search

PayU / openapi-validator-middleware

Input validation using Swagger (Open API) and ajv
Apache License 2.0
144 stars 50 forks source link

Path trailing parameter not validated as required #183

Closed itacode closed 2 years ago

itacode commented 2 years ago

First of all thank you for this very useful middleware.

In the OAS I have the following path with int parameter required, but if I make a request without it (/health/validator/) I get 200 instead of the expected validation error. Is there a way to get it validated as required?

OAS:

  '/health/validator/{int}':
    parameters:
      - schema:
          type: integer
        name: int
        in: path
        required: true
    get:
      summary: Validator test 
      tags:
        - System
      responses:
        '200':
          description: OK
      operationId: getHealthValidatorInt
      description: For openapi validator test

I am using fastify with fastify-multer and your openapi-validator-middleware. This is a package.json extract:

  "dependencies": {
    "@fastify/autoload": "^4.0.1",
    "@fastify/cors": "^7.0.0",
    "@fastify/helmet": "^8.0.0",
    "@fastify/sensible": "^4.1.0",
    "cross-env": "^7.0.3",
    "dotenv": "^16.0.1",
    "fastify": "^3.29.0",
    "fastify-cli": "^3.0.0",
    "fastify-multer": "^2.0.2",
    "fastify-plugin": "^3.0.1",
    "openapi-validator-middleware": "^3.2.6",
    "uri-js": "^4.4.1"
  },
  "devDependencies": {
    "@types/jest": "^27.5.1",
    "@types/node": "^17.0.32",
    "@typescript-eslint/eslint-plugin": "^5.22.0",
    "@typescript-eslint/parser": "^5.22.0",
    "eslint": "^8.15.0",
    "eslint-config-prettier": "^8.5.0",
    "jest": "^28.1.0",
    "nodemon": "^2.0.16",
    "pino-pretty": "^7.6.1",
    "prettier": "^2.6.2",
    "rimraf": "^3.0.2",
    "ts-jest": "^28.0.2",
    "ts-node": "^10.7.0",
    "typescript": "^4.6.4"
  }

And this is the related app code:

  openapiValidator.init('src/openapi/my_service.oas.yml', {
    framework: 'fastify',
  });
  fastify.register(
    openapiValidator.validate({
      skiplist: [],
    })
  );
  fastify.setErrorHandler(async (err, req, reply) => {
    if (err instanceof openapiValidator.InputValidationError) {
      return reply.status(400).send({ more_info: JSON.stringify(err.errors) });
    }
    fastify.log.error(err);

    reply.status(500);
    reply.send();
  });

  // API routes
  fastify.register(apiRootRoutes);
kobik commented 2 years ago

Hi @itacode , glad to see this package helps you.

The reason that you't not getting any validation error for requests coming to /health/validator is that it's actually not the same path as /health/validator/{int}, so it's not being validated.

But still fastify should return 404. Isn't that the case for you?

itacode commented 2 years ago

@kobik Thank you, now I have understood specifying required: true for it has no meaning. Yes it returns 404 as it should.