformanceFeature::SecurityApiKey
1110 ) {
1111 script.push_str(&format!(
1113 " {{ let ok = check(res, {{ '{}': (r) => r.status >= 200 && r.status < 400 }}); if (!ok) __captureFailure('{}', res, 'status >= 200 && status < 400 (auth accepted)'); }}\n",
1114 check_name, check_name
1115 ));
1116 } else {
1117 script.push_str(&format!(
1118 " {{ let ok = check(res, {{ '{}': (r) => r.status >= 200 && r.status < 500 }}); if (!ok) __captureFailure('{}', res, 'status >= 200 && status < 500'); }}\n",
1119 check_name, check_name
1120 ));
1121 }
1122
1123 let has_cookie = self.config.has_cookie_header()
1125 || effective_headers.iter().any(|(h, _)| h.eq_ignore_ascii_case("Cookie"));
1126 if has_cookie {
1127 script.push_str(" http.cookieJar().clear(BASE_URL);\n");
1128 }
1129
1130 script.push_str(" }\n");
1131
1132 if self.config.request_delay_ms > 0 {
1134 script.push_str(&format!(
1135 " sleep({:.3});\n",
1136 self.config.request_delay_ms as f64 / 1000.0
1137 ));
1138 }
1139 }
1140
1141 fn emit_request_with_body(
1143 &self,
1144 script: &mut String,
1145 method: &str,
1146 url: &str,
1147 op: &AnnotatedOperation,
1148 effective_headers: &[(String, String)],
1149 ) {
1150 if let Some(body) = &op.sample_body {
1151 let escaped_body = body.replace('\'', "\\'");
1152 let headers = if !effective_headers.is_empty() {
1153 format!(
1154 "Object.assign({{}}, JSON_HEADERS, {})",
1155 Self::format_headers(effective_headers)
1156 )
1157 } else {
1158 "JSON_HEADERS".to_string()
1159 };
1160 script.push_str(&format!(
1161 " let res = http.{}(`{}`, '{}', {{ headers: {} }});\n",
1162 method, url, escaped_body, headers
1163 ));
1164 } else if !effective_headers.is_empty() {
1165 script.push_str(&format!(
1166 " let res = http.{}(`{}`, null, {{ headers: {} }});\n",
1167 method,
1168 url,
1169 Self::format_headers(effective_headers)
1170 ));
1171 } else {
1172 script.push_str(&format!(" let res = http.{}(`{}`, null);\n", method, url));
1173 }
1174 }
1175
1176 fn effective_headers(&self, spec_headers: &[(String, String)]) -> Vec<(String, String)> {
1180 let custom = &self.config.custom_headers;
1181 if custom.is_empty() {
1182 return spec_headers.to_vec();
1183 }
1184
1185 let mut result: Vec<(String, String)> = Vec::new();
1186
1187 for (name, value) in spec_headers {
1189 if let Some((_, custom_val)) =
1190 custom.iter().find(|(cn, _)| cn.eq_ignore_ascii_case(name))
1191 {
1192 result.push((name.clone(), custom_val.clone()));
1193 } else {
1194 result.push((name.clone(), value.clone()));
1195 }
1196 }
1197
1198 for (name, value) in custom {
1200 if !spec_headers.iter().any(|(sn, _)| sn.eq_ignore_ascii_case(name)) {
1201 result.push((name.clone(), value.clone()));
1202 }
1203 }
1204
1205 result
1206 }
1207
1208 fn inject_security_headers(
1211 &self,
1212 schemes: &[SecuritySchemeInfo],
1213 headers: &mut Vec<(String, String)>,
1214 ) {
1215 let mut to_add: Vec<(String, String)> = Vec::new();
1216
1217 let has_header = |name: &str, headers: &[(String, String)]| {
1218 headers.iter().any(|(h, _)| h.eq_ignore_ascii_case(name))
1219 || self.config.custom_headers.iter().any(|(h, _)| h.eq_ignore_ascii_case(name))
1220 };
1221
1222 let has_cookie_auth = has_header("Cookie", headers);
1224
1225 for scheme in schemes {
1226 match scheme {
1227 SecuritySchemeInfo::Bearer => {
1228 if !has_cookie_auth && !has_header("Authorization", headers) {
1229 to_add.push((
1231 "Authorization".to_string(),
1232 "Bearer mockforge-conformance-test-token".to_string(),
1233 ));
1234 }
1235 }
1236 SecuritySchemeInfo::Basic => {
1237 if !has_cookie_auth && !has_header("Authorization", headers) {
1238 let creds = self.config.basic_auth.as_deref().unwrap_or("test:test");
1239 use base64::Engine;
1240 let encoded =
1241 base64::engine::general_purpose::STANDARD.encode(creds.as_bytes());
1242 to_add.push(("Authorization".to_string(), format!("Basic {}", encoded)));
1243 }
1244 }
1245 SecuritySchemeInfo::ApiKey { location, name } => match location {
1246 ApiKeyLocation::Header => {
1247 if !has_header(name, headers) {
1248 let key = self
1249 .config
1250 .api_key
1251 .as_deref()
1252 .unwrap_or("mockforge-conformance-test-key");
1253 to_add.push((name.clone(), key.to_string()));
1254 }
1255 }
1256 ApiKeyLocation::Cookie => {
1257 if !has_header("Cookie", headers) {
1258 to_add.push((
1259 "Cookie".to_string(),
1260 format!("{}=mockforge-conformance-test-session", name),
1261 ));
1262 }
1263 }
1264 ApiKeyLocation::Query => {
1265 }
1267 },
1268 }
1269 }
1270
1271 headers.extend(to_add);
1272 }
1273
1274 fn format_headers(headers: &[(String, String)]) -> String {
1276 let entries: Vec<String> = headers
1277 .iter()
1278 .map(|(k, v)| format!("'{}': '{}'", k, v.replace('\'', "\\'")))
1279 .collect();
1280 format!("{{ {} }}", entries.join(", "))
1281 }
1282
1283 fn generate_handle_summary(&self, script: &mut String) {
1285 let report_path = match &self.config.output_dir {
1287 Some(dir) => {
1288 let abs = std::fs::canonicalize(dir)
1289 .unwrap_or_else(|_| dir.clone())
1290 .join("conformance-report.json");
1291 abs.to_string_lossy().to_string()
1292 }
1293 None => "conformance-report.json".to_string(),
1294 };
1295
1296 script.push_str("export function handleSummary(data) {\n");
1297 script.push_str(" let checks = {};\n");
1298 script.push_str(" if (data.metrics && data.metrics.checks) {\n");
1299 script.push_str(" checks.overall_pass_rate = data.metrics.checks.values.rate;\n");
1300 script.push_str(" }\n");
1301 script.push_str(" let checkResults = {};\n");
1302 script.push_str(" function walkGroups(group) {\n");
1303 script.push_str(" if (group.checks) {\n");
1304 script.push_str(" for (let checkObj of group.checks) {\n");
1305 script.push_str(" checkResults[checkObj.name] = {\n");
1306 script.push_str(" passes: checkObj.passes,\n");
1307 script.push_str(" fails: checkObj.fails,\n");
1308 script.push_str(" };\n");
1309 script.push_str(" }\n");
1310 script.push_str(" }\n");
1311 script.push_str(" if (group.groups) {\n");
1312 script.push_str(" for (let subGroup of group.groups) {\n");
1313 script.push_str(" walkGroups(subGroup);\n");
1314 script.push_str(" }\n");
1315 script.push_str(" }\n");
1316 script.push_str(" }\n");
1317 script.push_str(" if (data.root_group) {\n");
1318 script.push_str(" walkGroups(data.root_group);\n");
1319 script.push_str(" }\n");
1320 script.push_str(" return {\n");
1321 script.push_str(&format!(
1322 " '{}': JSON.stringify({{ checks: checkResults, overall: checks }}, null, 2),\n",
1323 report_path
1324 ));
1325 script.push_str(" 'summary.json': JSON.stringify(data),\n");
1326 script.push_str(" stdout: textSummary(data, { indent: ' ', enableColors: true }),\n");
1327 script.push_str(" };\n");
1328 script.push_str("}\n\n");
1329 script.push_str("function textSummary(data, opts) {\n");
1330 script.push_str(" return JSON.stringify(data, null, 2);\n");
1331 script.push_str("}\n");
1332 }
1333}
1334
1335#[cfg(test)]
1336mod tests {
1337 use super::*;
1338 use openapiv3::{
1339 Operation, ParameterData, ParameterSchemaOrContent, PathStyle, Response, Schema,
1340 SchemaData, SchemaKind, StringType, Type,
1341 };
1342
1343 fn make_op(method: &str, path: &str, operation: Operation) -> ApiOperation {
1344 ApiOperation {
1345 method: method.to_string(),
1346 path: path.to_string(),
1347 operation,
1348 operation_id: None,
1349 }
1350 }
1351
1352 fn empty_spec() -> OpenAPI {
1353 OpenAPI::default()
1354 }
1355
1356 #[test]
1357 fn test_annotate_get_with_path_param() {
1358 let mut op = Operation::default();
1359 op.parameters.push(ReferenceOr::Item(Parameter::Path {
1360 parameter_data: ParameterData {
1361 name: "id".to_string(),
1362 description: None,
1363 required: true,
1364 deprecated: None,
1365 format: ParameterSchemaOrContent::Schema(ReferenceOr::Item(Schema {
1366 schema_data: SchemaData::default(),
1367 schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1368 })),
1369 example: None,
1370 examples: Default::default(),
1371 explode: None,
1372 extensions: Default::default(),
1373 },
1374 style: PathStyle::Simple,
1375 }));
1376
1377 let api_op = make_op("get", "/users/{id}", op);
1378 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1379
1380 assert!(annotated.features.contains(&ConformanceFeature::MethodGet));
1381 assert!(annotated.features.contains(&ConformanceFeature::PathParamString));
1382 assert!(annotated.features.contains(&ConformanceFeature::ConstraintRequired));
1383 assert_eq!(annotated.path_params.len(), 1);
1384 assert_eq!(annotated.path_params[0].0, "id");
1385 }
1386
1387 #[test]
1388 fn test_annotate_post_with_json_body() {
1389 let mut op = Operation::default();
1390 let mut body = RequestBody {
1391 required: true,
1392 ..Default::default()
1393 };
1394 body.content
1395 .insert("application/json".to_string(), openapiv3::MediaType::default());
1396 op.request_body = Some(ReferenceOr::Item(body));
1397
1398 let api_op = make_op("post", "/items", op);
1399 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1400
1401 assert!(annotated.features.contains(&ConformanceFeature::MethodPost));
1402 assert!(annotated.features.contains(&ConformanceFeature::BodyJson));
1403 }
1404
1405 #[test]
1406 fn test_annotate_response_codes() {
1407 let mut op = Operation::default();
1408 op.responses
1409 .responses
1410 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(Response::default()));
1411 op.responses
1412 .responses
1413 .insert(openapiv3::StatusCode::Code(404), ReferenceOr::Item(Response::default()));
1414
1415 let api_op = make_op("get", "/items", op);
1416 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1417
1418 assert!(annotated.features.contains(&ConformanceFeature::Response200));
1419 assert!(annotated.features.contains(&ConformanceFeature::Response404));
1420 }
1421
1422 #[test]
1423 fn test_generate_spec_driven_script() {
1424 let config = ConformanceConfig {
1425 target_url: "http://localhost:3000".to_string(),
1426 api_key: None,
1427 basic_auth: None,
1428 skip_tls_verify: false,
1429 categories: None,
1430 base_path: None,
1431 custom_headers: vec![],
1432 output_dir: None,
1433 all_operations: false,
1434 custom_checks_file: None,
1435 request_delay_ms: 0,
1436 custom_filter: None,
1437 export_requests: false,
1438 validate_requests: false,
1439 };
1440
1441 let operations = vec![AnnotatedOperation {
1442 path: "/users/{id}".to_string(),
1443 method: "GET".to_string(),
1444 features: vec![
1445 ConformanceFeature::MethodGet,
1446 ConformanceFeature::PathParamString,
1447 ],
1448 request_body_content_type: None,
1449 sample_body: None,
1450 query_params: vec![],
1451 header_params: vec![],
1452 path_params: vec![("id".to_string(), "test-value".to_string())],
1453 response_schema: None,
1454 response_schemas: std::collections::BTreeMap::new(),
1455 request_body_schema: None,
1456 security_schemes: vec![],
1457 }];
1458
1459 let gen = SpecDrivenConformanceGenerator::new(config, operations);
1460 let (script, _check_count) = gen.generate().unwrap();
1461
1462 assert!(script.contains("import http from 'k6/http'"));
1463 assert!(script.contains("/users/test-value"));
1464 assert!(script.contains("param:path:string"));
1465 assert!(script.contains("method:GET"));
1466 assert!(script.contains("handleSummary"));
1467 }
1468
1469 #[test]
1470 fn test_generate_with_category_filter() {
1471 let config = ConformanceConfig {
1472 target_url: "http://localhost:3000".to_string(),
1473 api_key: None,
1474 basic_auth: None,
1475 skip_tls_verify: false,
1476 categories: Some(vec!["Parameters".to_string()]),
1477 base_path: None,
1478 custom_headers: vec![],
1479 output_dir: None,
1480 all_operations: false,
1481 custom_checks_file: None,
1482 request_delay_ms: 0,
1483 custom_filter: None,
1484 export_requests: false,
1485 validate_requests: false,
1486 };
1487
1488 let operations = vec![AnnotatedOperation {
1489 path: "/users/{id}".to_string(),
1490 method: "GET".to_string(),
1491 features: vec![
1492 ConformanceFeature::MethodGet,
1493 ConformanceFeature::PathParamString,
1494 ],
1495 request_body_content_type: None,
1496 sample_body: None,
1497 query_params: vec![],
1498 header_params: vec![],
1499 path_params: vec![("id".to_string(), "1".to_string())],
1500 response_schema: None,
1501 response_schemas: std::collections::BTreeMap::new(),
1502 request_body_schema: None,
1503 security_schemes: vec![],
1504 }];
1505
1506 let gen = SpecDrivenConformanceGenerator::new(config, operations);
1507 let (script, _check_count) = gen.generate().unwrap();
1508
1509 assert!(script.contains("group('Parameters'"));
1510 assert!(!script.contains("group('HTTP Methods'"));
1511 }
1512
1513 #[test]
1514 fn test_annotate_response_validation() {
1515 use openapiv3::ObjectType;
1516
1517 let mut op = Operation::default();
1519 let mut response = Response::default();
1520 let mut media = openapiv3::MediaType::default();
1521 let mut obj_type = ObjectType::default();
1522 obj_type.properties.insert(
1523 "name".to_string(),
1524 ReferenceOr::Item(Box::new(Schema {
1525 schema_data: SchemaData::default(),
1526 schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1527 })),
1528 );
1529 obj_type.required = vec!["name".to_string()];
1530 media.schema = Some(ReferenceOr::Item(Schema {
1531 schema_data: SchemaData::default(),
1532 schema_kind: SchemaKind::Type(Type::Object(obj_type)),
1533 }));
1534 response.content.insert("application/json".to_string(), media);
1535 op.responses
1536 .responses
1537 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1538
1539 let api_op = make_op("get", "/users", op);
1540 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1541
1542 assert!(
1543 annotated.features.contains(&ConformanceFeature::ResponseValidation),
1544 "Should detect ResponseValidation when response has a JSON schema"
1545 );
1546 assert!(annotated.response_schema.is_some(), "Should extract the response schema");
1547
1548 let config = ConformanceConfig {
1550 target_url: "http://localhost:3000".to_string(),
1551 api_key: None,
1552 basic_auth: None,
1553 skip_tls_verify: false,
1554 categories: None,
1555 base_path: None,
1556 custom_headers: vec![],
1557 output_dir: None,
1558 all_operations: false,
1559 custom_checks_file: None,
1560 request_delay_ms: 0,
1561 custom_filter: None,
1562 export_requests: false,
1563 validate_requests: false,
1564 };
1565 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1566 let (script, _check_count) = gen.generate().unwrap();
1567
1568 assert!(
1569 script.contains("response:schema:validation"),
1570 "Script should contain the validation check name"
1571 );
1572 assert!(script.contains("try {"), "Script should wrap validation in try-catch");
1573 assert!(script.contains("res.json()"), "Script should parse response as JSON");
1574 }
1575
1576 #[test]
1577 fn test_annotate_global_security() {
1578 let op = Operation::default();
1580 let mut spec = OpenAPI::default();
1581 let mut global_req = openapiv3::SecurityRequirement::new();
1582 global_req.insert("bearerAuth".to_string(), vec![]);
1583 spec.security = Some(vec![global_req]);
1584 let mut components = openapiv3::Components::default();
1586 components.security_schemes.insert(
1587 "bearerAuth".to_string(),
1588 ReferenceOr::Item(SecurityScheme::HTTP {
1589 scheme: "bearer".to_string(),
1590 bearer_format: Some("JWT".to_string()),
1591 description: None,
1592 extensions: Default::default(),
1593 }),
1594 );
1595 spec.components = Some(components);
1596
1597 let api_op = make_op("get", "/protected", op);
1598 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1599
1600 assert!(
1601 annotated.features.contains(&ConformanceFeature::SecurityBearer),
1602 "Should detect SecurityBearer from global security + components"
1603 );
1604 }
1605
1606 #[test]
1607 fn test_annotate_security_scheme_resolution() {
1608 let mut op = Operation::default();
1610 let mut req = openapiv3::SecurityRequirement::new();
1612 req.insert("myAuth".to_string(), vec![]);
1613 op.security = Some(vec![req]);
1614
1615 let mut spec = OpenAPI::default();
1616 let mut components = openapiv3::Components::default();
1617 components.security_schemes.insert(
1618 "myAuth".to_string(),
1619 ReferenceOr::Item(SecurityScheme::APIKey {
1620 location: openapiv3::APIKeyLocation::Header,
1621 name: "X-API-Key".to_string(),
1622 description: None,
1623 extensions: Default::default(),
1624 }),
1625 );
1626 spec.components = Some(components);
1627
1628 let api_op = make_op("get", "/data", op);
1629 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1630
1631 assert!(
1632 annotated.features.contains(&ConformanceFeature::SecurityApiKey),
1633 "Should detect SecurityApiKey from SecurityScheme::APIKey, not name heuristic"
1634 );
1635 }
1636
1637 #[test]
1638 fn test_annotate_content_negotiation() {
1639 let mut op = Operation::default();
1640 let mut response = Response::default();
1641 response
1643 .content
1644 .insert("application/json".to_string(), openapiv3::MediaType::default());
1645 response
1646 .content
1647 .insert("application/xml".to_string(), openapiv3::MediaType::default());
1648 op.responses
1649 .responses
1650 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1651
1652 let api_op = make_op("get", "/items", op);
1653 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1654
1655 assert!(
1656 annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1657 "Should detect ContentNegotiation when response has multiple content types"
1658 );
1659 }
1660
1661 #[test]
1662 fn test_no_content_negotiation_for_single_type() {
1663 let mut op = Operation::default();
1664 let mut response = Response::default();
1665 response
1666 .content
1667 .insert("application/json".to_string(), openapiv3::MediaType::default());
1668 op.responses
1669 .responses
1670 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1671
1672 let api_op = make_op("get", "/items", op);
1673 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1674
1675 assert!(
1676 !annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1677 "Should NOT detect ContentNegotiation for a single content type"
1678 );
1679 }
1680
1681 #[test]
1682 fn test_spec_driven_with_base_path() {
1683 let annotated = AnnotatedOperation {
1684 path: "/users".to_string(),
1685 method: "GET".to_string(),
1686 features: vec![ConformanceFeature::MethodGet],
1687 path_params: vec![],
1688 query_params: vec![],
1689 header_params: vec![],
1690 request_body_content_type: None,
1691 sample_body: None,
1692 response_schema: None,
1693 response_schemas: std::collections::BTreeMap::new(),
1694 request_body_schema: None,
1695 security_schemes: vec![],
1696 };
1697 let config = ConformanceConfig {
1698 target_url: "https://192.168.2.86/".to_string(),
1699 api_key: None,
1700 basic_auth: None,
1701 skip_tls_verify: true,
1702 categories: None,
1703 base_path: Some("/api".to_string()),
1704 custom_headers: vec![],
1705 output_dir: None,
1706 all_operations: false,
1707 custom_checks_file: None,
1708 request_delay_ms: 0,
1709 custom_filter: None,
1710 export_requests: false,
1711 validate_requests: false,
1712 };
1713 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1714 let (script, _check_count) = gen.generate().unwrap();
1715
1716 assert!(
1717 script.contains("const BASE_URL = 'https://192.168.2.86/api'"),
1718 "BASE_URL should include the base_path. Got: {}",
1719 script.lines().find(|l| l.contains("BASE_URL")).unwrap_or("not found")
1720 );
1721 }
1722
1723 #[test]
1724 fn test_spec_driven_with_custom_headers() {
1725 let annotated = AnnotatedOperation {
1726 path: "/users".to_string(),
1727 method: "GET".to_string(),
1728 features: vec![ConformanceFeature::MethodGet],
1729 path_params: vec![],
1730 query_params: vec![],
1731 header_params: vec![
1732 ("X-Avi-Tenant".to_string(), "test-value".to_string()),
1733 ("X-CSRFToken".to_string(), "test-value".to_string()),
1734 ],
1735 request_body_content_type: None,
1736 sample_body: None,
1737 response_schema: None,
1738 response_schemas: std::collections::BTreeMap::new(),
1739 request_body_schema: None,
1740 security_schemes: vec![],
1741 };
1742 let config = ConformanceConfig {
1743 target_url: "https://192.168.2.86/".to_string(),
1744 api_key: None,
1745 basic_auth: None,
1746 skip_tls_verify: true,
1747 categories: None,
1748 base_path: Some("/api".to_string()),
1749 custom_headers: vec![
1750 ("X-Avi-Tenant".to_string(), "admin".to_string()),
1751 ("X-CSRFToken".to_string(), "real-csrf-token".to_string()),
1752 ("Cookie".to_string(), "sessionid=abc123".to_string()),
1753 ],
1754 output_dir: None,
1755 all_operations: false,
1756 custom_checks_file: None,
1757 request_delay_ms: 0,
1758 custom_filter: None,
1759 export_requests: false,
1760 validate_requests: false,
1761 };
1762 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1763 let (script, _check_count) = gen.generate().unwrap();
1764
1765 assert!(
1767 script.contains("'X-Avi-Tenant': 'admin'"),
1768 "Should use custom value for X-Avi-Tenant, not test-value"
1769 );
1770 assert!(
1771 script.contains("'X-CSRFToken': 'real-csrf-token'"),
1772 "Should use custom value for X-CSRFToken, not test-value"
1773 );
1774 assert!(
1776 script.contains("'Cookie': 'sessionid=abc123'"),
1777 "Should include Cookie header from custom_headers"
1778 );
1779 assert!(
1781 !script.contains("'test-value'"),
1782 "test-value placeholders should be replaced by custom values"
1783 );
1784 }
1785
1786 #[test]
1787 fn test_effective_headers_merging() {
1788 let config = ConformanceConfig {
1789 target_url: "http://localhost".to_string(),
1790 api_key: None,
1791 basic_auth: None,
1792 skip_tls_verify: false,
1793 categories: None,
1794 base_path: None,
1795 custom_headers: vec![
1796 ("X-Auth".to_string(), "real-token".to_string()),
1797 ("Cookie".to_string(), "session=abc".to_string()),
1798 ],
1799 output_dir: None,
1800 all_operations: false,
1801 custom_checks_file: None,
1802 request_delay_ms: 0,
1803 custom_filter: None,
1804 export_requests: false,
1805 validate_requests: false,
1806 };
1807 let gen = SpecDrivenConformanceGenerator::new(config, vec![]);
1808
1809 let spec_headers = vec![
1811 ("X-Auth".to_string(), "test-value".to_string()),
1812 ("X-Other".to_string(), "keep-this".to_string()),
1813 ];
1814 let effective = gen.effective_headers(&spec_headers);
1815
1816 assert_eq!(effective[0], ("X-Auth".to_string(), "real-token".to_string()));
1818 assert_eq!(effective[1], ("X-Other".to_string(), "keep-this".to_string()));
1820 assert_eq!(effective[2], ("Cookie".to_string(), "session=abc".to_string()));
1822 }
1823}