Support deep objects for query parameters with deepObject style #1706
Comments
|
Are there any other examples of these nested deepObjects outside of Express? The more widespread a pattern, the more likely it is to be considered. Myself, I have an aversion to passing such a complicated object in the query string. Any insight into why Express even landed on this pattern? |
|
We were a bit stuck when allowing the If we can get some confidence that the |
|
What about the URL max length limits? I think one of the reasons why a standard for object serialization in the URL is hard to materialize is because of the URL max length problem, the URL just wasn't intended to pass data in this way. Depending on the browser and/or server software being used the URL max length varies but in general it is small when compared to how much data can be transmitted with other methods like POST or PUT. It certainly would work for small objects but people tend to inadvertently abuse these kinds of APIs by passing bigger than allowed payloads. |
|
@rmunix regarding URL max length problems, I was very happy to see the HTTP SEARCH method draft RFC revived last month: https://tools.ietf.org/html/draft-snell-search-method-01 |
http://esbenp.github.io/2016/04/15/modern-rest-api-laravel-part-2/ I use a modified version of https://github.com/esbenp/bruno referenced in the article above in a few apis, it's extremely useful for including related data and search filtering. I'm not really sure how to define those in a spec. I do appreciate that the url strings could get silly long to the point of failing if abused, but without this sort of thing searches and such would have to be actioned as POST requests or limited to basic GET request params. It seems to me no ones really come up with a holy grail API solution for complex search queries so it's a bit of a free for all at the moment. |
|
Ruby on Rails Seems to use the same approach. Reference: https://edgeapi.rubyonrails.org/classes/Hash.html#method-i-to_query Example code: require "activesupport"
data = {
"name" => "David",
"nationality" => "Danish",
"address" => {
"street" => "12 High Street",
"city" => "London",
},
"location" => [10, 20],
}
print data.to_query("person")Produces the following query string, I have urldecoded and reformatted it for better readability: Notice that array items are using an empty index, i.e. |
|
Python 2.7 AFAICT, Python does not support nested objects in query parameters. Example code: from urllib import urlencode
from urlparse import parse_qs
data = {
'person': {
'name': 'David',
'nationality': 'Danish',
'address': {
'street': '12 High Street',
'city': 'London',
},
'location': [10, 20],
}
}
print urlencode(data)Produces the following query string, I have urldecoded and reformatted it for better readability: Interestingly enough, the roundtrip does not preserve the original data. print parse_qs(urlencode(data))Outcome: Another example: print parse_qs('foo[bar]=1&foo[baz]=2')
# {'foo[baz]': ['2'], 'foo[bar]': ['1']} |
|
Not API specific, but jQuery can generate nested array url params from objects. |
|
JSONAPI sparse fieldsets require this: https://jsonapi.org/format/#fetching-sparse-fieldsets |
|
Hey @earth2marsh and @darrelmiller ... We (Directus team) have been trying to use OpenAPI 3.0 for a while now, but the lack of support for nested deepObjects has kept us from using this spec. We have a dynamic API that allows for relatively complex filtering, for example: Our API Reference for this filtering Is there any hope for this being supported in the future or should we "move on"? |
|
@bajtos: On October 11, 2018 you wrote "I'll try to find some time to fix swagger-js in the next few weeks." What is your status on this? |
|
Eh, I didn't even started 😢 Feel free to contribute the fix yourself. |
|
@benhaynes Sorry if this comes across as snarky, it's not intended to, it's just I'm in a rush and I don't know how to ask this in a friendly/sincere way. What would you like us to do? Pick a winner from the many options? Design our own format? If we pick a format that is incompatible with what you currently use, would you switch? Should we find a way of supporting many different formats? |
|
Hey @darrelmiller — not snarky at all, I sincerely appreciate the response as it maintains some momentum in the discussion! We're certainly not trying to force the spec to follow our format, and understand your position of not wanting to blaze ahead without a standard to follow. To answer your question honestly, if the option you choose is incompatible with our method, then we wouldn't be able to use OpenAPI since we can't introduce a breaking change into our platform's filtering. Still, we'd support your team's decision if they think a different direction is a better solution. I'm not sure how "extensible" your spec/codebase is, but support for multiple (even optional) serialization formats seems the most promising. Perhaps leaving these as unofficial until a "winner" eventually surfaces. In our experience, industry-leading frameworks offering solutions is the most efficient way for a de facto standard to emerge. Our proposal is to support a deeply nested structure, such as: Thanks again. I'd love to hear your (or anyone else's) thoughts on this approach! |
|
Hey @darrelmiller, I would like to understand the OpenAPI position on this. Is the reason to not support the outcome Also, in the technical side, will this bring a complex/breaking change and it requires much more time? In term of where else this format is supported I would like to add another example. PHP Example: <?php
$data = [
'person' => [
'name' => 'David',
'nationality' => 'Danish',
'address' => [
'street' => '12 High Street',
'city' => 'London',
],
'location' => [10,20],
]
];
echo http_build_query($data);Result: The result is urldecoded. Also PHP automatically parse these parameters into an array. Passing the result above into query string will result in the original array. |
|
I think I'm running into this same issue. I have a simple C# type that needs two integers. I can define an API endpoint like this just fine: and it works but if I use my binding model type with those same two integers as properties: then my /swagger endpoint wants to generate JSON+Patch stuff and has no idea how to generate a URL with the appropriate querystring values to bind to that model. Will complex / deep object support help me in this (very simple) case? If not is there a known good way to support it currently? |
|
Arrrgh, hit that wall, too.... great example of a not so obvious limitation that might kill your whole project dev setup and workflow. |
|
Ran into the same problem (using Rails), also with a parameter allowing for dynamic filtering. The funny thing is, that swagger-editor does generate deeper nested objects as placeholder text for the parameters text area when clicking "try it out": results in which will be silently ignored. I know that this is actually a bug in swagger-editor, but it shows that it would be more consistent to allow deeper nested objects. |
|
What needs to be done to move on with this @earth2marsh? You asked for a couple examples outside of Express, which I think have been provided in the messages above. I can help out writing some of the needed documents for this in a PR if that helps. |
|
Five years later, this feature request is still relevant. Any news on this ? |
|
I'll also chime in that this is a common method of building complex queries for elasticsearch. While in their case, they're expecting the body to be passed via POST, the ability to deeply nest objects in arrays allows for a huge level of flexibility in generating queries. Also, AdonisJS uses |
|
waiting for "qs style" serialization feature |
|
@mbraz You are waiting for the feature in what tooling? Docs, testing, code generators? Here's how you could describe it in the specification. parameters:
filterParam:
in: query
name: filter
schema:
type: object
style: deepObject
x-deepObject-style: qs
explode: true
description: Options for filtering the results
required: falseI just made that extension up. That's how we are going to move forward here. The best way to get a feature into the specification is to propose an extension to a tooling creator, or PR a tool with support. Adoption of the the extension will be what demonstrates the value and allows us to bring the feature into the specification. If you really don't want to go the extension route, you could do this as an alternative. parameters:
filterParam:
in: query
name: filter
content:
text/vnd.qs-serialization: {}
description: Options for filtering the results
required: falseIn this case I invented a new text based media type for describing the contents of the filter value. Media types are not usually used for describing query parameter values, but it is technically allowed by OAS. The important point here is that the real work is to go convince the tooling creators that this is an important feature to implement. The blocker is not the specification. |
|
Hi, wait in swagger to use in NestJS applications. I'll try
text/vnd.qs-serialization...
Em dom., 5 de mar. de 2023 às 14:34, Darrel ***@***.***>
escreveu:
… @mbraz <https://github.com/mbraz> You are waiting for the feature in what
tooling? Docs, testing, code generators? Here's how you could describe it
in the specification.
parameters:
filterParam:
in: query
name: filter
schema:
type: object
style: deepObject
x-deepObject-style: qs
explode: true
description: Options for filtering the results
required: false
I just made that extension up. That's how we are going to move forward
here.
The best way to get a feature into the specification is to propose an
extension to a tooling creator, or PR a tool with support. Adoption of the
the extension will be what demonstrates the value and allows us to bring
the feature into the specification.
If you really don't want to go the extension route, you could do this as
an alternative.
parameters:
filterParam:
in: query
name: filter
content:
text/vnd.qs-serialization: {}
description: Options for filtering the results
required: false
In this case I invented a new text based media type for describing the
contents of the filter value. Media types are not usually used for
describing query parameter values, but it is technically allowed by OAS.
—
Reply to this email directly, view it on GitHub
<#1706 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA23VEFTQ4RDD3XPBOU4H5DW2TFDTANCNFSM4F257XBQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
This gem allows us to generate an [OpenAPI schema](https://www.openapis.org/) of an [Apia API](https://github.com/krystal/apia). ## Why are we using v3.0.0 when the latest is v.3.1.0 ? The [OpenAPI generator](https://openapi-generator.tech) does not support 3.1.0 (at least for Ruby yet). So the specification is for version 3.0.0. Annoyingly in v3.0.0, having a request body against a DELETE is deemed to be an error. And this shows up in [swagger-editor](https://editor.swagger.io/). However, after [community pressure](OAI/OpenAPI-Specification#1801), this decision was reversed and in [version 3.1.0 DELETE requests are now allowed to have a request body](OAI/OpenAPI-Specification#1937). I have successfully used the Ruby client library to use a DELETE request with a v3.0.0 schema, so I don't think it's a big deal. We can bump to 3.1.0 when the tooling is ready. ## What is implemented? - All endpoints are described by the spec. - ArgumentSet lookups with multiple methods of supplying params are handled - All the various "non-standard" Apia data types are mapped to OpenAPI ones (e.g. decimal, unix) - If `include` is declared on a field for partial object properties, then the endpoint response will accurately reflect that - Array params for get requests work in the "rails way". e.g. `user_ids[]=1,user_ids[]=2` - [swagger-editor](https://editor.swagger.io/) works, so we can use the "try it out" feature (including bearer auth) - Routes that exclude themselves from the Apia schema are excluded from the OpenAPI output - Endpoints are converted into "nice" names so that the generated client code is more pleasant to use - Apia types (enums, objects, argument sets, polymorphs) are implemented as re-usable component schemas - The spec is good enough to generate [client libraries in various programming languages](https://github.com/krystal/katapult-openapi-clients) ## What isn't implemented? - Only the "happy path" response is included in the spec, we need to add error responses - There are places in the spec where we can explicitly mark things as "required" and this has not been implemented everywhere. - Perhaps we can improve how ArgumentSet lookups are declared – currently [swagger-editor](https://editor.swagger.io/) allows both params (e.g. id and permalink) to be sent in the request which triggers an error. - We can improve the accuracy of the [data types](https://swagger.io/docs/specification/data-models/data-types/#numbers) by declaring the `format`. This is not implemented. - There's one specification test that simply asserts against a static json file generated from the example app. Perhaps we could try actually validating it with something like https://github.com/kevindew/openapi3_parser - Might be nice to dynamically determine the API version - The example app needs expanding to ensure all code-paths are triggered in the generation of the schema ## Any other known issues? - We can't have deeply nested objects in GET request query params. This just isn't defined by the OpenAPI spec. [There's GitHub issue about it](OAI/OpenAPI-Specification#1706). I don't believe we can do much here and probably we don't need to. - File uploads are not implemented, but I don't think we have a need for that. - We do not try to be too 'clever' when the endpoint field uses include to customize the properties returned. e.g. `include: '*,target[id,name]'` in this case we could actually use a `$ref` for the object referenced by the `*`. But instead, if a field uses `include` we just declare an inline schema for that field for that endpoint. - The example API has been copied and expanded from the apia repo. Some of the additional arguments and ways the objects have been expanded is nonsense, but they're there just to ensure we execute all the code paths in the schema generation. Maybe we could come up with a better example API or perhaps we just don't worry about it.
handrews
added
the
param serialization
|
I think the simplest way to allow folks to experiment with different approaches would be to implement #1502 (Support for arbitrary query strings). That would let folks define entirely custom serialization, perhaps based on media types as @darrelmiller suggests, without having to work around the spec's mechanisms for supporting more common serialization forms. |
|
https://github.com/abbasudo/laravel-purity This is extremely necessary! I can't convert to format query parameter filters[is_publish][$contains]=true Terrible. An outrageous flaw. |
|
@POMXARK let's keep it respectful, the maintainers don't owe you anything. You're welcome to submit a PR or make and share a third-party package if this is so important to you, we're all just doing our best here. FWIW I'm not a JS developer but I would still strongly vote for standardizing around "qs style" as it's very intuitive and close enough to other serialization methods to work with in different languages. It should be recognized though that there is really no way to do nested query objects in a GET query string that will be straightforward to document. |
|
@dafeder thanks for your comment!
Yeah, this is why I'm pushing for #1502 in version 3.2 of the spec. It's not ideal, but it gets the OpenAPI spec details out of the way and lets folks do their own serialization for the entire query string, including by just setting the whole thing to |
|
@handrews yes that makes a lot of sense, the problem is really more on the SwaggerUI side. As a spec I can see this being the right way to do it (and clarifying this will probably help Swagger handle it better). |
|
Any updates on this? |
|
@DustinCai see my comment above about 3.2. We're getting 3.0.4 and 3.1.1 out the door right now, then 3.2 should be a relatively quick release as we want to keep it small (and then do a 3.3 if 3.2 is well-received). I'd hoped to get 3.2 done by the end of the year, but 3.0.4 and 3.1.1 have taken a bit longer so maybe January or (hopefully) at worst February. I know that solution (#1502) might not be what you're looking for, but there are too many possible different formats and too many competing demands. Allowing people to define their own query string formats (media types) for the whole query string will unblock experimentation, particularly if combined with a media type registry per #3771. |
and others
Background
Many applications expect deeply nested objects in input parameters, see the discussion in swagger-ui starting from this comment: swagger-api/swagger-ui#4064 (comment) In LoopBack, we are running into this problem too, see loopbackio/loopback-next#1679.
Consider a
filterparameter defined as follows:Let's say the user wants to provide the following value, for example by entering a JSON into the text area rendered by swagger-ui:
{ "name": "ivan", "birth-date": { "gte": "1970-01-01" } }At the moment, the OpenAPI Specification v3 does not describe how to encode such value in a query string. As a result, OpenAPI clients like swagger-ui don't know how to handle this input - see the discussion in swagger-api/swagger-js#1385 for an example.
Proposal
The following query string should be created by swagger-js client for the input value shown above.
The proposed serialization style is supported by https://www.npmjs.com/package/qs, which is used by http://expressjs.com as the default query parser, which means that a vast number of Node.js API servers are already expecting this serialization style.
I am not sure if there is any existing formal specification of this format, I am happy to look into that once my proposal gets considered as acceptable in principle.
Additional information
Existing issues that are touching a similar topic:
Two older comments from swagger-js that may be relevant:
swagger-api/swagger-js#1140
swagger-api/swagger-js#1140 (comment)
The text was updated successfully, but these errors were encountered: