Comments (2)
mzbik
commented on June 18, 2024
I think the problem stems from both validators mung'ing the request.json method which chains validation which is probably not what you want.
ResponseValidator (from metadataMiddleware) will hook the res.json method. First, it does this for v1 and then for v2. Meaning when res.json gets called in the route, it first get the v2 hook for validation which then calls the v1 hook for validation before calling the original. Inefficient, but OK.
metadataMiddleware will set req.openapi to matching schema. In this case, it will set it to the v2 schema.
Then the validators get called via res.json. The v2 ResponseValidator is called, builds/caches the validator and all is good. Then it delegates to the v1 ResponseValidator. This has has ajvBody set up for the v1 apidoc.
However, buildValidators builds contentTypeSchemas from the res.openapi schema (v2!) and then calls ajvBody to compile one of these schemas. Since ajvBody is bound to the v1 schema, this will raise the exception.
I'm thinking the solution is to not double hook res.json. Hook it ONLY if the request has openapi set to the matching apidoc.
An alternative would be to have the validate() lambda (inside the mung call) to check that req.openapi somehow matches the apidoc associated with the schema.
from express-openapi-validator.
mzbik
commented on June 18, 2024
@fpolowood Please verify on v5.1.6
from express-openapi-validator.
Related Issues (20)
- Security handlers cannot access request params
- The validation doesn't work at all HOT 2
- Question: should serdes.serialize be called when validateResponse=false
- Serdes Does Not Work for Items in Request Parameters in Array HOT 1
- HTTP HEAD not implemented for HTTP GET similar to ExpressJS v4.
- Multer worked on 5.0.1 throws internal server error in 5.1.0 HOT 5
- Introduction of multiple swagger docs with new endpoint now versioned returns 404 HOT 2
- the same oneOf schema can pass request validation. But cannot pass response validation
- version 5.1.1, apiKey cookie authentication results in error HOT 1
- Email format validation does not accept non-ascii characters
- readonly is ignored when properties are inherited through allOf
- Type coercion stops working if request validation is turned off HOT 1
- Support for the HyperExpress web framework HOT 1
- Multiple path params break support for URI path param HOT 1
- Upgrade or replace lodash
- Server variables without enum don't get validated
- Multiple specs are not supported HOT 1
- Found CVE-2021-23337 in latest version of express-openapi-validator HOT 1
- Request body is marked as invalid, using `oneOf` inside `allOf`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-openapi-validator.