1use super::generator::ConformanceConfig;
7use super::schema_validator::SchemaValidatorGenerator;
8use super::spec::ConformanceFeature;
9use crate::error::Result;
10use crate::request_gen::RequestGenerator;
11use crate::spec_parser::ApiOperation;
12use openapiv3::{
13 OpenAPI, Operation, Parameter, ParameterSchemaOrContent, ReferenceOr, RequestBody, Response,
14 Schema, SchemaKind, SecurityScheme, StringFormat, Type, VariantOrUnknownOrEmpty,
15};
16use std::collections::HashSet;
17
18mod ref_resolver {
20 use super::*;
21
22 pub fn resolve_parameter<'a>(
23 param_ref: &'a ReferenceOr<Parameter>,
24 spec: &'a OpenAPI,
25 ) -> Option<&'a Parameter> {
26 match param_ref {
27 ReferenceOr::Item(param) => Some(param),
28 ReferenceOr::Reference { reference } => {
29 let name = reference.strip_prefix("#/components/parameters/")?;
30 let components = spec.components.as_ref()?;
31 match components.parameters.get(name)? {
32 ReferenceOr::Item(param) => Some(param),
33 ReferenceOr::Reference {
34 reference: inner_ref,
35 } => {
36 let inner_name = inner_ref.strip_prefix("#/components/parameters/")?;
38 match components.parameters.get(inner_name)? {
39 ReferenceOr::Item(param) => Some(param),
40 ReferenceOr::Reference { .. } => None,
41 }
42 }
43 }
44 }
45 }
46 }
47
48 pub fn resolve_request_body<'a>(
49 body_ref: &'a ReferenceOr<RequestBody>,
50 spec: &'a OpenAPI,
51 ) -> Option<&'a RequestBody> {
52 match body_ref {
53 ReferenceOr::Item(body) => Some(body),
54 ReferenceOr::Reference { reference } => {
55 let name = reference.strip_prefix("#/components/requestBodies/")?;
56 let components = spec.components.as_ref()?;
57 match components.request_bodies.get(name)? {
58 ReferenceOr::Item(body) => Some(body),
59 ReferenceOr::Reference {
60 reference: inner_ref,
61 } => {
62 let inner_name = inner_ref.strip_prefix("#/components/requestBodies/")?;
64 match components.request_bodies.get(inner_name)? {
65 ReferenceOr::Item(body) => Some(body),
66 ReferenceOr::Reference { .. } => None,
67 }
68 }
69 }
70 }
71 }
72 }
73
74 pub fn resolve_schema<'a>(
75 schema_ref: &'a ReferenceOr<Schema>,
76 spec: &'a OpenAPI,
77 ) -> Option<&'a Schema> {
78 resolve_schema_with_visited(schema_ref, spec, &mut HashSet::new())
79 }
80
81 fn resolve_schema_with_visited<'a>(
82 schema_ref: &'a ReferenceOr<Schema>,
83 spec: &'a OpenAPI,
84 visited: &mut HashSet<String>,
85 ) -> Option<&'a Schema> {
86 match schema_ref {
87 ReferenceOr::Item(schema) => Some(schema),
88 ReferenceOr::Reference { reference } => {
89 if !visited.insert(reference.clone()) {
90 return None; }
92 let name = reference.strip_prefix("#/components/schemas/")?;
93 let components = spec.components.as_ref()?;
94 let nested = components.schemas.get(name)?;
95 resolve_schema_with_visited(nested, spec, visited)
96 }
97 }
98 }
99
100 pub fn resolve_boxed_schema<'a>(
102 schema_ref: &'a ReferenceOr<Box<Schema>>,
103 spec: &'a OpenAPI,
104 ) -> Option<&'a Schema> {
105 match schema_ref {
106 ReferenceOr::Item(schema) => Some(schema.as_ref()),
107 ReferenceOr::Reference { reference } => {
108 let name = reference.strip_prefix("#/components/schemas/")?;
110 let components = spec.components.as_ref()?;
111 let nested = components.schemas.get(name)?;
112 resolve_schema_with_visited(nested, spec, &mut HashSet::new())
113 }
114 }
115 }
116
117 pub fn resolve_response<'a>(
118 resp_ref: &'a ReferenceOr<Response>,
119 spec: &'a OpenAPI,
120 ) -> Option<&'a Response> {
121 match resp_ref {
122 ReferenceOr::Item(resp) => Some(resp),
123 ReferenceOr::Reference { reference } => {
124 let name = reference.strip_prefix("#/components/responses/")?;
125 let components = spec.components.as_ref()?;
126 match components.responses.get(name)? {
127 ReferenceOr::Item(resp) => Some(resp),
128 ReferenceOr::Reference {
129 reference: inner_ref,
130 } => {
131 let inner_name = inner_ref.strip_prefix("#/components/responses/")?;
133 match components.responses.get(inner_name)? {
134 ReferenceOr::Item(resp) => Some(resp),
135 ReferenceOr::Reference { .. } => None,
136 }
137 }
138 }
139 }
140 }
141 }
142}
143
144#[derive(Debug, Clone)]
146pub enum SecuritySchemeInfo {
147 Bearer,
149 Basic,
151 ApiKey {
153 location: ApiKeyLocation,
154 name: String,
155 },
156}
157
158#[derive(Debug, Clone, PartialEq)]
160pub enum ApiKeyLocation {
161 Header,
162 Query,
163 Cookie,
164}
165
166#[derive(Debug, Clone)]
168pub struct AnnotatedOperation {
169 pub path: String,
170 pub method: String,
171 pub features: Vec<ConformanceFeature>,
172 pub request_body_content_type: Option<String>,
173 pub sample_body: Option<String>,
174 pub query_params: Vec<(String, String)>,
175 pub header_params: Vec<(String, String)>,
176 pub path_params: Vec<(String, String)>,
177 pub response_schema: Option<Schema>,
179 pub response_schemas: std::collections::BTreeMap<u16, serde_json::Value>,
187 pub request_body_schema: Option<Schema>,
193 pub security_schemes: Vec<SecuritySchemeInfo>,
195}
196
197pub struct SpecDrivenConformanceGenerator {
199 config: ConformanceConfig,
200 operations: Vec<AnnotatedOperation>,
201}
202
203impl SpecDrivenConformanceGenerator {
204 pub fn new(config: ConformanceConfig, operations: Vec<AnnotatedOperation>) -> Self {
205 Self { config, operations }
206 }
207
208 pub fn annotate_operations(
210 operations: &[ApiOperation],
211 spec: &OpenAPI,
212 ) -> Vec<AnnotatedOperation> {
213 operations.iter().map(|op| Self::annotate_operation(op, spec)).collect()
214 }
215
216 fn annotate_operation(op: &ApiOperation, spec: &OpenAPI) -> AnnotatedOperation {
218 let mut features = Vec::new();
219 let mut query_params = Vec::new();
220 let mut header_params = Vec::new();
221 let mut path_params = Vec::new();
222
223 match op.method.to_uppercase().as_str() {
225 "GET" => features.push(ConformanceFeature::MethodGet),
226 "POST" => features.push(ConformanceFeature::MethodPost),
227 "PUT" => features.push(ConformanceFeature::MethodPut),
228 "PATCH" => features.push(ConformanceFeature::MethodPatch),
229 "DELETE" => features.push(ConformanceFeature::MethodDelete),
230 "HEAD" => features.push(ConformanceFeature::MethodHead),
231 "OPTIONS" => features.push(ConformanceFeature::MethodOptions),
232 _ => {}
233 }
234
235 for param_ref in &op.operation.parameters {
237 if let Some(param) = ref_resolver::resolve_parameter(param_ref, spec) {
238 Self::annotate_parameter(
239 param,
240 spec,
241 &mut features,
242 &mut query_params,
243 &mut header_params,
244 &mut path_params,
245 );
246 }
247 }
248
249 for segment in op.path.split('/') {
251 if segment.starts_with('{') && segment.ends_with('}') {
252 let name = &segment[1..segment.len() - 1];
253 if !path_params.iter().any(|(n, _)| n == name) {
255 path_params.push((name.to_string(), "test-value".to_string()));
256 if !features.contains(&ConformanceFeature::PathParamString)
258 && !features.contains(&ConformanceFeature::PathParamInteger)
259 {
260 features.push(ConformanceFeature::PathParamString);
261 }
262 }
263 }
264 }
265
266 let mut request_body_content_type = None;
268 let mut sample_body = None;
269 let mut request_body_schema: Option<Schema> = None;
270
271 let resolved_body = op
272 .operation
273 .request_body
274 .as_ref()
275 .and_then(|b| ref_resolver::resolve_request_body(b, spec));
276
277 if let Some(body) = resolved_body {
278 for (content_type, _media) in &body.content {
279 match content_type.as_str() {
280 "application/json" => {
281 features.push(ConformanceFeature::BodyJson);
282 request_body_content_type = Some("application/json".to_string());
283 if let Ok(template) = RequestGenerator::generate_template(op) {
285 if let Some(body_val) = &template.body {
286 sample_body = Some(body_val.to_string());
287 }
288 }
289 }
290 "application/x-www-form-urlencoded" => {
