The requestBodyAjvOptions are not used when validating requests. They are not passed through to the constructor in CompiledRequestBody.ts, which instead passes an empty object through to the CompiledSchema constructors opts parameter

In CompiledRequestBody, the media types are stored as keys of compiledSchemas, meaning only exact matches are supported.
If the key is image/*, then image/jpeg should match it, unless there's also a specific image/jpeg schema defined.
In addition, / should match all content types not matched by more specific schemas. This includes requests sent without any content type.
I don't know if there's a way to specifically match requests without a content-type set.

Steps to recreate the issue

1. Change query.json /pets petId parameter like below
   {
   "name": "petId",
   "in": "query",
   "required": true,
   "description": "The id of the pet to retrieve",
   "schema": {
   "type": "array",
   "items": {
   "type": "string",
   "pattern": "^[A-Z0-9]+-[0-9]{4}"
   }
   }
   }
2. change the test case should coerce query parameter to an array in query.spec.ts as below

it('should coerce query parameter to an array', () => {
const queryMeta = {
method: 'get',
query: {
petId:'ACD-2016,ACD-213'
}
};
expect(chowchow.validateRequest('/pets', queryMeta)).toEqual(expect.objectContaining({
query: {
petId: ['ACD-2016,ACD-213']
}
}));
expect(queryMeta.query.petId).toEqual('ACD-2016,ACD-213');
});

As the string ACD-213 is not matching the pattern it should fail but it doesn't

https://github.com/atlassian/oas3-chow-chow/blob/a46b746013710c7aceb7cadf18e20a964ca0ceb8/src/compiler/CompiledPath.ts doesn't seem to implement matching paths with a missing field where the last field in the path is marked as optional.

pet/{petId} will not match pet/ even if petId was defined as optional

I got an array of object (refer below) for the rawErrors property in ChowErrorMeta when validating the request body using the koa-oas3 middleware.

Received:

[ { start: { line: 2, column: 9, offset: 10 },
    end: { line: 2, column: 19, offset: 20 },
    error: '/id: type should be integer',
    path: '/id' } ]

However, the type of rawErrors property defined in ChowErrorMeta is expecting an array of string instead.

Is there anyway that this can be fix?

Thanks.

When verifying responses path doesn't need to be the basis for validation.
operationId would work better as means to identify which part of the definition to use for verification in tests or anything that runs the validation on responses it got from the server. Path might not be known/available. It might also be harder to obtain in some cases.

Would it be possible to add a validateResponse copy where operationId is used instead of path as the identification?

Similar to:
#37
and
#55

This would allow for compatibility with newer JSON schema draft-06/07/2019-09

I don't know how backwards compatible this would be. Just wondering if it's been considered to keep this library relevant and future-proof.

The one breaking change I see is: the support for JSON-Schema draft-04 is removed - if you have schemas using “id” attributes you have to replace them with “$id” (or continue using Ajv v6 that will be supported until 02/28/2021).

When adding readonly: true to a schema, an error is thrown by oas3-chow-chow:

'TypeError: Cannot read properties of undefined (reading 'schemaContext')\n    
at Ajv.validate (<path>/node_modules/oas3-chow-chow/src/compiler/CompiledSchema.ts:22:8)\n    
at CompiledSchema.validate [as validator] (eval at localCompile (<path>/node_modules/ajv/lib/compile/index.js:120:26), <anonymous>:3:1785)\n    
at CompiledSchema.validate (<path>/node_modules/oas3-c…edPath.validateRequest (<path>/node_modules/oas3-chow-chow/src/compiler/CompiledPath.ts:49:34)\n   

I believe it's somewhere in this code, but I'm not sure what the code is doing.
I see the code comment "Remove unsupported additional OpenAPI keywords." and what looks to be a redefining of the validation function?

thanks

Hi, thanks for sharing this. We were looking for something that would help us to validate with oas3 and this is very helpful.

It would be very useful for us, if we could also make use of the removeAdditional option from ajv. So ajv would filter out inputs/outputs that are not in schema. Is that something you would consider to add to this package? It would probably make sense to have that option separately for headers/cookies/payload/output.

On https://github.com/atlassian/oas3-chow-chow/blob/master/src/compiler/CompiledResponse.ts#L27

    const contentType = CompiledMediaType.extractMediaType(response.header['content-type']);
    if (contentType && this.content[contentType]) {
      return this.content[contentType].validate(response.body);
    } else {
      throw new ChowError('Unsupported Response Media Type', { in: 'response' })
    }

if contentType is not set, it should just return, instead of throwing an error.

Hey would an option to validate response to strip non wanted fields be a good idea for the package?

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

I signed the CLA. Is there a turnaround time before I'm granted access? Getting: fatal: unable to access 'https://github.com/atlassian/oas3-chow-chow.git/': The requested URL returned error: 403
I tried pushing with SSH, still 403

Hi,

Thank you for a great library!

I am getting an error when running validation on an incoming request which has an serialized object as a path parameter.

    "/item/{myId}": {
        "delete": {
            "parameters": [
                {
                    "name": "myId",
                    "in": "path",
                    "required": true,
                    "explode": true,
                    "style": "simple",
                    "schema": {
                        "$ref": "#/components/schemas/MyId"
                    }
                }
            ],
            "responses": {
                "200": {
                    "$ref": "#/components/responses/Success"
                },
                "default": {
                    "$ref": "#/components/responses/Error"
                }
            }
        }

Where MyId is defined as:

{
    "type": "object",
    "properties": {
        "namespace": {
            "type": "string",
            "require": true
        },
        "instance": {
            "type": "string",
            "require": true
        }
    }
}

Doing a DELETE request to /item/namespace=MyNS,instance=MyId gives me:

{
  "message": "RequestValidationError",
  "meta": {
    "in": "path",
    "rawErrors": [
      {
        "start": {
          "line": 2,
          "column": 16,
          "offset": 17
        },
        "end": {
          "line": 2,
          "column": 65,
          "offset": 66
        },
        "error": "/myId: type should be object",
        "path": "/myId"
      }
    ]
  }
}

So I am wondering if serialized parameters are supported?

Thank you
Mattias

https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#responsesObject

To define a range of response codes, this field MAY contain the uppercase wildcard character X. For example, 2XX represents all response codes between [200-299]. Only the following range definitions are allowed: 1XX, 2XX, 3XX, 4XX, and 5XX. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code.

https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#pathItemObject

I would like to propose bypassing better-ajv-errors using a config option.
Why: AJV can return multiple errors during validation. better-ajv-errors attempts to return "better" errors but in our experience, the chosen errors it chooses to return are not the best, when the full list of errors returned by AJV would be better.
Would the project contributors be open to this?

Are there plans to support oas3 specifics? Unfortunately they are not following json schema standard so there are some subtle differences. Particularly having issue with nullable:

user:
  type: object
  nullable: true

It does not get translated to the form ajv (json schema standard) understand.

file src/index.ts
inside function validateResponseByOperationId is
return compiledOperation.validateRequest(response);

instead of
return compiledOperation.validateResponse(response);

I would create a PR but I am not signing CLA.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Datasource	Name	Replacement PR?
npm	@types/xregexp

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update dependency @changesets/cli to v2.27.7
• chore(deps): update dependency ts-jest to v29.2.4
• fix(deps): update dependency ajv to v8.17.1
• fix(deps): update dependency ajv-formats to v3
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• fix(deps): update dependency @apidevtools/json-schema-ref-parser to v11.2.0 [security]
• chore(deps): update dependency @types/jest to v29.5.12
• chore(deps): update dependency @types/node to v18.19.44
• chore(deps): update dependency typescript to v5.5.4
• fix(deps): update dependency xregexp to v4.4.1
• chore(deps): update actions/checkout action to v4
• chore(deps): update actions/setup-node action to v4
• chore(deps): update dependency @types/node to v20
• chore(deps): update dependency prettier to v3
• fix(deps): update dependency openapi3-ts to v4
• fix(deps): update dependency xregexp to v5
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• chore(deps): update dependency prettier to v2.8.8
• chore(deps): update dependency @types/xregexp to v4

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository