feat(rest): match content type to request body spec

Author: raymondfeng

packages/rest/package.json

@@ -44,6 +44,7 @@
     "path-to-regexp": "^2.2.0",
     "qs": "^6.5.2",
     "strong-error-handler": "^3.2.0",
+    "type-is": "^1.6.16",
     "validator": "^10.4.0"
   },
   "devDependencies": {
@@ -54,7 +55,8 @@
     "@types/debug": "0.0.30",
     "@types/js-yaml": "^3.11.1",
     "@types/lodash": "^4.14.106",
-    "@types/node": "^10.11.2"
+    "@types/node": "^10.11.2",
+    "@types/type-is": "^1.6.2"
   },
   "files": [
     "README.md",

packages/rest/src/parser.ts

@@ -8,6 +8,7 @@ import {
   isReferenceObject,
   OperationObject,
   ParameterObject,
+  ReferenceObject,
   SchemasObject,
 } from '@loopback/openapi-v3-types';
 import * as debugModule from 'debug';
@@ -26,6 +27,7 @@ import {
   RequestBodyParserOptions,
 } from './types';
 import {validateRequestBody} from './validation/request-body.validator';
+import {is} from 'type-is';
 
 type HttpError = HttpErrors.HttpError;
 
@@ -38,6 +40,8 @@ Object.freeze(QUERY_NOT_PARSED);
 type RequestBody = {
   value: any | undefined;
   coercionRequired?: boolean;
+  mediaType?: string;
+  schema?: SchemasObject | ReferenceObject;
 };
 
 const parseJsonBody: (
@@ -55,14 +59,7 @@ const parseFormBody: (
  * @param req Http request
  */
 function getContentType(req: Request): string | undefined {
-  const val = req.headers['content-type'];
-  if (typeof val === 'string') {
-    return val;
-  } else if (Array.isArray(val)) {
-    // Assume only one value is present
-    return val[0];
-  }
-  return undefined;
+  return req.get('content-type');
 }
 
 /**
@@ -90,54 +87,92 @@ export async function parseOperationArgs(
   );
 }
 
-async function loadRequestBodyIfNeeded(
+function normalizeParsingError(err: HttpError) {
+  debug('Cannot parse request body %j', err);
+  if (!err.statusCode || err.statusCode >= 500) {
+    err.statusCode = 400;
+  }
+  return err;
+}
+
+export async function loadRequestBodyIfNeeded(
   operationSpec: OperationObject,
   request: Request,
   options: RequestBodyParserOptions = {},
 ): Promise<RequestBody> {
-  if (!operationSpec.requestBody) return Promise.resolve({value: undefined});
+  const requestBody: RequestBody = {
+    value: undefined,
+  };
+  if (!operationSpec.requestBody) return Promise.resolve(requestBody);
 
   debug('Request body parser options: %j', options);
 
-  const contentType = getContentType(request);
+  const contentType = getContentType(request) || 'application/json';
   debug('Loading request body with content type %j', contentType);
 
-  if (
-    contentType &&
-    contentType.startsWith('application/x-www-form-urlencoded')
-  ) {
-    const body = await parseFormBody(request, options).catch(
-      (err: HttpError) => {
-        debug('Cannot parse request body %j', err);
-        if (!err.statusCode || err.statusCode >= 500) {
-          err.statusCode = 400;
-        }
-        throw err;
-      },
-    );
-    // form parser returns an object with prototype
-    return {
-      value: Object.assign({}, body),
-      coercionRequired: true,
+  // the type of `operationSpec.requestBody` could be `RequestBodyObject`
+  // or `ReferenceObject`, resolving a `$ref` value is not supported yet.
+  if (isReferenceObject(operationSpec.requestBody)) {
+    throw new Error('$ref requestBody is not supported yet.');
+  }
+
+  let content = operationSpec.requestBody.content || {};
+  if (!Object.keys(content).length) {
+    content = {
+      // default to allow json and urlencoded
+      'application/json': {schema: {type: 'object'}},
+      'application/x-www-form-urlencoded': {schema: {type: 'object'}},
     };
   }
 
-  if (contentType && !/json/.test(contentType)) {
+  // Check of the request content type matches one of the expected media
+  // types in the request body spec
+  let matchedMediaType: string | false = false;
+  for (const type in content) {
+    matchedMediaType = is(contentType, type);
+    if (matchedMediaType) {
+      requestBody.mediaType = type;
+      requestBody.schema = content[type].schema;
+      break;
+    }
+  }
+
+  if (!matchedMediaType) {
+    // No matching media type found, fail fast
     throw new HttpErrors.UnsupportedMediaType(
-      `Content-type ${contentType} is not supported.`,
+      `Content-type ${contentType} does not match [${Object.keys(content)}].`,
     );
   }
 
