feat(rest): use RequestBody for validation

Author: raymondfeng

packages/rest/src/parser.ts

@@ -9,6 +9,7 @@ import {
   OperationObject,
   ParameterObject,
   ReferenceObject,
+  SchemaObject,
   SchemasObject,
 } from '@loopback/openapi-v3-types';
 import * as debugModule from 'debug';
@@ -38,11 +39,11 @@ export const QUERY_NOT_PARSED = {};
 Object.freeze(QUERY_NOT_PARSED);
 
 // tslint:disable:no-any
-type RequestBody = {
+export type RequestBody = {
   value: any | undefined;
   coercionRequired?: boolean;
   mediaType?: string;
-  schema?: SchemasObject | ReferenceObject;
+  schema?: SchemaObject | ReferenceObject;
 };
 
 const parseJsonBody: (
@@ -222,9 +223,8 @@ function buildOperationArguments(
   }
 
   debug('Validating request body - value %j', body);
-  validateRequestBody(body.value, operationSpec.requestBody, globalSchemas, {
+  validateRequestBody(body, operationSpec.requestBody, globalSchemas, {
     coerceTypes: body.coercionRequired,
-    schema: body.schema,
   });
 
   if (requestBodyIndex > -1) paramArgs.splice(requestBodyIndex, 0, body.value);

packages/rest/src/validation/request-body.validator.ts

@@ -12,36 +12,32 @@ import {
 import * as AJV from 'ajv';
 import * as debugModule from 'debug';
 import * as util from 'util';
-import {HttpErrors} from '..';
-import {RestHttpErrors} from '..';
+import {HttpErrors, RestHttpErrors, RequestBody} from '..';
 import * as _ from 'lodash';
 
 const toJsonSchema = require('openapi-schema-to-json-schema');
 const debug = debugModule('loopback:rest:validation');
 
-export interface RequestBodyValidationOptions extends AJV.Options {
-  schema?: SchemaObject | ReferenceObject;
-}
+export type RequestBodyValidationOptions = AJV.Options;
 
 /**
  * Check whether the request body is valid according to the provided OpenAPI schema.
  * The JSON schema is generated from the OpenAPI schema which is typically defined
  * by `@requestBody()`.
  * The validation leverages AJS schema validator.
- * @param body The body data from an HTTP request.
+ * @param body The request body parsed from an HTTP request.
  * @param requestBodySpec The OpenAPI requestBody specification defined in `@requestBody()`.
  * @param globalSchemas The referenced schemas generated from `OpenAPISpec.components.schemas`.
  */
 export function validateRequestBody(
-  // tslint:disable-next-line:no-any
-  body: any,
-  requestBodySpec: RequestBodyObject | undefined,
-  globalSchemas?: SchemasObject,
+  body: RequestBody,
+  requestBodySpec?: RequestBodyObject,
+  globalSchemas: SchemasObject = {},
   options: RequestBodyValidationOptions = {},
 ) {
-  if (!requestBodySpec) return;
+  const required = requestBodySpec && requestBodySpec.required;
 
-  if (requestBodySpec.required && body == undefined) {
+  if (required && body.value == undefined) {
     const err = Object.assign(
       new HttpErrors.BadRequest('Request body is required'),
       {
@@ -52,24 +48,13 @@ export function validateRequestBody(
     throw err;
   }
 
-  const schema = options.schema || getRequestBodySchema(requestBodySpec);
-  debug('Request body schema: %j', util.inspect(schema, {depth: null}));
+  const schema = body.schema;
+  if (debug.enabled) {
+    debug('Request body schema: %j', util.inspect(schema, {depth: null}));
+  }
   if (!schema) return;
 
-  validateValueAgainstSchema(body, schema, globalSchemas, options);
-}
-
-/**
- * Get the schema from requestBody specification.
- * @param requestBodySpec The requestBody specification defined in `@requestBody()`.
- */
-function getRequestBodySchema(
-  requestBodySpec: RequestBodyObject,
-): SchemaObject | undefined {
-  const content = requestBodySpec.content;
-  // FIXME(bajtos) we need to find the entry matching the content-type
-  // header from the incoming request (e.g. "application/json").
-  return content[Object.keys(content)[0]].schema;
+  validateValueAgainstSchema(body.value, schema, globalSchemas, options);
 }
 
 /**
@@ -79,10 +64,12 @@ function getRequestBodySchema(
 function convertToJsonSchema(openapiSchema: SchemaObject) {
   const jsonSchema = toJsonSchema(openapiSchema);
   delete jsonSchema['$schema'];
-  debug(
-    'Converted OpenAPI schema to JSON schema: %s',
-    util.inspect(jsonSchema, {depth: null}),
-  );
+  if (debug.enabled) {
+    debug(
+      'Converted OpenAPI schema to JSON schema: %s',
+      util.inspect(jsonSchema, {depth: null}),
+    );
+  }
   return jsonSchema;
 }
 
@@ -98,7 +85,7 @@ const compiledSchemaCache = new WeakMap();
 function validateValueAgainstSchema(
   // tslint:disable-next-line:no-any
   body: any,
-  schema: SchemaObject,
+  schema: SchemaObject | ReferenceObject,
   globalSchemas?: SchemasObject,
   options?: AJV.Options,
 ) {
@@ -118,7 +105,9 @@ function validateValueAgainstSchema(
 
   const validationErrors = validate.errors;
 
-  debug('Invalid request body: %s', util.inspect(validationErrors));
+  if (debug.enabled) {
+    debug('Invalid request body: %s', util.inspect(validationErrors));
+  }
 
   const error = RestHttpErrors.invalidRequestBody();
   error.details = _.map(validationErrors, e => {

packages/rest/test/unit/request-body.validator.test.ts

@@ -8,7 +8,7 @@ import {validateRequestBody} from '../../src/validation/request-body.validator';
 import {RestHttpErrors} from '../../';
 import {aBodySpec} from '../helpers';
 import {
-  RequestBodyObject,
+  ReferenceObject,
   SchemaObject,
   SchemasObject,
 } from '@loopback/openapi-v3-types';
@@ -53,7 +53,10 @@ const INVALID_ACCOUNT_SCHEMA = {
 
 describe('validateRequestBody', () => {
   it('accepts valid data omitting optional properties', () => {
-    validateRequestBody({title: 'work'}, aBodySpec(TODO_SCHEMA));
+    validateRequestBody(
+      {value: {title: 'work'}, schema: TODO_SCHEMA},
+      aBodySpec(TODO_SCHEMA),
+    );
   });
 
   it('rejects data missing a required property', () => {
@@ -72,7 +75,7 @@ describe('validateRequestBody', () => {
       {
         description: 'missing required "title"',
       },
-      aBodySpec(TODO_SCHEMA),
+      TODO_SCHEMA,
     );
   });
 
@@ -93,7 +96,7 @@ describe('validateRequestBody', () => {
         title: 'todo with a string value of "isComplete"',
         isComplete: 'a string value',
       },
-      aBodySpec(TODO_SCHEMA),
+      TODO_SCHEMA,
     );
   });
 
@@ -120,13 +123,13 @@ describe('validateRequestBody', () => {
         description: 'missing title and a string value of "isComplete"',
         isComplete: 'a string value',
       },
-      aBodySpec(TODO_SCHEMA),
+      TODO_SCHEMA,
     );
   });
 
   it('reports schema generation errors', () => {
     expect(() =>
-      validateRequestBody({}, aBodySpec(INVALID_ACCOUNT_SCHEMA)),
+      validateRequestBody({value: {}, schema: INVALID_ACCOUNT_SCHEMA}),
     ).to.throw(
       "can't resolve reference #/components/schemas/Invalid from id #",
     );
@@ -146,7 +149,7 @@ describe('validateRequestBody', () => {
       'VALIDATION_FAILED',
       details,
       {description: 'missing title'},
-      aBodySpec({$ref: '#/components/schemas/Todo'}),
+      {$ref: '#/components/schemas/Todo'},
       {Todo: TODO_SCHEMA},
     );
   });
@@ -157,12 +160,17 @@ describe('validateRequestBody', () => {
       'MISSING_REQUIRED_PARAMETER',
       undefined,
       null,
-      aBodySpec(TODO_SCHEMA, {required: true}),
+      TODO_SCHEMA,
+      {},
+      true,
     );
   });
 
   it('allows empty values when body is optional', () => {
-    validateRequestBody(null, aBodySpec(TODO_SCHEMA, {required: false}));
+    validateRequestBody(
+      {value: null, schema: TODO_SCHEMA},
+      aBodySpec(TODO_SCHEMA, {required: false}),
+    );
   });
 
   it('rejects invalid values for number properties', () => {
@@ -184,7 +192,7 @@ describe('validateRequestBody', () => {
       'VALIDATION_FAILED',
       details,
       {count: 'string value'},
-      aBodySpec(schema),
+      schema,
     );
   });
 
@@ -214,7 +222,7 @@ describe('validateRequestBody', () => {
         'VALIDATION_FAILED',
         details,
         {orders: ['order1', 1]},
-        aBodySpec(schema),
+        schema,
       );
     });
 
@@ -238,7 +246,7 @@ describe('validateRequestBody', () => {
         'VALIDATION_FAILED',
         details,
         [{title: 'a good todo'}, {description: 'a todo item missing title'}],
-        aBodySpec(schema),
+        schema,
         {Todo: TODO_SCHEMA},
       );
     });
@@ -280,7 +288,7 @@ describe('validateRequestBody', () => {
             {description: 'a todo with wrong type of title', title: 2},
           ],
         },
-        aBodySpec(schema),
+        schema,
         {Todo: TODO_SCHEMA},
       );
     });
@@ -314,7 +322,7 @@ describe('validateRequestBody', () => {
             {title: 'an account with invalid address', address: {city: 1}},
           ],
         },
-        aBodySpec(schema),
+        schema,
         {Account: ACCOUNT_SCHEMA, Address: ADDRESS_SCHEMA},
       );
     });
@@ -328,11 +336,16 @@ function verifyValidationRejectsInputWithError(
   expectedCode: string,
   expectedDetails: RestHttpErrors.ValidationErrorDetails[] | undefined,
   body: object | null,
-  spec: RequestBodyObject | undefined,
+  schema: SchemaObject | ReferenceObject,
   schemas?: SchemasObject,
+  required?: boolean,
 ) {
   try {
-    validateRequestBody(body, spec, schemas);
+    validateRequestBody(
+      {value: body, schema},
+      aBodySpec(schema, {required}),
+      schemas,
+    );
     throw new Error(
       "expected Function { name: 'validateRequestBody' } to throw exception",
     );