nawaz1991 / lua-oasvalidator

A FAST Lua module to validate the HTTP requests against the OpenAPI specifications of the REST server.
MIT License
6 stars 0 forks source link

GetValidators failing on a valid JSON swagger file #10

Open mfeledyn opened 4 months ago

mfeledyn commented 4 months ago

Describe the bug I try to use your oasvalidator (which looks and sounds great ^^) in a Lua/Resty context (Kong gateway), and try with this mock API: https://httpbin.dmuth.org/ The swagger for this API is https://httpbin.dmuth.org/openapi.json I saved the swagger to a local file I set as param to the call to oasvalidator.GetValidators(), and I get an error:

Invalid type of parameter: #/paths/4.6567238936384e-310redirect4.6567238933799e-310{n}/get/parameters/code

To Reproduce Steps to reproduce the behavior: Get the file: https://httpbin.dmuth.org/openapi.json, then try to use it as swagger file for GetValidators(...)

Expected behavior I expected no error loading the file. A tested the file using https://validator.swagger.io/, and the web site tells the file is correct. (BTW GetValidator(...) using your example file data/openAPI_example.json works, but validator.swagger.io tells that the file is not a valid ??...)

Screenshots N/A

Desktop (please complete the following information):

Additional context GetValidator(...) works using your example file "data/openAPI_example.json". It also works with a very simple swagger file like this:

{
  "openapi": "3.0.3",
  "info": {
    "title": "MFTest",
    "description": "TESTs for MF",
    "version": "1.0.0"
  },
  "paths": {
    "/get": {
      "get": {
        "tags": [
          "pet"
        ],
        "summary": "Finds Pets by status",
        "description": "Multiple status values can be provided with comma separated strings",
        "operationId": "findPetsByStatus",
        "parameters": [
          {
            "name": "status",
            "in": "query",
            "description": "Status values that need to be considered for filter",
            "required": false,
            "explode": true,
            "schema": {
              "type": "string",
              "default": "available",
              "enum": [
                "available",
                "pending",
                "sold"
              ]
            }
          }
        ],
        "responses": {
          "200": {
            "description": "successful operation"
          },
          "400": {
            "description": "Invalid status value"
          }
        }
      }
    }
  },
  "components": null
}

Many thx for help on this. Using this very simple swagger I've been able to see wrong path and invalid parameter value behavior, and it's good :-) Example with wrong param value: {"errorCode":"INVALID_QUERY_PARAM","details":{"specRef":"#/paths/%2Fget/get/parameters/status","code":"enum","description":"Property has a value that is not one of its allowed enumerated values.","instance":"#","schema":"#"}}

nawaz1991 commented 4 months ago

@mfeledyn , I am on it and will respond you soon with fix.

nawaz1991 commented 4 months ago

Just inverstigates and found that the base project cpp-oasvalidator does not have support for null data type and need to fix, https://github.com/nawaz1991/cpp-oasvalidator/blob/main/src/validators/param_validators.cpp#L170 Will be fixing under cpp-oasvalidator

nawaz1991 commented 4 months ago

OAS Validator was initially implemeted considering OpenAPI 3.0.0 but OpenAPI 3.1.x is based on https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.1 and also the null JSON type was added in OpenAPI. Hence, this support missed and needs to be added.

mfeledyn commented 4 months ago

Hello Muhammad, Great news ! Please keep me updated. I’ll update my tests when the fix is available.

Best regards.

De : Muhammad Nawaz @.> Envoyé : jeudi 11 juillet 2024 20:01 À : nawaz1991/lua-oasvalidator @.> Cc : FELEDYN Mickael INNOV/IT-S @.>; Mention @.> Objet : Re: [nawaz1991/lua-oasvalidator] GetValidators failing on a valid JSON swagger file (Issue #10)

CAUTION : This email originated outside the company. Do not click on any links or open attachments unless you are expecting them from the sender.

ATTENTION : Cet e-mail provient de l'extérieur de l'entreprise. Ne cliquez pas sur les liens ou n'ouvrez pas les pièces jointes à moins de connaitre l'expéditeur.

OAS Validator was initially implemeted considering OpenAPI 3.0.0 but OpenAPI 3.1.x is based on https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.1 and also the null JSON type was added in OpenAPI. Hence, this support missed and needs to be added.

— Reply to this email directly, view it on GitHubhttps://github.com/nawaz1991/lua-oasvalidator/issues/10#issuecomment-2223553922, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADU42C3FADZEIW6LVFSCPPTZL3B6TAVCNFSM6AAAAABKTGKQAOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRTGU2TGOJSGI. You are receiving this because you were mentioned.Message ID: @.**@.>>


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.

mfeledyn commented 3 months ago

Hello Muhammad,

Any news on this subject ? Do you plan to release a new version of cpp and lua oasvalidator ? Thx!

Best regards, Mickael

De : Muhammad Nawaz @.> Envoyé : jeudi 11 juillet 2024 20:01 À : nawaz1991/lua-oasvalidator @.> Cc : FELEDYN Mickael INNOV/IT-S @.>; Mention @.> Objet : Re: [nawaz1991/lua-oasvalidator] GetValidators failing on a valid JSON swagger file (Issue #10)

CAUTION : This email originated outside the company. Do not click on any links or open attachments unless you are expecting them from the sender.

ATTENTION : Cet e-mail provient de l'extérieur de l'entreprise. Ne cliquez pas sur les liens ou n'ouvrez pas les pièces jointes à moins de connaitre l'expéditeur.

OAS Validator was initially implemeted considering OpenAPI 3.0.0 but OpenAPI 3.1.x is based on https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.1 and also the null JSON type was added in OpenAPI. Hence, this support missed and needs to be added.

- Reply to this email directly, view it on GitHubhttps://github.com/nawaz1991/lua-oasvalidator/issues/10#issuecomment-2223553922, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADU42C3FADZEIW6LVFSCPPTZL3B6TAVCNFSM6AAAAABKTGKQAOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRTGU2TGOJSGI. You are receiving this because you were mentioned.Message ID: @.***>

Orange Restricted


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.

nawaz1991 commented 3 months ago

Hi Mickael,

I'm currently working on implementing support for missing parameter deserialization features such as nested arrays, nested objects, arrays of objects, and arrays within objects. This enhancement is taking some time to complete, but I aim to release it soon.

If you're under time constraints, I can prioritize a quick fix for handling null values and adding support for OpenAPI 3.1, which are essential for your API requirements. Please let me know your preference.

mfeledyn commented 1 week ago

Hello Muhammad, Any news on this subject ? Thx!

Regards, Mickael