[TT-16109] Export GenerateTykServers so it can be used by Dashboard API

[lghiur]

Description

Exposese GenerateTykServers so that Dashboard can use it when generating the tyk OAS urls and return them via /api/apis/oas/{:apiId}/urls implemented here https://github.com/TykTechnologies/tyk-analytics/pull/5030

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning why it's required
• I would like a code coverage CI quality gate exception and have explained why

Ticket Details

TT-16109

Status	In Dev
Summary	Add a new Dashboard API endpoint to retrieve Tyk-generated URLs from Tyk OAS API definitions

Generated at: 2025-11-11 12:05:08

[github-actions]

API Changes

--- prev.txt	2025-11-11 10:25:19.915935897 +0000
+++ current.txt	2025-11-11 10:25:10.305930188 +0000
@@ -3779,6 +3779,17 @@
 func (s *OAS) Fill(api apidef.APIDefinition)
     Fill fills *OAS definition from apidef.APIDefinition.
 
+func (s *OAS) GenerateTykServers(
+	apiData *apidef.APIDefinition,
+	baseAPI *apidef.APIDefinition,
+	config ServerRegenerationConfig,
+	versionName string,
+) []*openapi3.Server
+    GenerateTykServers generates and returns only Tyk-managed server URLs for an
+    API. This is a convenience method that generates servers without modifying
+    the OAS spec. Unlike RegenerateServers, this does not include user-defined
+    servers and does not modify the OAS servers array.
+
 func (s *OAS) GetJWTConfiguration() *JWT
 
 func (s *OAS) GetTykExtension() *XTykAPIGateway

[probelabs]

🔍 Code Analysis Results

This PR introduces a new exported function GenerateTykServers to enable external components, such as the Tyk Dashboard API, to generate Tyk-managed server URLs for an API definition.

Files Changed Analysis

• apidef/oas/servers_regeneration.go: Adds the new public method GenerateTykServers to the OAS struct. This function encapsulates the logic for generating server URLs based on an API definition, its potential base API, and gateway configuration. Unlike the existing RegenerateServers method, this new function is a pure function—it returns the generated servers without modifying the state of the OAS object.
• apidef/oas/servers_regeneration_test.go: Adds a comprehensive test suite (TestOAS_GenerateTykServers) for the new function, covering various scenarios including standard APIs, versioned APIs, custom domains, and version fallbacks.

Architecture & Impact Assessment

• Accomplishment: This PR refactors existing internal logic into a reusable, public function, improving the modularity of the system.
• Key Technical Changes: A new method GenerateTykServers is introduced. It reuses the internal generateTykServers function but returns the result as []*openapi3.Server instead of modifying the struct's Servers field.
• Affected System Components: The primary change is within the apidef/oas package. The main beneficiary is expected to be the Tyk Dashboard, which can now call this function to accurately determine and display API URLs as Tyk Gateway sees them.

This can be visualized as follows:

sequenceDiagram
    participant Dashboard API
    participant Tyk Gateway

    Dashboard API->>Tyk Gateway: Call GenerateTykServers(apiDef, config)
    note right of Tyk Gateway: Reuses internal logic for<br/>URL generation (versioning, domains, etc.)
    Tyk Gateway-->>Dashboard API: Return []*openapi3.Server

Loading

Scope Discovery & Context Expansion

The change is well-contained within the apidef/oas package. By exporting this functionality, it decouples the server URL generation logic from the stateful modification of an OAS document, allowing other services in the Tyk ecosystem to consume this logic directly. This reduces code duplication and ensures consistency in how API URLs are handled across different Tyk components.

Metadata

• Review Effort: 2 / 5
• Primary Label: enhancement

---

Powered by Visor from Probelabs

Last updated: 2025-11-11T10:27:22.375Z | Triggered by: opened | Commit: 6096269

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

🔍 Code Analysis Results

Security Issues (1)

Severity	Location	Issue
🟡 Warning	apidef/oas/servers_regeneration.go:285-329	User-controllable parts of the URL path (`listenPath`, `versionName`) are not sanitized for path traversal elements (`..`). The use of `path.Clean` on `listenPath` in `buildServerURL` and direct concatenation of `versionName` in `buildVersionedServerURL` can lead to the generation of misleading URLs in the OpenAPI specification. A user with permissions to define an API could craft these values to make a server URL appear to be on a different path, for example `https://api.com/api/../admin` which resolves to `https://api.com/admin`. 💡 Suggestion Sanitize user-provided URL path segments to prevent path traversal. Replace `path.Clean` with a function that only normalizes slashes. Before concatenating path segments like `versionName`, ensure they do not contain `..` sequences, for example by checking for and rejecting them, or by removing them. Using `net/url.URL.ResolveReference` is a more robust way to construct URLs.

Architecture Issues (1)

Severity	Location	Issue
🟢 Info	apidef/oas/servers_regeneration.go:102-119	The `GenerateTykServers` function is implemented as a method on the `*OAS` struct but does not use the receiver `s`. This indicates it is a stateless, pure function. Defining it as a method can be misleading, as it implies an interaction with the `OAS` instance's state, which is not the case. 💡 Suggestion To improve clarity and reflect its stateless nature, consider refactoring `GenerateTykServers` into a package-level function. This change would make its contract more explicit—it takes inputs and produces an output without side effects on an `OAS` object. This also simplifies its usage, as callers would no longer need to create a dummy `OAS` instance to invoke it.

✅ Performance Check Passed

No performance issues found – changes LGTM.

Quality Issues (1)

Severity	Location	Issue
🟡 Warning	apidef/oas/servers_regeneration_test.go:819-826	The assertion logic to find a specific URL within the generated servers is verbose. Using a loop with a boolean flag can be simplified for better readability and conciseness. A more idiomatic approach would be to collect the URLs into a slice and use `assert.Contains`. 💡 Suggestion Refactor the URL check to be more idiomatic. Collect all server URLs into a slice and then use `assert.Contains` to check for the presence of the expected URL. This makes the test's intent clearer and reduces boilerplate code. // Should have versioned URL require.NotEmpty(t, servers) urls := make([]string, len(servers)) for i, server := range servers { urls[i] = server.URL } assert.Contains(t, urls, "https://api.example.com/products/v2", "Expected to find versioned URL https://api.example.com/products/v2")

✅ Dependency Check Passed

No dependency issues found – changes LGTM.

✅ Connectivity Check Passed

No connectivity issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2025-11-11T10:27:23.854Z | Triggered by: opened | Commit: 6096269

💡 TIP: You can chat with Visor using /visor ask <your question>

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[lghiur]

The failing tests are because I have a PR on tyk-analytics with same branch name https://github.com/TykTechnologies/tyk-analytics/pull/5030, but this is not a breaking change so I'll merge so go.mod gets updated