291 features.push(ConformanceFeature::BodyFormUrlencoded);
292 request_body_content_type =
293 Some("application/x-www-form-urlencoded".to_string());
294 }
295 "multipart/form-data" => {
296 features.push(ConformanceFeature::BodyMultipart);
297 request_body_content_type = Some("multipart/form-data".to_string());
298 }
299 _ => {}
300 }
301 }
302
303 if let Some(media) = body.content.get("application/json") {
305 if let Some(schema_ref) = &media.schema {
306 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
307 Self::annotate_schema(schema, spec, &mut features);
308 request_body_schema = Some(schema.clone());
312 }
313 }
314 }
315 }
316
317 Self::annotate_responses(&op.operation, spec, &mut features);
319
320 let response_schema = Self::extract_response_schema(&op.operation, spec);
322 if response_schema.is_some() {
323 features.push(ConformanceFeature::ResponseValidation);
324 }
325 let response_schemas = Self::extract_response_schemas_per_status(&op.operation, spec);
327
328 Self::annotate_content_negotiation(&op.operation, spec, &mut features);
330
331 let mut security_schemes = Vec::new();
333 Self::annotate_security(&op.operation, spec, &mut features, &mut security_schemes);
334
335 features.sort_by_key(|f| f.check_name());
337 features.dedup_by_key(|f| f.check_name());
338
339 AnnotatedOperation {
340 path: op.path.clone(),
341 method: op.method.to_uppercase(),
342 features,
343 request_body_content_type,
344 sample_body,
345 query_params,
346 header_params,
347 path_params,
348 response_schema,
349 response_schemas,
350 request_body_schema,
351 security_schemes,
352 }
353 }
354
355 fn annotate_parameter(
357 param: &Parameter,
358 spec: &OpenAPI,
359 features: &mut Vec<ConformanceFeature>,
360 query_params: &mut Vec<(String, String)>,
361 header_params: &mut Vec<(String, String)>,
362 path_params: &mut Vec<(String, String)>,
363 ) {
364 let (location, data) = match param {
365 Parameter::Query { parameter_data, .. } => ("query", parameter_data),
366 Parameter::Path { parameter_data, .. } => ("path", parameter_data),
367 Parameter::Header { parameter_data, .. } => ("header", parameter_data),
368 Parameter::Cookie { .. } => {
369 features.push(ConformanceFeature::CookieParam);
370 return;
371 }
372 };
373
374 let is_integer = Self::param_schema_is_integer(data, spec);
376 let is_array = Self::param_schema_is_array(data, spec);
377
378 let sample = if is_integer {
380 "42".to_string()
381 } else if is_array {
382 "a,b".to_string()
383 } else {
384 "test-value".to_string()
385 };
386
387 match location {
388 "path" => {
389 if is_integer {
390 features.push(ConformanceFeature::PathParamInteger);
391 } else {
392 features.push(ConformanceFeature::PathParamString);
393 }
394 path_params.push((data.name.clone(), sample));
395 }
396 "query" => {
397 if is_array {
398 features.push(ConformanceFeature::QueryParamArray);
399 } else if is_integer {
400 features.push(ConformanceFeature::QueryParamInteger);
401 } else {
402 features.push(ConformanceFeature::QueryParamString);
403 }
404 query_params.push((data.name.clone(), sample));
405 }
406 "header" => {
407 features.push(ConformanceFeature::HeaderParam);
408 header_params.push((data.name.clone(), sample));
409 }
410 _ => {}
411 }
412
413 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
415 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
416 Self::annotate_schema(schema, spec, features);
417 }
418 }
419
420 if data.required {
422 features.push(ConformanceFeature::ConstraintRequired);
423 } else {
424 features.push(ConformanceFeature::ConstraintOptional);
425 }
426 }
427
428 fn param_schema_is_integer(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
429 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
430 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
431 return matches!(&schema.schema_kind, SchemaKind::Type(Type::Integer(_)));
432 }
433 }
434 false
435 }
436
437 fn param_schema_is_array(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
438 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
439 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
440 return matches!(&schema.schema_kind, SchemaKind::Type(Type::Array(_)));
441 }
442 }
443 false
444 }
445
446 fn annotate_schema(schema: &Schema, spec: &OpenAPI, features: &mut Vec<ConformanceFeature>) {
448 match &schema.schema_kind {
449 SchemaKind::Type(Type::String(s)) => {
450 features.push(ConformanceFeature::SchemaString);
451 match &s.format {
453 VariantOrUnknownOrEmpty::Item(StringFormat::Date) => {
454 features.push(ConformanceFeature::FormatDate);
455 }
456 VariantOrUnknownOrEmpty::Item(StringFormat::DateTime) => {
457 features.push(ConformanceFeature::FormatDateTime);
458 }
459 VariantOrUnknownOrEmpty::Unknown(fmt) => match fmt.as_str() {
460 "email" => features.push(ConformanceFeature::FormatEmail),
461 "uuid" => features.push(ConformanceFeature::FormatUuid),
462 "uri" | "url" => features.push(ConformanceFeature::FormatUri),
463 "ipv4" => features.push(ConformanceFeature::FormatIpv4),
464 "ipv6" => features.push(ConformanceFeature::FormatIpv6),
465 _ => {}
466 },
467 _ => {}
468 }
469 if s.pattern.is_some() {
471 features.push(ConformanceFeature::ConstraintPattern);
472 }
473 if !s.enumeration.is_empty() {
474 features.push(ConformanceFeature::ConstraintEnum);
475 }
476 if s.min_length.is_some() || s.max_length.is_some() {
477 features.push(ConformanceFeature::ConstraintMinMax);
478 }
479 }
480 SchemaKind::Type(Type::Integer(i)) => {
481 features.push(ConformanceFeature::SchemaInteger);
482 if i.minimum.is_some() || i.maximum.is_some() {
483 features.push(ConformanceFeature::ConstraintMinMax);
484 }
485 if !i.enumeration.is_empty() {
486 features.push(ConformanceFeature::ConstraintEnum);
487 }
488 }
489 SchemaKind::Type(Type::Number(n)) => {
490 features.push(ConformanceFeature::SchemaNumber);
491 if n.minimum.is_some() || n.maximum.is_some() {
492 features.push(ConformanceFeature::ConstraintMinMax);
493 }
494 }
495 SchemaKind::Type(Type::Boolean(_)) => {
496 features.push(ConformanceFeature::SchemaBoolean);
497 }
498 SchemaKind::Type(Type::Array(arr)) => {
499 features.push(ConformanceFeature::SchemaArray);
500 if let Some(item_ref) = &arr.items {
501 if let Some(item_schema) = ref_resolver::resolve_boxed_schema(item_ref, spec) {
502 Self::annotate_schema(item_schema, spec, features);
503 }
504 }
505 }
506 SchemaKind::Type(Type::Object(obj)) => {
507 features.push(ConformanceFeature::SchemaObject);
508 if !obj.required.is_empty() {
510 features.push(ConformanceFeature::ConstraintRequired);
511 }
512 for (_name, prop_ref) in &obj.properties {
514 if let Some(prop_schema) = ref_resolver::resolve_boxed_schema(prop_ref, spec) {
515 Self::annotate_schema(prop_schema, spec, features);
516 }
517 }
518 }
519 SchemaKind::OneOf { .. } => {
520 features.push(ConformanceFeature::CompositionOneOf);
521 }
522 SchemaKind::AnyOf { .. } => {
523 features.push(ConformanceFeature::CompositionAnyOf);
524 }
525 SchemaKind::AllOf { .. } => {
526 features.push(ConformanceFeature::CompositionAllOf);
527 }
528 _ => {}
529 }
530 }
531
532 fn annotate_responses(
534 operation: &Operation,
535 spec: &OpenAPI,
536 features: &mut Vec<ConformanceFeature>,
537 ) {
538 for (status_code, resp_ref) in &operation.responses.responses {
539 if ref_resolver::resolve_response(resp_ref, spec).is_some() {
541 match status_code {
542 openapiv3::StatusCode::Code(200) => {
543 features.push(ConformanceFeature::Response200)
544 }
545 openapiv3::StatusCode::Code(201) => {
546 features.push(ConformanceFeature::Response201)
547 }
548 openapiv3::StatusCode::Code(204) => {
549 features.push(ConformanceFeature::Response204)
550 }
551 openapiv3::StatusCode::Code(400) => {
552 features.push(ConformanceFeature::Response400)
553 }
554 openapiv3::StatusCode::Code(404) => {
555 features.push(ConformanceFeature::Response404)
556 }
557 _ => {}
558 }
559 }
560 }
561 }
562
563 fn extract_response_schemas_per_status(
569 operation: &Operation,
570 spec: &OpenAPI,
571 ) -> std::collections::BTreeMap<u16, serde_json::Value> {
572 let mut out = std::collections::BTreeMap::new();
573 for (code, resp_ref) in &operation.responses.responses {
574 let openapiv3::StatusCode::Code(n) = code else {
575 continue; };
577 let Some(response) = ref_resolver::resolve_response(resp_ref, spec) else {
578 continue;
579 };
580 let Some(media) = response.content.get("application/json") else {
581 continue;
582 };
583 let Some(schema_ref) = &media.schema else {
584 continue;
585 };
586 let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) else {
587 continue;
588 };
589 if let Ok(value) = serde_json::to_value(schema) {
592 out.insert(*n, value);
593 }
594 }
595 out
596 }
597
598 fn extract_response_schema(operation: &Operation, spec: &OpenAPI) -> Option<Schema> {
601 for code in [200u16, 201] {
603 if let Some(resp_ref) =
604 operation.responses.responses.get(&openapiv3::StatusCode::Code(code))
605 {
606 if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
607 if let Some(media) = response.content.get("application/json") {
608 if let Some(schema_ref) = &media.schema {
609 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
610 return Some(schema.clone());
611 }
612 }
613 }
614 }
615 }
616 }
617 None
618 }
619
620 fn annotate_content_negotiation(
622 operation: &Operation,
623 spec: &OpenAPI,
624 features: &mut Vec<ConformanceFeature>,
625 ) {
626 for (_status_code, resp_ref) in &operation.responses.responses {
627 if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
628 if response.content.len() > 1 {
629 features.push(ConformanceFeature::ContentNegotiation);
630 return; }
632 }
633 }
634 }
635
636 fn annotate_security(
640 operation: &Operation,
641 spec: &OpenAPI,
642 features: &mut Vec<ConformanceFeature>,
643 security_schemes: &mut Vec<SecuritySchemeInfo>,
644 ) {
645 let security_reqs = operation.security.as_ref().or(spec.security.as_ref());
647
648 if let Some(security) = security_reqs {
649 for security_req in security {
650 for scheme_name in security_req.keys() {
651 if let Some(resolved) = Self::resolve_security_scheme(scheme_name, spec) {
653 match resolved {
654 SecurityScheme::HTTP { ref scheme, .. } => {
655 if scheme.eq_ignore_ascii_case("bearer") {
656 features.push(ConformanceFeature::SecurityBearer);
657 security_schemes.push(SecuritySchemeInfo::Bearer);
658 } else if scheme.eq_ignore_ascii_case("basic") {
659 features.push(ConformanceFeature::SecurityBasic);
660 security_schemes.push(SecuritySchemeInfo::Basic);
661 }
662 }
663 SecurityScheme::APIKey { location, name, .. } => {
664 features.push(ConformanceFeature::SecurityApiKey);
665 let loc = match location {
666 openapiv3::APIKeyLocation::Query => ApiKeyLocation::Query,
667 openapiv3::APIKeyLocation::Header => ApiKeyLocation::Header,
668 openapiv3::APIKeyLocation::Cookie => ApiKeyLocation::Cookie,
669 };
670 security_schemes.push(SecuritySchemeInfo::ApiKey {
671 location: loc,
672 name: name.clone(),
673 });
674 }
675 _ => {}
677 }
678 } else {
679 let name_lower = scheme_name.to_lowercase();
681 if name_lower.contains("bearer") || name_lower.contains("jwt") {
682 features.push(ConformanceFeature::SecurityBearer);
683 security_schemes.push(SecuritySchemeInfo::Bearer);
684 } else if name_lower.contains("api") && name_lower.contains("key") {
685 features.push(ConformanceFeature::SecurityApiKey);
686 security_schemes.push(SecuritySchemeInfo::ApiKey {
687 location: ApiKeyLocation::Header,
688 name: "X-API-Key".to_string(),
689 });
690 } else if name_lower.contains("basic") {
691 features.push(ConformanceFeature::SecurityBasic);
692 security_schemes.push(SecuritySchemeInfo::Basic);
693 }
694 }
695 }
696 }
697 }
698 }
699
700 fn resolve_security_scheme<'a>(name: &str, spec: &'a OpenAPI) -> Option<&'a SecurityScheme> {
702 let components = spec.components.as_ref()?;
703 match components.security_schemes.get(name)? {
704 ReferenceOr::Item(scheme) => Some(scheme),
705 ReferenceOr::Reference { .. } => None,
706 }
707 }
708
709 pub fn operation_count(&self) -> usize {
711 self.operations.len()
712 }
713
714 pub fn generate(&self) -> Result<(String, usize)> {
717 let mut script = String::with_capacity(16384);
718
719 script.push_str("import http from 'k6/http';\n");
721 script.push_str("import { check, group } from 'k6';\n");
722 if self.config.request_delay_ms > 0 {
723 script.push_str("import { sleep } from 'k6';\n");
724 }
725 script.push('\n');
726
727 script.push_str(
731 "http.setResponseCallback(http.expectedStatuses({ min: 100, max: 599 }));\n\n",
732 );
733
734 script.push_str("export const options = {\n");
736 script.push_str(" vus: 1,\n");
737 script.push_str(" iterations: 1,\n");
738 if self.config.skip_tls_verify {
739 script.push_str(" insecureSkipTLSVerify: true,\n");
740 }
741 script.push_str(" thresholds: {\n");
742 script.push_str(" checks: ['rate>0'],\n");
743 script.push_str(" },\n");
744 script.push_str("};\n\n");
745
746 script.push_str(&format!("const BASE_URL = '{}';\n\n", self.config.effective_base_url()));
748 script.push_str("const JSON_HEADERS = { 'Content-Type': 'application/json' };\n\n");
749
750 let custom_emit = self.config.generate_custom_group()?;
754 if let Some(emit) = &custom_emit {
755 if !emit.init_code.is_empty() {
756 script.push_str("// Round 39 (#79) — preloaded upload bytes for custom checks\n");
757 script.push_str(&emit.init_code);
758 script.push('\n');
759 }
760 }
761
762 script
765 .push_str("function __captureFailure(checkName, res, expected, schemaViolations) {\n");
766 script.push_str(" let bodyStr = '';\n");
767 script.push_str(" try { if (res.body) { const __n = res.body.length; bodyStr = res.body.substring(0, 65536); if (__n > 65536) bodyStr = bodyStr + ' <truncated at 65536 bytes; full body was ' + __n + ' bytes>'; } else { bodyStr = ''; } } catch(e) { bodyStr = '<unreadable>'; }\n");
768 script.push_str(" let reqHeaders = {};\n");
769 script.push_str(
770 " if (res.request && res.request.headers) { reqHeaders = res.request.headers; }\n",
771 );
772 script.push_str(" let reqBody = '';\n");
773 script.push_str(" if (res.request && res.request.body) { try { const __m = res.request.body.length; reqBody = res.request.body.substring(0, 65536); if (__m > 65536) reqBody = reqBody + ' <truncated at 65536 bytes; full body was ' + __m + ' bytes>'; } catch(e) {} }\n");
774 script.push_str(" let payload = {\n");
775 script.push_str(" check: checkName,\n");
776 script.push_str(" request: {\n");
777 script.push_str(" method: res.request ? res.request.method : 'unknown',\n");
778 script.push_str(" url: res.request ? res.request.url : res.url || 'unknown',\n");
779 script.push_str(" headers: reqHeaders,\n");
780 script.push_str(" body: reqBody,\n");
781 script.push_str(" },\n");
782 script.push_str(" response: {\n");
783 script.push_str(" status: res.status,\n");
784 script.push_str(" headers: res.headers ? Object.fromEntries(Object.entries(res.headers).slice(0, 20)) : {},\n");
785 script.push_str(" body: bodyStr,\n");
786 script.push_str(" },\n");
787 script.push_str(" expected: expected,\n");
788 script.push_str(" };\n");
789 script.push_str(" if (schemaViolations && schemaViolations.length > 0) { payload.schema_violations = schemaViolations; }\n");
790 script.push_str(" console.log('MOCKFORGE_FAILURE:' + JSON.stringify(payload));\n");
791 script.push_str("}\n\n");
792
793 if self.config.export_requests {
802 script.push_str("function __captureExchange(checkName, res) {\n");
