You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I am trying to implement the express-openapi-validator in a sample node.js app.
I followed the instructions in the docs and configured it properly.
However, protected routes, which receive user input that must be validated are open for all - one can access them even without providing any input or do provide input which is invalid.
To Reproduce
Send an HTTP Request to the backend, with any input you like and it will work.
I protected in my specification the POST /persons route.
Actual behavior
Protected routes are never validating user inputs.
Expected behavior
There should be an error with a very detailed description that will be catch by the express error middleware.
Examples and context
This is the backend app code:
constexpress=require('express')constOpenApiValidator=require('express-openapi-validator')constpath=require('path')constapp=express()app.use(express.json())app.use(express.text())app.use(express.urlencoded({extended: false}))constapiSpec=path.join(__dirname,'swagger.yaml')app.use(OpenApiValidator.middleware({
apiSpec,validateResponses: true,}))app.post('/persons',(req,res)=>{console.log(`validated!`)res.json({date: newDate().toISOString()})})app.use((err,req,res,next)=>{console.log(err)res.json({error: 'error'})})app.listen(5959,()=>console.log(`listen on 5959`))
In the Swagger UI it seems that the POST /persons route is requiring firstName and lastName with type of string and min 2 and max 20 length, each.
By the way, if anyone post an answer or a fix for this, it can be great if you provide a a TypeScript sample node app which supports ESM, I used commonjs here since __dirname causes issues with TypeScript.
The text was updated successfully, but these errors were encountered:
Do you have any URLs set under the servers property in your swagger.yaml? In my case, having a URL with a path name under there caused a similar problem.
Describe the bug
I am trying to implement the express-openapi-validator in a sample node.js app.
I followed the instructions in the docs and configured it properly.
However, protected routes, which receive user input that must be validated are open for all - one can access them even without providing any input or do provide input which is invalid.
To Reproduce
Send an HTTP Request to the backend, with any input you like and it will work.
I protected in my specification the POST /persons route.
Actual behavior
Protected routes are never validating user inputs.
Expected behavior
There should be an error with a very detailed description that will be catch by the express error middleware.
Examples and context
This is the backend app code:
In the Swagger UI it seems that the POST /persons route is requiring
firstName
andlastName
with type of string and min 2 and max 20 length, each.By the way, if anyone post an answer or a fix for this, it can be great if you provide a a TypeScript sample node app which supports ESM, I used commonjs here since __dirname causes issues with TypeScript.
The text was updated successfully, but these errors were encountered: