1use super::generator::ConformanceConfig;
7use super::schema_validator::SchemaValidatorGenerator;
8use super::spec::ConformanceFeature;
9use crate::error::Result;
10use crate::request_gen::RequestGenerator;
11use crate::spec_parser::ApiOperation;
12use openapiv3::{
13 OpenAPI, Operation, Parameter, ParameterSchemaOrContent, ReferenceOr, RequestBody, Response,
14 Schema, SchemaKind, SecurityScheme, StringFormat, Type, VariantOrUnknownOrEmpty,
15};
16use std::collections::HashSet;
17
18mod ref_resolver {
20 use super::*;
21
22 pub fn resolve_parameter<'a>(
23 param_ref: &'a ReferenceOr<Parameter>,
24 spec: &'a OpenAPI,
25 ) -> Option<&'a Parameter> {
26 match param_ref {
27 ReferenceOr::Item(param) => Some(param),
28 ReferenceOr::Reference { reference } => {
29 let name = reference.strip_prefix("#/components/parameters/")?;
30 let components = spec.components.as_ref()?;
31 match components.parameters.get(name)? {
32 ReferenceOr::Item(param) => Some(param),
33 ReferenceOr::Reference {
34 reference: inner_ref,
35 } => {
36 let inner_name = inner_ref.strip_prefix("#/components/parameters/")?;
38 match components.parameters.get(inner_name)? {
39 ReferenceOr::Item(param) => Some(param),
40 ReferenceOr::Reference { .. } => None,
41 }
42 }
43 }
44 }
45 }
46 }
47
48 pub fn resolve_request_body<'a>(
49 body_ref: &'a ReferenceOr<RequestBody>,
50 spec: &'a OpenAPI,
51 ) -> Option<&'a RequestBody> {
52 match body_ref {
53 ReferenceOr::Item(body) => Some(body),
54 ReferenceOr::Reference { reference } => {
55 let name = reference.strip_prefix("#/components/requestBodies/")?;
56 let components = spec.components.as_ref()?;
57 match components.request_bodies.get(name)? {
58 ReferenceOr::Item(body) => Some(body),
59 ReferenceOr::Reference {
60 reference: inner_ref,
61 } => {
62 let inner_name = inner_ref.strip_prefix("#/components/requestBodies/")?;
64 match components.request_bodies.get(inner_name)? {
65 ReferenceOr::Item(body) => Some(body),
66 ReferenceOr::Reference { .. } => None,
67 }
68 }
69 }
70 }
71 }
72 }
73
74 pub fn resolve_schema<'a>(
75 schema_ref: &'a ReferenceOr<Schema>,
76 spec: &'a OpenAPI,
77 ) -> Option<&'a Schema> {
78 resolve_schema_with_visited(schema_ref, spec, &mut HashSet::new())
79 }
80
81 fn resolve_schema_with_visited<'a>(
82 schema_ref: &'a ReferenceOr<Schema>,
83 spec: &'a OpenAPI,
84 visited: &mut HashSet<String>,
85 ) -> Option<&'a Schema> {
86 match schema_ref {
87 ReferenceOr::Item(schema) => Some(schema),
88 ReferenceOr::Reference { reference } => {
89 if !visited.insert(reference.clone()) {
90 return None; }
92 let name = reference.strip_prefix("#/components/schemas/")?;
93 let components = spec.components.as_ref()?;
94 let nested = components.schemas.get(name)?;
95 resolve_schema_with_visited(nested, spec, visited)
96 }
97 }
98 }
99
100 pub fn resolve_boxed_schema<'a>(
102 schema_ref: &'a ReferenceOr<Box<Schema>>,
103 spec: &'a OpenAPI,
104 ) -> Option<&'a Schema> {
105 match schema_ref {
106 ReferenceOr::Item(schema) => Some(schema.as_ref()),
107 ReferenceOr::Reference { reference } => {
108 let name = reference.strip_prefix("#/components/schemas/")?;
110 let components = spec.components.as_ref()?;
111 let nested = components.schemas.get(name)?;
112 resolve_schema_with_visited(nested, spec, &mut HashSet::new())
113 }
114 }
115 }
116
117 pub fn resolve_response<'a>(
118 resp_ref: &'a ReferenceOr<Response>,
119 spec: &'a OpenAPI,
120 ) -> Option<&'a Response> {
121 match resp_ref {
122 ReferenceOr::Item(resp) => Some(resp),
123 ReferenceOr::Reference { reference } => {
124 let name = reference.strip_prefix("#/components/responses/")?;
125 let components = spec.components.as_ref()?;
126 match components.responses.get(name)? {
127 ReferenceOr::Item(resp) => Some(resp),
128 ReferenceOr::Reference {
129 reference: inner_ref,
130 } => {
131 let inner_name = inner_ref.strip_prefix("#/components/responses/")?;
133 match components.responses.get(inner_name)? {
134 ReferenceOr::Item(resp) => Some(resp),
135 ReferenceOr::Reference { .. } => None,
136 }
137 }
138 }
139 }
140 }
141 }
142}
143
144#[derive(Debug, Clone)]
146pub enum SecuritySchemeInfo {
147 Bearer,
149 Basic,
151 ApiKey {
153 location: ApiKeyLocation,
154 name: String,
155 },
156}
157
158#[derive(Debug, Clone, PartialEq)]
160pub enum ApiKeyLocation {
161 Header,
162 Query,
163 Cookie,
164}
165
166#[derive(Debug, Clone)]
168pub struct AnnotatedOperation {
169 pub path: String,
170 pub method: String,
171 pub features: Vec<ConformanceFeature>,
172 pub request_body_content_type: Option<String>,
173 pub sample_body: Option<String>,
174 pub query_params: Vec<(String, String)>,
175 pub header_params: Vec<(String, String)>,
176 pub path_params: Vec<(String, String)>,
177 pub response_schema: Option<Schema>,
179 pub response_schemas: std::collections::BTreeMap<u16, serde_json::Value>,
187 pub request_body_schema: Option<Schema>,
193 pub security_schemes: Vec<SecuritySchemeInfo>,
195}
196
197pub struct SpecDrivenConformanceGenerator {
199 config: ConformanceConfig,
200 operations: Vec<AnnotatedOperation>,
201}
202
203impl SpecDrivenConformanceGenerator {
204 pub fn new(config: ConformanceConfig, operations: Vec<AnnotatedOperation>) -> Self {
205 Self { config, operations }
206 }
207
208 pub fn annotate_operations(
210 operations: &[ApiOperation],
211 spec: &OpenAPI,
212 ) -> Vec<AnnotatedOperation> {
213 operations.iter().map(|op| Self::annotate_operation(op, spec)).collect()
214 }
215
216 fn annotate_operation(op: &ApiOperation, spec: &OpenAPI) -> AnnotatedOperation {
218 let mut features = Vec::new();
219 let mut query_params = Vec::new();
220 let mut header_params = Vec::new();
221 let mut path_params = Vec::new();
222
223 match op.method.to_uppercase().as_str() {
225 "GET" => features.push(ConformanceFeature::MethodGet),
226 "POST" => features.push(ConformanceFeature::MethodPost),
227 "PUT" => features.push(ConformanceFeature::MethodPut),
228 "PATCH" => features.push(ConformanceFeature::MethodPatch),
229 "DELETE" => features.push(ConformanceFeature::MethodDelete),
230 "HEAD" => features.push(ConformanceFeature::MethodHead),
231 "OPTIONS" => features.push(ConformanceFeature::MethodOptions),
232 _ => {}
233 }
234
235 for param_ref in &op.operation.parameters {
237 if let Some(param) = ref_resolver::resolve_parameter(param_ref, spec) {
238 Self::annotate_parameter(
239 param,
240 spec,
241 &mut features,
242 &mut query_params,
243 &mut header_params,
244 &mut path_params,
245 );
246 }
247 }
248
249 for segment in op.path.split('/') {
251 if segment.starts_with('{') && segment.ends_with('}') {
252 let name = &segment[1..segment.len() - 1];
253 if !path_params.iter().any(|(n, _)| n == name) {
255 path_params.push((name.to_string(), "test-value".to_string()));
256 if !features.contains(&ConformanceFeature::PathParamString)
258 && !features.contains(&ConformanceFeature::PathParamInteger)
259 {
260 features.push(ConformanceFeature::PathParamString);
261 }
262 }
263 }
264 }
265
266 let mut request_body_content_type = None;
268 let mut sample_body = None;
269 let mut request_body_schema: Option<Schema> = None;
270
271 let resolved_body = op
272 .operation
273 .request_body
274 .as_ref()
275 .and_then(|b| ref_resolver::resolve_request_body(b, spec));
276
277 if let Some(body) = resolved_body {
278 for (content_type, _media) in &body.content {
279 match content_type.as_str() {
280 "application/json" => {
281 features.push(ConformanceFeature::BodyJson);
282 request_body_content_type = Some("application/json".to_string());
283 if let Ok(template) = RequestGenerator::generate_template(op) {
285 if let Some(body_val) = &template.body {
286 sample_body = Some(body_val.to_string());
287 }
288 }
289 }
290 "application/x-www-form-urlencoded" => {
291 features.push(ConformanceFeature::BodyFormUrlencoded);
292 request_body_content_type =
293 Some("application/x-www-form-urlencoded".to_string());
294 }
295 "multipart/form-data" => {
296 features.push(ConformanceFeature::BodyMultipart);
297 request_body_content_type = Some("multipart/form-data".to_string());
298 }
299 _ => {}
300 }
301 }
302
303 if let Some(media) = body.content.get("application/json") {
305 if let Some(schema_ref) = &media.schema {
306 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
307 Self::annotate_schema(schema, spec, &mut features);
308 request_body_schema = Some(schema.clone());
312 }
313 }
314 }
315 }
316
317 Self::annotate_responses(&op.operation, spec, &mut features);
319
320 let response_schema = Self::extract_response_schema(&op.operation, spec);
322 if response_schema.is_some() {
323 features.push(ConformanceFeature::ResponseValidation);
324 }
325 let response_schemas = Self::extract_response_schemas_per_status(&op.operation, spec);
327
328 Self::annotate_content_negotiation(&op.operation, spec, &mut features);
330
331 let mut security_schemes = Vec::new();
333 Self::annotate_security(&op.operation, spec, &mut features, &mut security_schemes);
334
335 features.sort_by_key(|f| f.check_name());
337 features.dedup_by_key(|f| f.check_name());
338
339 AnnotatedOperation {
340 path: op.path.clone(),
341 method: op.method.to_uppercase(),
342 features,
343 request_body_content_type,
344 sample_body,
345 query_params,
346 header_params,
347 path_params,
348 response_schema,
349 response_schemas,
350 request_body_schema,
351 security_schemes,
352 }
353 }
354
355 fn annotate_parameter(
357 param: &Parameter,
358 spec: &OpenAPI,
359 features: &mut Vec<ConformanceFeature>,
360 query_params: &mut Vec<(String, String)>,
361 header_params: &mut Vec<(String, String)>,
362 path_params: &mut Vec<(String, String)>,
363 ) {
364 let (location, data) = match param {
365 Parameter::Query { parameter_data, .. } => ("query", parameter_data),
366 Parameter::Path { parameter_data, .. } => ("path", parameter_data),
367 Parameter::Header { parameter_data, .. } => ("header", parameter_data),
368 Parameter::Cookie { .. } => {
369 features.push(ConformanceFeature::CookieParam);
370 return;
371 }
372 };
373
374 let is_integer = Self::param_schema_is_integer(data, spec);
376 let is_array = Self::param_schema_is_array(data, spec);
377
378 let sample = if is_integer {
380 "42".to_string()
381 } else if is_array {
382 "a,b".to_string()
383 } else {
384 "test-value".to_string()
385 };
386
387 match location {
388 "path" => {
389 if is_integer {
390 features.push(ConformanceFeature::PathParamInteger);
391 } else {
392 features.push(ConformanceFeature::PathParamString);
393 }
394 path_params.push((data.name.clone(), sample));
395 }
396 "query" => {
397 if is_array {
398 features.push(ConformanceFeature::QueryParamArray);
399 } else if is_integer {
400 features.push(ConformanceFeature::QueryParamInteger);
401 } else {
402 features.push(ConformanceFeature::QueryParamString);
403 }
404 query_params.push((data.name.clone(), sample));
405 }
406 "header" => {
407 features.push(ConformanceFeature::HeaderParam);
408 header_params.push((data.name.clone(), sample));
409 }
410 _ => {}
411 }
412
413 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
415 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
416 Self::annotate_schema(schema, spec, features);
417 }
418 }
419
420 if data.required {
422 features.push(ConformanceFeature::ConstraintRequired);
423 } else {
424 features.push(ConformanceFeature::ConstraintOptional);
425 }
426 }
427
428 fn param_schema_is_integer(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
429 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
430 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
431 return matches!(&schema.schema_kind, SchemaKind::Type(Type::Integer(_)));
432 }
433 }
434 false
435 }
436
437 fn param_schema_is_array(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
438 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
439 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
440 return matches!(&schema.schema_kind, SchemaKind::Type(Type::Array(_)));
441 }
442 }
443 false
444 }
445
446 fn annotate_schema(schema: &Schema, spec: &OpenAPI, features: &mut Vec<ConformanceFeature>) {
448 match &schema.schema_kind {
449 SchemaKind::Type(Type::String(s)) => {
450 features.push(ConformanceFeature::SchemaString);
451 match &s.format {
453 VariantOrUnknownOrEmpty::Item(StringFormat::Date) => {
454 features.push(ConformanceFeature::FormatDate);
455 }
456 VariantOrUnknownOrEmpty::Item(StringFormat::DateTime) => {
457 features.push(ConformanceFeature::FormatDateTime);
458 }
459 VariantOrUnknownOrEmpty::Unknown(fmt) => match fmt.as_str() {
460 "email" => features.push(ConformanceFeature::FormatEmail),
461 "uuid" => features.push(ConformanceFeature::FormatUuid),
462 "uri" | "url" => features.push(ConformanceFeature::FormatUri),
463 "ipv4" => features.push(ConformanceFeature::FormatIpv4),
464 "ipv6" => features.push(ConformanceFeature::FormatIpv6),
465 _ => {}
466 },
467 _ => {}
468 }
469 if s.pattern.is_some() {
471 features.push(ConformanceFeature::ConstraintPattern);
472 }
473 if !s.enumeration.is_empty() {
474 features.push(ConformanceFeature::ConstraintEnum);
475 }
476 if s.min_length.is_some() || s.max_length.is_some() {
477 features.push(ConformanceFeature::ConstraintMinMax);
478 }
479 }
480 SchemaKind::Type(Type::Integer(i)) => {
481 features.push(ConformanceFeature::SchemaInteger);
482 if i.minimum.is_some() || i.maximum.is_some() {
483 features.push(ConformanceFeature::ConstraintMinMax);
484 }
485 if !i.enumeration.is_empty() {
486 features.push(ConformanceFeature::ConstraintEnum);
487 }
488 }
489 SchemaKind::Type(Type::Number(n)) => {
490 features.push(ConformanceFeature::SchemaNumber);
491 if n.minimum.is_some() || n.maximum.is_some() {
492 features.push(ConformanceFeature::ConstraintMinMax);
493 }
494 }
495 SchemaKind::Type(Type::Boolean(_)) => {
496 features.push(ConformanceFeature::SchemaBoolean);
497 }
498 SchemaKind::Type(Type::Array(arr)) => {
499 features.push(ConformanceFeature::SchemaArray);
500 if let Some(item_ref) = &arr.items {
501 if let Some(item_schema) = ref_resolver::resolve_boxed_schema(item_ref, spec) {
502 Self::annotate_schema(item_schema, spec, features);
503 }
504 }
505 }
506 SchemaKind::Type(Type::Object(obj)) => {
507 features.push(ConformanceFeature::SchemaObject);
508 if !obj.required.is_empty() {
510 features.push(ConformanceFeature::ConstraintRequired);
511 }
512 for (_name, prop_ref) in &obj.properties {
514 if let Some(prop_schema) = ref_resolver::resolve_boxed_schema(prop_ref, spec) {
515 Self::annotate_schema(prop_schema, spec, features);
516 }
517 }
518 }
519 SchemaKind::OneOf { .. } => {
520 features.push(ConformanceFeature::CompositionOneOf);
521 }
522 SchemaKind::AnyOf { .. } => {
523 features.push(ConformanceFeature::CompositionAnyOf);
524 }
525 SchemaKind::AllOf { .. } => {
526 features.push(ConformanceFeature::CompositionAllOf);
527 }
528 _ => {}
529 }
530 }
531
532 fn annotate_responses(
534 operation: &Operation,
535 spec: &OpenAPI,
536 features: &mut Vec<ConformanceFeature>,
537 ) {
538 for (status_code, resp_ref) in &operation.responses.responses {
539 if ref_resolver::resolve_response(resp_ref, spec).is_some() {
541 match status_code {
542 openapiv3::StatusCode::Code(200) => {
543 features.push(ConformanceFeature::Response200)
544 }
545 openapiv3::StatusCode::Code(201) => {
546 features.push(ConformanceFeature::Response201)
547 }
548 openapiv3::StatusCode::Code(204) => {
549 features.push(ConformanceFeature::Response204)
550 }
551 openapiv3::StatusCode::Code(400) => {
552 features.push(ConformanceFeature::Response400)
553 }
554 openapiv3::StatusCode::Code(404) => {
555 features.push(ConformanceFeature::Response404)
556 }
557 _ => {}
558 }
559 }
560 }
561 }
562
563 fn extract_response_schemas_per_status(
569 operation: &Operation,
570 spec: &OpenAPI,
571 ) -> std::collections::BTreeMap<u16, serde_json::Value> {
572 let mut out = std::collections::BTreeMap::new();
573 for (code, resp_ref) in &operation.responses.responses {
574 let openapiv3::StatusCode::Code(n) = code else {
575 continue; };
577 let Some(response) = ref_resolver::resolve_response(resp_ref, spec) else {
578 continue;
579 };
580 let Some(media) = response.content.get("application/json") else {
581 continue;
582 };
583 let Some(schema_ref) = &media.schema else {
584 continue;
585 };
