feat: Improve response validation.

Author: Shogun

lib/index.js

@@ -10,9 +10,11 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const ajv_1 = __importDefault(require("ajv"));
 const fastify_plugin_1 = __importDefault(require("fastify-plugin"));
 const http_errors_1 = __importStar(require("http-errors"));
 const http_status_codes_1 = require("http-status-codes");
+const lodash_upperfirst_1 = __importDefault(require("lodash.upperfirst"));
 const statuses_1 = __importDefault(require("statuses"));
 const properties_1 = require("./properties");
 const validation_1 = require("./validation");
@@ -21,7 +23,6 @@ exports.addAdditionalProperties = properties_2.addAdditionalProperties;
 var validation_2 = require("./validation");
 exports.convertValidationErrors = validation_2.convertValidationErrors;
 exports.niceJoin = validation_2.niceJoin;
-exports.validationMessages = validation_2.validationMessages;
 exports.validationMessagesFormatters = validation_2.validationMessagesFormatters;
 function handleNotFoundError(request, reply) {
     handleErrors(new http_errors_1.NotFound('Not found.'), request, reply);
@@ -46,9 +47,10 @@ exports.handleValidationError = handleValidationError;
 function handleErrors(error, request, reply) {
     var _a, _b;
     // It is a generic error, handle it
+    const code = error.code;
     if (!('statusCode' in error)) {
-        // If it is a validation error, convert errors to human friendly format
         if ('validation' in error && ((_a = request.errorProperties) === null || _a === void 0 ? void 0 : _a.convertValidationErrors)) {
+            // If it is a validation error, convert errors to human friendly format
             error = handleValidationError(error, request);
         }
         else if ((_b = request.errorProperties) === null || _b === void 0 ? void 0 : _b.hideUnhandledErrors) {
@@ -62,6 +64,15 @@ function handleErrors(error, request, reply) {
             Object.defineProperty(error, 'stack', { enumerable: true });
         }
     }
+    else if (code === 'INVALID_CONTENT_TYPE' || code === 'FST_ERR_CTP_INVALID_MEDIA_TYPE') {
+        error = http_errors_1.default(http_status_codes_1.UNSUPPORTED_MEDIA_TYPE, lodash_upperfirst_1.default(validation_1.validationMessagesFormatters.contentType()));
+    }
+    else if (code === 'FST_ERR_CTP_EMPTY_JSON_BODY') {
+        error = http_errors_1.default(http_status_codes_1.BAD_REQUEST, lodash_upperfirst_1.default(validation_1.validationMessagesFormatters.jsonEmpty()));
+    }
+    else if (code === 'MALFORMED_JSON' || error.message === 'Invalid JSON' || error.stack.includes('at JSON.parse')) {
+        error = http_errors_1.default(http_status_codes_1.BAD_REQUEST, lodash_upperfirst_1.default(validation_1.validationMessagesFormatters.json()));
+    }
     // Get the status code
     let { statusCode, headers } = error;
     // Code outside HTTP range
@@ -85,11 +96,24 @@ function handleErrors(error, request, reply) {
 }
 exports.handleErrors = handleErrors;
 exports.default = fastify_plugin_1.default(function (instance, options, done) {
-    var _a, _b;
-    const hideUnhandledErrors = (_a = options.hideUnhandledErrors, (_a !== null && _a !== void 0 ? _a : process.env.NODE_ENV === 'production'));
+    var _a, _b, _c;
+    const isProduction = process.env.NODE_ENV === 'production';
+    const hideUnhandledErrors = (_a = options.hideUnhandledErrors, (_a !== null && _a !== void 0 ? _a : isProduction));
     const convertValidationErrors = (_b = options.convertValidationErrors, (_b !== null && _b !== void 0 ? _b : true));
+    const convertResponsesValidationErrors = (_c = options.convertResponsesValidationErrors, (_c !== null && _c !== void 0 ? _c : !isProduction));
     instance.decorateRequest('errorProperties', { hideUnhandledErrors, convertValidationErrors });
     instance.setErrorHandler(handleErrors);
     instance.setNotFoundHandler(handleNotFoundError);
+    if (convertResponsesValidationErrors) {
+        instance.decorate('responseValidatorSchemaCompiler', new ajv_1.default({
+            // The fastify defaults, with the exception of removeAdditional and coerceTypes, which have been reversed
+            removeAdditional: false,
+            useDefaults: true,
+            coerceTypes: false,
+            allErrors: true,
+            nullable: true
+        }));
+        instance.addHook('onRoute', validation_1.addResponseValidation);
+    }
     done();
 }, { name: 'fastify-errors-properties' });

lib/interfaces.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

lib/validation.js

@@ -1,5 +1,10 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const http_errors_1 = __importDefault(require("http-errors"));
+const http_status_codes_1 = require("http-status-codes");
 const get = require("lodash.get");
 function niceJoin(array, lastSeparator = ' and ', separator = ', ') {
     switch (array.length) {
@@ -15,6 +20,35 @@ function niceJoin(array, lastSeparator = ' and ', separator = ', ') {
 }
 exports.niceJoin = niceJoin;
 exports.validationMessagesFormatters = {
+    contentType: () => 'only JSON payloads are accepted. Please set the "Content-Type" header to start with "application/json"',
+    json: () => 'the body payload is not a valid JSON',
+    jsonEmpty: () => 'the JSON body payload cannot be empty if the "Content-Type" header is set',
+    missing: () => 'must be present',
+    unknown: () => 'is not a valid property',
+    uuid: () => 'must be a valid GUID (UUID v4)',
+    timestamp: () => 'must be a valid ISO 8601 / RFC 3339 timestamp (example: 2018-07-06T12:34:56Z)',
+    date: () => 'must be a valid ISO 8601 / RFC 3339 date (example: 2018-07-06)',
+    time: () => 'must be a valid ISO 8601 / RFC 3339 time (example: 12:34:56)',
+    hostname: () => 'must be a valid hostname',
+    ipv4: () => 'must be a valid IPv4',
+    ipv6: () => 'must be a valid IPv6',
+    paramType: (type) => {
+        switch (type) {
+            case 'integer':
+                return 'must be a valid integer number';
+            case 'number':
+                return 'must be a valid number';
+            case 'boolean':
+                return 'must be a valid boolean (true or false)';
+            case 'object':
+                return 'must be a object';
+            case 'array':
+                return 'must be an array';
+            default:
+                return 'must be a string';
+        }
+    },
+    presentString: () => 'must be a non empty string',
     minimum: (min) => `must be a number greater than or equal to ${min}`,
     maximum: (max) => `must be a number less than or equal to ${max}`,
     minimumProperties(min) {
@@ -32,30 +66,8 @@ exports.validationMessagesFormatters = {
     enum: (values) => `must be one of the following values: ${niceJoin(values.map((f) => `"${f}"`), ' or ')}`,
     pattern: (pattern) => `must match pattern "${pattern.replace(/\(\?\:/g, '(')}"`,
     invalidResponseCode: (code) => `This endpoint cannot respond with HTTP status ${code}.`,
-    invalidResponse: (code) => `The response returned from the endpoint violates its specification for the HTTP status ${code}.`
-};
-exports.validationMessages = {
-    contentType: 'only JSON payloads are accepted. Please set the "Content-Type" header to start with "application/json"',
-    json: 'the body payload is not a valid JSON',
-    jsonEmpty: 'the JSON body payload cannot be empty if the "Content-Type" header is set',
-    missing: 'must be present',
-    unknown: 'is not a valid property',
-    emptyObject: 'cannot be a empty object',
-    uuid: 'must be a valid GUID (UUID v4)',
-    timestamp: 'must be a valid ISO 8601 / RFC 3339 timestamp (example: 2018-07-06T12:34:56Z)',
-    date: 'must be a valid ISO 8601 / RFC 3339 date (example: 2018-07-06)',
-    time: 'must be a valid ISO 8601 / RFC 3339 time (example: 12:34:56)',
-    hostname: 'must be a valid hostname',
-    ip: 'must be a valid IPv4 or IPv6',
-    ipv4: 'must be a valid IPv4',
-    ipv6: 'must be a valid IPv6',
-    integer: 'must be a valid integer number',
-    number: 'must be a valid number',
-    boolean: 'must be a valid boolean (true or false)',
-    object: 'must be a object',
-    array: 'must be an array',
-    string: 'must be a string',
-    presentString: 'must be a non empty string'
+    invalidResponse: (code) => `The response returned from the endpoint violates its specification for the HTTP status ${code}.`,
+    invalidFormat: (format) => `must match format "${format}" (format)`
 };
 function convertValidationErrors(section, data, validationErrors) {
     const errors = {};
@@ -78,14 +90,14 @@ function convertValidationErrors(section, data, validationErrors) {
             case 'required':
             case 'dependencies':
