Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for error aggregation for request/response validation #259

Merged
merged 5 commits into from
Oct 26, 2020

Conversation

zlozano
Copy link
Contributor

@zlozano zlozano commented Oct 19, 2020

Here is a draft which shows how an aggregate error might look. There are some places where we still short circuit the evaluation. For example, if there is a decoding error, then it makes no sense to continue. While validating decoded parameters though, we can proceed to evaluate most of the rules applied. For example, for JSON bodies, we can continue to evaluate other properties event if the first field fails validation.

This allows users to iterate through the errors, do some type juggling to get the underlying RequestError or SchemaError and either audit bad input, or communicate a complete/detailed list of errors upstream.

I've included this in the non fast path. I couldn't think of where a dedicated private param would fit into this scenario.

I still need to write tests + do the same for response validation. Mostly wanting to get feedback on the approach + any corner cases I am not accounting for.

@fenollp
Copy link
Collaborator

fenollp commented Oct 19, 2020

This looks alright so far. We need to find a way to preserve the non-MultiError "fail fast" behavior though.

@fenollp fenollp linked an issue Oct 19, 2020 that may be closed by this pull request
@zlozano
Copy link
Contributor Author

zlozano commented Oct 20, 2020

Sounds good. I've pushed a new commit proposing how we can preserve the fail fast behavior.

I'm not sold 100% on this idea, but it seemed like a good start.An alternative that you raised in the issue would be to pass a flag using context.Context. Based on the go documentation, I'm not sure this is the best fit, but I will defer to the maintainers on this. Specifically, I am referencing:

Use context Values only for request-scoped data that transits processes and APIs, not for passing optional parameters to functions.

Another alternative, is that this could be an internal value set on the Schema struct on initialization, but it seems like validation handling happens at a couple of different layers, the openapi3filter.Validate* package level functions and the schema Visit* methods. Having a single point to configure this functionality seems to be the most ergonomic for developers which is how I landed on the approach in my most recent commit.

This is still a WIP for demonstration + iterating on some ideas. I still need to handle the remaining visit functions, tests, response validation.

Also, i'd love to hear suggestions on function/param naming if we want to roll with the proposed solution. Thanks!

@fenollp
Copy link
Collaborator

fenollp commented Oct 21, 2020

I think

func (schema *Schema) VisitJSON(value interface{}) error {
...
func (schema *Schema) VisitAllJSON(value interface{}) error {

should actually be just

func (schema *Schema) VisitJSON(value interface{}, ...VisitSchemaOption) error {

which I actually did in https://github.com/getkin/kin-openapi/pull/246/files but apparently forgot to merge....

Anyhow, about the fast/failFast thing in schema.go: I believe your flag is about returning multiple errors so it's name should be more like "multiErrors".

I'll finish up on #246 and merge it and I suggest you add a

func MultiErrors() SchemaValidationOption {
	return func(s *schemaValidationSettings) { s.multierrors = true }
}

and work with that.

Sounds good?

@zlozano
Copy link
Contributor Author

zlozano commented Oct 21, 2020

Sounds good to me. I'll get working on a more complete PR with tests. Thanks for your input!

Copy link
Contributor

@richard-rance richard-rance left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm glad to see work on this taking place. It is a feature that I have been exploring as well.


// MultiError is a collection of errors, intended for when
// multiple issues need to be reported upstream
type MultiError []error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
type MultiError []error
type MultiError []error
//Is allows you to determine if a generic error is in fact a MultiError using `errors.Is()`
//It will also return true if any of the contained errors match target
func (me MultiError) Is(target error) bool {
if _, ok := target.(MultiError); ok {
return true
}
for _, e := range me {
if errors.Is(e, target) {
return true
}
}
return false
}
//As allows you to use `errors.As()` to set target to the first error within the multi error that matches the target type
func (me MultiError) As(target interface{}) bool {
for _, e := range me {
if errors.As(e, target) {
return true
}
}
return false
}
// StatusCode Calculates the most specific http status code for the list of potential error codes
func (me MultiError) StatusCode() int {
code4xx := 0
code5xx := 0
for _, err := range me {
code := 0
if sc, ok := err.(StatusCoder); ok {
code = sc.StatusCode()
}
if code != 0 {
if 400 >= code && code <=499 {
if code4xx == 0 {
code4xx = code
} else if code4xx != code {
code4xx = 400
}
} else if 500 >= code && code <=599 {
if code5xx == 0 {
code5xx = code
} else if code5xx != code {
code5xx = 500
}
}
}
}
if code5xx != 0 {
return code5xx
}
return code4xx
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the input! I am about to push up the rest of my changes, and I will add this in.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the Is and the As.

The StatusCoder is defined in the openapi3filter package, so including here would introduce an import cycle. I think this is fine for now since the rules used above for calculating the status code are not universal. Also, it looks like the StatusCoder is only implemented by the ValidationError.

I'm not super familiar with the ValidationError/ErrorEncoder, so I am not quite sure how it would look, but I think what would be needed is a way to convert a MultiError into a ValidationError (similar to what is done for SchemaErrors and RequestErrors. It seems like this work could be done separately/as a follow up to this since the error will get passed-through to the encoder, allowing the end user to control this behavior. Related to my previous comment, it's not clear how exactly we would calculate error precedence if there are many errors. So this may be the best course of action for now. I'll defer to those who have more experience with using this feature.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given go's preference for interfaces being defined where they are consumed it would have been acceptable to redefine StatusCoder within this package or use an anonymous interface like some of the core packages. Ex: if sc, ok := err.(interface{StatusCode() string}); ok {

It is fine to leave the StatusCode function out for now. I actually had it as a standalone function in the proof of concept that I was working on.

I agree we should have a separate discussion about conversion to ValidationError. I had a hard time implementing my own ErrorEncoder.

@zlozano zlozano marked this pull request as ready for review October 26, 2020 15:30
@zlozano zlozano changed the title WIP for multi part errors Add support for error aggregation for request/response validation Oct 26, 2020
Copy link
Collaborator

@fenollp fenollp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most comments I have are the same one repeated so you should be able to go through them pretty quickly.

openapi3filter/validate_request.go Outdated Show resolved Hide resolved
openapi3filter/validate_request.go Show resolved Hide resolved
openapi3filter/validate_request.go Outdated Show resolved Hide resolved
openapi3/schema.go Show resolved Hide resolved
openapi3/schema.go Show resolved Hide resolved
openapi3/schema.go Show resolved Hide resolved
openapi3/schema.go Show resolved Hide resolved
openapi3/schema.go Outdated Show resolved Hide resolved
go.mod Outdated Show resolved Hide resolved
@zlozano zlozano requested a review from fenollp October 26, 2020 18:45
@fenollp fenollp merged commit 25cec2f into getkin:master Oct 26, 2020
@crodwell
Copy link
Contributor

crodwell commented May 5, 2021

@fenollp @zlozano - This looks great but correct me if I'm wrong, it doesn't look like you can unwrap multiple request validation errors?

for example if I have 2 invalid request fields in my request

err := openapi3filter.ValidateRequest(c, &openapi3filter.RequestValidationInput{
		Request:    c.Request,
		PathParams: pathParams,
		Route:      route,
		Options:    &openapi3filter.Options{MultiError: true, ExcludeResponseBody: true, IncludeResponseStatus: false},
	}); err != nil {
        spew.Dump(err)  
/*
(openapi3.MultiError) (len=1 cap=1) request body has an error: doesn't match the schema: Error at "/start_date": string doesn't match the format "date-time" (regular expression "^[0-9]{4}-(0[0-9]|10|11|12)-([0-2][0-9]|30|31)T[0-9]{2}:[0-9]{2}:[0-9]{2}(.[0-9]+)?(Z|(\\+|-)[0-9]{2}:[0-9]{2})?$")
Schema:
  {
    "format": "date-time",
    "type": "string"
  }

Value:
  "abc"
 | Error at "/currency_code": Field must be set to string or not be present
Schema:
  {
    "maxLength": 3,
    "type": "string"
  }

Value:
  "number, integer"
 |  |  
 */
	spew.Dump(errors.Unwrap(err))  
/*
(interface {}) <nil>
*/
}

I can't find any easy way to separate the errors, any ideas?

@zlozano
Copy link
Contributor Author

zlozano commented May 5, 2021

@crodwell it is quite possible I missed a use case, but I believe we accomplish what you are doing with some type juggling. Here is an example function we use to unpack the errors into a flat object we can then marshal and write back:

const (
	prefixBody = "@body"
	unknown    = "@unknown"
)

func convertError(me openapi3.MultiError) map[string][]string {
	issues := make(map[string][]string)
	for _, err := range me {
		switch err := err.(type) {
		case *openapi3.SchemaError:
			// Can inspect schema validation errors here, e.g. err.Value
			field := prefixBody
			if path := err.JSONPointer(); len(path) > 0 {
				field = fmt.Sprintf("%s.%s", field, strings.Join(path, "."))
			}
			if _, ok := issues[field]; !ok {
				issues[field] = make([]string, 0, 3)
			}
			issues[field] = append(issues[field], err.Error())
		case *openapi3filter.RequestError: // possible there were multiple issues that failed validation
			if err, ok := err.Err.(openapi3.MultiError); ok {
				for k, v := range convertError(err) {
					if _, ok := issues[k]; !ok {
						issues[k] = make([]string, 0, 3)
					}
					issues[k] = append(issues[k], v...)
				}
				continue
			}

			// check if invalid HTTP parameter
			if err.Parameter != nil {
				prefix := err.Parameter.In
				name := fmt.Sprintf("%s.%s", prefix, err.Parameter.Name)
				if _, ok := issues[name]; !ok {
					issues[name] = make([]string, 0, 3)
				}
				issues[name] = append(issues[name], err.Error())
				continue
			}

			// check if requestBody
			if err.RequestBody != nil {
				if _, ok := issues[prefixBody]; !ok {
					issues[prefixBody] = make([]string, 0, 3)
				}
				issues[prefixBody] = append(issues[prefixBody], err.Error())
				continue
			}
		default:
			reasons, ok := issues[unknown]
			if !ok {
				reasons = make([]string, 0, 3)
			}
			reasons = append(reasons, err.Error())
			issues[unknown] = reasons
		}
	}
	return issues
}

here is a sample main to illustrate:

func main() {
	swagger, err := openapi3.NewSwaggerLoader().LoadSwaggerFromFile("./petstore.yaml")
	if err != nil {
		log.Fatalf("error loading spec %s", err.Error())
	}

	router := openapi3filter.NewRouter()
	if err := router.AddSwagger(swagger); err != nil {
		log.Fatalf("error adding spec %s", err.Error())
	}

	mux := http.NewServeMux()
	mux.Handle("/pet", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		route, pathParams, err := router.FindRoute(r.Method, r.URL)
		if err != nil {
			fmt.Println(err.Error())
			w.WriteHeader(http.StatusInternalServerError)
			return
		}

		err = openapi3filter.ValidateRequest(r.Context(), &openapi3filter.RequestValidationInput{
			Request:    r,
			PathParams: pathParams,
			Route:      route,
			Options: &openapi3filter.Options{
				MultiError: true,
			},
		})

		switch err := err.(type) {
		case nil:
		case openapi3.MultiError:
			issues := convertError(err)
			for k, msgs := range issues {
				fmt.Println("===== Start New Error =====")
				fmt.Println(k + ":")
				for _, msg := range msgs {
					fmt.Printf("\t%s\n", msg)
				}
			}
		default:
			fmt.Println(err.Error())
		}
	}))

	log.Fatal(http.ListenAndServe(":8282", mux))
}

example petstore.yaml:

 openapi: "3.0.0"
info:
  description: "This is a sample server Petstore server.  You can find out more about     Swagger at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/).      For this sample, you can use the api key `special-key` to test the authorization     filters."
  version: "1.0.0"
  title: "Swagger Petstore"
  termsOfService: "http://swagger.io/terms/"
  contact:
    email: "[email protected]"
  license:
    name: "Apache 2.0"
    url: "http://www.apache.org/licenses/LICENSE-2.0.html"
tags:
- name: "pet"
  description: "Everything about your Pets"
  externalDocs:
    description: "Find out more"
    url: "http://swagger.io"
- name: "store"
  description: "Access to Petstore orders"
- name: "user"
  description: "Operations about user"
  externalDocs:
    description: "Find out more about our store"
    url: "http://swagger.io"
paths:
  /pet:
    post:
      tags:
      - "pet"
      summary: "Add a new pet to the store"
      description: ""
      operationId: "addPet"
      requestBody:
        required: true
        content: 
          'application/json':
            schema:
              $ref: '#/components/schemas/Pet'
      responses:
        "405":
          description: "Invalid input"
components:
  schemas:
    Category:
      type: "object"
      properties:
        id:
          type: "integer"
          format: "int64"
        name:
          type: "string"
      xml:
        name: "Category"
    Tag:
      type: "object"
      properties:
        id:
          type: "integer"
          format: "int64"
        name:
          type: "string"
      xml:
        name: "Tag"
    Pet:
      type: "object"
      required:
      - "name"
      - "photoUrls"
      properties:
        id:
          type: "integer"
          format: "int64"
        category:
          $ref: "#/components/schemas/Category"
        name:
          type: "string"
          example: "doggie"
        photoUrls:
          type: "array"
          xml:
            name: "photoUrl"
            wrapped: true
          items:
            type: "string"
        tags:
          type: "array"
          xml:
            name: "tag"
            wrapped: true
          items:
            $ref: "#/components/schemas/Tag"
        status:
          type: "string"
          description: "pet status in the store"
          enum:
          - "available"
          - "pending"
          - "sold"
      xml:
        name: "Pet"

when I curl: curl -v -XPOST "http://localhost:8282/pet" -d '{"name": 100, "photoUrls": [], "status": "invalidStatus"}' --header "Content-Type:application/json"
(note invalid type for name and invalid status)

I receive two errors:

===== Start New Error =====
@body.name:
	Error at "/name":Field must be set to string or not be present
Schema:
  {
    "example": "doggie",
    "type": "string"
  }

Value:
  "number, integer"

===== Start New Error =====
@body.status:
	Error at "/status":JSON value is not one of the allowed values
Schema:
  {
    "description": "pet status in the store",
    "enum": [
      "available",
      "pending",
      "sold"
    ],
    "type": "string"
  }

Value:
  "invalidStatus"

I think this is what you are looking for. Please let me know if I have missed something. We are currently on 0.26.0 so some of the openapi packages may have changed in my example. The type juggling is unfortunate, but at the time this was written I was attempting to work within the existing type system defined by the openapi3 packages. The multi error type just aggregates the existing errors. You'll need to do some type assertions to get the data you are looking for.

@crodwell
Copy link
Contributor

crodwell commented May 5, 2021

Hey @zlozano . Thanks so much for this! You've helped me get unstuck; I wanted a slice of errors, so that I can transform validation problems into user friendly JSON. I changed your convertError() function to return a map[string][]error instead and now I can iterate over each field that has an (*openapi3.SchemaError) and display the bits I need for the user to rectify.

QifanWuCFLT added a commit to confluentinc/kin-openapi that referenced this pull request Apr 6, 2023
* add couple tests around multiple file-specs (one needs fixing) + some code reuse (getkin#236)

* Fix wrong `Found unresolved ref` error when converting from Swagger/OpenAPIv2 spec (getkin#237)

* various fixes mainly to openapi2<->openapi3 conversion (getkin#239)

* Add deprecated field in Schema (getkin#242)

Change-Id: If750ff340ae29cf24a6ad870071502c9327485ca

* Fix openapi3.referencedDocumentPath (getkin#248)

* follow lint rules (getkin#250)

* Fix broken link to alternative projects (getkin#255)

* openapi2 security scheme requires accessCode not accesscode (getkin#256)

Signed-off-by: Pierre Fenoll <[email protected]>

* Validator: check readOnly/writeOnly properties (getkin#246)

* feat: add Goa to README (getkin#261)

Goa v3 depend on kin-openapi

https://github.com/goadesign/goa/blob/v3/go.mod

* swagger2 formData & request body refs (getkin#260)

Co-authored-by: Francis Lennon <[email protected]>

* Add support for error aggregation for request/response validation (getkin#259)

* Prevent a panic in the error encoder (getkin#262)

* Adds ipv4 and ipv6 formats support (getkin#258)

Co-authored-by: Pierre Fenoll <[email protected]>

* validate pattern or schema, not pattern xor schema anymore (getkin#265)

* Consumes request bodies (getkin#263)

Co-authored-by: Francis Lennon <[email protected]>
Co-authored-by: Pierre Fenoll <[email protected]>

* fixed panic in path validation (issue getkin#264) (getkin#266)

Co-authored-by: Samuel Monderer <[email protected]>

* Update doc.go (getkin#272)

* Exposing Components 'IdentifierRegExp' to enable customized component key getkin#270 (getkin#273)

* Add support for application/problem+json (getkin#275)

Add support for content type application/problem+json for response validation

* Enables jsonpointer support in openapi3 (getkin#276)

* Fix flaky CI (getkin#278)

* Fix failfast flag handling (getkin#284)

* Add OIDC Schema format as per spec (getkin#287)

Co-authored-by: Pierre Fenoll <[email protected]>

* Support for alternate http auth mechanisms (getkin#291)

Fixes getkin#290

* Return a more specific error when more than oneOf schemas match (getkin#292)

* fix bug on indice to compare (getkin#295)

* support extensions in oasv3.Server (getkin#302)

Signed-off-by: Pierre Fenoll <[email protected]>

* Add an example showing how to decode some extension props (getkin#304)

* clarify defaults around openapi3filter.Options and openapi3filter.Aut… (getkin#305)

Signed-off-by: Pierre Fenoll <[email protected]>

* Add extensions in missing resources (getkin#306)

* Enlarge support for JSON Path in $ref resolution (getkin#307)

* Prevent infinite loop while loading openapi spec with recursive references (getkin#310)

* nitpicks (getkin#313)

* mention alternatives in README.md (getkin#315)

Signed-off-by: Pierre Fenoll <[email protected]>

* Bypass any file/URL reading by ReadFromURIFunc (getkin#316)

* Drop `sl.LoadSwaggerFromURIFunc` (getkin#317)

* Add an openapi3gen example + options (getkin#320)

* Adds oneOf/discriminator/mapping management (getkin#321)

* reproduce incorrect discriminator handling with ValidateRequest (getkin#323)

* prepare for getkin#210 (getkin#325)

* go:embed loader.ReadFromURIFunc example (getkin#319)

* Rework router (getkin#210)

* Reset compiledPattern when updating Pattern (getkin#327)

* address getkin#326 (getkin#330)

Signed-off-by: Pierre Fenoll <[email protected]>

* Drop test dependency on go:embed (getkin#331)

* Update README.md (getkin#333)

* introduce openapi3filter.RegisteredBodyDecoder (getkin#340)

Signed-off-by: Pierre Fenoll <[email protected]>

* openapi3: allow variables in schemes in gorillamux router + better server variables validation (getkin#337)

* Fix following refs to non-openapi3 root documents (but that are sub-documents) (getkin#346)

* reproduce failing to load JSON refs in non-openapi document (getkin#314)

* repro getkin#341 (getkin#342)

* [Bugfix] fail readURL on http code > 399 (getkin#345)

* [Bugfix] fail readUR
 if external reference returned http code > 399

* Replaced httpmock with httptest

* Use require.EqualError
instead testing Error and Contains of the errormessage

* Test LoadSwaggerFromData as well

* Support loading documents with `filepath.FromSlash` (getkin#251)

* [Bugfix] fixed error message when only file is referenced (getkin#348)

without internal reference

* Follow callbacks references (getkin#347)

* CI: test go1.14 (getkin#349)

* Clean APIs from trademarked name "Swagger" (getkin#351)

* Fix CI (getkin#352)

Signed-off-by: Pierre Fenoll <[email protected]>

* cannot reproduce getkin#353 (getkin#354)

Signed-off-by: Pierre Fenoll <[email protected]>

* add example usage of request validation with gorilla/mux router (getkin#359)

Signed-off-by: Pierre Fenoll <[email protected]>

* Have Header Object follow the structure of the Parameter Object (getkin#355)

* CI: fix tests after tag (getkin#363)

Signed-off-by: Pierre Fenoll <[email protected]>

* Update openapi2_conv.go (getkin#365)

Co-authored-by: Pierre Fenoll <[email protected]>

* update that tag again... (getkin#374)

* fix drilling down struct looking for additionalProperties (getkin#377)

* fix drilling down additionalProperties in the boolean case (getkin#378)

* Compile pattern on validate (getkin#375)

