feat(rest): implement query parameter validation (issue 1573) #2307
Conversation
openapi spec allows developers to provide additional restrictions on input parameters via parameter schema. For example, pageSize can include schema restrictions fix loopbackio#1573
openapi spec allows developers to provide additional restrictions on input parameters via parameter schema. For example, pageSize can include schema restrictions fix loopbackio#1573
|
@bajtos - Please note I pushed my changes to validate query parameters |
| operationSpec, | ||
| request, | ||
| ); | ||
|
|
There was a problem hiding this comment.
This is suspicious. Why do we parse the request body again into query?
| * @param globalSchemas The referenced schemas generated from `OpenAPISpec.components.schemas`. | ||
| */ | ||
| export function validateRequestQuery( | ||
| query: RequestBody, |
There was a problem hiding this comment.
If we want to reuse RequestBody for query, we should rename the type as something like ValueWithSchema.
There was a problem hiding this comment.
@raymondfeng - do you mean we should duplicate the type requestBody in types.ts and then use this new type (ValueWithSchema) in request-query.validator.ts?
should we also duplicate the BodyParser, BodyParserFunction? and then duplicate the code in body-parser.ts?
There was a problem hiding this comment.
No duplication. What I meant is to refactor RequestBody to ValueWithSchema into its own file and use it for both body and query validation.
| ); | ||
|
|
||
| return ajv.compile(schemaWithRef); | ||
| } |
There was a problem hiding this comment.
There seem to be quite a bit duplicate code as request-body-validator. Can we refactor the code for better reuse?
There was a problem hiding this comment.
@raymondfeng -Thanks for the review and comments.
I will try to reply: I was actually looking to differentiate the 2 in order to allow/take into consideration future changes and needs-do you think this is un-needed? will the only difference be - the extraction of the query params and the structure to be sent to same validation function to leverage the AJV ? we need not forget, we also need different error messages. Please share your thoughts.
There was a problem hiding this comment.
I would create a utility function that validates ValueWithSchema using AJV.
There was a problem hiding this comment.
@YaelGit Thank you for the contribution. I left a few comments for you to consider.
This change greatly simplifies our build and project setup.
- Source files are compiled from `src/{foo}` to `dist/{foo}`, the same
pattern is applied to test files too.
- Both TypeScript sources and JavaScript output are stored in the same
path relative to project root. This makes it much easier to refer
to test fixtures.
This change is also enabling future improvements, for example TypeScript
project references and migration to jest test runner.
| new HttpErrors.BadRequest('Request query is required'), | ||
| { | ||
| code: 'MISSING_REQUIRED_PARAMETER', | ||
| parameterName: 'request query', |
There was a problem hiding this comment.
It would be nice to see which query param.
- Source files are compiled from `src/{foo}` to `dist/{foo}`, the same
pattern is applied to test files too.
- Both TypeScript sources and JavaScript output are stored in the same
path relative to project root. This makes it much easier to refer
to test fixtures.
This is a follow-up for 066d525.
Allow the user to specify a custom Repository class to inherit from. CLI supports custom repository name * via an interactive prompt * via CLI options * via JSON config Two tests modified to use the new parameter to pass Modified tests: * generates a kv repository from default model * generates a kv repository from decorator defined model
The greenkeeper.json is now automatically updated as part of `npm install` based on lerna packages.
- Source files are compiled from `src/{foo}` to `dist/{foo}`, the same
pattern is applied to test files too.
- Both TypeScript sources and JavaScript output are stored in the same
path relative to project root. This makes it much easier to refer
to test fixtures.
This is a follow-up for 066d525 and 91a37dc.
In #2330, we have moved test files from Sorry for the inconvenience. |
|
@YaelGit ping 👋 What's the status of this pull request? Are you still keen to get it finished?
Please note we are avoiding merge commits to keep our git history neatly linear. We use |
| query.value = queryValue; | ||
| globalSchemas = {properties: schemasValue}; | ||
| query.schema = globalSchemas; | ||
| validateRequestQuery(query, operationSpec.requestBody, globalSchemas); |
There was a problem hiding this comment.
IIUC, you are building an object with all parameters from the query string, and then validate this object in one pass. I have two reservations about this approach:
- It seems overly complicated to me.
- There are more parameter sources besides
queryandbody, we need to validate parameters from all sources (e.g.pathandheader).
Have you considered to call ajv validator repeatedly, once for each parameter?
There was a problem hiding this comment.
Hello @bajtos ,
sorry for the delay - yes i do plan to close the issue soon and in regards to your comments:
- I will do the rebase as requested.
- Regarding the validation of all parameters all together - i did it in this way due to following same validation standard done for body parameters.
- Regrading the request for handling other parameter types, i think a new issue should be opened for other parameter types as the initial issue was for query only.
- @loopback/benchmark@1.1.10 - @loopback/docs@1.7.3 - @loopback/example-hello-world@1.1.3 - @loopback/example-log-extension@1.1.3 - @loopback/example-rpc-server@1.1.2 - @loopback/example-soap-calculator@1.3.3 - @loopback/example-todo-list@1.4.3 - @loopback/example-todo@1.4.3 - @loopback/authentication@1.0.12 - @loopback/boot@1.0.12 - @loopback/build@1.3.0 - @loopback/cli@1.6.0 - @loopback/context@1.5.1 - @loopback/core@1.1.6 - @loopback/http-caching-proxy@1.0.6 - @loopback/http-server@1.1.5 - @loopback/metadata@1.0.6 - @loopback/openapi-spec-builder@1.0.6 - @loopback/openapi-v3-types@1.0.6 - @loopback/openapi-v3@1.2.1 - @loopback/repository-json-schema@1.3.1 - @loopback/repository@1.1.5 - @loopback/rest-explorer@1.1.8 - @loopback/rest@1.5.5 - @loopback/service-proxy@1.0.8 - @loopback/testlab@1.0.6
openapi spec allows developers to provide additional restrictions on input parameters via parameter schema. For example, pageSize can include schema restrictions fix loopbackio#1573
openapi spec allows developers to provide additional restrictions on input parameters via parameter schema. For example, pageSize can include schema restrictions fix loopbackio#1573
openapi spec allows developers to provide additional restrictions on input parameters via parameter schema. For example, pageSize can include schema restrictions fix loopbackio#1573
openapi spec allows developers to provide additional restrictions on input parameters via parameter schema. For example, pageSize can include schema restrictions fix loopbackio#1573
openapi spec allows developers to provide additional restrictions on input parameters via parameter schema. For example, pageSize can include schema restrictions fix loopbackio#1573
openapi spec allows developers to provide additional restrictions on input parameters via parameter schema. For example, pageSize can include schema restrictions fix loopbackio#1573
|
Unfortunately due to some technical issue with my Laptop - things went wrong while trying to rebase. |
|
Hello @bajtos @raymondfeng, |
Implements #1573
Checklist
npm testpasses on your machinepackages/cliwere updatedexamples/*were updated