                 key = e.params.missingProperty;
-                message = exports.validationMessages.missing;
+                message = exports.validationMessagesFormatters.missing();
                 break;
             case 'additionalProperties':
                 key = e.params.additionalProperty;
-                message = exports.validationMessages.unknown;
+                message = exports.validationMessagesFormatters.unknown();
                 break;
             case 'type':
-                message = exports.validationMessages[e.params.type];
+                message = exports.validationMessagesFormatters.paramType(e.params.type);
                 break;
             case 'minProperties':
                 message = exports.validationMessagesFormatters.minimumProperties(e.params.limit);
@@ -112,7 +124,7 @@ function convertValidationErrors(section, data, validationErrors) {
                 const pattern = e.params.pattern;
                 const value = get(data, key);
                 if (pattern === '.+' && !value) {
-                    message = exports.validationMessages.presentString;
+                    message = exports.validationMessagesFormatters.presentString();
                 }
                 else {
                     message = exports.validationMessagesFormatters.pattern(e.params.pattern);
@@ -124,9 +136,7 @@ function convertValidationErrors(section, data, validationErrors) {
                 if (reason === 'date-time') {
                     reason = 'timestamp';
                 }
-                message = exports.validationMessagesFormatters[reason]
-                    ? exports.validationMessagesFormatters[reason](reason)
-                    : exports.validationMessages[reason];
+                message = (exports.validationMessagesFormatters[reason] || exports.validationMessagesFormatters.invalidFormat)(reason);
                 break;
         }
         // No custom message was found, default to input one replacing the starting verb and adding some path info
@@ -137,14 +147,48 @@ function convertValidationErrors(section, data, validationErrors) {
         let property = key
             .replace(/\[(\d+)\]/g, '.$1') // Array path
             .replace(/\[([^\]]+)\]/g, '.$1'); // Object path
-        if (!property) {
-            property = '$root';
-        }
+        // Remove useless quotes
         if (property.match(/(?:^['"])(?:[^\.]+)(?:['"]$)/)) {
             property = property.substring(1, property.length - 1);
         }
+        // Fix empty properties
+        if (!property) {
+            property = '$root';
+        }
         errors[property] = message;
     }
     return { [section]: errors };
 }
 exports.convertValidationErrors = convertValidationErrors;
+function addResponseValidation(route) {
+    var _a;
+    if (!((_a = route.schema) === null || _a === void 0 ? void 0 : _a.response)) {
+        return;
+    }
+    const validators = Object.entries(route.schema.response).reduce((accu, [code, schema]) => {
+        accu[code] = this.responseValidatorSchemaCompiler.compile(schema);
+        return accu;
+    }, {});
+    // Note that this hook is not called for non JSON payloads therefore validation is not possible in such cases
+    route.preSerialization = async function (_request, reply, payload) {
+        const statusCode = reply.res.statusCode;
+        // Never validate error 500
+        if (statusCode === http_status_codes_1.INTERNAL_SERVER_ERROR) {
+            return payload;
+        }
+        // No validator, it means the HTTP status is not allowed
+        const validator = validators[statusCode];
+        if (!validator) {
+            throw http_errors_1.default(http_status_codes_1.INTERNAL_SERVER_ERROR, exports.validationMessagesFormatters.invalidResponseCode(statusCode));
+        }
+        // Now validate the payload
+        const valid = validator(payload);
+        if (!valid) {
+            throw http_errors_1.default(http_status_codes_1.INTERNAL_SERVER_ERROR, exports.validationMessagesFormatters.invalidResponse(statusCode), {
+                failedValidations: convertValidationErrors('response', payload, validator.errors)
+            });
+        }
+        return payload;
+    };
+}
+exports.addResponseValidation = addResponseValidation;