Co-authored-by: Pierre Fenoll <[email protected]>

* Add uint type to openapi3gen (getkin#379)

* reproduce and fix issue getkin#382 (getkin#383)

* Detect if a field is anonymous and handle the indirection (getkin#386)

* Add missing yaml tags in marshaling openapi2.T (getkin#391)

* Support reference cycles (getkin#393)

* Add support for embedded struct pointers (getkin#396)

* fix: Allow encoded path parameters with slashes (getkin#400)

* Accept multipart/form-data's part without Content-Type (getkin#399)

* fix that CI go:embed test forever, again (getkin#405)

* fix bad ci script. I was under the impression this was working when I… (getkin#406)

* Fix handling recursive refs (getkin#403)

* fix issue 407, where if server URL has no path it throws exception (getkin#408)

Co-authored-by: Naer Chang <[email protected]>

* feature: Add more discriminator error messages and return specific er… (getkin#394)

* feature: Add more discriminator error messages and return specific error when possible

* feature: Always show more specific error message

* test: Add schema oneOf tests

* clean: Add missing word

* Add nomad to list of projects using kin-openapi in README (getkin#413)

* Schema customization plug-point (getkin#411)

* Update README: remove github.com/getkin/kin (getkin#414)

* fix alters by LGTM.com (getkin#415)

* Add support for "application/x-yaml" (getkin#421)

* sort out possible mishandling of ipv4 vs v6 (getkin#431)

* Panic with customizer and embedded structs (getkin#434)

* Fix getkin#422 added support for error unwrapping for errors with a single sub-error (getkin#433)

* Do not escape regular expressions again (getkin#429) (getkin#435)

* improve response validation error (getkin#437)

* Define const schema types (getkin#438)

* reproduce issue getkin#436 (getkin#439)

* Fix scheme handling in v2->v3 conversion (getkin#441)

* reproduce + fix getkin#444: ValidateRequest for application/x-yaml (getkin#445)

* Internalize references (getkin#443)

* ClientCredentials conversion to OpenAPI v2 (getkin#449)

* Fix issue getkin#410 (getkin#450)

Co-authored-by: Pierre Fenoll <[email protected]>

* try reproducing getkin#447 (getkin#448)

* fix: duplicate error reason when parameter is required but not present (getkin#453)

* Provide support for generating recursive types into OpenAPI doc getkin#451 + my touches (getkin#454)

Co-authored-by: Peter Broadhurst <[email protected]>

* v2Tov3: handle parameter schema refs (getkin#455)

Co-authored-by: Vincent Behar <[email protected]>

* nitpicking: use type openapi3.Schemas (getkin#456)

* Create FUNDING.yml (getkin#458)

* Insert produces field (getkin#461)

* fix error reason typo (getkin#466)

* Update rfc422 regex as per spec: 'case insensitive on input' (getkin#463)

* work around localhost host mismatch with relative server url (getkin#467)

Co-authored-by: Chris Rodwell <[email protected]>

* Add openapi3 validator middleware (getkin#462)

* document union behaviour of XyzRef.s (getkin#468)

* extensible-paths (getkin#470)

* fix recipe for validating http requests/responses (getkin#474)

* amend README.md to reflect BodyDecoder type (getkin#475)

* openapi2conv: Convert response headers (getkin#483)

* Fix oauth2 in openapi2conv.FromV3SecurityScheme (getkin#491)

* Fix openapi3 validation: path param must be required (getkin#490)

* updated date-time string format regexp to fully comply to standard (getkin#493)

* distinguish form data in fromV3RequestBodies (getkin#494)

* feat: cache resolved refs, improve URI reader extensibility (getkin#469)

* Fix OpenAPI 3 validation: request body content is required (getkin#498)

* Add OpenAPI 3 externalDocs validation (getkin#497)

* issue/500 (getkin#501)

Co-authored-by: Nathaniel J Cochran <[email protected]>

* Fix OpenAPI 3 validation: operationId must be unique (getkin#504)

* Check response headers and links (getkin#505)

Co-authored-by: Ole Petersen <[email protected]>
Co-authored-by: Pierre Fenoll <[email protected]>

* fix that test situation (getkin#506)

* Define missing XML in schema, minor fixes and doc additions (getkin#508)

* discriminator value should verify the type is string to avoid panic (getkin#509)

* Add nilness check to CI (getkin#510)

* Add support for formats defined in JSON Draft 2019-09 (getkin#512)

Co-authored-by: Steve Lessard <[email protected]>

* Change the order of request validation to validate the Security schemas first before all other paramters (getkin#514)

Co-authored-by: yarne <[email protected]>

* Add support for allowEmptyValue (getkin#515)

Co-authored-by: Pierre Fenoll <[email protected]>

* RequestError Error() does not include reason if it is the same as err (getkin#517)

Co-authored-by: Kanda <[email protected]>

* Fix ExampleValidator test for 32-bit architectures (getkin#516)

* openapi2: add missing schemes field of operation object (getkin#519)

* Run CI tests on 386 too cc getkin#516 (getkin#518)

* Add ExcludeSchema sentinel error for schemaCustomizer (getkin#522)

Co-authored-by: Pierre Fenoll <[email protected]>

* test link refs (getkin#525)

* add missing validation of components: examples, links, callbacks (getkin#526)

