Register custom request/response validators

[whitlockjc]

sway already has the ability to register custom validators for the full Swagger 2.0 document but it does not include the ability to register custom request/response validators. This needs to be done.

Originally reported in #170.

[whitlockjc]

As part of adding strict mode validation (#94), Operation#validateRequest, Operation#validateResponse and Response#validateResponse was updated to have an optional strictMode argument. I think to do this work, we'll replace the strictMode argument for those methods with an options object and put strictMode into it along with a validators property that is an array of validator functions.

[IulianBojincaSV]

Hi Jeremy,
How would such a custom validator look like? How would it be created/look like and then passed to the customValidators option? Can you maybe give us a simple example of such a thing? I'm struggling to find a way to implement such a validator for validating the content of the body of an application/json request object against an openapi 3.0 specs, more specifically against the requestBody.

Thank you!

[whitlockjc]

The options object passed to validateRequest is documented here. That specifies that customValidators is of type Sway.RequestValidationFunction. A full example can be found here. If that's not enough, let me know.

Also, OAS@v3.x is not supported yet

[IulianBojincaSV]

Thank you for the fast response and the hints. The support for OAS@v3.x as it is right now, it works for me. I know it's WIP but it's pretty decent as it is.
So my solution for validating the request:

• let Sway validate the headers, query, path, etc through it's normal validateRequest method
• validate the request body through a custom validator using the Z-Schema package directly as the validator. This customValidator is added to the customValidators option param on validateRequest.

Maybe it would be a useful thing to expose some of the helper functions to the outside? Like validateAgainstSchema or getJSONSchemaValidator. That way I don't need to specifically add the z-schema package to my package.json and just use the resources that are already available in sway and are statically typed to some degree.

Let me know if maybe you see another way to do this, that I have maybe missed out.

Thanks again for all the effort, and I hope at some point to maybe contribute to this awesome project.

[whitlockjc]

Why do you need to do custom body validation? validateRequest should do this for you.

[IulianBojincaSV]

I failed to specifically mention that I'm using OAS@3.x for my schemes. What you say I think this is valid for Swagger 2.0 schemes only. In Swagger 2.0 you define the request body in the parameters with in:body. But for OAS 3.0@x you define them in requestBody, a sibling property of parameters.

Looking inside the implementation of validateRequest I saw that the validation for the body is done together with all the other parameters. So for each definitionFullyResolved.parameters I would suspect to have the req.body correctly validated here if only the schema was of type Swagger 2.0.

Let me know if I'm missing something.

[whitlockjc]

Okay, that makes more sense. This is an OAS@v3.x support thing, which is being worked on in #128.