forked from deepmap/oapi-codegen
/
oapi_validate.go
190 lines (167 loc) · 5.5 KB
/
oapi_validate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
package middleware
import (
"context"
"fmt"
"io/ioutil"
"net/http"
"strings"
"github.com/getkin/kin-openapi/openapi3"
"github.com/getkin/kin-openapi/openapi3filter"
"github.com/getkin/kin-openapi/routers"
"github.com/getkin/kin-openapi/routers/gorillamux"
"github.com/labstack/echo/v4"
echomiddleware "github.com/labstack/echo/v4/middleware"
)
const (
EchoContextKey = "oapi-codegen/echo-context"
UserDataKey = "oapi-codegen/user-data"
)
// This is an Echo middleware function which validates incoming HTTP requests
// to make sure that they conform to the given OAPI 3.0 specification. When
// OAPI validation fails on the request, we return an HTTP/400.
// Create validator middleware from a YAML file path
func OapiValidatorFromYamlFile(path string) (echo.MiddlewareFunc, error) {
data, err := ioutil.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("error reading %s: %s", path, err)
}
swagger, err := openapi3.NewLoader().LoadFromData(data)
if err != nil {
return nil, fmt.Errorf("error parsing %s as Swagger YAML: %s",
path, err)
}
return OapiRequestValidator(swagger), nil
}
// Create a validator from a swagger object.
func OapiRequestValidator(swagger *openapi3.T) echo.MiddlewareFunc {
return OapiRequestValidatorWithOptions(swagger, nil)
}
// ErrorHandler is called when there is an error in validation
type ErrorHandler func(c echo.Context, err *echo.HTTPError) error
// Options to customize request validation. These are passed through to
// openapi3filter.
type Options struct {
ErrorHandler ErrorHandler
Options openapi3filter.Options
ParamDecoder openapi3filter.ContentParameterDecoder
UserData interface{}
Skipper echomiddleware.Skipper
}
// OapiRequestValidatorWithOptions creates a validator from a swagger object, with validation options
func OapiRequestValidatorWithOptions(swagger *openapi3.T, options *Options) echo.MiddlewareFunc {
router, err := gorillamux.NewRouter(swagger)
if err != nil {
panic(err)
}
skipper := getSkipperFromOptions(options)
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
if skipper(c) {
return next(c)
}
err := ValidateRequestFromContext(c, router, options)
if err != nil {
if options != nil && options.ErrorHandler != nil {
return options.ErrorHandler(c, err)
}
return err
}
return next(c)
}
}
}
// ValidateRequestFromContext is called from the middleware above and actually does the work
// of validating a request.
func ValidateRequestFromContext(ctx echo.Context, router routers.Router, options *Options) *echo.HTTPError {
req := ctx.Request()
route, pathParams, err := router.FindRoute(req)
// We failed to find a matching route for the request.
if err != nil {
switch e := err.(type) {
case *routers.RouteError:
// We've got a bad request, the path requested doesn't match
// either server, or path, or something.
return echo.NewHTTPError(http.StatusBadRequest, e.Reason)
default:
// This should never happen today, but if our upstream code changes,
// we don't want to crash the server, so handle the unexpected error.
return echo.NewHTTPError(http.StatusInternalServerError,
fmt.Sprintf("error validating route: %s", err.Error()))
}
}
validationInput := &openapi3filter.RequestValidationInput{
Request: req,
PathParams: pathParams,
Route: route,
}
// Pass the Echo context into the request validator, so that any callbacks
// which it invokes make it available.
requestContext := context.WithValue(context.Background(), EchoContextKey, ctx)
if options != nil {
validationInput.Options = &options.Options
validationInput.ParamDecoder = options.ParamDecoder
requestContext = context.WithValue(requestContext, UserDataKey, options.UserData)
}
err = openapi3filter.ValidateRequest(requestContext, validationInput)
if err != nil {
switch e := err.(type) {
case *openapi3filter.RequestError:
// We've got a bad request
// Split up the verbose error by lines and return the first one
// openapi errors seem to be multi-line with a decent message on the first
errorLines := strings.Split(e.Error(), "\n")
return &echo.HTTPError{
Code: http.StatusBadRequest,
Message: errorLines[0],
Internal: err,
}
case *openapi3filter.SecurityRequirementsError:
for _, err := range e.Errors {
httpErr, ok := err.(*echo.HTTPError)
if ok {
return httpErr
}
}
return &echo.HTTPError{
Code: http.StatusForbidden,
Message: e.Error(),
Internal: err,
}
default:
// This should never happen today, but if our upstream code changes,
// we don't want to crash the server, so handle the unexpected error.
return &echo.HTTPError{
Code: http.StatusInternalServerError,
Message: fmt.Sprintf("error validating request: %s", err),
Internal: err,
}
}
}
return nil
}
// Helper function to get the echo context from within requests. It returns
// nil if not found or wrong type.
func GetEchoContext(c context.Context) echo.Context {
iface := c.Value(EchoContextKey)
if iface == nil {
return nil
}
eCtx, ok := iface.(echo.Context)
if !ok {
return nil
}
return eCtx
}
func GetUserData(c context.Context) interface{} {
return c.Value(UserDataKey)
}
// attempt to get the skipper from the options whether it is set or not
func getSkipperFromOptions(options *Options) echomiddleware.Skipper {
if options == nil {
return echomiddleware.DefaultSkipper
}
if options.Skipper == nil {
return echomiddleware.DefaultSkipper
}
return options.Skipper
}