* openapi2: remove undefined tag (getkin#527)

* testing: fix incorrect document (getkin#529)

* testing: compare graphs using graph tools (getkin#528)

* Fix some golints (getkin#530)

* Internalize parameter references in the path as well (getkin#540)

* fix bad error message on invalid value parse on query parameter (getkin#541)

Co-authored-by: Kanda <[email protected]>

* Follow up to getkin#540 with more tests (getkin#549)

* feat: handling `default` in request body and parameter schema (getkin#544)

* wip setting defaults for getkin#206

Signed-off-by: Pierre Fenoll <[email protected]>

* introduce body encoders

Signed-off-by: Pierre Fenoll <[email protected]>

* re-encode only when needed

Signed-off-by: Pierre Fenoll <[email protected]>

* set default for parameter and add more test cases

Co-authored-by: Pierre Fenoll <[email protected]>

* following up on getkin#544: do not pass through on unhandled case (getkin#550)

* Fix for CVE-2022-28948 (getkin#552)

* CI: check-goimports

Signed-off-by: Pierre Fenoll <[email protected]>

* reorder imports per new CI check

Signed-off-by: Pierre Fenoll <[email protected]>

* switch from github.com/ghodss/yaml to github.com/invopop/yaml

Signed-off-by: Pierre Fenoll <[email protected]>

* remove all direct dependencies on gopkg.in/yaml.v2

Signed-off-by: Pierre Fenoll <[email protected]>

* upgrade gopkg.in/yaml.v2 to latest published tag

Signed-off-by: Pierre Fenoll <[email protected]>

* upgrade gopkg.in/yaml.v3 to latest published tag

Signed-off-by: Pierre Fenoll <[email protected]>

* TestIssue430: fix racey behavior (getkin#553)

* Handle port number variable of servers given to gorillamux.NewRouter (getkin#524)

* update README.md with newer router/validator example (getkin#554)

* Unit tests (getkin#556)

* add gitlab.com/jamietanna/httptest-openapi to README.md (getkin#557)

* fix: add deprecated field to openapi2.Operation (getkin#559)

* fix: openapi2conv respects produces field (getkin#575)

* Use go1.19 formatting (getkin#584)

* Fix `resolveSchemaRef()` to load correctly an other spec. file referenced by `$ref` (getkin#583)

* Protect from recursion in openapi3.InternaliseRefs (getkin#578)

Co-authored-by: Dmitriy Lukiyanchuk <[email protected]>

* cleanup after getkin#583 (getkin#585)

* upgrade CI tools (getkin#586)

* getkin#482 integer support broken with yaml (getkin#577)

Co-authored-by: Christian Boitel <[email protected]>

* Match on overridden servers at the path level, fixes getkin#564 (getkin#565)

Co-authored-by: Pierre Fenoll <[email protected]>

* feat: support validation options specifically for disabling pattern validation (getkin#590)

* Add sponsor logo (getkin#595)

* Examples validation (getkin#592)

Co-authored-by: Pierre Fenoll <[email protected]>

* use %w to wrap the errors (getkin#596)

* Expose request/response validation options in the middleware Validator (getkin#608)

* fix: detects circular references that can't be handled at the moment to avoid infinite loops loading documents (getkin#607)

* Validate default values against schema (getkin#610)

* fix: only inject default value for matched oneOf or anyOf (getkin#604)

* Deterministic validation (getkin#602)

* Improve error message when path validation fails (getkin#605)

* Correctly resolve path of yaml resource if double referenced. (getkin#611)

* Fix second level relative ref in property resolving (getkin#622)

Co-authored-by: Dmitriy Lukiyanchuk <[email protected]>

* rework convertError Example code to show query schema error (getkin#626)

* Allow validations options when creating legace Router (getkin#614)

* Additional error information (getkin#617)

* Add SIMITGROUP`s repo to dependants shortlist (getkin#627)

* Introduce package-wide CircularReferenceCounter to work around getkin#615 (getkin#628)

Co-authored-by: sorintm <[email protected]>

* fix: embedded struct handling (getkin#630)

* openapi3filter: Fallback to string when decoding request parameters (getkin#631)

* Introduce `(openapi3.*Server).BasePath()` and `(openapi3.Servers).BasePath()` (getkin#633)

* Actually  getkin#624, thanks to @orensolo (getkin#634)

* Check for superfluous trailing whitespace (getkin#636)

* show errors in security requirements (getkin#637)

* Fix validation of complex enum values (getkin#647)

* readOnly writeOnly validation (getkin#599)

* fix: yaml marshal output (getkin#649)

* openapi3filter: add missing response headers validation (getkin#650)

* Fix lost error types in oneOf (getkin#658)

* Add RegisterBodyEncoder (getkin#656)

* fix panic slice out of range error getkin#652 (getkin#654)

* Fixed recurive reference resolving when property referencies local co… (getkin#660)

Co-authored-by: Anton Tolokan <[email protected]>

* Add CodeQL workflow for GitHub code scanning (getkin#661)

Co-authored-by: LGTM Migrator <[email protected]>

* Support x-nullable (getkin#670)

* Update content length after replacing request body (getkin#672)

* fix: optional defaults (getkin#662)

* fix: wrap the error that came back from the callback (getkin#674) (getkin#675)

* fix: openapi3.SchemaError message customize (getkin#678) (getkin#679)

Co-authored-by: Pierre Fenoll <[email protected]>

* openapi3filter: fix crash when given arrays of objects as query parameters (getkin#664)

* fix: error path is lost (getkin#681) (getkin#682)

* feat: formatting some error messages (getkin#684)

* fix: query param pattern (getkin#665)

* fix: errors in oneOf not contain path (getkin#676) (getkin#677)

* fix tests after merge train (getkin#686)

* Internalize recursive external references getkin#618 (getkin#655)

* Add variadic options to Validate method (getkin#692)

* fix: setting defaults for oneOf and anyOf (getkin#690)

* Try decoding as JSON first then YAML, for speed (getkin#693)

Fixes getkin#680

* Use and update GetBody() member of request (getkin#704)

* Bugfix/issue638 (getkin#700)

* Add json patch support (getkin#702)

* openapi3filter: Include schema ref or title in response body validation errors (getkin#699)

Co-authored-by: Steve Lessard <[email protected]>

* openapi3filter: parse integers with strconv.ParseInt instead of ParseFloat (getkin#711)

Co-authored-by: Steve Lessard <[email protected]>

* Fix inconsistent processing of server variables in gorillamux router (getkin#705)

Co-authored-by: Steve Lessard <[email protected]>

* Fix links to OpenAPI spec after GitHub changes (getkin#714)

* openapi3: patch YAML serialization of dates (getkin#698)

Co-authored-by: Pierre Fenoll <[email protected]>

* Leave allocation capacity guessing to the runtime (getkin#716)

* openapi3filter: validate non-string headers (getkin#712)

Co-authored-by: Steve Lessard <[email protected]>

* openapi3: unexport ValidationOptions fields and add some more (getkin#717)

* openapi3: introduce (Paths).InMatchingOrder() paths iterator (getkin#719)

* feat: improve error reporting for bad/missing discriminator (getkin#718)

* openapi3: continue validation on valid oneOf properties (getkin#721)

* openapi3filter: use option to skip setting defaults on validation (getkin#708)

* openapi3: remove email string format (getkin#727)

* openapi3filter: support for allOf request schema in multipart/form-data (getkin#729)

fix getkin#722

* Disallow unexpected fields in validation and drop `jsoninfo` package (getkin#728)

Fixes getkin#513
Fixes getkin#37

* openapi3filter: RegisterBodyDecoder for application/zip (getkin#730)

* Keep track of API changes with CI (getkin#732)

* openapi3filter: RegisterBodyDecoder for text/csv (getkin#734)

fix getkin#696

* getkin#741 uri cache mutex (getkin#742)

* Specify UseNumber() in the JSON decoder during JSON validation (getkin#738)

* openapi3: fix error phrase in security scheme (getkin#745)

Co-authored-by: Pierre Fenoll <[email protected]>

* openapi3: remove value data from `SchemaError.Reason` field (getkin#737)

Resolves getkin#735

* fix additional properties false not validated (getkin#747)

* Refine schema error reason message (getkin#748)

* openapi3: fix validation of non-empty interface slice value against array schema (getkin#752)

Resolves getkin#751

* openapi3: empty scopes are valid (getkin#754)

* openapi3: fix integer enum schema validation after json.Number PR (getkin#755)

* optional readOnly and writeOnly validations (getkin#758)

* openapi3: fix resolving Callbacks (getkin#757)

Co-authored-by: Pierre Fenoll <[email protected]>
fix getkin#341

* fixup some coding style divergences (getkin#760)

* openapi3: make `bad data ...` error more actionable (getkin#761)

* openapi3: add test from getkin#731 showing validating doc first is required (getkin#762)

closes getkin#731

* cmd/validate: more expressive errors (getkin#769)

* openapi3: fix an infinite loop that may have been introduced in getkin#700 (getkin#768)

* openapi3: fix default values count even when disabled (getkin#767) (getkin#770)

* openapi3: sort extra fields only once, during deserialization (getkin#773)

* feat: support nil uuid (getkin#778)

---------

Signed-off-by: Pierre Fenoll <[email protected]>
Co-authored-by: Pierre Fenoll <[email protected]>
Co-authored-by: Tevic <[email protected]>
Co-authored-by: Kaushal Madappa <[email protected]>
Co-authored-by: Kevin Disneur <[email protected]>
Co-authored-by: 森 優太 <[email protected]>
Co-authored-by: FrancisLennon17 <[email protected]>
Co-authored-by: Francis Lennon <[email protected]>
Co-authored-by: Zachary Lozano <[email protected]>
Co-authored-by: Richard Rance <[email protected]>
Co-authored-by: Riccardo Manfrin <[email protected]>
Co-authored-by: Samuel Monderer <[email protected]>
Co-authored-by: Samuel Monderer <[email protected]>
Co-authored-by: duohedron <[email protected]>
Co-authored-by: heyvister <[email protected]>
Co-authored-by: DanielXu77 <[email protected]>
Co-authored-by: Gordon Allott <[email protected]>
Co-authored-by: Michael Krotscheck <[email protected]>
Co-authored-by: Jake Scott <[email protected]>
Co-authored-by: C H <[email protected]>
Co-authored-by: Sergi Castro <[email protected]>
Co-authored-by: hottestseason <[email protected]>
Co-authored-by: Reuven Harrison <[email protected]>
Co-authored-by: Steffen Rumpf <[email protected]>
Co-authored-by: jasmanx11 <[email protected]>
Co-authored-by: Alexander Bolgov <[email protected]>
Co-authored-by: bianca rosa <[email protected]>
Co-authored-by: Derek Strickland <[email protected]>
Co-authored-by: Rodrigo Fernandes <[email protected]>
Co-authored-by: stakme <[email protected]>
Co-authored-by: NaerChang2 <[email protected]>
Co-authored-by: Naer Chang <[email protected]>
Co-authored-by: Peter Broadhurst <[email protected]>
Co-authored-by: Oleksandr Redko <[email protected]>
Co-authored-by: Guilherme Cardoso <[email protected]>
Co-authored-by: Bion <[email protected]>
Co-authored-by: José María Martín Luque <[email protected]>
Co-authored-by: David Sharnoff <[email protected]>
Co-authored-by: Mansur Marvanov <[email protected]>
Co-authored-by: jhwz <[email protected]>
Co-authored-by: Luukvdm <[email protected]>
Co-authored-by: Andrey Dyatlov <[email protected]>
Co-authored-by: Nick Ufer <[email protected]>
Co-authored-by: Vincent Behar <[email protected]>
Co-authored-by: Matteo Pietro Dazzi <[email protected]>
Co-authored-by: Karl Möller <[email protected]>
Co-authored-by: Chris Rodwell <[email protected]>
Co-authored-by: Casey Marshall <[email protected]>
Co-authored-by: general-kroll-4-life <[email protected]>
Co-authored-by: Andreas Paul <[email protected]>
Co-authored-by: Sergey Vilgelm <[email protected]>
Co-authored-by: Clifton Kaznocha <[email protected]>
Co-authored-by: Vasiliy Tsybenko <[email protected]>
Co-authored-by: Anthony Clerc <[email protected]>
Co-authored-by: Nathan Cochran <[email protected]>
Co-authored-by: Nathaniel J Cochran <[email protected]>
Co-authored-by: Ole Petersen <[email protected]>
Co-authored-by: Ole Petersen <[email protected]>
Co-authored-by: K Zhang <[email protected]>
Co-authored-by: slessard <[email protected]>
Co-authored-by: Steve Lessard <[email protected]>
Co-authored-by: Yarne Decuyper <[email protected]>
Co-authored-by: yarne <[email protected]>
Co-authored-by: Kanda <[email protected]>
Co-authored-by: Anthony Fok <[email protected]>
Co-authored-by: Nicko Guyer <[email protected]>
Co-authored-by: Christoph Petrausch <[email protected]>
Co-authored-by: Nic <[email protected]>
Co-authored-by: Idan Frimark <[email protected]>
Co-authored-by: Nir <[email protected]>
Co-authored-by: Masumi Kanai <[email protected]>
Co-authored-by: wtertius <[email protected]>
Co-authored-by: Dmitriy Lukiyanchuk <[email protected]>
Co-authored-by: Christian Boitel <[email protected]>
Co-authored-by: Christian Boitel <[email protected]>
Co-authored-by: Amarjeet Rai <[email protected]>
Co-authored-by: Tristan Cartledge <[email protected]>
Co-authored-by: danicc097 <[email protected]>
Co-authored-by: sorintm <[email protected]>
Co-authored-by: Praneet Loke <[email protected]>
Co-authored-by: Davor Sauer <[email protected]>
Co-authored-by: Yannick Clybouw <[email protected]>
Co-authored-by: sorintm <[email protected]>
Co-authored-by: Nicholas Wiersma <[email protected]>
Co-authored-by: Steven Hartland <[email protected]>
Co-authored-by: Stepan I <[email protected]>
Co-authored-by: Omar Ramadan <[email protected]>
Co-authored-by: nk2ge5k <[email protected]>
Co-authored-by: Derbylock <[email protected]>
Co-authored-by: Anton Tolokan <[email protected]>
Co-authored-by: lgtm-com[bot] <43144390+lgtm-com[bot]@users.noreply.github.com>
Co-authored-by: LGTM Migrator <[email protected]>
Co-authored-by: Chris Reeves <[email protected]>
Co-authored-by: Andriy Borodiychuk <[email protected]>
Co-authored-by: orensolo <[email protected]>
Co-authored-by: Stepan I <[email protected]>
Co-authored-by: Eloy Coto <[email protected]>
Co-authored-by: tomato0111 <[email protected]>
Co-authored-by: ShouheiNishi <[email protected]>
Co-authored-by: Cosmos Nicolaou <[email protected]>
Co-authored-by: Greg Ward <[email protected]>
Co-authored-by: Vincent Le Goff <[email protected]>
Co-authored-by: Katsumi Kato <[email protected]>
Co-authored-by: Graham Crowell <[email protected]>
Co-authored-by: Jeffrey Ying <[email protected]>
Co-authored-by: Ori Shalom <[email protected]>
Co-authored-by: Andrew Yang <[email protected]>
Co-authored-by: Nodar Jarrar <[email protected]>
Co-authored-by: orshlom <[email protected]>
Co-authored-by: Vincent Le Goff <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Option to not short circuit on validation errors
4 participants