feat: support authentication headers for remote OpenAPI specifications

Author: Fahl-Design

config/routes.php

@@ -1,18 +1,103 @@
 <?php
 declare(strict_types=1);
 
+use Laminas\Diactoros\Response\HtmlResponse;
+use Laminas\Diactoros\Response\JsonResponse;
+use Laminas\Diactoros\Response\TextResponse;
 use Mezzio\Application;
 use Mezzio\MiddlewareFactory;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use WebProject\PhpOpenApiMockServer\Middleware\MockMiddleware\Utils\RemoteSpecificationLoader;
 
-return static function (Application $app, MiddlewareFactory $factory): void {
-    // Fallback for routes not in the spec but defined in Mezzio
-    $app->get('/', static function (ServerRequestInterface $request): ResponseInterface {
-        return new Laminas\Diactoros\Response\JsonResponse([
-            'message'      => 'OpenAPI Mock Server is running!',
-            'instructions' => 'Point your requests to endpoints defined in your OpenAPI spec.',
-            'spec_path'    => getenv('OPENAPI_SPEC') ?: 'data/openapi.yaml',
-        ]);
+return static function (Application $application, MiddlewareFactory $middlewareFactory): void {
+    $specPath = getenv('OPENAPI_SPEC') ?: 'data/openapi.yaml';
+    $projectRoot = realpath(__DIR__ . '/..') ?: '/app';
+
+    $specHandler = static function (ServerRequestInterface $serverRequest) use ($specPath, $projectRoot): ResponseInterface {
+        try {
+            $path = $specPath;
+            if (!str_starts_with((string) $path, '/') && !str_starts_with((string) $path, 'http')) {
+                $path = $projectRoot . DIRECTORY_SEPARATOR . $path;
+            }
+
+            if (str_starts_with((string) $path, 'http')) {
+                $content = file_get_contents($path, false, RemoteSpecificationLoader::createStreamContext());
+            } else {
+                $content = file_exists((string) $path) ? file_get_contents((string) $path) : null;
+            }
+
+            if ($content === false || $content === null) {
+                return new TextResponse('OpenAPI spec not found at ' . $path, 404);
+            }
+
+            $contentType = str_ends_with((string) $path, '.json') ? 'application/json' : 'text/yaml';
+            if (str_ends_with($serverRequest->getUri()->getPath(), '.json')) {
+                $contentType = 'application/json';
+            }
+
+            return new TextResponse($content, 200, [
+                'Content-Type' => $contentType,
+            ]);
+        } catch (Throwable $e) {
+            return new TextResponse('Error loading spec: ' . $e->getMessage(), 500);
+        }
+    };
+
+    // Route to serve the raw OpenAPI specification
+    $application->get('/openapi.yaml', $specHandler);
+    $application->get('/openapi.json', $specHandler);
+
+    // Swagger UI at root
+    $application->get('/', static function (ServerRequestInterface $serverRequest) use ($specPath): ResponseInterface {
+        $accept = $serverRequest->getHeaderLine('Accept');
+        if (str_contains($accept, 'application/json')) {
+            return new JsonResponse([
+                'message'      => 'OpenAPI Mock Server is running!',
+                'instructions' => 'Point your requests to endpoints defined in your OpenAPI spec.',
+                'spec_path'    => $specPath,
+            ]);
+        }
+
+        $html = <<<HTML
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <meta name="description" content="SwaggerUI" />
+  <title>OpenAPI Mock Server - Swagger UI</title>
+  <link rel="stylesheet" href="https://unpkg.com/swagger-ui-dist@5/swagger-ui.css" />
+  <style>
+    html { box-sizing: border-box; overflow: -moz-scrollbars-vertical; overflow-y: scroll; }
+    *, *:before, *:after { box-sizing: inherit; }
+    body { margin: 0; background: #fafafa; }
+  </style>
+</head>
+<body>
+<div id="swagger-ui"></div>
+<script src="https://unpkg.com/swagger-ui-dist@5/swagger-ui-bundle.js" crossorigin></script>
+<script src="https://unpkg.com/swagger-ui-dist@5/swagger-ui-standalone-preset.js" crossorigin></script>
+<script>
+  window.onload = () => {
+    window.ui = SwaggerUIBundle({
+      url: '/openapi.yaml',
+      dom_id: '#swagger-ui',
+      deepLinking: true,
+      presets: [
+        SwaggerUIBundle.presets.apis,
+        SwaggerStandalonePreset
+      ],
+      plugins: [
+        SwaggerUIBundle.plugins.DownloadUrl
+      ],
+      layout: "BaseLayout",
+    });
+  };
+</script>
+</body>
+</html>
+HTML;
+        return new HtmlResponse($html);
     });
 };

src/Factory/OpenApiMockMiddlewareFactory.php

@@ -24,7 +24,6 @@
 use function sprintf;
 use function str_ends_with;
 use function str_starts_with;
-use function stream_context_create;
 
 use const DIRECTORY_SEPARATOR;
 

