Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple spec support breaks if validateResponses: true #881

Open
fpolowood opened this issue Dec 29, 2023 · 2 comments
Open

Multiple spec support breaks if validateResponses: true #881

fpolowood opened this issue Dec 29, 2023 · 2 comments

Comments

@fpolowood
Copy link

fpolowood commented Dec 29, 2023
edited

Describe the bug
If I turn on validateResponses: true when using multiple specs, it seems to use the first spec for the definition of the components

To Reproduce

  • Define two specs, v1.yaml and v2.yaml
    The second spec contains an extra call and extra schema in the components
  • Load both specs with validateResponses: true

Actual behavior

  • Calls to v1 will work correctly
  • Calls to v2 that return schemas that exist on v1 will work correctly
  • Calls to v2 with new schemas will fail with:
    Error: can't resolve reference #/components/schemas/Products2 from id #

Expected behavior
Each spec should be validated against its own schemas

Examples and context
v1.yaml

openapi: 3.0.0
info:
  title: v1
  version: 1.0.0
servers:
  - url: http://localhost:3003/v1
paths:
  /products1:
    get:
      description: get all the products
      tags:
        - products
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: "#/components/schemas/Products1"
components:
  schemas:
    Products1:
      type: object
      properties:
        name: 
          type: string

v2.yaml

openapi: 3.0.0
info:
  title: v2
  version: 1.0.0
servers:
  - url: http://localhost:3003/v2
paths:
  /products1:
    get:
      description: get all the products
      tags:
        - products
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: "#/components/schemas/Products1"
  /products2:
    get:
      description: get all the products
      tags:
        - products
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: "#/components/schemas/Products2"
components:
  schemas:
    Products1:
      type: object
      properties:
        name:
         type: string
    Products2:
      type: object
      properties:
        realname: 
          type: string

index.js

const app = require('express')();
const OpenApiValidator = require('express-openapi-validator');

const validateResponses = true;

app.use(OpenApiValidator.middleware({
  apiSpec: './v1.yaml',
  validateRequests: true,
  validateResponses: validateResponses
}));

app.use('/v1/*', (req,res,next)=>{
  res.json([{'name':'OnePiece'}]);
});


app.use(OpenApiValidator.middleware({
  apiSpec: './v2.yaml',
  validateRequests: true,
  validateResponses: validateResponses
}));

app.use('/v2/*', (req,res,next)=>{
  res.json([{'realname': 'OnePiece'}]);
});


app.listen(3003,()=>{
  console.log('listening on port 3003');
});

simple test from curl

% curl http://localhost:3003/v1/products1
[{"name":"OnePiece"}]

% curl http://localhost:3003/v2/products1
[{"realname":"OnePiece"}]

% curl http://localhost:3003/v2/products2
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Error: can&#39;t resolve reference #/components/schemas/Products2 from id #<br> &nbsp; &nbsp;at Object.code (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/vocabularies/core/ref.js:21:19)<br> &nbsp; &nbsp;at keywordCode (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/validate/index.js:464:13)<br> &nbsp; &nbsp;at /Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/validate/index.js:185:25<br> &nbsp; &nbsp;at CodeGen.code (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/codegen/index.js:439:13)<br> &nbsp; &nbsp;at CodeGen.block (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/codegen/index.js:568:18)<br> &nbsp; &nbsp;at schemaKeywords (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/validate/index.js:185:13)<br> &nbsp; &nbsp;at typeAndKeywords (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/validate/index.js:128:5)<br> &nbsp; &nbsp;at subSchemaObjCode (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/validate/index.js:115:5)<br> &nbsp; &nbsp;at subschemaCode (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/validate/index.js:91:13)<br> &nbsp; &nbsp;at KeywordCxt.subschema (/Users/fpw/Projects/tmp/express-openapi-validator-multiple-apis/node_modules/ajv/dist/compile/validate/index.js:438:9)</pre>
</body>
</html>
@mzbik mzbik mentioned this issue Feb 4, 2024
Closed
@mzbik
Copy link
Contributor

mzbik commented Feb 5, 2024
edited

I think the problem stems from both validators mung'ing the request.json method which chains validation which is probably not what you want.

ResponseValidator (from metadataMiddleware) will hook the res.json method. First, it does this for v1 and then for v2. Meaning when res.json gets called in the route, it first get the v2 hook for validation which then calls the v1 hook for validation before calling the original. Inefficient, but OK.

metadataMiddleware will set req.openapi to matching schema. In this case, it will set it to the v2 schema.

Then the validators get called via res.json. The v2 ResponseValidator is called, builds/caches the validator and all is good. Then it delegates to the v1 ResponseValidator. This has has ajvBody set up for the v1 apidoc.

However, buildValidators builds contentTypeSchemas from the res.openapi schema (v2!) and then calls ajvBody to compile one of these schemas. Since ajvBody is bound to the v1 schema, this will raise the exception.

I'm thinking the solution is to not double hook res.json. Hook it ONLY if the request has openapi set to the matching apidoc.

An alternative would be to have the validate() lambda (inside the mung call) to check that req.openapi somehow matches the apidoc associated with the schema.

@mzbik
Copy link
Contributor

mzbik commented Feb 13, 2024

@fpolowood Please verify on v5.1.6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mzbik @fpolowood