Comments (4)
I have encountered the same bug.
The problem is that the api-schema-builder
package support's Swagger 2's basepath
property but not OpenAPI 3's equivalent servers
property. This means if your API has a base path, the request paths don't match and no validation occurs.
Here's a naive fix that only works if you have a single entry in your servers
(which is our case). A proper solution would probably need to match against multiple servers and take into account the fact that the url
property can be a full URL, not just a path.
Index: src/index.js
<+>UTF-8
===================================================================
--- src/index.js (revision 1ad8ddd979fa84da1f4f13e2d6b46888e430a44c)
+++ src/index.js (date 1584466506568)
@@ -38,10 +38,13 @@
const options = getOptions(receivedOptions);
const schemas = {};
+
+ const basePath = dereferenced.basePath ||
+ (dereferenced.servers && dereferenced.servers.length && dereferenced.servers[0].url) ||
+ '/';
Object.keys(dereferenced.paths).forEach(function (currentPath) {
- const parsedPath = dereferenced.basePath && dereferenced.basePath !== '/'
- ? dereferenced.basePath.concat(currentPath.replace(/{/g, ':').replace(/}/g, ''))
- : currentPath.replace(/{/g, ':').replace(/}/g, '');
+ const fullPath = basePath !== '/' ? basePath.concat(currentPath) : currentPath;
+ const parsedPath = fullPath.replace(/{/g, ':').replace(/}/g, '');
schemas[parsedPath] = {};
Object.keys(dereferenced.paths[currentPath])
.filter(function (parameter) { return parameter !== 'parameters' })
from openapi-validator-middleware.
Hi @holitics,
Thanks for reporting this.
Just to make sure I understand, you expect the package to validate your schema when loading?
from openapi-validator-middleware.
from openapi-validator-middleware.
Hi guys, sorry for missing your answers.
@tamlyn, i guess you're referring to a subset of the issue reported by @holitics, but anyway PR are more than welcomed.
@holitics, this behavior can be made configurable. but we need to think carefully on this feature as we might want to allow blacklist or whitelist specific endpoints in this validation.
from openapi-validator-middleware.
Related Issues (20)
- Unknown query parameters handling
- How to Validate multiple versions HOT 2
- Inconsistent body validation behavior HOT 5
- Internationalization HOT 3
- simple parent child spec fails HOT 3
- Invalid Server URL error HOT 1
- Regression? Express + OpenAPI 3.0 + Multer + multipart/form-data rejects valid file HOT 1
- Update lockfile to automatically remove the vulnerability introduced by validator HOT 1
- what is require('../../src/middleware') meant to reference? HOT 4
- Parameter Serialization support
- contentTypeValidation boolean not supported for Open API 3.0
- Validate Response - Express HOT 1
- OpenAPI v3.1 Support HOT 3
- Path trailing parameter not validated as required HOT 2
- Are there any plans to add support of response validation? HOT 1
- Not validating if there is required header or query param HOT 2
- Circular references not supported ?
- Fastify integration fails when using fastify-multipart
- the field validation works with openApi 3.0.0? HOT 2
- Is it maintained?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openapi-validator-middleware.