586 let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) else {
587 continue;
588 };
589 if let Ok(value) = serde_json::to_value(schema) {
592 out.insert(*n, value);
593 }
594 }
595 out
596 }
597
598 fn extract_response_schema(operation: &Operation, spec: &OpenAPI) -> Option<Schema> {
601 for code in [200u16, 201] {
603 if let Some(resp_ref) =
604 operation.responses.responses.get(&openapiv3::StatusCode::Code(code))
605 {
606 if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
607 if let Some(media) = response.content.get("application/json") {
608 if let Some(schema_ref) = &media.schema {
609 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
610 return Some(schema.clone());
611 }
612 }
613 }
614 }
615 }
616 }
617 None
618 }
619
620 fn annotate_content_negotiation(
622 operation: &Operation,
623 spec: &OpenAPI,
624 features: &mut Vec<ConformanceFeature>,
625 ) {
626 for (_status_code, resp_ref) in &operation.responses.responses {
627 if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
628 if response.content.len() > 1 {
629 features.push(ConformanceFeature::ContentNegotiation);
630 return; }
632 }
633 }
634 }
635
636 fn annotate_security(
640 operation: &Operation,
641 spec: &OpenAPI,
642 features: &mut Vec<ConformanceFeature>,
643 security_schemes: &mut Vec<SecuritySchemeInfo>,
644 ) {
645 let security_reqs = operation.security.as_ref().or(spec.security.as_ref());
647
648 if let Some(security) = security_reqs {
649 for security_req in security {
650 for scheme_name in security_req.keys() {
651 if let Some(resolved) = Self::resolve_security_scheme(scheme_name, spec) {
653 match resolved {
654 SecurityScheme::HTTP { ref scheme, .. } => {
655 if scheme.eq_ignore_ascii_case("bearer") {
656 features.push(ConformanceFeature::SecurityBearer);
657 security_schemes.push(SecuritySchemeInfo::Bearer);
658 } else if scheme.eq_ignore_ascii_case("basic") {
659 features.push(ConformanceFeature::SecurityBasic);
660 security_schemes.push(SecuritySchemeInfo::Basic);
661 }
662 }
663 SecurityScheme::APIKey { location, name, .. } => {
664 features.push(ConformanceFeature::SecurityApiKey);
665 let loc = match location {
666 openapiv3::APIKeyLocation::Query => ApiKeyLocation::Query,
667 openapiv3::APIKeyLocation::Header => ApiKeyLocation::Header,
668 openapiv3::APIKeyLocation::Cookie => ApiKeyLocation::Cookie,
669 };
670 security_schemes.push(SecuritySchemeInfo::ApiKey {
671 location: loc,
672 name: name.clone(),
673 });
674 }
675 _ => {}
677 }
678 } else {
679 let name_lower = scheme_name.to_lowercase();
681 if name_lower.contains("bearer") || name_lower.contains("jwt") {
682 features.push(ConformanceFeature::SecurityBearer);
683 security_schemes.push(SecuritySchemeInfo::Bearer);
684 } else if name_lower.contains("api") && name_lower.contains("key") {
685 features.push(ConformanceFeature::SecurityApiKey);
686 security_schemes.push(SecuritySchemeInfo::ApiKey {
687 location: ApiKeyLocation::Header,
688 name: "X-API-Key".to_string(),
689 });
690 } else if name_lower.contains("basic") {
691 features.push(ConformanceFeature::SecurityBasic);
692 security_schemes.push(SecuritySchemeInfo::Basic);
693 }
694 }
695 }
696 }
697 }
698 }
699
700 fn resolve_security_scheme<'a>(name: &str, spec: &'a OpenAPI) -> Option<&'a SecurityScheme> {
702 let components = spec.components.as_ref()?;
703 match components.security_schemes.get(name)? {
704 ReferenceOr::Item(scheme) => Some(scheme),
705 ReferenceOr::Reference { .. } => None,
706 }
707 }
708
709 pub fn operation_count(&self) -> usize {
711 self.operations.len()
712 }
713
714 pub fn generate(&self) -> Result<(String, usize)> {
717 let mut script = String::with_capacity(16384);
718
719 script.push_str("import http from 'k6/http';\n");
721 script.push_str("import { check, group } from 'k6';\n");
722 if self.config.request_delay_ms > 0 {
723 script.push_str("import { sleep } from 'k6';\n");
724 }
725 script.push('\n');
726
727 script.push_str(
731 "http.setResponseCallback(http.expectedStatuses({ min: 100, max: 599 }));\n\n",
732 );
733
734 script.push_str("export const options = {\n");
736 script.push_str(" vus: 1,\n");
737 script.push_str(" iterations: 1,\n");
738 if self.config.skip_tls_verify {
739 script.push_str(" insecureSkipTLSVerify: true,\n");
740 }
741 script.push_str(" thresholds: {\n");
742 script.push_str(" checks: ['rate>0'],\n");
743 script.push_str(" },\n");
744 script.push_str("};\n\n");
745
746 script.push_str(&format!("const BASE_URL = '{}';\n\n", self.config.effective_base_url()));
748 script.push_str("const JSON_HEADERS = { 'Content-Type': 'application/json' };\n\n");
749
750 let custom_emit = self.config.generate_custom_group()?;
754 if let Some(emit) = &custom_emit {
755 if !emit.init_code.is_empty() {
756 script.push_str("// Round 39 (#79) — preloaded upload bytes for custom checks\n");
757 script.push_str(&emit.init_code);
758 script.push('\n');
759 }
760 }
761
762 script
765 .push_str("function __captureFailure(checkName, res, expected, schemaViolations) {\n");
766 script.push_str(" let bodyStr = '';\n");
767 script.push_str(" try { if (res.body) { const __n = res.body.length; bodyStr = res.body.substring(0, 65536); if (__n > 65536) bodyStr = bodyStr + ' <truncated at 65536 bytes; full body was ' + __n + ' bytes>'; } else { bodyStr = ''; } } catch(e) { bodyStr = '<unreadable>'; }\n");
768 script.push_str(" let reqHeaders = {};\n");
769 script.push_str(
770 " if (res.request && res.request.headers) { reqHeaders = res.request.headers; }\n",
771 );
772 script.push_str(" let reqBody = '';\n");
773 script.push_str(" if (res.request && res.request.body) { try { const __m = res.request.body.length; reqBody = res.request.body.substring(0, 65536); if (__m > 65536) reqBody = reqBody + ' <truncated at 65536 bytes; full body was ' + __m + ' bytes>'; } catch(e) {} }\n");
774 script.push_str(" let payload = {\n");
775 script.push_str(" check: checkName,\n");
776 script.push_str(" request: {\n");
777 script.push_str(" method: res.request ? res.request.method : 'unknown',\n");
778 script.push_str(" url: res.request ? res.request.url : res.url || 'unknown',\n");
779 script.push_str(" headers: reqHeaders,\n");
780 script.push_str(" body: reqBody,\n");
781 script.push_str(" },\n");
782 script.push_str(" response: {\n");
783 script.push_str(" status: res.status,\n");
784 script.push_str(" headers: res.headers ? Object.fromEntries(Object.entries(res.headers).slice(0, 20)) : {},\n");
785 script.push_str(" body: bodyStr,\n");
786 script.push_str(" },\n");
787 script.push_str(" expected: expected,\n");
788 script.push_str(" };\n");
789 script.push_str(" if (schemaViolations && schemaViolations.length > 0) { payload.schema_violations = schemaViolations; }\n");
790 script.push_str(" console.log('MOCKFORGE_FAILURE:' + JSON.stringify(payload));\n");
791 script.push_str("}\n\n");
792
793 if self.config.export_requests {
802 script.push_str("function __captureExchange(checkName, res) {\n");
803 script.push_str(" try {\n");
804 script.push_str(" let bodyStr = '';\n");
805 script.push_str(" try { if (res.body) { const __n = res.body.length; bodyStr = res.body.substring(0, 65536); if (__n > 65536) bodyStr = bodyStr + ' <truncated at 65536 bytes; full body was ' + __n + ' bytes>'; } else { bodyStr = ''; } } catch(e) { bodyStr = '<unreadable>'; }\n");
806 script.push_str(" let reqHeaders = {};\n");
807 script.push_str(
808 " if (res.request && res.request.headers) { reqHeaders = res.request.headers; }\n",
809 );
810 script.push_str(" let reqBody = '';\n");
814 script.push_str(" {\n");
815 script.push_str(
816 " const ct = (reqHeaders['Content-Type'] || reqHeaders['content-type'] || '').toString();\n",
817 );
818 script.push_str(" const isMultipart = ct.startsWith('multipart/');\n");
819 script.push_str(
820 " if (isMultipart && res.request && res.request.body) {\n\
821 \x20\x20\x20\x20\x20\x20\x20\x20try {\n\
822 \x20\x20\x20\x20\x20\x20\x20\x20 const raw = res.request.body;\n\
823 \x20\x20\x20\x20\x20\x20\x20\x20 let totalBytes = raw.length;\n\
824 \x20\x20\x20\x20\x20\x20\x20\x20 let envelopeBytes = 0;\n\
