Feature/#22 open api 3 spec

[maxiejbe]

• Adding swagger2openapi package
• Generating OpenApiV3 spec (Serving in api-docs/v3 and api-spec/v3). Preserving default routes with v2.
• Note that if you change default to specV3 we need to adjust all the tests.
• Creating _v3.json with OpenApiV3 spec
• Writing files sync (to discuss)

[coveralls]

Coverage increased (+0.4%) to 93.103% when pulling 5387df5 on maxiejbe:feature/#22-open-api-3-spec into 1b8755b on mpashkovskiy:master.

[maxiejbe]

@mpashkovskiy Security check is failing 😕. All tests passing on my local. Would you double check?

[mpashkovskiy]

I think execution of npm audit will report a vulnurability in swagger2openapi. I think they have to upgrade ajv dependency to 6.x version (it is a major version upgrade). Let's wait a little.

[mpashkovskiy]

Is it possible to have next line like specV3 = convertOpenApiVersionToV3(spec); and then serve it separately as described in the comment in the issue?

[maxiejbe]

Done!

[maxiejbe]

I think execution of npm audit will report a vulnurability in swagger2openapi. I think they have to upgrade ajv dependency to 6.x version (it is a major version upgrade). Let's wait a little.

Yes, in the meanwhile I've installed the ajv 5x peer dependency.

[maxiejbe]

I think execution of npm audit will report a vulnurability in swagger2openapi. I think they have to upgrade ajv dependency to 6.x version (it is a major version upgrade). Let's wait a little.

Made a PR yesterday, it was dupe:
Mermade/oas-kit#261
Mermade/oas-kit#262
They are planning to ship a major version removing ajv completely. Should we wait for that?

[mpashkovskiy]

If there is no rush I would wait for oas-kit to fix the issue.

[mpashkovskiy]

Shouldn't we add some extra assertions in existing tests fo make sure that v3 spec is generated along with v2?
Overall the PR looks good.

[kiprasmel]

If there is no rush I would wait for oas-kit to fix the issue.

fyi, I've been using yarn (v1) over npm for over a year now for a reason. Apart from being overall better, it can solve this issue with module resolutions.

[matveypashkovskiy]

If there is no rush I would wait for oas-kit to fix the issue.

fyi, I've been using yarn (v1) over npm for over a year now for a reason. Apart from being overall better, it can solve this issue with module resolutions.

Frankly speaking I doubt that yarn can solve major version dependency upgrade or an actual removal of a dependency as it requires source code changes. Otherwise I heard positive feedback about yarn.

[maxiejbe]

Shouldn't we add some extra assertions in existing tests fo make sure that v3 spec is generated along with v2?
Overall the PR looks good.

While adding the test to check that v3 was generated I noted a really nice bug 😅
We were converting once specv2 to specv3 and then serving the same specv3 every time.
So the conversion logic now is now inside swaggerServeMiddleware and applySpecMiddlewares.
But as those middlewares are also used by both v2 and v3 and we have the async callback for v3, I tried to solve both together in a generic elegant way 😄

[maxiejbe]

If there is no rush I would wait for oas-kit to fix the issue.

fyi, I've been using yarn (v1) over npm for over a year now for a reason. Apart from being overall better, it can solve this issue with module resolutions.

Yeah, in my experience yarn has plenty of issues with Ubuntu. Now on macOS I can give it another chance!

[kiprasmel]

@mpashkovskiy

Frankly speaking I doubt that yarn can solve major version dependency upgrade or an actual removal of a dependency as it requires source code changes. Otherwise I heard positive feedback about yarn.

true - it's not magic afterall:D

@maxiejbe

Yeah, in my experience yarn has plenty of issues with Ubuntu. Now on macOS I can give it another chance!

Strange - I've been using windows, linux (arch linux) for over 2 years and now macos for 1 year, and never had any issues with yarn, it's been great:D

[kiprasmel]

I'd just add test_spec*.json once instead. Same with api-spec*.json.