-  const jsonBody = await parseJsonBody(request, options).catch(
-    (err: HttpError) => {
-      debug('Cannot parse request body %j', err);
-      if (!err.statusCode || err.statusCode >= 500) {
-        err.statusCode = 400;
-      }
-      throw err;
-    },
+  if (is(matchedMediaType, 'urlencoded')) {
+    try {
+      const body = await parseFormBody(request, options);
+      return Object.assign(requestBody, {
+        // form parser returns an object without prototype
+        // create a new copy to simplify shouldjs assertions
+        value: Object.assign({}, body),
+        // urlencoded body only provide string values
+        // set the flag so that AJV can coerce them based on the schema
+        coercionRequired: true,
+      });
+    } catch (err) {
+      throw normalizeParsingError(err);
+    }
+  }
+
+  if (is(matchedMediaType, 'json')) {
+    try {
+      const jsonBody = await parseJsonBody(request, options);
+      requestBody.value = jsonBody;
+      return requestBody;
+    } catch (err) {
+      throw normalizeParsingError(err);
+    }
+  }
+
+  throw new HttpErrors.UnsupportedMediaType(
+    `Content-type ${matchedMediaType} is not supported.`,
   );
-  return {value: jsonBody};
 }
 
 function buildOperationArguments(
@@ -175,6 +210,7 @@ function buildOperationArguments(
   debug('Validating request body - value %j', body);
   validateRequestBody(body.value, operationSpec.requestBody, globalSchemas, {
     coerceTypes: body.coercionRequired,
+    schema: body.schema,
   });
 
   if (requestBodyIndex > -1) paramArgs.splice(requestBodyIndex, 0, body.value);

packages/rest/src/validation/request-body.validator.ts

@@ -6,6 +6,7 @@
 import {
   RequestBodyObject,
   SchemaObject,
+  ReferenceObject,
   SchemasObject,
 } from '@loopback/openapi-v3-types';
 import * as AJV from 'ajv';
@@ -18,11 +19,15 @@ import * as _ from 'lodash';
 const toJsonSchema = require('openapi-schema-to-json-schema');
 const debug = debugModule('loopback:rest:validation');
 
+export interface RequestBodyValidationOptions extends AJV.Options {
+  schema?: SchemaObject | ReferenceObject;
+}
+
 /**
  * Check whether the request body is valid according to the provided OpenAPI schema.
  * The JSON schema is generated from the OpenAPI schema which is typically defined
  * by `@requestBody()`.
- * The validation leverages AJS shema validator.
+ * The validation leverages AJS schema validator.
  * @param body The body data from an HTTP request.
  * @param requestBodySpec The OpenAPI requestBody specification defined in `@requestBody()`.
  * @param globalSchemas The referenced schemas generated from `OpenAPISpec.components.schemas`.
@@ -32,7 +37,7 @@ export function validateRequestBody(
   body: any,
   requestBodySpec: RequestBodyObject | undefined,
   globalSchemas?: SchemasObject,
-  options?: AJV.Options,
+  options: RequestBodyValidationOptions = {},
 ) {
   if (!requestBodySpec) return;
 
@@ -47,7 +52,7 @@ export function validateRequestBody(
     throw err;
   }
 
-  const schema = getRequestBodySchema(requestBodySpec);
+  const schema = options.schema || getRequestBodySchema(requestBodySpec);
   debug('Request body schema: %j', util.inspect(schema, {depth: null}));
   if (!schema) return;
 

packages/rest/test/integration/http-handler.integration.ts

@@ -272,7 +272,9 @@ describe('HttpHandler', () => {
         .send('<key>value</key>')
         .expect(415, {
           error: {
-            message: 'Content-type application/xml is not supported.',
+            message:
+              'Content-type application/xml does not match ' +
+              '[application/json,application/x-www-form-urlencoded].',
             name: 'UnsupportedMediaTypeError',
             statusCode: 415,
           },
@@ -351,6 +353,9 @@ describe('HttpHandler', () => {
               'application/json': {
                 schema: {type: 'object'},
               },
+              'application/x-www-form-urlencoded': {
+                schema: {type: 'object'},
+              },
             },
           },
           responses: {

packages/rest/test/unit/parser.unit.ts

@@ -17,6 +17,7 @@ import {
 import {
   createResolvedRoute,
   parseOperationArgs,
+  loadRequestBodyIfNeeded,
   PathParameterValues,
   Request,
   RestHttpErrors,
@@ -169,6 +170,65 @@ describe('operationArgsParser', () => {
     expect(args).to.eql([{key1: ['value1', 'value2']}]);
   });
 
+  describe('body parser', () => {
+    it('parses body parameter with multiple media types', async () => {
+      const req = givenRequest({
+        url: '/',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        payload: 'key=value',
+      });
+
+      const urlencodedSchema = {
+        type: 'object',
+        properties: {
+          key: {type: 'string'},
+        },
+      };
+      const spec = givenOperationWithRequestBody({
+        description: 'data',
+        content: {
+          'application/json': {schema: {type: 'object'}},
+          'application/x-www-form-urlencoded': {
+            schema: urlencodedSchema,
+          },
+        },
+      });
+      const requestBody = await loadRequestBodyIfNeeded(spec, req);
+      expect(requestBody).to.eql({
+        value: {key: 'value'},
+        coercionRequired: true,
+        mediaType: 'application/x-www-form-urlencoded',
+        schema: urlencodedSchema,
+      });
+    });
+
+    it('allows application/json to be default', async () => {
+      const req = givenRequest({
+        url: '/',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        payload: {key: 'value'},
+      });
+
+      const defaultSchema = {
+        type: 'object',
+      };
+      const spec = givenOperationWithRequestBody({
+        description: 'data',
+        content: {},
+      });
+      const requestBody = await loadRequestBodyIfNeeded(spec, req);
+      expect(requestBody).to.eql({
+        value: {key: 'value'},
+        mediaType: 'application/json',
+        schema: defaultSchema,
+      });
+    });
+  });
+
   context('in:query style:deepObject', () => {
     it('parses JSON-encoded string value', async () => {
       const req = givenRequest({