search

interagent / committee

A collection of Rack middleware to support JSON Schema.
MIT License
884 stars 137 forks source link

Validate that request path exists in schema #390

Closed datbth closed 1 year ago

datbth commented 1 year ago

Background

Setup

I'm using Rails with this route in config/routes.rb: 

resources :users, only: [:update]

openapi: 

  "/users/{id}":
    parameters:
      - $ref: parameters/ResourceId.yml
    put:
      $ref: users/Update.yml

I'm using committee 4.4.0

Problem

Due to a typo, my frontend was calling PATCH instead of PUT to update a user.
Hence, the frontend requests are not properly validated by committee according the openapi schema of users/Update.yml.

The typo only happens in the frontend, not in my request/controller tests where I use PUT properly. Hence test schema coverage and assert_schema_conform still pass in tests.

Suggestion/request

To implement some sort of check to make sure the request has a valid definition in openapi schema.
Something like this:

module Committee
  module SchemaValidator
    class OpenAPI3
      def request_validate(request)
        return unless @router.includes_request?(request)
        unless link_exist?
          raise Committee::InvalidRequest, "`#{request.request_method} #{request.path_info}` undefined in schema (prefix: #{@validator_option.prefix.inspect})."
        end

        request_unpack(request)
        request_schema_validation(request)

        copy_coerced_data_to_query_hash(request)
      end
    end
  end
end
datbth commented 1 year ago

okay I just found out that strict option also validates the request. Somehow I thought it only validates the response schemas.