Comments (30)
The problem with that is that some responses are outside of my control (i.e. I might be using third-party middleware for authentication, data retrieval, error handling, etc.) so there's no way to change those middleware to use res.validateAndSend
instead of res.send
. I think a better way might be to allow an opt-in (rather than opt-out). Like this:
app.use(swaggerValidator({ validateResponse: true }));
And swagger-tools would only do the monkey-patch if validateResponse
is true.
from swagger-tools.
Agreed! In fact outgoing schema validation is on my ToDo for our project so it would be great to have it here.
from swagger-tools.
This is now one step closer to being complete. spec.composeModel(apiDeclarationOrSwaggerObject, modelIdOrModelPath)
now returns a composed JSON Schema for the requested model. This can be used to validate a structure representing a model. I will be hooking this in where possible but just know you can use this after the next release is dropped.
from swagger-tools.
Using this now, it works pretty well, thanks!
from swagger-tools.
It's not extremely well tested and there is one part I don't think should work but I won't mention it until someone else brings it up. I did a lot of personal testing and the unit tests test a few different scenarios but I've not tested every possible way to compose models. Keep me in the loop.
from swagger-tools.
Our models are fairly straightforward so hopefully I won't run into said issues. I'm guessing inheritance could get tricky so I'm purposefully keeping things simple.
from swagger-tools.
Ironically, inheritance is covered the best. It's the model references in properties, like arrays of Pets, that worries me. I tested multiple levels deep.
from swagger-tools.
Ah ok, I only do that in a couple of places.
from swagger-tools.
FYI what I'm doing is monkey-patching res.send to get the outgoing content then validating that. I call composeModel with req.swagger.apiDeclaration and either req.swagger.operation.type or if that's "array" then req.swagger.operation.items.$ref.
For a more general implementation I'd also check operation.type for primitives and patch into your validator for that but we only ever return models and arrays so I didn't bother.
from swagger-tools.
So this is all on your side right? I should be handling all of that on the way in of course. Primitives, models, models with arrays of refs, models with refs, etc.
from swagger-tools.
It is, yes. I thought about adding to swagger-tools so I could submit it back to you but I didn't have much time and probably didn't do it in a way that would be ideal for other users. I'd be happy to pass along what I've got if you want to use it as the basis for output validation middleware.
from swagger-tools.
This was completed as part of #18. swagger-router will now validate request parameters that are models. (For 1.2, you can even have request parameters as an array of models and that is handled too. For 2.0, arrays are documented explicitly to disallow models so for 2.0, we do not handle that.) There is also a new API to call this programmatically outside of swagger-router: Specification#validateModel
from swagger-tools.
Looks like the new commit (for issue #18) adds request validation (which is awesome!) but not response validation (which is what grahamj is referring to). For the time being, I'm doing the same monkey-patch of res.send
that grahamj is doing, but it would be great to have swagger-tools do that automatically.
from swagger-tools.
Ah, glad you caught that. I've reopened the issue and will add support for this. What do you think about adding a new method to res
that way you can easily opt out if something doesn't work right? I'd like to add some res.validateAndSend(data)
or something like that. Thoughts?
from swagger-tools.
Thanks for the feedback. I'll figure out some way to reuse res.send
and some sane way to disable it when necessary. Of course, any feedback/suggestions are welcome.
from swagger-tools.
Can somebody please share more details as to how validating a response?. From what I can tell some of you have found an interim solution. A code snippet might help.
Thanks
from swagger-tools.
@jcferrer How would you want this to work? Would you want res.send
to validate the outgoing payload with some option to turn it off as described above? If so, I'll knock it out right now.
from swagger-tools.
Personally, I like the proposed option of:
app.use(swaggerValidator({ validateResponse: true }));
or something like it.
Thanks
from swagger-tools.
That's what I was suggesting. Here's how it would work:
- A configuration option for swaggerValidator middleware to turn on/off response validation
- Create a wrapper for
res.send
that will use that configuration option to either validate the response or use the wrappedres.send
Do you think response validation should be on by default?
from swagger-tools.
I would say so. The whole spirit behind the tools is to provide decoupling. So I am assuming that you would want to enforce the spec by default.
Thanks
from swagger-tools.
I ran the question through some people and some think that it should be off by default. I think as long as the option is there, we are all good.
from swagger-tools.
I appreciate your help. No guarantee but it shouldn't take very long to get this done...when I get back from my run. :)
from swagger-tools.
Whenever there is an invalid response, what would you prefer the error code be?
from swagger-tools.
Mentioning you so you get the message, just to be sure: @euoia @grahamj @BigstickCarpet @jcferrer
I've got this working for Swagger 1.2 locally and before I get Swagger 2.0 support working with this as well, I wanted to run something by you. First thing is that res.send
is not a Node.js/Connect thing so my implementation wraps res.end
. Since res.send
calls res.end
, this should be fine. My tests thus far are these:
- Validate response content type
- Validate response type (void, primitives, array of primitives, models, array of models)
- Validate response type constraints (maximum, minimum, enum, uniqueItems, etc.)
All response validation errors get a 500
status code and all error messages, sent downstream via typical Connect middleware fashion, has a message starting with Response validation failed
so that the consumer knows the cause of the issue. (Anytime middleware validation fails, it also throws errors
, warnings
and possibly apiDeclarations
properties on the Error
object as well so use those however you need downstream, my middleware does.)
Thoughts?
from swagger-tools.
Based on your notes, my understanding is that we should be able to trap the response validation errors via a simple handler like:
function errorHandler(err, req, res, next) {
// handle response error 500;
}
app.use(errorHandler);
I think this is a good approach. Thinking in some use case scenarios, I'd say this provides the most flexibility.
from swagger-tools.
That is correct. All Swagger middleware errors are sent downstream via next
and that allows you to use an error handler to do something more with the error. All validation errors have the validation results attached to error properties. I'll document this in the next release.
from swagger-tools.
This is awesome!
from swagger-tools.
Can we consider having an option to still send the response? It would make debugging a little easier.
For instance right now I am going back and forth between my swagger spec and the response and my controller to figure out where the problem is. Not having easy access to the response that would have been sent had it not failed would seem to be important. Error.body or Error.originalResponse.
from swagger-tools.
That's a great idea. If the above issue isn't what's described above, please file an issue.
from swagger-tools.
BTW I started to work on similar idea on https://github.com/ovr/swagger-assert-helper, for PHP
Now It's supports
- Asserting Swagger Response Scheme to HttpResponse
- Making HttpRequest by Swagger Path
Still working on it, maybe will be helpful for someone
from swagger-tools.
Related Issues (20)
- Error: Response validation failed: void does not allow a value
- update lodash HOT 1
- request/response body schema referenced in swagger is not getting validating
- Swagger Error: Not a valid parameter definition for Multi part file type
- middleware swaggerSecurity unable to access res object HOT 1
- swagger-tools app not logging http requests to console
- Swagger ui with a reverse proxy - apiDocsPrefix not in use
- swagger tools typescript Controller issue
- swagger-tools does not support with webpack HOT 1
- Swagger-tools express 5.x support
- Doesn't work with type module in package.json
- $ref url encoding issue
- how to overwrite multer storage engine used in SwaggerMetaData - HELP!
- swagger 3.0? HOT 2
- Array items validation is not getting picked by swagger-codegen-maven-plugin 2.4.5
- How/Where does swagger route urls to swagger.json paths ?
- Is there an example of how to use supertest with swagger-tools?
- Vulnerability in validator package HOT 6
- Vulnerability in dicer package HOT 1
- Create New issue
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swagger-tools.