803 script.push_str(" try {\n");
804 script.push_str(" let bodyStr = '';\n");
805 script.push_str(" try { if (res.body) { const __n = res.body.length; bodyStr = res.body.substring(0, 65536); if (__n > 65536) bodyStr = bodyStr + ' <truncated at 65536 bytes; full body was ' + __n + ' bytes>'; } else { bodyStr = ''; } } catch(e) { bodyStr = '<unreadable>'; }\n");
806 script.push_str(" let reqHeaders = {};\n");
807 script.push_str(
808 " if (res.request && res.request.headers) { reqHeaders = res.request.headers; }\n",
809 );
810 script.push_str(" let reqBody = '';\n");
814 script.push_str(" {\n");
815 script.push_str(
816 " const ct = (reqHeaders['Content-Type'] || reqHeaders['content-type'] || '').toString();\n",
817 );
818 script.push_str(" const isMultipart = ct.startsWith('multipart/');\n");
819 script.push_str(
820 " if (isMultipart && res.request && res.request.body) {\n\
821 \x20\x20\x20\x20\x20\x20\x20\x20try {\n\
822 \x20\x20\x20\x20\x20\x20\x20\x20 const raw = res.request.body;\n\
823 \x20\x20\x20\x20\x20\x20\x20\x20 const totalBytes = raw.length;\n\
824 \x20\x20\x20\x20\x20\x20\x20\x20 const boundaryMatch = ct.match(/boundary=([^;]+)/);\n\
825 \x20\x20\x20\x20\x20\x20\x20\x20 const boundary = boundaryMatch ? boundaryMatch[1].replace(/^\"|\"$/g, '') : '';\n\
826 \x20\x20\x20\x20\x20\x20\x20\x20 const parts = [];\n\
827 \x20\x20\x20\x20\x20\x20\x20\x20 if (boundary) {\n\
828 \x20\x20\x20\x20\x20\x20\x20\x20 const sep = '--' + boundary;\n\
829 \x20\x20\x20\x20\x20\x20\x20\x20 let cursor = raw.indexOf(sep);\n\
830 \x20\x20\x20\x20\x20\x20\x20\x20 while (cursor !== -1 && parts.length < 100) {\n\
831 \x20\x20\x20\x20\x20\x20\x20\x20 const next = raw.indexOf(sep, cursor + sep.length);\n\
832 \x20\x20\x20\x20\x20\x20\x20\x20 if (next === -1) break;\n\
833 \x20\x20\x20\x20\x20\x20\x20\x20 const slice = raw.substring(cursor + sep.length, next);\n\
834 \x20\x20\x20\x20\x20\x20\x20\x20 const headerEnd = slice.indexOf('\\r\\n\\r\\n');\n\
835 \x20\x20\x20\x20\x20\x20\x20\x20 const partHeaders = headerEnd === -1 ? slice : slice.substring(0, headerEnd);\n\
836 \x20\x20\x20\x20\x20\x20\x20\x20 const partBody = headerEnd === -1 ? '' : slice.substring(headerEnd + 4);\n\
837 \x20\x20\x20\x20\x20\x20\x20\x20 const nameMatch = partHeaders.match(/name=\"([^\"]+)\"/);\n\
838 \x20\x20\x20\x20\x20\x20\x20\x20 const filenameMatch = partHeaders.match(/filename=\"([^\"]+)\"/);\n\
839 \x20\x20\x20\x20\x20\x20\x20\x20 const partCtMatch = partHeaders.match(/Content-Type:\\s*([^\\r\\n]+)/i);\n\
840 \x20\x20\x20\x20\x20\x20\x20\x20 parts.push({\n\
841 \x20\x20\x20\x20\x20\x20\x20\x20 name: nameMatch ? nameMatch[1] : '',\n\
842 \x20\x20\x20\x20\x20\x20\x20\x20 filename: filenameMatch ? filenameMatch[1] : '',\n\
843 \x20\x20\x20\x20\x20\x20\x20\x20 contentType: partCtMatch ? partCtMatch[1].trim() : '',\n\
844 \x20\x20\x20\x20\x20\x20\x20\x20 bytes: Math.max(0, partBody.length - 2),\n\
845 \x20\x20\x20\x20\x20\x20\x20\x20 });\n\
846 \x20\x20\x20\x20\x20\x20\x20\x20 cursor = next;\n\
847 \x20\x20\x20\x20\x20\x20\x20\x20 }\n\
848 \x20\x20\x20\x20\x20\x20\x20\x20 }\n\
849 \x20\x20\x20\x20\x20\x20\x20\x20 const summary = parts.map(function (p) { return '\\'' + p.name + '\\':\\'' + p.filename + '\\' (' + p.contentType + ', ' + p.bytes + ' bytes)'; }).join(', ');\n\
850 \x20\x20\x20\x20\x20\x20\x20\x20 reqBody = '<multipart/form-data; boundary=' + boundary + '; ' + parts.length + ' part(s); total ' + totalBytes + ' bytes: ' + summary + '>';\n\
851 \x20\x20\x20\x20\x20\x20\x20\x20} catch (e) {\n\
852 \x20\x20\x20\x20\x20\x20\x20\x20 reqBody = '<multipart upload; summary failed: ' + (e && e.message ? e.message : 'unknown') + '>';\n\
853 \x20\x20\x20\x20\x20\x20\x20\x20}\n\
854 \x20\x20\x20\x20\x20\x20} else if (isMultipart) {\n\
855 \x20\x20\x20\x20\x20\x20\x20\x20reqBody = '<multipart upload; body bytes not surfaced by k6 res.request.body>';\n\
856 \x20\x20\x20\x20\x20\x20} else if (res.request && res.request.body) {\n\
857 \x20\x20\x20\x20\x20\x20\x20\x20try { const __m = res.request.body.length; reqBody = res.request.body.substring(0, 65536); if (__m > 65536) reqBody = reqBody + ' <truncated at 65536 bytes; full body was ' + __m + ' bytes>'; } catch (e) {}\n\
858 \x20\x20\x20\x20\x20\x20}\n\
859 \x20\x20\x20\x20}\n",
860 );
861 script.push_str(" console.log('MOCKFORGE_EXCHANGE:' + JSON.stringify({\n");
862 script.push_str(" check: checkName,\n");
863 script.push_str(" request: {\n");
864 script.push_str(" method: res.request ? res.request.method : 'unknown',\n");
865 script.push_str(" url: res.request ? res.request.url : res.url || 'unknown',\n");
866 script.push_str(" headers: reqHeaders,\n");
867 script.push_str(" body: reqBody,\n");
868 script.push_str(" },\n");
869 script.push_str(" response: {\n");
870 script.push_str(" status: res.status,\n");
871 script.push_str(" headers: res.headers ? Object.fromEntries(Object.entries(res.headers).slice(0, 30)) : {},\n");
872 script.push_str(" body: bodyStr,\n");
873 script.push_str(" },\n");
874 script.push_str(" }));\n");
875 script.push_str(" } catch (e) {\n");
876 script.push_str(" try {\n");
877 script.push_str(" console.log('MOCKFORGE_EXCHANGE:' + JSON.stringify({\n");
878 script.push_str(" check: checkName,\n");
879 script.push_str(" request: {\n");
880 script.push_str(
881 " method: (res && res.request) ? res.request.method : 'unknown',\n",
882 );
883 script.push_str(" url: (res && res.request) ? res.request.url : (res && res.url) || 'unknown',\n");
884 script.push_str(" headers: {},\n");
885 script.push_str(" body: '<exchange capture failed: ' + (e && e.message ? e.message : 'unknown error') + '>',\n");
886 script.push_str(" },\n");
887 script.push_str(" response: {\n");
888 script.push_str(" status: (res && res.status) || 0,\n");
889 script.push_str(" headers: {},\n");
890 script.push_str(" body: '',\n");
891 script.push_str(" },\n");
892 script.push_str(" _export_error: (e && e.message) ? e.message : String(e),\n");
893 script.push_str(" }));\n");
894 script.push_str(" } catch (e2) {\n");
895 script.push_str(" console.log('MOCKFORGE_EXCHANGE:{\"check\":\"' + checkName + '\",\"request\":{\"method\":\"unknown\",\"url\":\"unknown\",\"headers\":{},\"body\":\"\"},\"response\":{\"status\":0,\"headers\":{},\"body\":\"\"},\"_export_error\":\"double-fault\"}');\n");
896 script.push_str(" }\n");
897 script.push_str(" }\n");
898 script.push_str("}\n\n");
899 }
900
901 script.push_str("export default function () {\n");
903
904 if self.config.has_cookie_header() {
905 script.push_str(
906 " // Clear cookie jar to prevent server Set-Cookie from duplicating custom Cookie header\n",
907 );
908 script.push_str(" http.cookieJar().clear(BASE_URL);\n\n");
909 }
910
911 let mut category_ops: std::collections::BTreeMap<
913 &'static str,
914 Vec<(&AnnotatedOperation, &ConformanceFeature)>,
915 > = std::collections::BTreeMap::new();
916
917 for op in &self.operations {
918 for feature in &op.features {
919 let category = feature.category();
920 if self.config.should_include_category(category) {
921 category_ops.entry(category).or_default().push((op, feature));
922 }
923 }
924 }
925
926 let mut total_checks = 0usize;
928 for (category, ops) in &category_ops {
929 script.push_str(&format!(" group('{}', function () {{\n", category));
930
931 if self.config.all_operations {
932 let mut emitted_checks: HashSet<String> = HashSet::new();
934 for (op, feature) in ops {
935 let qualified = format!("{}:{}", feature.check_name(), op.path);
936 if emitted_checks.insert(qualified.clone()) {
937 self.emit_check_named(&mut script, op, feature, &qualified);
938 total_checks += 1;
939 }
940 }
941 } else {
942 let mut emitted_features: HashSet<&str> = HashSet::new();
945 for (op, feature) in ops {
