cdimascio / express-openapi-validator

🦋 Auto-validates api requests, responses, and securities using ExpressJS and an OpenAPI 3.x specification
MIT License
920 stars 211 forks source link

Invalid example for NestJS. Looks like response validation is broken. #860

Open Piranit opened 1 year ago

Piranit commented 1 year ago

Describe the bug Invalid example for NestJS https://github.com/cdimascio/express-openapi-validator/tree/master/examples/9-nestjs

To Reproduce

  1. Clone repository.
  2. Install dependencies 'npm ci'
  3. Notice that response validation is turned on https://github.com/cdimascio/express-openapi-validator/blob/master/examples/9-nestjs/src/app.module.ts#L22
  4. Go to https://github.com/cdimascio/express-openapi-validator/blob/master/examples/9-nestjs/src/modules/ping/ping.controller.ts#L15
  5. Change the response to '{ pongInvalid: value }'
  6. Start server 'npm run start'
  7. Make a GET request to "localhost:3000/ping/123"

Actual behavior The response "{"pongInvalid":"123"}" returned without error.

Expected behavior An error with an invalid response structure should be triggered.

Additional info Also tried on a brand new NestJS version, same result.

System node -v -> v18.16.0 nest -v -> 10.1.17

4alexvlasov commented 1 year ago

I have faced the same issue so waiting for resolution too...

maximerichrd commented 1 year ago

Adding a required prop (and optionally, like below, an additionalProperties prop) in the openapi spec :

get:
      operationId: ping
      responses:
        200:
          description: Returns value
          content:
            application/json:
              schema:
                type: object
                properties:
                  pong:
                    type: string
                required:
                  - pong
                additionalProperties: false

then you'll get it work :

$ curl -X GET localhost:3000/ping/a
{"name":"Internal Server Error","status":500,"path":"/ping/a","errors":[{"path":".response.pong","message":"should have required property 'pong'","errorCode":"required.openapi.validation"}]}⏎

So I would say it's not broken : as far as I know, it just follows the openapi standard 🥳

To make it more obvious, maybe the example spec should just be changed by adding these 2 props required and additionalProperties ?