Code Monkey home page Code Monkey logo

Comments (2)

MartinSunal avatar MartinSunal commented on August 25, 2024 1

Hi,

I experienced the same issue and I investigated it a bit further.

Short answer:

Use res.send() or res.json() methods to respond with data and response validation will work as expected.

Long answer:

Response validation is hooked on res.json() method in express-openapi-validator:
https://github.com/cdimascio/express-openapi-validator/blob/3e803b586170e4fc079faedc2eb219276429826e/src/framework/modded.express.mung.ts#L59

Current implementation of the Pet example is using utils.writeJson(res, response):

oas3-tools/examples/petstore/controllers/Pet.js

Line 30 in 3c1e97b

utils.writeJson(res, response);

and utils.writeJson(res, response) calls response.end(payload):

oas3-tools/examples/petstore/utils/writer.js

Line 42 in 3c1e97b

response.end(payload);

That means hooked res.json() is never called so validation is not executed.

Also Express suggest to use res.json() or res.send() instead of res.end() when returning data.
https://expressjs.com/en/api.html#res.end

Keep in mind, that validation will work only with JSON response.

I also tested, that it is possible to enable response validation which will remove all fields not mentioned in openAPI schema:

validateResponses: {
  removeAdditional: 'all',
}

from oas3-tools.

MartinSunal avatar MartinSunal commented on August 25, 2024

to my previous answer:

I also tested, that it is possible to enable response validation which will remove all fields not mentioned in openAPI schema:

validateResponses: {
  removeAdditional: 'all',
}

There is a problem with response validation when removeAdditional: 'all' option is used in this case:

  1. OAS contains oneOf statement without discriminator
  2. express-openapi-validator and ajv used in oas3-tools do not understand discriminator
    oas3-tools v2.2.3 depends on express-openapi-validator ^4.4.3 (v4.13.5) which depends on ajv ^6.12.6 (6.12.6)

removeAdditional option is propagated to ajv which describes the problem here:
https://ajv.js.org/guide/modifying-data.html#removing-additional-properties
https://ajv.js.org/json-schema.html#discriminator

Solution could be to use express-openapi-validator version which supports discriminator:
Discriminator support in ajv was added in v8. Ajv v8 is used in express-openapi-validator v4.13.8 https://github.com/cdimascio/express-openapi-validator/commits/v4.13.8
I did not test express-openapi-validator v4.13.8 though.

from oas3-tools.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.