feat: validate nRF Cloud API response

[pudkrong]

PR Type:

Enhancement

---

PR Description:

This PR introduces validation for the nRF Cloud API responses. It uses the AJV (Another JSON Schema Validator) library and the TypeBox library to define and validate the schema of the responses. In case of validation errors, a ValidationError is thrown. The PR affects multiple files, mainly focusing on implementing the validation in the fetch functions and updating the function calls accordingly.

---

PR Main Files Walkthrough:

files:

lambda/loggingFetch.ts: Added a ValidationError class and a validate function to validate the schema of the responses. Also, introduced a new function validatedLoggingFetch which validates the response before returning it.
lambda/resolveSingleCellGeoLocation.ts: Replaced loggingFetch with validatedLoggingFetch and updated the function calls to handle the validation errors.
nrfcloud/createAccountDevice.ts: Replaced the fetch call with a call to validatedFetch and handled the validation errors.
nrfcloud/devices.ts: Replaced the fetch call with a call to validatedFetch and handled the validation errors.
nrfcloud/getDeviceShadowFromnRFCloud.ts: Replaced the fetch call with a call to validatedFetch and handled the validation errors.
nrfcloud/validatedFetch.ts: Introduced a new function validatedFetch which validates the response before returning it.

[codiumai-pr-agent-free]

PR Analysis

• 🎯 Main theme: Implementing validation for nRF Cloud API responses
• 📝 PR summary: This PR introduces validation for the nRF Cloud API responses using the AJV (Another JSON Schema Validator) library and the TypeBox library. The validation is implemented in the fetch functions and the function calls are updated accordingly to handle validation errors.
• 📌 Type of PR: Enhancement
• 🧪 Relevant tests added: No
• ⏱️ Estimated effort to review [1-5]: 4, because the PR introduces significant changes to the codebase, including the addition of new functions and modifications to existing ones. The changes are spread across multiple files, which increases the complexity of the review.
• 🔒 Security concerns: No security concerns found

PR Feedback

• 💡 General suggestions: The PR is well-structured and the changes are logically grouped. The use of AJV and TypeBox for validation is a good approach. However, it would be beneficial to add tests to ensure the validation works as expected and does not introduce any regressions.

• 🤖 Code feedback:

  • relevant file: lambda/loggingFetch.ts
    suggestion: Consider handling the case where 'errors' is not in 'maybeData' in the 'validate' function. This will ensure that the function behaves as expected even when the validation does not return any errors. [important]
    relevant line: '+ if ('errors' in maybeData) {'

  • relevant file: lambda/resolveSingleCellGeoLocation.ts
    suggestion: It would be better to handle the case where 'error' is not in 'maybeResult' in the 'serviceToken' function. This will ensure that the function behaves as expected even when the validation does not return any errors. [important]
    relevant line: '+ if ('error' in maybeResult) {'

  • relevant file: nrfcloud/createAccountDevice.ts
    suggestion: Consider handling the case where 'error' is not in 'maybeResult' in the 'createAccountDevice' function. This will ensure that the function behaves as expected even when the validation does not return any errors. [important]
    relevant line: '+ if ('error' in maybeResult) {'

  • relevant file: nrfcloud/devices.ts
    suggestion: It would be better to handle the case where 'error' is not in 'maybeResult' in the 'devices' function. This will ensure that the function behaves as expected even when the validation does not return any errors. [important]
    relevant line: '+ if ('error' in maybeResult) {'

How to use

To invoke the PR-Agent, add a comment using one of the following commands:
/review [-i]: Request a review of your Pull Request. For an incremental review, which only considers changes since the last review, include the '-i' option.
/describe: Modify the PR title and description based on the contents of the PR.
/improve [--extended]: Suggest improvements to the code in the PR. Extended mode employs several calls, and provides a more thorough feedback.
/ask <QUESTION>: Pose a question about the PR.
/update_changelog: Update the changelog based on the PR's contents.

To edit any configuration parameter from configuration.toml, add --config_path=new_value
For example: /review --pr_reviewer.extra_instructions="focus on the file: ..."
To list the possible configuration parameters, use the /config command.

[coderbyheart]

Suggested change

	const trackFetch = validatedLoggingFetch({ track, log })
	const trackFetch = validatedFetch(loggingFetch({ track, log }))

Since loggingFetch returns a fetch compatible function, validatedLoggingFetch should not care about the fact that it deals with a fetch that is augmented with logging capabilites. Instead make it accept a fetch instance as parameter. (Unix command design principle)

[pudkrong]

I will use the existing function, validatedFetch, because

• It accepts fetch instance
• However, I need to modify the function to accept 3rd parameter because the existing function will use GET method and Content-Type as application/json as its defaults.

[coderbyheart]

comment: this swallows the validation errors (because the error is stringified). But OK in this case because error is logged and function is only used in lambda.

[coderbyheart]

problem: this swallows the error details, change API and return error

[pudkrong]

I will re-throw the error from validatedFetch. The error can be either Error object or ValidationError.

[coderbyheart]

Unrelated change.

[pudkrong]

This change is necessary due to the default behavior uses GET method and Content-Type as application/json

[coderbyheart]

Changed in the refactor.

[pudkrong]

I need to cast deviceShadow.state.metadata to Record<string, any> because getShadowUpdateTime requires

[coderbyheart]

Yeah, recursive typing is not really possible with TypeBox (and JSON schema)

[pudkrong]

This is required to allow loggingFetch to be able to pass as fetchImplementation

[coderbyheart]

I've addressed this in a refactor.

[coderbyheart]

File is empty.

[coderbyheart]

locationServiceToken can be passed here.

[coderbyheart]

Yeah, recursive typing is not really possible with TypeBox (and JSON schema)

[coderbyheart]

Should have been integrated in DeviceShadow.ts

[coderbyheart]

I've addressed this in a refactor.

[coderbyheart]

If refactored this, because this mixes two parameters to configure the fetch behaviour. Those two (the first and the third) are also split around the schema.

[coderbyheart]

Changed in the refactor.