Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
}
const path = req.openapi.expressRoute;
if (!path) {
const message = 'not found';
const err = validationError(404, req.path, message);
throw ono(err, message);
}
const pathSchema = req.openapi.schema;
if (!pathSchema) {
// add openapi metadata to make this case more clear
// its not obvious that missig schema means methodNotAllowed
const message = `${req.method} method not allowed`;
const err = validationError(405, req.path, message);
throw ono(err, message);
}
// cache middleware by combining method, path, and contentType
const contentType = this.extractContentType(req);
const key = `${req.method}-${req.path}-${contentType}`;
if (!this._middlewareCache[key]) {
this._middlewareCache[key] = this.buildMiddleware(
path,
pathSchema,
contentType,
);
}
return this._middlewareCache[key](req, res, next);
}
const reqToValidate = {
...req,
cookies: req.cookies
? { ...req.cookies, ...req.signedCookies }
: undefined,
};
const valid = validator(reqToValidate);
if (valid) {
next();
} else {
// TODO look into Ajv async errors plugins
const errors = augmentAjvErrors([...(validator.errors || [])]);
const err = ajvErrorsToValidatorError(400, errors);
const message = this.ajv.errorsText(errors, { dataVar: 'request' });
throw ono(err, message);
}
};
}
private validateOptions(options: OpenApiValidatorOpts): void {
if (!options.apiSpec) throw ono('apiSpec required');
const securityHandlers = options.securityHandlers;
if (securityHandlers != null) {
if (
typeof securityHandlers !== 'object' ||
Array.isArray(securityHandlers)
) {
throw ono('securityHandlers must be an object or undefined');
}
}
const unknownFormats = options.unknownFormats;
if (typeof unknownFormats === 'boolean') {
if (!unknownFormats) {
throw ono(
"unknownFormats must contain an array of unknownFormats, 'ignore' or true",
);
}
} else if (
typeof unknownFormats === 'string' &&
unknownFormats !== 'ignore' &&
!Array.isArray(unknownFormats)
)
throw ono(
next();
} else {
if (errors.length > 0) {
const error = {
status: 400,
errors: errors.map(e => ({
path:
(e.params && e.params.missingProperty) ||
e.dataPath ||
e.schemaPath,
message: e.message,
errorCode: `${e.keyword}.openapi.validation`,
})),
};
const message = this.ajv.errorsText(errors, { dataVar: 'request' });
throw ono(error, message);
}
}
};
}
export function validationError(status, path, message) {
const err = _validationError(status, path, message);
return ono(err, message);
}
private validateOptions(options: OpenApiValidatorOpts): void {
if (!options.apiSpec) throw ono('apiSpec required');
const securityHandlers = options.securityHandlers;
if (securityHandlers != null) {
if (
typeof securityHandlers !== 'object' ||
Array.isArray(securityHandlers)
) {
throw ono('securityHandlers must be an object or undefined');
}
}
const unknownFormats = options.unknownFormats;
if (typeof unknownFormats === 'boolean') {
if (!unknownFormats) {
throw ono(
"unknownFormats must contain an array of unknownFormats, 'ignore' or true",
);
parameters.forEach(parameter => {
if (parameter.hasOwnProperty('$ref')) {
const id = parameter.$ref.replace(/^.+\//i, '');
parameter = this._apiDocs.components.parameters[id];
}
const $in = parameter.in;
const name =
$in === 'header' ? parameter.name.toLowerCase() : parameter.name;
const reqField = reqFields[$in];
if (!reqField) {
const message = `Parameter 'in' has incorrect value '${$in}' for [${parameter.name}]`;
const err = validationError(400, path, message);
throw ono(err, message);
}
let parameterSchema = parameter.schema;
if (parameter.content && parameter.content[TYPE_JSON]) {
parameterSchema = parameter.content[TYPE_JSON].schema;
parseJson.push({ name, reqField });
}
if (!parameterSchema) {
const message = `Not available parameter 'schema' or 'content' for [${parameter.name}]`;
const err = validationError(400, path, message);
throw ono(err, message);
}
if (!schema[reqField].properties) {
schema[reqField] = {
private requestBodyToSchema(path, contentType, requestBody: any = {}) {
if (requestBody.content) {
const content = requestBody.content[contentType];
if (!content) {
const message = `unsupported media type ${contentType}`;
const err = validationError(415, path, message);
throw ono(err, message);
}
return content.schema || {};
}
return {};
}
private validateOptions(options: OpenApiValidatorOpts): void {
if (!options.apiSpec) throw ono('apiSpec required');
const securityHandlers = options.securityHandlers;
if (securityHandlers != null) {
if (
typeof securityHandlers !== 'object' ||
Array.isArray(securityHandlers)
) {
throw ono('securityHandlers must be an object or undefined');
}
}
const unknownFormats = options.unknownFormats;
if (typeof unknownFormats === 'boolean') {
if (!unknownFormats) {
throw ono(
"unknownFormats must contain an array of unknownFormats, 'ignore' or true",
);
}
} else if (
typeof unknownFormats === 'string' &&
unknownFormats !== 'ignore' &&
!Array.isArray(unknownFormats)
)
throw ono(
"unknownFormats must contain an array of unknownFormats, 'ignore' or true",
);
}
}