825 \x20\x20\x20\x20\x20\x20\x20\x20 const boundaryMatch = ct.match(/boundary=([^;]+)/);\n\
826 \x20\x20\x20\x20\x20\x20\x20\x20 const boundary = boundaryMatch ? boundaryMatch[1].replace(/^\"|\"$/g, '') : '';\n\
827 \x20\x20\x20\x20\x20\x20\x20\x20 const parts = [];\n\
828 \x20\x20\x20\x20\x20\x20\x20\x20 if (boundary) {\n\
829 \x20\x20\x20\x20\x20\x20\x20\x20 const sep = '--' + boundary;\n\
830 \x20\x20\x20\x20\x20\x20\x20\x20 let cursor = raw.indexOf(sep);\n\
831 \x20\x20\x20\x20\x20\x20\x20\x20 while (cursor !== -1 && parts.length < 100) {\n\
832 \x20\x20\x20\x20\x20\x20\x20\x20 const next = raw.indexOf(sep, cursor + sep.length);\n\
833 \x20\x20\x20\x20\x20\x20\x20\x20 if (next === -1) break;\n\
834 \x20\x20\x20\x20\x20\x20\x20\x20 const slice = raw.substring(cursor + sep.length, next);\n\
835 \x20\x20\x20\x20\x20\x20\x20\x20 const headerEnd = slice.indexOf('\\r\\n\\r\\n');\n\
836 \x20\x20\x20\x20\x20\x20\x20\x20 const partHeaders = headerEnd === -1 ? slice : slice.substring(0, headerEnd);\n\
837 \x20\x20\x20\x20\x20\x20\x20\x20 const partBody = headerEnd === -1 ? '' : slice.substring(headerEnd + 4);\n\
838 \x20\x20\x20\x20\x20\x20\x20\x20 // Round 50 #79 — ASCII envelope is byte-accurate (see generator.rs).\n\
839 \x20\x20\x20\x20\x20\x20\x20\x20 envelopeBytes += sep.length + partHeaders.length + 6;\n\
840 \x20\x20\x20\x20\x20\x20\x20\x20 const nameMatch = partHeaders.match(/name=\"([^\"]+)\"/);\n\
841 \x20\x20\x20\x20\x20\x20\x20\x20 const filenameMatch = partHeaders.match(/filename=\"([^\"]+)\"/);\n\
842 \x20\x20\x20\x20\x20\x20\x20\x20 const partCtMatch = partHeaders.match(/Content-Type:\\s*([^\\r\\n]+)/i);\n\
843 \x20\x20\x20\x20\x20\x20\x20\x20 parts.push({\n\
844 \x20\x20\x20\x20\x20\x20\x20\x20 name: nameMatch ? nameMatch[1] : '',\n\
845 \x20\x20\x20\x20\x20\x20\x20\x20 filename: filenameMatch ? filenameMatch[1] : '',\n\
846 \x20\x20\x20\x20\x20\x20\x20\x20 contentType: partCtMatch ? partCtMatch[1].trim() : '',\n\
847 \x20\x20\x20\x20\x20\x20\x20\x20 bytes: Math.max(0, partBody.length - 2),\n\
848 \x20\x20\x20\x20\x20\x20\x20\x20 });\n\
849 \x20\x20\x20\x20\x20\x20\x20\x20 cursor = next;\n\
850 \x20\x20\x20\x20\x20\x20\x20\x20 }\n\
851 \x20\x20\x20\x20\x20\x20\x20\x20 if (parts.length) { envelopeBytes += sep.length + 4; }\n\
852 \x20\x20\x20\x20\x20\x20\x20\x20 }\n\
853 \x20\x20\x20\x20\x20\x20\x20\x20 // Round 47 #79 — overlay on-disk byte counts (see generator.rs).\n\
854 \x20\x20\x20\x20\x20\x20\x20\x20 const __mfSizes = (globalThis.__mfUploadSizes || {})[checkName] || {};\n\
855 \x20\x20\x20\x20\x20\x20\x20\x20 let __allKnown = parts.length > 0;\n\
856 \x20\x20\x20\x20\x20\x20\x20\x20 parts.forEach(function (p) { if (typeof __mfSizes[p.name] === 'number') { p.bytes = __mfSizes[p.name]; } else { __allKnown = false; } });\n\
857 \x20\x20\x20\x20\x20\x20\x20\x20 const partsTotal = parts.reduce(function (acc, p) { return acc + p.bytes; }, 0);\n\
858 \x20\x20\x20\x20\x20\x20\x20\x20 if (__allKnown) totalBytes = partsTotal;\n\
859 \x20\x20\x20\x20\x20\x20\x20\x20 // Round 49/50 #79 — total = disk-sum payload; wire = total +\n\
860 \x20\x20\x20\x20\x20\x20\x20\x20 // ASCII envelope. raw.length UNDERcounts binary bodies, so\n\
861 \x20\x20\x20\x20\x20\x20\x20\x20 // never use it for wire when part sizes are known.\n\
862 \x20\x20\x20\x20\x20\x20\x20\x20 const wireBytes = __allKnown ? (partsTotal + envelopeBytes) : ((typeof raw === 'string' && raw.length) ? raw.length : totalBytes);\n\
863 \x20\x20\x20\x20\x20\x20\x20\x20 const summary = parts.map(function (p) { return '\\'' + p.name + '\\':\\'' + p.filename + '\\' (' + p.contentType + ', ' + p.bytes + ' bytes)'; }).join(', ');\n\
864 \x20\x20\x20\x20\x20\x20\x20\x20 reqBody = '<multipart/form-data; boundary=' + boundary + '; ' + parts.length + ' part(s); total ' + totalBytes + ' bytes (wire ' + wireBytes + ' bytes w/ envelope): ' + summary + '>';\n\
865 \x20\x20\x20\x20\x20\x20\x20\x20} catch (e) {\n\
866 \x20\x20\x20\x20\x20\x20\x20\x20 reqBody = '<multipart upload; summary failed: ' + (e && e.message ? e.message : 'unknown') + '>';\n\
867 \x20\x20\x20\x20\x20\x20\x20\x20}\n\
868 \x20\x20\x20\x20\x20\x20} else if (isMultipart) {\n\
869 \x20\x20\x20\x20\x20\x20\x20\x20reqBody = '<multipart upload; body bytes not surfaced by k6 res.request.body>';\n\
870 \x20\x20\x20\x20\x20\x20} else if (res.request && res.request.body) {\n\
871 \x20\x20\x20\x20\x20\x20\x20\x20try { const __m = res.request.body.length; reqBody = res.request.body.substring(0, 65536); if (__m > 65536) reqBody = reqBody + ' <truncated at 65536 bytes; full body was ' + __m + ' bytes>'; } catch (e) {}\n\
872 \x20\x20\x20\x20\x20\x20}\n\
873 \x20\x20\x20\x20}\n",
874 );
875 script.push_str(
877 " if (res && res.status === 0) {\n\
878 \x20\x20\x20\x20\x20\x20const ec = (res.error_code != null) ? res.error_code : 0;\n\
879 \x20\x20\x20\x20\x20\x20const em = (res.error != null) ? String(res.error) : '';\n\
880 \x20\x20\x20\x20\x20\x20let kind = 'other';\n\
881 \x20\x20\x20\x20\x20\x20if (ec >= 1200 && ec < 1300) kind = 'connect';\n\
882 \x20\x20\x20\x20\x20\x20else if (ec >= 1300 && ec < 1400) kind = 'tls';\n\
883 \x20\x20\x20\x20\x20\x20else if (ec >= 1400 && ec < 1500) kind = 'timeout';\n\
884 \x20\x20\x20\x20\x20\x20else if (em.toLowerCase().indexOf('eof') !== -1) kind = 'connect';\n \x20\x20\x20\x20\x20\x20else if (em.toLowerCase().indexOf('timeout') !== -1) kind = 'timeout';\n\
885 \x20\x20\x20\x20\x20\x20else if (em.toLowerCase().indexOf('tls') !== -1) kind = 'tls';\n\
886 \x20\x20\x20\x20\x20\x20else if (em.toLowerCase().indexOf('connect') !== -1 || em.toLowerCase().indexOf('refused') !== -1) kind = 'connect';\n\
887 \x20\x20\x20\x20\x20\x20console.log('MOCKFORGE_NETWORK_EVENT:' + JSON.stringify({\n\
888 \x20\x20\x20\x20\x20\x20 timestamp: new Date().toISOString(),\n\
889 \x20\x20\x20\x20\x20\x20 check: checkName,\n\
890 \x20\x20\x20\x20\x20\x20 method: res.request ? res.request.method : 'unknown',\n\
891 \x20\x20\x20\x20\x20\x20 url: res.request ? res.request.url : res.url || 'unknown',\n\
892 \x20\x20\x20\x20\x20\x20 kind: kind,\n\
893 \x20\x20\x20\x20\x20\x20 error_code: ec,\n\
894 \x20\x20\x20\x20\x20\x20 message: em,\n\
895 \x20\x20\x20\x20\x20\x20}));\n\
896 \x20\x20\x20\x20}\n",
897 );
898 script.push_str(" console.log('MOCKFORGE_EXCHANGE:' + JSON.stringify({\n");
899 script.push_str(" check: checkName,\n");
900 script.push_str(" request: {\n");
901 script.push_str(" method: res.request ? res.request.method : 'unknown',\n");
902 script.push_str(" url: res.request ? res.request.url : res.url || 'unknown',\n");
903 script.push_str(" headers: reqHeaders,\n");
904 script.push_str(" body: reqBody,\n");
905 script.push_str(" },\n");
906 script.push_str(" response: {\n");
907 script.push_str(" status: res.status,\n");
908 script.push_str(" headers: res.headers ? Object.fromEntries(Object.entries(res.headers).slice(0, 30)) : {},\n");
909 script.push_str(" body: bodyStr,\n");
910 script.push_str(" },\n");
911 script.push_str(" }));\n");
912 script.push_str(" } catch (e) {\n");
913 script.push_str(" try {\n");
914 script.push_str(" console.log('MOCKFORGE_EXCHANGE:' + JSON.stringify({\n");
915 script.push_str(" check: checkName,\n");
916 script.push_str(" request: {\n");
917 script.push_str(
918 " method: (res && res.request) ? res.request.method : 'unknown',\n",
919 );
920 script.push_str(" url: (res && res.request) ? res.request.url : (res && res.url) || 'unknown',\n");
921 script.push_str(" headers: {},\n");
922 script.push_str(" body: '<exchange capture failed: ' + (e && e.message ? e.message : 'unknown error') + '>',\n");
923 script.push_str(" },\n");
924 script.push_str(" response: {\n");
925 script.push_str(" status: (res && res.status) || 0,\n");
926 script.push_str(" headers: {},\n");
927 script.push_str(" body: '',\n");
928 script.push_str(" },\n");
929 script.push_str(" _export_error: (e && e.message) ? e.message : String(e),\n");
930 script.push_str(" }));\n");
931 script.push_str(" } catch (e2) {\n");
932 script.push_str(" console.log('MOCKFORGE_EXCHANGE:{\"check\":\"' + checkName + '\",\"request\":{\"method\":\"unknown\",\"url\":\"unknown\",\"headers\":{},\"body\":\"\"},\"response\":{\"status\":0,\"headers\":{},\"body\":\"\"},\"_export_error\":\"double-fault\"}');\n");
933 script.push_str(" }\n");
934 script.push_str(" }\n");
935 script.push_str("}\n\n");
936 }
937
938 script.push_str("export default function () {\n");
940
941 if self.config.has_cookie_header() {
942 script.push_str(
943 " // Clear cookie jar to prevent server Set-Cookie from duplicating custom Cookie header\n",
944 );
945 script.push_str(" http.cookieJar().clear(BASE_URL);\n\n");
946 }
947
948 let mut category_ops: std::collections::BTreeMap<
950 &'static str,
951 Vec<(&AnnotatedOperation, &ConformanceFeature)>,
952 > = std::collections::BTreeMap::new();
953
954 for op in &self.operations {
955 for feature in &op.features {
956 let category = feature.category();
957 if self.config.should_include_category(category) {
958 category_ops.entry(category).or_default().push((op, feature));
959 }
960 }
961 }
962
963 let mut total_checks = 0usize;
965 for (category, ops) in &category_ops {
966 script.push_str(&format!(" group('{}', function () {{\n", category));
967
968 if self.config.all_operations {
969 let mut emitted_checks: HashSet<String> = HashSet::new();
971 for (op, feature) in ops {
972 let qualified = format!("{}:{}", feature.check_name(), op.path);
973 if emitted_checks.insert(qualified.clone()) {
974 self.emit_check_named(&mut script, op, feature, &qualified);
975 total_checks += 1;
976 }
977 }
978 } else {
979 let mut emitted_features: HashSet<&str> = HashSet::new();
982 for (op, feature) in ops {
983 if emitted_features.insert(feature.check_name()) {
984 let qualified = format!("{}:{}", feature.check_name(), op.path);
985 self.emit_check_named(&mut script, op, feature, &qualified);
986 total_checks += 1;
987 }
988 }
989 }
990
991 script.push_str(" });\n\n");
992 }
993
994 if let Some(emit) = custom_emit {
998 script.push_str(&emit.group_body);
999 }
1000
1001 script.push_str("}\n\n");
1002
1003 self.generate_handle_summary(&mut script);
1005
1006 Ok((script, total_checks))
1007 }
1008
1009 fn emit_check_named(
1011 &self,
1012 script: &mut String,
1013 op: &AnnotatedOperation,
1014 feature: &ConformanceFeature,
1015 check_name: &str,
1016 ) {
1017 let check_name = check_name.replace('\'', "\\'");
1019 let check_name = check_name.as_str();
1020
1021 script.push_str(" {\n");
1022
1023 let mut url_path = op.path.clone();
1025 for (name, value) in &op.path_params {
1026 url_path = url_path.replace(&format!("{{{}}}", name), value);
1027 }
1028
1029 if !op.query_params.is_empty() {
1031 let qs: Vec<String> =
1032 op.query_params.iter().map(|(k, v)| format!("{}={}", k, v)).collect();
1033 url_path = format!("{}?{}", url_path, qs.join("&"));
1034 }
1035
1036 let full_url = format!("${{BASE_URL}}{}", url_path);
1037
1038 let mut effective_headers = self.effective_headers(&op.header_params);
1041
1042 if matches!(feature, ConformanceFeature::Response400 | ConformanceFeature::Response404) {
1045 let expected_code = match feature {
1046 ConformanceFeature::Response400 => "400",
1047 ConformanceFeature::Response404 => "404",
1048 _ => unreachable!(),
1049 };
1050 effective_headers
1051 .push(("X-Mockforge-Response-Status".to_string(), expected_code.to_string()));
1052 }
1053
1054 let needs_auth = matches!(
1058 feature,
1059 ConformanceFeature::SecurityBearer
1060 | ConformanceFeature::SecurityBasic
1061 | ConformanceFeature::SecurityApiKey
1062 ) || !op.security_schemes.is_empty();
1063
1064 if needs_auth {
1065 self.inject_security_headers(&op.security_schemes, &mut effective_headers);
1066 }
1067
1068 let has_headers = !effective_headers.is_empty();
1069 let headers_obj = if has_headers {
1070 Self::format_headers(&effective_headers)
1071 } else {
1072 String::new()
1073 };
1074
1075 match op.method.as_str() {
1077 "GET" => {
1078 if has_headers {
1079 script.push_str(&format!(
1080 " let res = http.get(`{}`, {{ headers: {} }});\n",
1081 full_url, headers_obj
1082 ));
1083 } else {
1084 script.push_str(&format!(" let res = http.get(`{}`);\n", full_url));
1085 }
1086 }
1087 "POST" => {
1088 self.emit_request_with_body(script, "post", &full_url, op, &effective_headers);
1089 }
1090 "PUT" => {
1091 self.emit_request_with_body(script, "put", &full_url, op, &effective_headers);
1092 }
1093 "PATCH" => {
1094 self.emit_request_with_body(script, "patch", &full_url, op, &effective_headers);
1095 }
1096 "DELETE" => {
1097 if has_headers {
1098 script.push_str(&format!(
1099 " let res = http.del(`{}`, null, {{ headers: {} }});\n",
1100 full_url, headers_obj
1101 ));
1102 } else {
1103 script.push_str(&format!(" let res = http.del(`{}`);\n", full_url));
1104 }
1105 }
1106 "HEAD" => {
1107 if has_headers {
1108 script.push_str(&format!(
1109 " let res = http.head(`{}`, {{ headers: {} }});\n",
1110 full_url, headers_obj
1111 ));
1112 } else {
1113 script.push_str(&format!(" let res = http.head(`{}`);\n", full_url));
1114 }
1115 }
1116 "OPTIONS" => {
1117 if has_headers {
1118 script.push_str(&format!(
1119 " let res = http.options(`{}`, null, {{ headers: {} }});\n",
1120 full_url, headers_obj
1121 ));
1122 } else {
1123 script.push_str(&format!(" let res = http.options(`{}`);\n", full_url));
1124 }
1125 }
1126 _ => {
1127 if has_headers {
1128 script.push_str(&format!(
1129 " let res = http.get(`{}`, {{ headers: {} }});\n",
1130 full_url, headers_obj
1131 ));
1132 } else {
1133 script.push_str(&format!(" let res = http.get(`{}`);\n", full_url));
1134 }
1135 }
1136 }
1137
1138 if self.config.export_requests {
1141 script.push_str(&format!(
1142 " if (typeof __captureExchange === 'function') __captureExchange('{}', res);\n",
1143 check_name
1144 ));
1145 }
1146
1147 if matches!(
1149 feature,
1150 ConformanceFeature::Response200
1151 | ConformanceFeature::Response201
1152 | ConformanceFeature::Response204
1153 | ConformanceFeature::Response400
1154 | ConformanceFeature::Response404
1155 ) {
1156 let expected_code = match feature {
1157 ConformanceFeature::Response200 => 200,
1158 ConformanceFeature::Response201 => 201,
1159 ConformanceFeature::Response204 => 204,
1160 ConformanceFeature::Response400 => 400,
1161 ConformanceFeature::Response404 => 404,
1162 _ => 200,
1163 };
1164 script.push_str(&format!(
1165 " {{ let ok = check(res, {{ '{}': (r) => r.status === {} }}); if (!ok) __captureFailure('{}', res, 'status === {}'); }}\n",
1166 check_name, expected_code, check_name, expected_code
1167 ));
1168 } else if matches!(feature, ConformanceFeature::ResponseValidation) {
1169 if let Some(schema) = &op.response_schema {
1174 let validation_js = SchemaValidatorGenerator::generate_validation(schema);
1175 let schema_json = serde_json::to_string(schema).unwrap_or_default();
1176 let schema_json_escaped = schema_json.replace('\\', "\\\\").replace('`', "\\`");
1178 script.push_str(&format!(
1179 concat!(
1180 " try {{\n",
1181 " let body = res.json();\n",
1182 " let ok = check(res, {{ '{check}': (r) => ( {validation} ) }});\n",
1183 " if (!ok) {{\n",
1184 " let __violations = [];\n",
1185 " try {{\n",
1186 " let __schema = JSON.parse(`{schema}`);\n",
1187 " function __collectErrors(schema, data, path) {{\n",
1188 " if (!schema || typeof schema !== 'object') return;\n",
1189 " let st = schema.type || (schema.schema_kind && schema.schema_kind.Type && Object.keys(schema.schema_kind.Type)[0]);\n",
1190 " if (st) {{ st = st.toLowerCase(); }}\n",
1191 " if (st === 'object') {{\n",
1192 " if (typeof data !== 'object' || data === null) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'object', actual: typeof data }}); return; }}\n",
1193 " let props = schema.properties || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Object && schema.schema_kind.Type.Object.properties) || {{}};\n",
1194 " let req = schema.required || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Object && schema.schema_kind.Type.Object.required) || [];\n",
1195 " for (let f of req) {{ if (!(f in data)) {{ __violations.push({{ field_path: path + '/' + f, violation_type: 'required', expected: 'present', actual: 'missing' }}); }} }}\n",
1196 " for (let [k, v] of Object.entries(props)) {{ if (data[k] !== undefined) {{ let ps = v.Item || v; __collectErrors(ps, data[k], path + '/' + k); }} }}\n",
1197 " }} else if (st === 'array') {{\n",
1198 " if (!Array.isArray(data)) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'array', actual: typeof data }}); return; }}\n",
1199 " let items = schema.items || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Array && schema.schema_kind.Type.Array.items);\n",
1200 " if (items) {{ let is = items.Item || items; for (let i = 0; i < Math.min(data.length, 5); i++) {{ __collectErrors(is, data[i], path + '/' + i); }} }}\n",
1201 " }} else if (st === 'string') {{\n",
1202 " if (typeof data !== 'string') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'string', actual: typeof data }}); }}\n",
1203 " }} else if (st === 'integer') {{\n",
1204 " if (typeof data !== 'number' || !Number.isInteger(data)) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'integer', actual: typeof data }}); }}\n",
1205 " }} else if (st === 'number') {{\n",
1206 " if (typeof data !== 'number') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'number', actual: typeof data }}); }}\n",
1207 " }} else if (st === 'boolean') {{\n",
1208 " if (typeof data !== 'boolean') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'boolean', actual: typeof data }}); }}\n",
1209 " }}\n",
1210 " }}\n",
1211 " __collectErrors(__schema, body, '');\n",
1212 " }} catch(_e) {{}}\n",
1213 " __captureFailure('{check}', res, 'schema validation', __violations);\n",
1214 " }}\n",
1215 " }} catch(e) {{ check(res, {{ '{check}': () => false }}); __captureFailure('{check}', res, 'JSON parse failed: ' + e.message); }}\n",
1216 ),
1217 check = check_name,
1218 validation = validation_js,
1219 schema = schema_json_escaped,
1220 ));
1221 }
1222 } else if matches!(
1223 feature,
1224 ConformanceFeature::SecurityBearer
1225 | ConformanceFeature::SecurityBasic
1226 | ConformanceFeature::SecurityApiKey
1227 ) {
1228 script.push_str(&format!(
1230 " {{ let ok = check(res, {{ '{}': (r) => r.status >= 200 && r.status < 400 }}); if (!ok) __captureFailure('{}', res, 'status >= 200 && status < 400 (auth accepted)'); }}\n",
1231 check_name, check_name
1232 ));
1233 } else {
1234 script.push_str(&format!(
1235 " {{ let ok = check(res, {{ '{}': (r) => r.status >= 200 && r.status < 500 }}); if (!ok) __captureFailure('{}', res, 'status >= 200 && status < 500'); }}\n",
1236 check_name, check_name
1237 ));
1238 }
1239
1240 let has_cookie = self.config.has_cookie_header()
1242 || effective_headers.iter().any(|(h, _)| h.eq_ignore_ascii_case("Cookie"));
1243 if has_cookie {
1244 script.push_str(" http.cookieJar().clear(BASE_URL);\n");
1245 }
1246
1247 script.push_str(" }\n");
1248
1249 if self.config.request_delay_ms > 0 {
1251 script.push_str(&format!(
1252 " sleep({:.3});\n",
1253 self.config.request_delay_ms as f64 / 1000.0
1254 ));
1255 }
1256 }
1257
1258 fn emit_request_with_body(
1260 &self,
1261 script: &mut String,
1262 method: &str,
1263 url: &str,
1264 op: &AnnotatedOperation,
1265 effective_headers: &[(String, String)],
1266 ) {
1267 if let Some(body) = &op.sample_body {
1268 let escaped_body = body.replace('\'', "\\'");
1269 let headers = if !effective_headers.is_empty() {
1270 format!(
1271 "Object.assign({{}}, JSON_HEADERS, {})",
1272 Self::format_headers(effective_headers)
1273 )
1274 } else {
1275 "JSON_HEADERS".to_string()
1276 };
1277 script.push_str(&format!(
1278 " let res = http.{}(`{}`, '{}', {{ headers: {} }});\n",
1279 method, url, escaped_body, headers
1280 ));
1281 } else if !effective_headers.is_empty() {
1282 script.push_str(&format!(
1283 " let res = http.{}(`{}`, null, {{ headers: {} }});\n",
1284 method,
1285 url,
1286 Self::format_headers(effective_headers)
1287 ));
1288 } else {
1289 script.push_str(&format!(" let res = http.{}(`{}`, null);\n", method, url));
1290 }
1291 }
1292
1293 fn effective_headers(&self, spec_headers: &[(String, String)]) -> Vec<(String, String)> {
1297 let custom = &self.config.custom_headers;
1298 if custom.is_empty() {
1299 return spec_headers.to_vec();
1300 }
1301
1302 let mut result: Vec<(String, String)> = Vec::new();
1303
1304 for (name, value) in spec_headers {
1306 if let Some((_, custom_val)) =
1307 custom.iter().find(|(cn, _)| cn.eq_ignore_ascii_case(name))
1308 {
1309 result.push((name.clone(), custom_val.clone()));
1310 } else {
1311 result.push((name.clone(), value.clone()));
1312 }
1313 }
1314
1315 for (name, value) in custom {
1317 if !spec_headers.iter().any(|(sn, _)| sn.eq_ignore_ascii_case(name)) {
1318 result.push((name.clone(), value.clone()));
1319 }
1320 }
1321
1322 result
1323 }
1324
1325 fn inject_security_headers(
1328 &self,
1329 schemes: &[SecuritySchemeInfo],
1330 headers: &mut Vec<(String, String)>,
1331 ) {
1332 let mut to_add: Vec<(String, String)> = Vec::new();
1333
1334 let has_header = |name: &str, headers: &[(String, String)]| {
1335 headers.iter().any(|(h, _)| h.eq_ignore_ascii_case(name))
1336 || self.config.custom_headers.iter().any(|(h, _)| h.eq_ignore_ascii_case(name))
1337 };
1338
1339 let has_cookie_auth = has_header("Cookie", headers);
1341
1342 for scheme in schemes {
1343 match scheme {
1344 SecuritySchemeInfo::Bearer => {
1345 if !has_cookie_auth && !has_header("Authorization", headers) {
1346 to_add.push((
1348 "Authorization".to_string(),
1349 "Bearer mockforge-conformance-test-token".to_string(),
1350 ));
1351 }
1352 }
1353 SecuritySchemeInfo::Basic => {
1354 if !has_cookie_auth && !has_header("Authorization", headers) {
1355 let creds = self.config.basic_auth.as_deref().unwrap_or("test:test");
1356 use base64::Engine;
1357 let encoded =
1358 base64::engine::general_purpose::STANDARD.encode(creds.as_bytes());
1359 to_add.push(("Authorization".to_string(), format!("Basic {}", encoded)));
1360 }
1361 }
1362 SecuritySchemeInfo::ApiKey { location, name } => match location {
1363 ApiKeyLocation::Header => {
1364 if !has_header(name, headers) {
1365 let key = self
1366 .config
1367 .api_key
1368 .as_deref()
1369 .unwrap_or("mockforge-conformance-test-key");
1370 to_add.push((name.clone(), key.to_string()));
1371 }
1372 }
1373 ApiKeyLocation::Cookie => {
1374 if !has_header("Cookie", headers) {
1375 to_add.push((
1376 "Cookie".to_string(),
1377 format!("{}=mockforge-conformance-test-session", name),
1378 ));
1379 }
1380 }
1381 ApiKeyLocation::Query => {
1382 }
1384 },
1385 }
1386 }
1387
1388 headers.extend(to_add);
1389 }
1390
1391 fn format_headers(headers: &[(String, String)]) -> String {
1393 let entries: Vec<String> = headers
1394 .iter()
1395 .map(|(k, v)| format!("'{}': '{}'", k, v.replace('\'', "\\'")))
1396 .collect();
1397 format!("{{ {} }}", entries.join(", "))
1398 }
1399
1400 fn generate_handle_summary(&self, script: &mut String) {
1402 let report_path = match &self.config.output_dir {
1404 Some(dir) => {
1405 let abs = std::fs::canonicalize(dir)
1406 .unwrap_or_else(|_| dir.clone())
1407 .join("conformance-report.json");
1408 abs.to_string_lossy().to_string()
1409 }
1410 None => "conformance-report.json".to_string(),
1411 };
1412
1413 script.push_str("export function handleSummary(data) {\n");
1414 script.push_str(" let checks = {};\n");
1415 script.push_str(" if (data.metrics && data.metrics.checks) {\n");
1416 script.push_str(" checks.overall_pass_rate = data.metrics.checks.values.rate;\n");
1417 script.push_str(" }\n");
1418 script.push_str(" let checkResults = {};\n");
1419 script.push_str(" function walkGroups(group) {\n");
1420 script.push_str(" if (group.checks) {\n");
1421 script.push_str(" for (let checkObj of group.checks) {\n");
1422 script.push_str(" checkResults[checkObj.name] = {\n");
1423 script.push_str(" passes: checkObj.passes,\n");
1424 script.push_str(" fails: checkObj.fails,\n");
1425 script.push_str(" };\n");
1426 script.push_str(" }\n");
1427 script.push_str(" }\n");
1428 script.push_str(" if (group.groups) {\n");
1429 script.push_str(" for (let subGroup of group.groups) {\n");
1430 script.push_str(" walkGroups(subGroup);\n");
1431 script.push_str(" }\n");
1432 script.push_str(" }\n");
1433 script.push_str(" }\n");
1434 script.push_str(" if (data.root_group) {\n");