[maxiejbe]

Done!

[kiprasmel]

Not sure if the packageInfo will always be defined - above [1] it's being checked before getting accessed - make sure everything's fine:D

[1] https://github.com/mpashkovskiy/express-oas-generator/pull/63/files#diff-168726dbe96b3ce427e7fedce31bb0bcR70-R99

[maxiejbe]

Yep, it is! Before initializing the middlewares prepareSpec is called, which is using updateSpecFromPackage.

[kiprasmel]

I'd document the type of the version variable perhaps

[maxiejbe]

Done on the method signature 👍

[kiprasmel]

I'd consider using beforeEach(async (done) => { to avoid unrelated nesting / promise hell (esp. if we ever wanted to do anything further:D)

[maxiejbe]

I'd consider using beforeEach(async (done) => { to avoid unrelated nesting / promise hell (esp. if we ever wanted to do anything further:D)

Yeah, for now request is using callbacks everywhere. I'll take some time to promisify and use async/await everywhere (maybe when rewriting the tests by deprecating init).

[mpashkovskiy]

Just to clarify: accordingly to a comment in oas-kit we are waiting for schemesafe v1.0.0. Right?

[maxiejbe]

Just to clarify: accordingly to a comment in oas-kit we are waiting for schemesafe v1.0.0. Right?

Yeah, correct. I'll upgrade swagger2openapi as soon as it ships.

[maxiejbe]

@mpashkovskiy Just bumped swagger2openapi to 7.0.0 but there's still a security/snyk test failing. Would you please review? Thanks!

[maxiejbe]

@mpashkovskiy @kiprasmel Sorry, there was an unnecessary "ajv": "^5.0.0" dependency. This is ready to be shipped!

[mpashkovskiy]

Excellent job, @maxiejbe and @kiprasmel let's test it locally and if no problems found I will publih new version to npm.

[mpashkovskiy]

minor bug:

• run node server_advanced.js
• go to http://localhost:8080/api-docs/v3/
• click link Specification JSON

Expected: json will be opened
Observer: empty page with URL http://localhost:8080/api-docs/v3/undefined/api-spec opened

[mpashkovskiy]

same behavior for all pages:

• http://localhost:8080/api-docs/
• http://localhost:8080/api-docs/v2/
• http://localhost:8080/api-docs/v3/

[maxiejbe]

same behavior for all pages:

• http://localhost:8080/api-docs/
• http://localhost:8080/api-docs/v2/
• http://localhost:8080/api-docs/v3/

Good catch. Was it working previous to this PR?

[maxiejbe]

@mpashkovskiy Yep, the Specification json link joins baseUrlPath (from package.json) + /api-spec.

Current issue
When baseUrlPath is undefined
Result: current-path + undefined/api-spec

Possible fix
When baseUrlPath is undefined:
We can use to /api-spec (No base url, adding trailing slash).
The issue with this fix is that it would always go to the v2 (default) version.

Another possibility
What if we also declare the route /api-docs/_version_/api-spec? In that case we could only link to api-spec (without the slash).
It would work with both versions.

What do you think?

[mpashkovskiy]

@maxiejbe I created a PR #68, but I completely forgot that we serve now two versions, let me fix it.
I like idea of /api-docs/_version_/api-spec let's see

[mpashkovskiy]

done, please review #68

[mpashkovskiy]

and I found that there is already /api-spec/v2 and /api-spec/v3 paths so no need to introduce new /api-docs/_version_/api-spec

[maxiejbe]

done, please review #68

Done! Just a few details. Haven't tried it locally but looking good.

and I found that there is already /api-spec/v2 and /api-spec/v3 paths so no need to introduce new /api-docs/_version_/api-spec

Yeah, that was only if we needed to include only the corresponding api-spec version. I like the approach of having both v2 and v3 links.