tsconfig.json

@@ -13,7 +13,6 @@
     "noImplicitAny": true,
     "noUnusedLocals": true,
     "noUnusedParameters": true,
-    "keyofStringsOnly": true,
     "strictNullChecks": true,
     "declaration": true
   },

types/index.d.ts

@@ -1,14 +1,10 @@
 /// <reference types="node" />
 import { FastifyError, FastifyInstance, FastifyReply, FastifyRequest, RegisterOptions } from 'fastify';
 import { IncomingMessage, Server, ServerResponse } from 'http';
-export { addAdditionalProperties, GenericObject } from './properties';
-export { convertValidationErrors, niceJoin, validationMessages, validationMessagesFormatters } from './validation';
-export interface FastifyDecoratedRequest extends FastifyRequest {
-    errorProperties?: {
-        hideUnhandledErrors?: boolean;
-        convertValidationErrors?: boolean;
-    };
-}
+import { FastifyDecoratedRequest } from './interfaces';
+export * from './interfaces';
+export { addAdditionalProperties } from './properties';
+export { convertValidationErrors, niceJoin, validationMessagesFormatters } from './validation';
 export declare function handleNotFoundError(request: FastifyRequest, reply: FastifyReply<unknown>): void;
 export declare function handleValidationError(error: FastifyError, request: FastifyRequest): FastifyError;
 export declare function handleErrors(error: FastifyError, request: FastifyDecoratedRequest, reply: FastifyReply<unknown>): void;

types/interfaces.d.ts

@@ -0,0 +1,33 @@
+/// <reference types="node" />
+import { Ajv, ValidateFunction } from 'ajv';
+import { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify';
+import { ServerResponse } from 'http';
+export declare type GenericObject = {
+    [key: string]: any;
+};
+export declare type NodeError = NodeJS.ErrnoException;
+export declare type RequestSection = 'params' | 'query' | 'querystring' | 'headers' | 'body' | 'response';
+export interface ResponseSchemas {
+    [key: string]: ValidateFunction;
+}
+export interface FastifyDecoratedInstance extends FastifyInstance {
+    responseValidatorSchemaCompiler: Ajv;
+}
+export interface FastifyDecoratedRequest extends FastifyRequest {
+    errorProperties?: {
+        hideUnhandledErrors?: boolean;
+        convertValidationErrors?: boolean;
+    };
+}
+export interface FastifyDecoratedReply extends FastifyReply<ServerResponse> {
+    originalResponse?: {
+        statusCode: number;
+        payload: any;
+    };
+}
+export interface Validations {
+    [key: string]: {
+        [key: string]: string;
+    };
+}
+export declare type ValidationFormatter = (...args: Array<any>) => string;

types/properties.d.ts

@@ -1,7 +1,3 @@
-/// <reference types="node" />
-export declare type GenericObject = {
-    [key: string]: any;
-};
-export declare type NodeError = NodeJS.ErrnoException;
+import { GenericObject } from './interfaces';
 export declare function addAdditionalProperties(target: GenericObject, source: GenericObject): void;
 export declare function serializeError(error: Error): GenericObject;

types/validation.d.ts

@@ -1,18 +1,10 @@
-import { ValidationResult } from 'fastify';
-export declare type RequestSection = 'params' | 'query' | 'querystring' | 'headers' | 'body';
-export interface Validations {
-    [key: string]: {
-        [key: string]: string;
-    };
-}
-export declare type validationFormatter = (...args: Array<any>) => string;
+import { RouteOptions, ValidationResult } from 'fastify';
+import { FastifyDecoratedInstance, RequestSection, ValidationFormatter, Validations } from './interfaces';
 export declare function niceJoin(array: Array<string>, lastSeparator?: string, separator?: string): string;
 export declare const validationMessagesFormatters: {
-    [key: string]: validationFormatter;
-};
-export declare const validationMessages: {
-    [key: string]: string;
+    [key: string]: ValidationFormatter;
 };
 export declare function convertValidationErrors(section: RequestSection, data: {
     [key: string]: unknown;
 }, validationErrors: Array<ValidationResult>): Validations;
+export declare function addResponseValidation(this: FastifyDecoratedInstance, route: RouteOptions): void;