1435 script.push_str(" walkGroups(data.root_group);\n");
1436 script.push_str(" }\n");
1437 script.push_str(" return {\n");
1438 script.push_str(&format!(
1439 " '{}': JSON.stringify({{ checks: checkResults, overall: checks }}, null, 2),\n",
1440 report_path
1441 ));
1442 script.push_str(" 'summary.json': JSON.stringify(data),\n");
1443 script.push_str(" stdout: textSummary(data, { indent: ' ', enableColors: true }),\n");
1444 script.push_str(" };\n");
1445 script.push_str("}\n\n");
1446 script.push_str("function textSummary(data, opts) {\n");
1447 script.push_str(" return JSON.stringify(data, null, 2);\n");
1448 script.push_str("}\n");
1449 }
1450}
1451
1452#[cfg(test)]
1453mod tests {
1454 use super::*;
1455 use openapiv3::{
1456 Operation, ParameterData, ParameterSchemaOrContent, PathStyle, Response, Schema,
1457 SchemaData, SchemaKind, StringType, Type,
1458 };
1459
1460 fn make_op(method: &str, path: &str, operation: Operation) -> ApiOperation {
1461 ApiOperation {
1462 method: method.to_string(),
1463 path: path.to_string(),
1464 operation,
1465 operation_id: None,
1466 }
1467 }
1468
1469 fn empty_spec() -> OpenAPI {
1470 OpenAPI::default()
1471 }
1472
1473 #[test]
1474 fn test_annotate_get_with_path_param() {
1475 let mut op = Operation::default();
1476 op.parameters.push(ReferenceOr::Item(Parameter::Path {
1477 parameter_data: ParameterData {
1478 name: "id".to_string(),
1479 description: None,
1480 required: true,
1481 deprecated: None,
1482 format: ParameterSchemaOrContent::Schema(ReferenceOr::Item(Schema {
1483 schema_data: SchemaData::default(),
1484 schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1485 })),
1486 example: None,
1487 examples: Default::default(),
1488 explode: None,
1489 extensions: Default::default(),
1490 },
1491 style: PathStyle::Simple,
1492 }));
1493
1494 let api_op = make_op("get", "/users/{id}", op);
1495 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1496
1497 assert!(annotated.features.contains(&ConformanceFeature::MethodGet));
1498 assert!(annotated.features.contains(&ConformanceFeature::PathParamString));
1499 assert!(annotated.features.contains(&ConformanceFeature::ConstraintRequired));
1500 assert_eq!(annotated.path_params.len(), 1);
1501 assert_eq!(annotated.path_params[0].0, "id");
1502 }
1503
1504 #[test]
1505 fn test_annotate_post_with_json_body() {
1506 let mut op = Operation::default();
1507 let mut body = RequestBody {
1508 required: true,
1509 ..Default::default()
1510 };
1511 body.content
1512 .insert("application/json".to_string(), openapiv3::MediaType::default());
1513 op.request_body = Some(ReferenceOr::Item(body));
1514
1515 let api_op = make_op("post", "/items", op);
1516 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1517
1518 assert!(annotated.features.contains(&ConformanceFeature::MethodPost));
1519 assert!(annotated.features.contains(&ConformanceFeature::BodyJson));
1520 }
1521
1522 #[test]
1523 fn test_annotate_response_codes() {
1524 let mut op = Operation::default();
1525 op.responses
1526 .responses
1527 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(Response::default()));
1528 op.responses
1529 .responses
1530 .insert(openapiv3::StatusCode::Code(404), ReferenceOr::Item(Response::default()));
1531
1532 let api_op = make_op("get", "/items", op);
1533 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1534
1535 assert!(annotated.features.contains(&ConformanceFeature::Response200));
1536 assert!(annotated.features.contains(&ConformanceFeature::Response404));
1537 }
1538
1539 #[test]
1540 fn test_generate_spec_driven_script() {
1541 let config = ConformanceConfig {
1542 target_url: "http://localhost:3000".to_string(),
1543 api_key: None,
1544 basic_auth: None,
1545 skip_tls_verify: false,
1546 categories: None,
1547 base_path: None,
1548 custom_headers: vec![],
1549 output_dir: None,
1550 all_operations: false,
1551 custom_checks_file: None,
1552 request_delay_ms: 0,
1553 custom_filter: None,
1554 export_requests: false,
1555 validate_requests: false,
1556 };
1557
1558 let operations = vec![AnnotatedOperation {
1559 path: "/users/{id}".to_string(),
1560 method: "GET".to_string(),
1561 features: vec![
1562 ConformanceFeature::MethodGet,
1563 ConformanceFeature::PathParamString,
1564 ],
1565 request_body_content_type: None,
1566 sample_body: None,
1567 query_params: vec![],
1568 header_params: vec![],
1569 path_params: vec![("id".to_string(), "test-value".to_string())],
1570 response_schema: None,
1571 response_schemas: std::collections::BTreeMap::new(),
1572 request_body_schema: None,
1573 security_schemes: vec![],
1574 }];
1575
1576 let gen = SpecDrivenConformanceGenerator::new(config, operations);
1577 let (script, _check_count) = gen.generate().unwrap();
1578
1579 assert!(script.contains("import http from 'k6/http'"));
1580 assert!(script.contains("/users/test-value"));
1581 assert!(script.contains("param:path:string"));
1582 assert!(script.contains("method:GET"));
1583 assert!(script.contains("handleSummary"));
1584 }
1585
1586 #[test]
1587 fn test_generate_with_category_filter() {
1588 let config = ConformanceConfig {
1589 target_url: "http://localhost:3000".to_string(),
1590 api_key: None,
1591 basic_auth: None,
1592 skip_tls_verify: false,
1593 categories: Some(vec!["Parameters".to_string()]),
1594 base_path: None,
1595 custom_headers: vec![],
1596 output_dir: None,
1597 all_operations: false,
1598 custom_checks_file: None,
1599 request_delay_ms: 0,
1600 custom_filter: None,
1601 export_requests: false,
1602 validate_requests: false,
1603 };
1604
1605 let operations = vec![AnnotatedOperation {
1606 path: "/users/{id}".to_string(),
1607 method: "GET".to_string(),
1608 features: vec![
1609 ConformanceFeature::MethodGet,
1610 ConformanceFeature::PathParamString,
1611 ],
1612 request_body_content_type: None,
1613 sample_body: None,
1614 query_params: vec![],
1615 header_params: vec![],
1616 path_params: vec![("id".to_string(), "1".to_string())],
1617 response_schema: None,
1618 response_schemas: std::collections::BTreeMap::new(),
1619 request_body_schema: None,
1620 security_schemes: vec![],
1621 }];
1622
1623 let gen = SpecDrivenConformanceGenerator::new(config, operations);
1624 let (script, _check_count) = gen.generate().unwrap();
1625
1626 assert!(script.contains("group('Parameters'"));
1627 assert!(!script.contains("group('HTTP Methods'"));
1628 }
1629
1630 #[test]
1631 fn test_annotate_response_validation() {
1632 use openapiv3::ObjectType;
1633
1634 let mut op = Operation::default();
1636 let mut response = Response::default();
1637 let mut media = openapiv3::MediaType::default();
1638 let mut obj_type = ObjectType::default();
1639 obj_type.properties.insert(
1640 "name".to_string(),
1641 ReferenceOr::Item(Box::new(Schema {
1642 schema_data: SchemaData::default(),
1643 schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1644 })),
1645 );
1646 obj_type.required = vec!["name".to_string()];
1647 media.schema = Some(ReferenceOr::Item(Schema {
1648 schema_data: SchemaData::default(),
1649 schema_kind: SchemaKind::Type(Type::Object(obj_type)),
1650 }));
1651 response.content.insert("application/json".to_string(), media);
1652 op.responses
1653 .responses
1654 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1655
1656 let api_op = make_op("get", "/users", op);
1657 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1658
1659 assert!(
1660 annotated.features.contains(&ConformanceFeature::ResponseValidation),
1661 "Should detect ResponseValidation when response has a JSON schema"
1662 );
1663 assert!(annotated.response_schema.is_some(), "Should extract the response schema");
1664
1665 let config = ConformanceConfig {
1667 target_url: "http://localhost:3000".to_string(),
1668 api_key: None,
1669 basic_auth: None,
1670 skip_tls_verify: false,
1671 categories: None,
1672 base_path: None,
1673 custom_headers: vec![],
1674 output_dir: None,
1675 all_operations: false,
1676 custom_checks_file: None,
1677 request_delay_ms: 0,
1678 custom_filter: None,
1679 export_requests: false,
1680 validate_requests: false,
1681 };
1682 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1683 let (script, _check_count) = gen.generate().unwrap();