946 if emitted_features.insert(feature.check_name()) {
947 let qualified = format!("{}:{}", feature.check_name(), op.path);
948 self.emit_check_named(&mut script, op, feature, &qualified);
949 total_checks += 1;
950 }
951 }
952 }
953
954 script.push_str(" });\n\n");
955 }
956
957 if let Some(emit) = custom_emit {
961 script.push_str(&emit.group_body);
962 }
963
964 script.push_str("}\n\n");
965
966 self.generate_handle_summary(&mut script);
968
969 Ok((script, total_checks))
970 }
971
972 fn emit_check_named(
974 &self,
975 script: &mut String,
976 op: &AnnotatedOperation,
977 feature: &ConformanceFeature,
978 check_name: &str,
979 ) {
980 let check_name = check_name.replace('\'', "\\'");
982 let check_name = check_name.as_str();
983
984 script.push_str(" {\n");
985
986 let mut url_path = op.path.clone();
988 for (name, value) in &op.path_params {
989 url_path = url_path.replace(&format!("{{{}}}", name), value);
990 }
991
992 if !op.query_params.is_empty() {
994 let qs: Vec<String> =
995 op.query_params.iter().map(|(k, v)| format!("{}={}", k, v)).collect();
996 url_path = format!("{}?{}", url_path, qs.join("&"));
997 }
998
999 let full_url = format!("${{BASE_URL}}{}", url_path);
1000
1001 let mut effective_headers = self.effective_headers(&op.header_params);
1004
1005 if matches!(feature, ConformanceFeature::Response400 | ConformanceFeature::Response404) {
1008 let expected_code = match feature {
1009 ConformanceFeature::Response400 => "400",
1010 ConformanceFeature::Response404 => "404",
1011 _ => unreachable!(),
1012 };
1013 effective_headers
1014 .push(("X-Mockforge-Response-Status".to_string(), expected_code.to_string()));
1015 }
1016
1017 let needs_auth = matches!(
1021 feature,
1022 ConformanceFeature::SecurityBearer
1023 | ConformanceFeature::SecurityBasic
1024 | ConformanceFeature::SecurityApiKey
1025 ) || !op.security_schemes.is_empty();
1026
1027 if needs_auth {
1028 self.inject_security_headers(&op.security_schemes, &mut effective_headers);
1029 }
1030
1031 let has_headers = !effective_headers.is_empty();
1032 let headers_obj = if has_headers {
1033 Self::format_headers(&effective_headers)
1034 } else {
1035 String::new()
1036 };
1037
1038 match op.method.as_str() {
1040 "GET" => {
1041 if has_headers {
1042 script.push_str(&format!(
1043 " let res = http.get(`{}`, {{ headers: {} }});\n",
1044 full_url, headers_obj
1045 ));
1046 } else {
1047 script.push_str(&format!(" let res = http.get(`{}`);\n", full_url));
1048 }
1049 }
1050 "POST" => {
1051 self.emit_request_with_body(script, "post", &full_url, op, &effective_headers);
1052 }
1053 "PUT" => {
1054 self.emit_request_with_body(script, "put", &full_url, op, &effective_headers);
1055 }
1056 "PATCH" => {
1057 self.emit_request_with_body(script, "patch", &full_url, op, &effective_headers);
1058 }
1059 "DELETE" => {
1060 if has_headers {
1061 script.push_str(&format!(
1062 " let res = http.del(`{}`, null, {{ headers: {} }});\n",
1063 full_url, headers_obj
1064 ));
1065 } else {
1066 script.push_str(&format!(" let res = http.del(`{}`);\n", full_url));
1067 }
1068 }
1069 "HEAD" => {
1070 if has_headers {
1071 script.push_str(&format!(
1072 " let res = http.head(`{}`, {{ headers: {} }});\n",
1073 full_url, headers_obj
1074 ));
1075 } else {
1076 script.push_str(&format!(" let res = http.head(`{}`);\n", full_url));
1077 }
1078 }
1079 "OPTIONS" => {
1080 if has_headers {
1081 script.push_str(&format!(
1082 " let res = http.options(`{}`, null, {{ headers: {} }});\n",
1083 full_url, headers_obj
1084 ));
1085 } else {
1086 script.push_str(&format!(" let res = http.options(`{}`);\n", full_url));
1087 }
1088 }
1089 _ => {
1090 if has_headers {
1091 script.push_str(&format!(
1092 " let res = http.get(`{}`, {{ headers: {} }});\n",
1093 full_url, headers_obj
1094 ));
1095 } else {
1096 script.push_str(&format!(" let res = http.get(`{}`);\n", full_url));
1097 }
1098 }
1099 }
1100
1101 if self.config.export_requests {
1104 script.push_str(&format!(
1105 " if (typeof __captureExchange === 'function') __captureExchange('{}', res);\n",
1106 check_name
1107 ));
1108 }
1109
1110 if matches!(
1112 feature,
1113 ConformanceFeature::Response200
1114 | ConformanceFeature::Response201
1115 | ConformanceFeature::Response204
1116 | ConformanceFeature::Response400
1117 | ConformanceFeature::Response404
1118 ) {
1119 let expected_code = match feature {
1120 ConformanceFeature::Response200 => 200,
1121 ConformanceFeature::Response201 => 201,
1122 ConformanceFeature::Response204 => 204,
1123 ConformanceFeature::Response400 => 400,
1124 ConformanceFeature::Response404 => 404,
1125 _ => 200,
1126 };
1127 script.push_str(&format!(
1128 " {{ let ok = check(res, {{ '{}': (r) => r.status === {} }}); if (!ok) __captureFailure('{}', res, 'status === {}'); }}\n",
1129 check_name, expected_code, check_name, expected_code
1130 ));
1131 } else if matches!(feature, ConformanceFeature::ResponseValidation) {
1132 if let Some(schema) = &op.response_schema {
1137 let validation_js = SchemaValidatorGenerator::generate_validation(schema);
1138 let schema_json = serde_json::to_string(schema).unwrap_or_default();
1139 let schema_json_escaped = schema_json.replace('\\', "\\\\").replace('`', "\\`");
1141 script.push_str(&format!(
1142 concat!(
1143 " try {{\n",
1144 " let body = res.json();\n",
1145 " let ok = check(res, {{ '{check}': (r) => ( {validation} ) }});\n",
1146 " if (!ok) {{\n",
1147 " let __violations = [];\n",
1148 " try {{\n",
1149 " let __schema = JSON.parse(`{schema}`);\n",
1150 " function __collectErrors(schema, data, path) {{\n",
1151 " if (!schema || typeof schema !== 'object') return;\n",
1152 " let st = schema.type || (schema.schema_kind && schema.schema_kind.Type && Object.keys(schema.schema_kind.Type)[0]);\n",
1153 " if (st) {{ st = st.toLowerCase(); }}\n",
1154 " if (st === 'object') {{\n",
1155 " if (typeof data !== 'object' || data === null) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'object', actual: typeof data }}); return; }}\n",
1156 " let props = schema.properties || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Object && schema.schema_kind.Type.Object.properties) || {{}};\n",
1157 " let req = schema.required || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Object && schema.schema_kind.Type.Object.required) || [];\n",
1158 " for (let f of req) {{ if (!(f in data)) {{ __violations.push({{ field_path: path + '/' + f, violation_type: 'required', expected: 'present', actual: 'missing' }}); }} }}\n",
1159 " for (let [k, v] of Object.entries(props)) {{ if (data[k] !== undefined) {{ let ps = v.Item || v; __collectErrors(ps, data[k], path + '/' + k); }} }}\n",
1160 " }} else if (st === 'array') {{\n",
1161 " if (!Array.isArray(data)) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'array', actual: typeof data }}); return; }}\n",
1162 " let items = schema.items || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Array && schema.schema_kind.Type.Array.items);\n",
1163 " if (items) {{ let is = items.Item || items; for (let i = 0; i < Math.min(data.length, 5); i++) {{ __collectErrors(is, data[i], path + '/' + i); }} }}\n",
1164 " }} else if (st === 'string') {{\n",
1165 " if (typeof data !== 'string') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'string', actual: typeof data }}); }}\n",
1166 " }} else if (st === 'integer') {{\n",
1167 " if (typeof data !== 'number' || !Number.isInteger(data)) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'integer', actual: typeof data }}); }}\n",
1168 " }} else if (st === 'number') {{\n",
1169 " if (typeof data !== 'number') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'number', actual: typeof data }}); }}\n",
1170 " }} else if (st === 'boolean') {{\n",
1171 " if (typeof data !== 'boolean') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'boolean', actual: typeof data }}); }}\n",
1172 " }}\n",
1173 " }}\n",
1174 " __collectErrors(__schema, body, '');\n",
1175 " }} catch(_e) {{}}\n",
1176 " __captureFailure('{check}', res, 'schema validation', __violations);\n",
1177 " }}\n",
1178 " }} catch(e) {{ check(res, {{ '{check}': () => false }}); __captureFailure('{check}', res, 'JSON parse failed: ' + e.message); }}\n",
1179 ),
1180 check = check_name,
1181 validation = validation_js,
1182 schema = schema_json_escaped,
1183 ));
1184 }
1185 } else if matches!(
1186 feature,
1187 ConformanceFeature::SecurityBearer
1188 | ConformanceFeature::SecurityBasic
1189 | ConformanceFeature::SecurityApiKey
1190 ) {
1191 script.push_str(&format!(
1193 " {{ let ok = check(res, {{ '{}': (r) => r.status >= 200 && r.status < 400 }}); if (!ok) __captureFailure('{}', res, 'status >= 200 && status < 400 (auth accepted)'); }}\n",
1194 check_name, check_name
1195 ));
1196 } else {
1197 script.push_str(&format!(
1198 " {{ let ok = check(res, {{ '{}': (r) => r.status >= 200 && r.status < 500 }}); if (!ok) __captureFailure('{}', res, 'status >= 200 && status < 500'); }}\n",
1199 check_name, check_name
1200 ));
1201 }
1202
1203 let has_cookie = self.config.has_cookie_header()
1205 || effective_headers.iter().any(|(h, _)| h.eq_ignore_ascii_case("Cookie"));
1206 if has_cookie {
1207 script.push_str(" http.cookieJar().clear(BASE_URL);\n");
1208 }
1209
1210 script.push_str(" }\n");
1211
1212 if self.config.request_delay_ms > 0 {
1214 script.push_str(&format!(
1215 " sleep({:.3});\n",
1216 self.config.request_delay_ms as f64 / 1000.0
1217 ));
1218 }
1219 }
1220
1221 fn emit_request_with_body(
1223 &self,
1224 script: &mut String,
1225 method: &str,
1226 url: &str,
1227 op: &AnnotatedOperation,
1228 effective_headers: &[(String, String)],
1229 ) {
1230 if let Some(body) = &op.sample_body {
1231 let escaped_body = body.replace('\'', "\\'");
1232 let headers = if !effective_headers.is_empty() {
1233 format!(
1234 "Object.assign({{}}, JSON_HEADERS, {})",
1235 Self::format_headers(effective_headers)
1236 )
1237 } else {
1238 "JSON_HEADERS".to_string()
1239 };
1240 script.push_str(&format!(
1241 " let res = http.{}(`{}`, '{}', {{ headers: {} }});\n",
1242 method, url, escaped_body, headers
1243 ));
1244 } else if !effective_headers.is_empty() {
1245 script.push_str(&format!(
1246 " let res = http.{}(`{}`, null, {{ headers: {} }});\n",
1247 method,
1248 url,
1249 Self::format_headers(effective_headers)
1250 ));
1251 } else {
1252 script.push_str(&format!(" let res = http.{}(`{}`, null);\n", method, url));
1253 }
1254 }
1255
1256 fn effective_headers(&self, spec_headers: &[(String, String)]) -> Vec<(String, String)> {
1260 let custom = &self.config.custom_headers;
1261 if custom.is_empty() {
1262 return spec_headers.to_vec();
1263 }
1264
1265 let mut result: Vec<(String, String)> = Vec::new();
1266
1267 for (name, value) in spec_headers {
1269 if let Some((_, custom_val)) =
1270 custom.iter().find(|(cn, _)| cn.eq_ignore_ascii_case(name))
1271 {
1272 result.push((name.clone(), custom_val.clone()));
1273 } else {
1274 result.push((name.clone(), value.clone()));
1275 }
1276 }
1277
1278 for (name, value) in custom {
1280 if !spec_headers.iter().any(|(sn, _)| sn.eq_ignore_ascii_case(name)) {
1281 result.push((name.clone(), value.clone()));
1282 }
1283 }
1284
1285 result
1286 }
1287
1288 fn inject_security_headers(
1291 &self,
1292 schemes: &[SecuritySchemeInfo],
1293 headers: &mut Vec<(String, String)>,
1294 ) {
1295 let mut to_add: Vec<(String, String)> = Vec::new();
1296
1297 let has_header = |name: &str, headers: &[(String, String)]| {
1298 headers.iter().any(|(h, _)| h.eq_ignore_ascii_case(name))
1299 || self.config.custom_headers.iter().any(|(h, _)| h.eq_ignore_ascii_case(name))
1300 };
1301
1302 let has_cookie_auth = has_header("Cookie", headers);
1304
1305 for scheme in schemes {
1306 match scheme {
1307 SecuritySchemeInfo::Bearer => {
1308 if !has_cookie_auth && !has_header("Authorization", headers) {
1309 to_add.push((
1311 "Authorization".to_string(),
1312 "Bearer mockforge-conformance-test-token".to_string(),
1313 ));
1314 }
1315 }
1316 SecuritySchemeInfo::Basic => {
1317 if !has_cookie_auth && !has_header("Authorization", headers) {
1318 let creds = self.config.basic_auth.as_deref().unwrap_or("test:test");
1319 use base64::Engine;
1320 let encoded =
1321 base64::engine::general_purpose::STANDARD.encode(creds.as_bytes());
1322 to_add.push(("Authorization".to_string(), format!("Basic {}", encoded)));
1323 }
1324 }
1325 SecuritySchemeInfo::ApiKey { location, name } => match location {
1326 ApiKeyLocation::Header => {
1327 if !has_header(name, headers) {
1328 let key = self
1329 .config
1330 .api_key
1331 .as_deref()
1332 .unwrap_or("mockforge-conformance-test-key");
1333 to_add.push((name.clone(), key.to_string()));
1334 }
1335 }
1336 ApiKeyLocation::Cookie => {
1337 if !has_header("Cookie", headers) {
1338 to_add.push((
1339 "Cookie".to_string(),
1340 format!("{}=mockforge-conformance-test-session", name),
1341 ));
1342 }
1343 }
1344 ApiKeyLocation::Query => {
1345 }
1347 },
1348 }
1349 }
1350
1351 headers.extend(to_add);
1352 }
1353
1354 fn format_headers(headers: &[(String, String)]) -> String {
1356 let entries: Vec<String> = headers
1357 .iter()
1358 .map(|(k, v)| format!("'{}': '{}'", k, v.replace('\'', "\\'")))
1359 .collect();
1360 format!("{{ {} }}", entries.join(", "))
1361 }
1362
1363 fn generate_handle_summary(&self, script: &mut String) {
1365 let report_path = match &self.config.output_dir {
1367 Some(dir) => {
1368 let abs = std::fs::canonicalize(dir)
1369 .unwrap_or_else(|_| dir.clone())
1370 .join("conformance-report.json");
1371 abs.to_string_lossy().to_string()
1372 }
1373 None => "conformance-report.json".to_string(),
1374 };
1375
1376 script.push_str("export function handleSummary(data) {\n");
1377 script.push_str(" let checks = {};\n");
1378 script.push_str(" if (data.metrics && data.metrics.checks) {\n");
1379 script.push_str(" checks.overall_pass_rate = data.metrics.checks.values.rate;\n");
1380 script.push_str(" }\n");
1381 script.push_str(" let checkResults = {};\n");
1382 script.push_str(" function walkGroups(group) {\n");
1383 script.push_str(" if (group.checks) {\n");
1384 script.push_str(" for (let checkObj of group.checks) {\n");
1385 script.push_str(" checkResults[checkObj.name] = {\n");
1386 script.push_str(" passes: checkObj.passes,\n");
1387 script.push_str(" fails: checkObj.fails,\n");
1388 script.push_str(" };\n");
1389 script.push_str(" }\n");
1390 script.push_str(" }\n");
1391 script.push_str(" if (group.groups) {\n");
1392 script.push_str(" for (let subGroup of group.groups) {\n");
1393 script.push_str(" walkGroups(subGroup);\n");
1394 script.push_str(" }\n");
1395 script.push_str(" }\n");
1396 script.push_str(" }\n");
1397 script.push_str(" if (data.root_group) {\n");
1398 script.push_str(" walkGroups(data.root_group);\n");
1399 script.push_str(" }\n");
1400 script.push_str(" return {\n");
1401 script.push_str(&format!(
1402 " '{}': JSON.stringify({{ checks: checkResults, overall: checks }}, null, 2),\n",
1403 report_path
1404 ));
1405 script.push_str(" 'summary.json': JSON.stringify(data),\n");
1406 script.push_str(" stdout: textSummary(data, { indent: ' ', enableColors: true }),\n");
1407 script.push_str(" };\n");
1408 script.push_str("}\n\n");
1409 script.push_str("function textSummary(data, opts) {\n");
1410 script.push_str(" return JSON.stringify(data, null, 2);\n");
1411 script.push_str("}\n");
1412 }
1413}
1414
1415#[cfg(test)]
1416mod tests {
1417 use super::*;
1418 use openapiv3::{
1419 Operation, ParameterData, ParameterSchemaOrContent, PathStyle, Response, Schema,
