Disallow Unknown Body Parameters?

[rowanc1]

Awesome library, thanks for putting it together!

Working off of the example provided, I was expecting the validation to cover requestBody in the OpenAPI 3.0 schema. As a user of APIs I often make typos or misunderstand the documentation, being able to be alerted by the API would be nice.

A similar interface to the allowUnknownQueryParameters (see #133) would be ideal:

new OpenApiValidator({
    apiSpec: "./src/services/openapi.yaml",
    validateRequests: {
        allowUnknownQueryParameters: false,
        allowUnknownBodyParameters: false,
    }
}).install(app);

Right now adding a value to the JSON body of a request of the POST /v1/pets example results in:

curl -s --request POST \
  --url http://localhost:3000/v1/pets \
  --header 'content-type: application/json' \
  --header 'x-api-key: XXXX' \
  --data '{"name":"sparky", "random": "scaryValue"}'


>> {"id":3,"name":"sparky","random": "scaryValue"}

I would expect this to error using the same validations as if it were in the query parameters. I would be curious about your thoughts on this.

[rowanc1]

I just found out how to do this by adding additionalProperties: false to the OpenAPI schema.

Perhaps it could be worth putting this in the example documentation?

[cdimascio]

Thanks, @rowanc1. You're correct, this can be accomplished with additionalProperties: false.
I also agree that we should get this into the README. Would you be willing to add an example to the FAQ section of the README?