Comments (5)
@LadIQe Ajv does not support a default of additionalProperties: false
since it diverges from JSON schema. OpenAPI, I believe does use this as the default (ticket reference here. In any case, this is likely the root of the issue.
A possible solution would be for express-openapi-validator to recursively traverse the spec and add additionalProperties: false
, if additionalProperties is not specified. This requires some work , but is likely worth doing to ensure behavior is consistent with OpenAPI 3.
In any case, as a workaround (for now), you should be able to manually add additionalProperties: false
to your response models. This should cause a validation failure to trigger when additional properties are present.
Please give this a try and let me know if it solves (err works around) this issue you are experiencing.
from express-openapi-validator.
Hi, I tried your workaround, but it doesnt work
Here is original response for logged user
LoggedUser: {
type: 'object',
properties: {
token_type: {
type: 'string'
},
expires_in: {
$ref: '#/components/schemas/number'
},
access_token: {
type: 'string'
},
refresh_token: {
type: 'string'
},
user: {
type: 'object',
required: ['id'],
properties: {
id: {
$ref: '#/components/schemas/number'
}
}
}
}
}
I have tried these versions
LoggedUser: {
type: 'object',
properties: {
token_type: {
type: 'string'
},
expires_in: {
$ref: '#/components/schemas/number'
},
access_token: {
type: 'string'
},
refresh_token: {
type: 'string'
},
user: {
type: 'object',
required: ['id'],
properties: {
id: {
$ref: '#/components/schemas/number'
}
}
}
},
additionalProperties: false
}
LoggedUser: {
type: 'object',
properties: {
token_type: {
type: 'string'
},
expires_in: {
$ref: '#/components/schemas/number'
},
access_token: {
type: 'string'
},
refresh_token: {
type: 'string'
},
user: {
type: 'object',
required: ['id'],
properties: {
id: {
$ref: '#/components/schemas/number'
}
},
additionalProperties: false
}
}
}
Even these versions
LoggedUser: {
type: 'object',
additionalProperties: {
type: 'object',
properties: {
token_type: {
type: 'string'
},
expires_in: {
$ref: '#/components/schemas/number'
},
access_token: {
type: 'string'
},
refresh_token: {
type: 'string'
},
user: {
type: 'object',
required: ['id'],
properties: {
id: {
$ref: '#/components/schemas/number'
}
}
}
}
}
}
LoggedUser: {
type: 'object',
properties: {
token_type: {
type: 'string'
},
expires_in: {
$ref: '#/components/schemas/number'
},
access_token: {
type: 'string'
},
refresh_token: {
type: 'string'
},
user: {
type: 'object',
required: ['id'],
additionalProperties: {
type: 'object',
properties: {
id: {
$ref: '#/components/schemas/number'
}
}
}
}
}
}
But none of them worked. Maybe Im doing something wrong, so feel free to alert me
from express-openapi-validator.
@LadIQe i've made some modifications to the response validator to add support for additionalProperties
. additionalProperties: false
still must be explicitly set
Here is an example test case for reference:
- openapi component schema with explicit
additionalProperties: false
- response example
- test cases
top level additional prop: https://github.com/cdimascio/express-openapi-validator/blob/master/test/response.validation.spec.ts#L71
nested additional prop: https://github.com/cdimascio/express-openapi-validator/blob/master/test/response.validation.spec.ts#L90
This is available in v.2.13.0
from express-openapi-validator.
@cdimascio thank you for your reply. Unfortunately, it still doesnt work. Validator can validate my documentation (when I make mistake), but still it doesnt validate swagger-ui-express
Idk, maybe problem is somewhere here:
const express = require('express')
const swaggerUi = require('swagger-ui-express')
const cookieParser = require('cookie-parser')
const bodyParser = require('body-parser')
const OpenApiValidator = require('express-openapi-validator').OpenApiValidator
const documentation = require('./components/documentation')
const app = express()
app.use(bodyParser.json())
app.use(bodyParser.text())
app.use(bodyParser.urlencoded())
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser())
app.use('/', swaggerUi.serve, swaggerUi.setup(documentation)) // <----- here maybe?
new OpenApiValidator({ // <----------- or here?
apiSpec: documentation,
validateResponses: true,
securityHandlers: {
bearerAuth: (req, scopes, schema) => {
console.log(req, scopes, schema)
}
}
}).install(app)
app.use((err, req, res, next) => {
// format error
console.error(err, err.stack);
if (!err.status && !err.errors) {
res.status(500).json({
errors: [
{
message: err.message,
},
],
})
} else {
res.status(err.status).json({
message: err.message,
errors: err.errors,
})
}
})
module.exports = app
from express-openapi-validator.
@cdimascio ok again I changed order of swagger-ui and validator, now I got this:
starter-node-documentation | { stack:
starter-node-documentation | 'Error: not found\n at Object.validationError (/usr/app/node_modules/express-openapi-validator/dist/middlewares/util.js:23:25)\n at /usr/app/node_modules/express-openapi-validator/dist/middlewares/openapi.security.js:16:32\n at Layer.handle [as handle_request] (/usr/app/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/usr/app/node_modules/express/lib/router/index.js:317:13)\n at /usr/app/node_modules/express/lib/router/index.js:284:7\n at Function.process_params (/usr/app/node_modules/express/lib/router/index.js:335:12)\n at next (/usr/app/node_modules/express/lib/router/index.js:275:10)\n at /usr/app/node_modules/express-openapi-validator/dist/middlewares/openapi.multipart.js:37:13\n at Layer.handle [as handle_request] (/usr/app/node_modules/express/lib/router/layer.js:95:5)',
starter-node-documentation | message: 'not found',
starter-node-documentation | toJSON: [Function: toJSON],
starter-node-documentation | status: 404,
starter-node-documentation | errors: [ { path: '/', message: 'not found', errors: undefined } ],
starter-node-documentation | name: 'Error',
starter-node-documentation | toString: [Function: toString] }
from express-openapi-validator.
Related Issues (20)
- Multer worked on 5.0.1 throws internal server error in 5.1.0 HOT 5
- Introduction of multiple swagger docs with new endpoint now versioned returns 404 HOT 2
- the same oneOf schema can pass request validation. But cannot pass response validation
- version 5.1.1, apiKey cookie authentication results in error HOT 1
- Email format validation does not accept non-ascii characters
- Multiple spec support breaks if validateResponses: true HOT 2
- readonly is ignored when properties are inherited through allOf
- Type coercion stops working if request validation is turned off HOT 1
- Support for the HyperExpress web framework HOT 1
- Multiple path params break support for URI path param HOT 1
- Upgrade or replace lodash
- Server variables without enum don't get validated
- Multiple specs are not supported HOT 1
- Found CVE-2021-23337 in latest version of express-openapi-validator HOT 1
- Request body is marked as invalid, using `oneOf` inside `allOf`
- Request body schema validations are skipped when using multiple external refs
- Subsequent express middleware not invoked after OpenApiValidator HOT 3
- Use Precompiled Validator?
- Setting nullable breaks minLength validation
- Multiple `example` set in OpenAPI schema doesn't work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-openapi-validator.