1420 SchemaData, SchemaKind, StringType, Type,
1421 };
1422
1423 fn make_op(method: &str, path: &str, operation: Operation) -> ApiOperation {
1424 ApiOperation {
1425 method: method.to_string(),
1426 path: path.to_string(),
1427 operation,
1428 operation_id: None,
1429 }
1430 }
1431
1432 fn empty_spec() -> OpenAPI {
1433 OpenAPI::default()
1434 }
1435
1436 #[test]
1437 fn test_annotate_get_with_path_param() {
1438 let mut op = Operation::default();
1439 op.parameters.push(ReferenceOr::Item(Parameter::Path {
1440 parameter_data: ParameterData {
1441 name: "id".to_string(),
1442 description: None,
1443 required: true,
1444 deprecated: None,
1445 format: ParameterSchemaOrContent::Schema(ReferenceOr::Item(Schema {
1446 schema_data: SchemaData::default(),
1447 schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1448 })),
1449 example: None,
1450 examples: Default::default(),
1451 explode: None,
1452 extensions: Default::default(),
1453 },
1454 style: PathStyle::Simple,
1455 }));
1456
1457 let api_op = make_op("get", "/users/{id}", op);
1458 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1459
1460 assert!(annotated.features.contains(&ConformanceFeature::MethodGet));
1461 assert!(annotated.features.contains(&ConformanceFeature::PathParamString));
1462 assert!(annotated.features.contains(&ConformanceFeature::ConstraintRequired));
1463 assert_eq!(annotated.path_params.len(), 1);
1464 assert_eq!(annotated.path_params[0].0, "id");
1465 }
1466
1467 #[test]
1468 fn test_annotate_post_with_json_body() {
1469 let mut op = Operation::default();
1470 let mut body = RequestBody {
1471 required: true,
1472 ..Default::default()
1473 };
1474 body.content
1475 .insert("application/json".to_string(), openapiv3::MediaType::default());
1476 op.request_body = Some(ReferenceOr::Item(body));
1477
1478 let api_op = make_op("post", "/items", op);
1479 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1480
1481 assert!(annotated.features.contains(&ConformanceFeature::MethodPost));
1482 assert!(annotated.features.contains(&ConformanceFeature::BodyJson));
1483 }
1484
1485 #[test]
1486 fn test_annotate_response_codes() {
1487 let mut op = Operation::default();
1488 op.responses
1489 .responses
1490 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(Response::default()));
1491 op.responses
1492 .responses
1493 .insert(openapiv3::StatusCode::Code(404), ReferenceOr::Item(Response::default()));
1494
1495 let api_op = make_op("get", "/items", op);
1496 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1497
1498 assert!(annotated.features.contains(&ConformanceFeature::Response200));
1499 assert!(annotated.features.contains(&ConformanceFeature::Response404));
1500 }
1501
1502 #[test]
1503 fn test_generate_spec_driven_script() {
1504 let config = ConformanceConfig {
1505 target_url: "http://localhost:3000".to_string(),
1506 api_key: None,
1507 basic_auth: None,
1508 skip_tls_verify: false,
1509 categories: None,
1510 base_path: None,
1511 custom_headers: vec![],
1512 output_dir: None,
1513 all_operations: false,
1514 custom_checks_file: None,
1515 request_delay_ms: 0,
1516 custom_filter: None,
1517 export_requests: false,
1518 validate_requests: false,
1519 };
1520
1521 let operations = vec![AnnotatedOperation {
1522 path: "/users/{id}".to_string(),
1523 method: "GET".to_string(),
1524 features: vec![
1525 ConformanceFeature::MethodGet,
1526 ConformanceFeature::PathParamString,
1527 ],
1528 request_body_content_type: None,
1529 sample_body: None,
1530 query_params: vec![],
1531 header_params: vec![],
1532 path_params: vec![("id".to_string(), "test-value".to_string())],
1533 response_schema: None,
1534 response_schemas: std::collections::BTreeMap::new(),
1535 request_body_schema: None,
1536 security_schemes: vec![],
1537 }];
1538
1539 let gen = SpecDrivenConformanceGenerator::new(config, operations);
1540 let (script, _check_count) = gen.generate().unwrap();
1541
1542 assert!(script.contains("import http from 'k6/http'"));
1543 assert!(script.contains("/users/test-value"));
1544 assert!(script.contains("param:path:string"));
1545 assert!(script.contains("method:GET"));
1546 assert!(script.contains("handleSummary"));
1547 }
1548
1549 #[test]
1550 fn test_generate_with_category_filter() {
1551 let config = ConformanceConfig {
1552 target_url: "http://localhost:3000".to_string(),
1553 api_key: None,
1554 basic_auth: None,
1555 skip_tls_verify: false,
1556 categories: Some(vec!["Parameters".to_string()]),
1557 base_path: None,
1558 custom_headers: vec![],
1559 output_dir: None,
1560 all_operations: false,
1561 custom_checks_file: None,
1562 request_delay_ms: 0,
1563 custom_filter: None,
1564 export_requests: false,
1565 validate_requests: false,
1566 };
1567
1568 let operations = vec![AnnotatedOperation {
1569 path: "/users/{id}".to_string(),
1570 method: "GET".to_string(),
1571 features: vec![
1572 ConformanceFeature::MethodGet,
1573 ConformanceFeature::PathParamString,
1574 ],
1575 request_body_content_type: None,
1576 sample_body: None,
1577 query_params: vec![],
1578 header_params: vec![],
1579 path_params: vec![("id".to_string(), "1".to_string())],
1580 response_schema: None,
1581 response_schemas: std::collections::BTreeMap::new(),
1582 request_body_schema: None,
1583 security_schemes: vec![],
1584 }];
1585
1586 let gen = SpecDrivenConformanceGenerator::new(config, operations);
1587 let (script, _check_count) = gen.generate().unwrap();
1588
1589 assert!(script.contains("group('Parameters'"));
1590 assert!(!script.contains("group('HTTP Methods'"));
1591 }
1592
1593 #[test]
1594 fn test_annotate_response_validation() {
1595 use openapiv3::ObjectType;
1596
1597 let mut op = Operation::default();
1599 let mut response = Response::default();
1600 let mut media = openapiv3::MediaType::default();
1601 let mut obj_type = ObjectType::default();
1602 obj_type.properties.insert(
1603 "name".to_string(),
1604 ReferenceOr::Item(Box::new(Schema {
1605 schema_data: SchemaData::default(),
1606 schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1607 })),
1608 );
1609 obj_type.required = vec!["name".to_string()];
1610 media.schema = Some(ReferenceOr::Item(Schema {
1611 schema_data: SchemaData::default(),
1612 schema_kind: SchemaKind::Type(Type::Object(obj_type)),
1613 }));
1614 response.content.insert("application/json".to_string(), media);
1615 op.responses
1616 .responses
1617 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1618
1619 let api_op = make_op("get", "/users", op);
1620 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1621
1622 assert!(
1623 annotated.features.contains(&ConformanceFeature::ResponseValidation),
1624 "Should detect ResponseValidation when response has a JSON schema"
1625 );
1626 assert!(annotated.response_schema.is_some(), "Should extract the response schema");
1627
1628 let config = ConformanceConfig {
1630 target_url: "http://localhost:3000".to_string(),
1631 api_key: None,
1632 basic_auth: None,
1633 skip_tls_verify: false,
1634 categories: None,
1635 base_path: None,
1636 custom_headers: vec![],
1637 output_dir: None,
1638 all_operations: false,
1639 custom_checks_file: None,
1640 request_delay_ms: 0,
1641 custom_filter: None,
1642 export_requests: false,
1643 validate_requests: false,
1644 };
1645 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1646 let (script, _check_count) = gen.generate().unwrap();
1647
1648 assert!(
1649 script.contains("response:schema:validation"),
1650 "Script should contain the validation check name"
1651 );
1652 assert!(script.contains("try {"), "Script should wrap validation in try-catch");
1653 assert!(script.contains("res.json()"), "Script should parse response as JSON");
1654 }
1655
1656 #[test]
1657 fn test_annotate_global_security() {