1684
1685 assert!(
1686 script.contains("response:schema:validation"),
1687 "Script should contain the validation check name"
1688 );
1689 assert!(script.contains("try {"), "Script should wrap validation in try-catch");
1690 assert!(script.contains("res.json()"), "Script should parse response as JSON");
1691 }
1692
1693 #[test]
1694 fn test_annotate_global_security() {
1695 let op = Operation::default();
1697 let mut spec = OpenAPI::default();
1698 let mut global_req = openapiv3::SecurityRequirement::new();
1699 global_req.insert("bearerAuth".to_string(), vec![]);
1700 spec.security = Some(vec![global_req]);
1701 let mut components = openapiv3::Components::default();
1703 components.security_schemes.insert(
1704 "bearerAuth".to_string(),
1705 ReferenceOr::Item(SecurityScheme::HTTP {
1706 scheme: "bearer".to_string(),
1707 bearer_format: Some("JWT".to_string()),
1708 description: None,
1709 extensions: Default::default(),
1710 }),
1711 );
1712 spec.components = Some(components);
1713
1714 let api_op = make_op("get", "/protected", op);
1715 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1716
1717 assert!(
1718 annotated.features.contains(&ConformanceFeature::SecurityBearer),
1719 "Should detect SecurityBearer from global security + components"
1720 );
1721 }
1722
1723 #[test]
1724 fn test_annotate_security_scheme_resolution() {
1725 let mut op = Operation::default();
1727 let mut req = openapiv3::SecurityRequirement::new();
1729 req.insert("myAuth".to_string(), vec![]);
1730 op.security = Some(vec![req]);
1731
1732 let mut spec = OpenAPI::default();
1733 let mut components = openapiv3::Components::default();
1734 components.security_schemes.insert(
1735 "myAuth".to_string(),
1736 ReferenceOr::Item(SecurityScheme::APIKey {
1737 location: openapiv3::APIKeyLocation::Header,
1738 name: "X-API-Key".to_string(),
1739 description: None,
1740 extensions: Default::default(),
1741 }),
1742 );
1743 spec.components = Some(components);
1744
1745 let api_op = make_op("get", "/data", op);
1746 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1747
1748 assert!(
1749 annotated.features.contains(&ConformanceFeature::SecurityApiKey),
1750 "Should detect SecurityApiKey from SecurityScheme::APIKey, not name heuristic"
1751 );
1752 }
1753
1754 #[test]
1755 fn test_annotate_content_negotiation() {
1756 let mut op = Operation::default();
1757 let mut response = Response::default();
1758 response
1760 .content
1761 .insert("application/json".to_string(), openapiv3::MediaType::default());
1762 response
1763 .content
1764 .insert("application/xml".to_string(), openapiv3::MediaType::default());
1765 op.responses
1766 .responses
1767 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1768
1769 let api_op = make_op("get", "/items", op);
1770 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1771
1772 assert!(
1773 annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1774 "Should detect ContentNegotiation when response has multiple content types"
1775 );
1776 }
1777
1778 #[test]
1779 fn test_no_content_negotiation_for_single_type() {
1780 let mut op = Operation::default();
1781 let mut response = Response::default();
1782 response
1783 .content
1784 .insert("application/json".to_string(), openapiv3::MediaType::default());
1785 op.responses
1786 .responses
1787 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1788
1789 let api_op = make_op("get", "/items", op);
1790 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1791
1792 assert!(
1793 !annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1794 "Should NOT detect ContentNegotiation for a single content type"
1795 );
1796 }
1797
1798 #[test]
1799 fn test_spec_driven_with_base_path() {
1800 let annotated = AnnotatedOperation {
1801 path: "/users".to_string(),
1802 method: "GET".to_string(),
1803 features: vec![ConformanceFeature::MethodGet],
1804 path_params: vec![],
1805 query_params: vec![],
1806 header_params: vec![],
1807 request_body_content_type: None,
1808 sample_body: None,
1809 response_schema: None,
1810 response_schemas: std::collections::BTreeMap::new(),
1811 request_body_schema: None,
1812 security_schemes: vec![],
1813 };
1814 let config = ConformanceConfig {
1815 target_url: "https://192.168.2.86/".to_string(),
1816 api_key: None,
1817 basic_auth: None,
1818 skip_tls_verify: true,
1819 categories: None,
1820 base_path: Some("/api".to_string()),
1821 custom_headers: vec![],
1822 output_dir: None,
1823 all_operations: false,
1824 custom_checks_file: None,
1825 request_delay_ms: 0,
1826 custom_filter: None,
1827 export_requests: false,
1828 validate_requests: false,
1829 };
1830 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1831 let (script, _check_count) = gen.generate().unwrap();
1832
1833 assert!(
1834 script.contains("const BASE_URL = 'https://192.168.2.86/api'"),
1835 "BASE_URL should include the base_path. Got: {}",
1836 script.lines().find(|l| l.contains("BASE_URL")).unwrap_or("not found")
1837 );
1838 }
1839
1840 #[test]
1841 fn test_spec_driven_with_custom_headers() {
1842 let annotated = AnnotatedOperation {
1843 path: "/users".to_string(),
1844 method: "GET".to_string(),
1845 features: vec![ConformanceFeature::MethodGet],
1846 path_params: vec![],
1847 query_params: vec![],
1848 header_params: vec![
1849 ("X-Avi-Tenant".to_string(), "test-value".to_string()),
1850 ("X-CSRFToken".to_string(), "test-value".to_string()),
1851 ],
1852 request_body_content_type: None,
1853 sample_body: None,
1854 response_schema: None,
1855 response_schemas: std::collections::BTreeMap::new(),
1856 request_body_schema: None,
1857 security_schemes: vec![],
1858 };
1859 let config = ConformanceConfig {
1860 target_url: "https://192.168.2.86/".to_string(),
1861 api_key: None,
1862 basic_auth: None,
1863 skip_tls_verify: true,
1864 categories: None,
1865 base_path: Some("/api".to_string()),
1866 custom_headers: vec![
1867 ("X-Avi-Tenant".to_string(), "admin".to_string()),
1868 ("X-CSRFToken".to_string(), "real-csrf-token".to_string()),
1869 ("Cookie".to_string(), "sessionid=abc123".to_string()),
1870 ],
1871 output_dir: None,
1872 all_operations: false,
1873 custom_checks_file: None,
1874 request_delay_ms: 0,
1875 custom_filter: None,
1876 export_requests: false,
1877 validate_requests: false,
1878 };
1879 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1880 let (script, _check_count) = gen.generate().unwrap();
1881
1882 assert!(
1884 script.contains("'X-Avi-Tenant': 'admin'"),
1885 "Should use custom value for X-Avi-Tenant, not test-value"
1886 );
1887 assert!(
1888 script.contains("'X-CSRFToken': 'real-csrf-token'"),
1889 "Should use custom value for X-CSRFToken, not test-value"
1890 );
1891 assert!(
1893 script.contains("'Cookie': 'sessionid=abc123'"),
1894 "Should include Cookie header from custom_headers"
1895 );
1896 assert!(
1898 !script.contains("'test-value'"),
1899 "test-value placeholders should be replaced by custom values"
1900 );
1901 }
1902
1903 #[test]
1904 fn test_effective_headers_merging() {
1905 let config = ConformanceConfig {
1906 target_url: "http://localhost".to_string(),
1907 api_key: None,
1908 basic_auth: None,
1909 skip_tls_verify: false,
1910 categories: None,
1911 base_path: None,
1912 custom_headers: vec![
1913 ("X-Auth".to_string(), "real-token".to_string()),
1914 ("Cookie".to_string(), "session=abc".to_string()),
1915 ],
1916 output_dir: None,
1917 all_operations: false,
1918 custom_checks_file: None,
1919 request_delay_ms: 0,
1920 custom_filter: None,
1921 export_requests: false,
1922 validate_requests: false,
1923 };
1924 let gen = SpecDrivenConformanceGenerator::new(config, vec![]);
1925
1926 let spec_headers = vec![
1928 ("X-Auth".to_string(), "test-value".to_string()),
1929 ("X-Other".to_string(), "keep-this".to_string()),
1930 ];
1931 let effective = gen.effective_headers(&spec_headers);
1932
1933 assert_eq!(effective[0], ("X-Auth".to_string(), "real-token".to_string()));
1935 assert_eq!(effective[1], ("X-Other".to_string(), "keep-this".to_string()));
1937 assert_eq!(effective[2], ("Cookie".to_string(), "session=abc".to_string()));
1939 }
1940}