src/Middleware/MockMiddleware/Utils/RemoteSpecificationLoader.php

@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace WebProject\PhpOpenApiMockServer\Middleware\MockMiddleware\Utils;
+
+use function base64_encode;
+use function explode;
+use function getenv;
+use function implode;
+use function is_string;
+use function sprintf;
+use function stream_context_create;
+use function trim;
+
+class RemoteSpecificationLoader
+{
+    /**
+     * @return resource
+     */
+    public static function createStreamContext()
+    {
+        $headers = [
+            'User-Agent: PHP-OpenAPI-Mock-Server',
+        ];
+
+        $bearer = getenv('OPENAPI_SPEC_AUTH_BEARER');
+        if (is_string($bearer) && $bearer !== '') {
+            $headers[] = sprintf('Authorization: Bearer %s', $bearer);
+        }
+
+        $basic = getenv('OPENAPI_SPEC_AUTH_BASIC');
+        if (is_string($basic) && $basic !== '') {
+            $headers[] = sprintf('Authorization: Basic %s', base64_encode($basic));
+        }
+
+        $customHeaders = getenv('OPENAPI_SPEC_HEADERS');
+        if (is_string($customHeaders) && $customHeaders !== '') {
+            // Assume semicolon separated
+            foreach (explode(';', $customHeaders) as $header) {
+                if (trim($header) !== '') {
+                    $headers[] = trim($header);
+                }
+            }
+        }
+
+        return stream_context_create([
+            'http' => [
+                'header' => implode("\r\n", $headers) . "\r\n",
+            ],
+        ]);
+    }
+}

tests/RemoteAcceptance.suite.yml

@@ -0,0 +1,15 @@
+actor: AcceptanceTester
+modules:
+    enabled:
+        - PhpBrowser:
+            url: http://localhost:8082
+        - REST:
+            depends: PhpBrowser
+        - Asserts
+coverage:
+    remote: true
+    c3_url: http://localhost:8082/index.php
+extensions:
+    enabled:
+        - Codeception\Extension\RunProcess:
+            - OPENAPI_SPEC=https://raw.githubusercontent.com/Redocly/openapi-template/gh-pages/openapi.yaml php -S localhost:8082 -t public

tests/Unit/RemoteSpecificationLoaderTest.php

@@ -0,0 +1,80 @@
+<?php
+
+declare(strict_types=1);
+
+namespace WebProject\PhpOpenApiMockServer\Unit;
+
+use Codeception\Test\Unit;
+use function putenv;
+use function stream_context_get_options;
+use WebProject\PhpOpenApiMockServer\Middleware\MockMiddleware\Utils\RemoteSpecificationLoader;
+
+class RemoteSpecificationLoaderTest extends Unit
+{
+    protected function _after(): void
+    {
+        putenv('OPENAPI_SPEC_AUTH_BEARER');
+        putenv('OPENAPI_SPEC_AUTH_BASIC');
+        putenv('OPENAPI_SPEC_HEADERS');
+    }
+
+    public function testDefaultHeaders(): void
+    {
+        $context = RemoteSpecificationLoader::createStreamContext();
+        $options = stream_context_get_options($context);
+
+        self::assertArrayHasKey('http', $options);
+        self::assertStringContainsString('User-Agent: PHP-OpenAPI-Mock-Server', $options['http']['header']);
+    }
+
+    public function testBearerToken(): void
+    {
+        putenv('OPENAPI_SPEC_AUTH_BEARER=my-token');
+        $context = RemoteSpecificationLoader::createStreamContext();
+        $options = stream_context_get_options($context);
+
+        self::assertStringContainsString('Authorization: Bearer my-token', $options['http']['header']);
+    }
+
+    public function testBasicAuth(): void
+    {
+        putenv('OPENAPI_SPEC_AUTH_BASIC=user:pass');
+        $context = RemoteSpecificationLoader::createStreamContext();
+        $options = stream_context_get_options($context);
+
+        // base64_encode('user:pass') === 'dXNlcjpwYXNz'
+        self::assertStringContainsString('Authorization: Basic dXNlcjpwYXNz', $options['http']['header']);
+    }
+
+    public function testCustomHeaders(): void
+    {
+        putenv('OPENAPI_SPEC_HEADERS=X-Custom: Value; X-Another: One');
+        $context = RemoteSpecificationLoader::createStreamContext();
+        $options = stream_context_get_options($context);
+
+        self::assertStringContainsString('X-Custom: Value', $options['http']['header']);
+        self::assertStringContainsString('X-Another: One', $options['http']['header']);
+    }
+
+    public function testCombinedHeaders(): void
+    {
+        putenv('OPENAPI_SPEC_AUTH_BEARER=my-token');
+        putenv('OPENAPI_SPEC_HEADERS=X-Custom: Value');
+        $context = RemoteSpecificationLoader::createStreamContext();
+        $options = stream_context_get_options($context);
+
+        self::assertStringContainsString('Authorization: Bearer my-token', $options['http']['header']);
+        self::assertStringContainsString('X-Custom: Value', $options['http']['header']);
+    }
+
+    public function testInvalidHeadersFormat(): void
+    {
+        putenv('OPENAPI_SPEC_HEADERS=InvalidHeaderFormat; ; ;;');
+        $context = RemoteSpecificationLoader::createStreamContext();
+        $options = stream_context_get_options($context);
+
+        self::assertStringContainsString('User-Agent: PHP-OpenAPI-Mock-Server', $options['http']['header']);
+        // Should not contain empty lines or malformed parts in a way that breaks things
+        self::assertStringNotContainsString(';;', $options['http']['header']);
+    }
+}