1658 let op = Operation::default();
1660 let mut spec = OpenAPI::default();
1661 let mut global_req = openapiv3::SecurityRequirement::new();
1662 global_req.insert("bearerAuth".to_string(), vec![]);
1663 spec.security = Some(vec![global_req]);
1664 let mut components = openapiv3::Components::default();
1666 components.security_schemes.insert(
1667 "bearerAuth".to_string(),
1668 ReferenceOr::Item(SecurityScheme::HTTP {
1669 scheme: "bearer".to_string(),
1670 bearer_format: Some("JWT".to_string()),
1671 description: None,
1672 extensions: Default::default(),
1673 }),
1674 );
1675 spec.components = Some(components);
1676
1677 let api_op = make_op("get", "/protected", op);
1678 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1679
1680 assert!(
1681 annotated.features.contains(&ConformanceFeature::SecurityBearer),
1682 "Should detect SecurityBearer from global security + components"
1683 );
1684 }
1685
1686 #[test]
1687 fn test_annotate_security_scheme_resolution() {
1688 let mut op = Operation::default();
1690 let mut req = openapiv3::SecurityRequirement::new();
1692 req.insert("myAuth".to_string(), vec![]);
1693 op.security = Some(vec![req]);
1694
1695 let mut spec = OpenAPI::default();
1696 let mut components = openapiv3::Components::default();
1697 components.security_schemes.insert(
1698 "myAuth".to_string(),
1699 ReferenceOr::Item(SecurityScheme::APIKey {
1700 location: openapiv3::APIKeyLocation::Header,
1701 name: "X-API-Key".to_string(),
1702 description: None,
1703 extensions: Default::default(),
1704 }),
1705 );
1706 spec.components = Some(components);
1707
1708 let api_op = make_op("get", "/data", op);
1709 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1710
1711 assert!(
1712 annotated.features.contains(&ConformanceFeature::SecurityApiKey),
1713 "Should detect SecurityApiKey from SecurityScheme::APIKey, not name heuristic"
1714 );
1715 }
1716
1717 #[test]
1718 fn test_annotate_content_negotiation() {
1719 let mut op = Operation::default();
1720 let mut response = Response::default();
1721 response
1723 .content
1724 .insert("application/json".to_string(), openapiv3::MediaType::default());
1725 response
1726 .content
1727 .insert("application/xml".to_string(), openapiv3::MediaType::default());
1728 op.responses
1729 .responses
1730 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1731
1732 let api_op = make_op("get", "/items", op);
1733 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1734
1735 assert!(
1736 annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1737 "Should detect ContentNegotiation when response has multiple content types"
1738 );
1739 }
1740
1741 #[test]
1742 fn test_no_content_negotiation_for_single_type() {
1743 let mut op = Operation::default();
1744 let mut response = Response::default();
1745 response
1746 .content
1747 .insert("application/json".to_string(), openapiv3::MediaType::default());
1748 op.responses
1749 .responses
1750 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1751
1752 let api_op = make_op("get", "/items", op);
1753 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1754
1755 assert!(
1756 !annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1757 "Should NOT detect ContentNegotiation for a single content type"
1758 );
1759 }
1760
1761 #[test]
1762 fn test_spec_driven_with_base_path() {
1763 let annotated = AnnotatedOperation {
1764 path: "/users".to_string(),
1765 method: "GET".to_string(),
1766 features: vec![ConformanceFeature::MethodGet],
1767 path_params: vec![],
1768 query_params: vec![],
1769 header_params: vec![],
1770 request_body_content_type: None,
1771 sample_body: None,
1772 response_schema: None,
1773 response_schemas: std::collections::BTreeMap::new(),
1774 request_body_schema: None,
1775 security_schemes: vec![],
1776 };
1777 let config = ConformanceConfig {
1778 target_url: "https://192.168.2.86/".to_string(),
1779 api_key: None,
1780 basic_auth: None,
1781 skip_tls_verify: true,
1782 categories: None,
1783 base_path: Some("/api".to_string()),
1784 custom_headers: vec![],
1785 output_dir: None,
1786 all_operations: false,
1787 custom_checks_file: None,
1788 request_delay_ms: 0,
1789 custom_filter: None,
1790 export_requests: false,
1791 validate_requests: false,
1792 };
1793 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1794 let (script, _check_count) = gen.generate().unwrap();
1795
1796 assert!(
1797 script.contains("const BASE_URL = 'https://192.168.2.86/api'"),
1798 "BASE_URL should include the base_path. Got: {}",
1799 script.lines().find(|l| l.contains("BASE_URL")).unwrap_or("not found")
1800 );
1801 }
1802
1803 #[test]
1804 fn test_spec_driven_with_custom_headers() {
1805 let annotated = AnnotatedOperation {
1806 path: "/users".to_string(),
1807 method: "GET".to_string(),
1808 features: vec![ConformanceFeature::MethodGet],
1809 path_params: vec![],
1810 query_params: vec![],
1811 header_params: vec![
1812 ("X-Avi-Tenant".to_string(), "test-value".to_string()),
1813 ("X-CSRFToken".to_string(), "test-value".to_string()),
1814 ],
1815 request_body_content_type: None,
1816 sample_body: None,
1817 response_schema: None,
1818 response_schemas: std::collections::BTreeMap::new(),
1819 request_body_schema: None,
1820 security_schemes: vec![],
1821 };
1822 let config = ConformanceConfig {
1823 target_url: "https://192.168.2.86/".to_string(),
1824 api_key: None,
1825 basic_auth: None,
1826 skip_tls_verify: true,
1827 categories: None,
1828 base_path: Some("/api".to_string()),
1829 custom_headers: vec![
1830 ("X-Avi-Tenant".to_string(), "admin".to_string()),
1831 ("X-CSRFToken".to_string(), "real-csrf-token".to_string()),
1832 ("Cookie".to_string(), "sessionid=abc123".to_string()),
1833 ],
1834 output_dir: None,
1835 all_operations: false,
1836 custom_checks_file: None,
1837 request_delay_ms: 0,
1838 custom_filter: None,
1839 export_requests: false,
1840 validate_requests: false,
1841 };
1842 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1843 let (script, _check_count) = gen.generate().unwrap();
1844
1845 assert!(
1847 script.contains("'X-Avi-Tenant': 'admin'"),
1848 "Should use custom value for X-Avi-Tenant, not test-value"
1849 );
1850 assert!(
1851 script.contains("'X-CSRFToken': 'real-csrf-token'"),
1852 "Should use custom value for X-CSRFToken, not test-value"
1853 );
1854 assert!(
1856 script.contains("'Cookie': 'sessionid=abc123'"),
1857 "Should include Cookie header from custom_headers"
1858 );
1859 assert!(
1861 !script.contains("'test-value'"),
1862 "test-value placeholders should be replaced by custom values"
1863 );
1864 }
1865
1866 #[test]
1867 fn test_effective_headers_merging() {
1868 let config = ConformanceConfig {
1869 target_url: "http://localhost".to_string(),
1870 api_key: None,
1871 basic_auth: None,
1872 skip_tls_verify: false,
1873 categories: None,
1874 base_path: None,
1875 custom_headers: vec![
1876 ("X-Auth".to_string(), "real-token".to_string()),
1877 ("Cookie".to_string(), "session=abc".to_string()),
1878 ],
1879 output_dir: None,
1880 all_operations: false,
1881 custom_checks_file: None,
1882 request_delay_ms: 0,
1883 custom_filter: None,
1884 export_requests: false,
1885 validate_requests: false,
1886 };
1887 let gen = SpecDrivenConformanceGenerator::new(config, vec![]);
1888
1889 let spec_headers = vec![
1891 ("X-Auth".to_string(), "test-value".to_string()),
1892 ("X-Other".to_string(), "keep-this".to_string()),
1893 ];
1894 let effective = gen.effective_headers(&spec_headers);
1895
1896 assert_eq!(effective[0], ("X-Auth".to_string(), "real-token".to_string()));
1898 assert_eq!(effective[1], ("X-Other".to_string(), "keep-this".to_string()));
1900 assert_eq!(effective[2], ("Cookie".to_string(), "session=abc".to_string()));
1902 }
1903}