search

cdimascio / express-openapi-validator

šŸ¦‹ Auto-validates api requests, responses, and securities using ExpressJS and an OpenAPI 3.x specification
MIT License
920 stars 211 forks source link

`response` expected in response data #915

Open lpelleau opened 6 months ago

lpelleau commented 6 months ago

Describe the bug express-openapi-validator expects json API responses to be under a response object, where the OpenAPI spec doesn't.

To Reproduce OpenAPI spec:

paths:
  /merchants:
    get:
      x-eov-operation-id: merchants#list
      x-eov-operation-handler: routes
      responses:
        "200":
          description: Successful operation
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    $ref: "#/components/schemas/Merchant"

express config:

app.use(
  OpenApiValidator.middleware({
    apiSpec,
    validateResponses: true,
    operationHandlers: path.join(__dirname),
    validateSecurity: ...,
  })
);

handler:

app.use((req: Request, res: Response, next: NextFunction) => {
    const response = // { data: [{ item1 }, { item2 }] } => fetch data
    res.status(response.statusCode).json(response);
    next();
});

Actual behavior I get this error:

{
   "message":"/response/data must be object",
   "errors":[
      {
         "path":"/response/data",
         "message":"must be object",
         "errorCode":"type.openapi.validation"
      }
   ]
}

Expected behavior I would expect my data, conform to the OpenAPI spec, to be returned, without expecting an additional response wrapping the OpenAPI spec.
See the added response here: https://github.com/cdimascio/express-openapi-validator/blame/5c98d17c470aecf53f60d3fb3bda4005d65aa9aa/src/middlewares/openapi.response.validator.ts#L281

When I replace this line with:

        responseSchemas[name] = {
          ...responseSchemas[name],
          [mediaTypeToValidate]: {
            // $schema: 'http://json-schema.org/schema#',
            // $schema: "http://json-schema.org/draft-04/schema#",
            type: 'object',
            properties: {
              ...schema,
            },
            components: this.spec.components ?? {},
          },
        };

I get the expected behaviour out of express-openapi-validator

I must be doing something unexpected as I could not find any similar experience, if that's the case, I would appreciate some guidelines šŸ™