-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a filter for request validation #249
Add a filter for request validation #249
Conversation
Hi @ota42y what do you think about this one? |
Sorry for my late reply 🙇 If the requested path isn't in the schema file, committee doesn't validate (when strict option is false). I understand that even though there is a definition, we don't want to validation temporarily. For example, committee support register OpenAPI parser object ( when we use OpenAPI 3 ). open_api = OpenAPIParser.parse(YAML.load_file('open_api_3/schema.yaml'))
# filter_operation_object filter Operation Object like Array#select
# This method not exist in OpenAPI Parser ( sample code )
only_open_api = open_api.select_operation_object( ->(op) { op.parent.path =~ ONLY_PATH } )
schema = Committee::Drivers::OpenAPI3::Driver.new.parse(only_open_api)
use Committee::Middleware::RequestValidation, schema: schema This way we can do your objectives without breaking the basic function in the committee. Or if there is a use case that is absolutely necessary, I want to know more. |
Thank you for your reply. It seems a bit odd feature, but I think it's small, retrocompatible and gives users an additional flexibility, without removing anything. Let me try to explain other reasons. a. Committee (and OpenAPI Parser) are not without bugs, or missing features. So I would like to explicitly exclude just few endpoints, without disable b. In the following scenario, there is a:
I would like to use Currently, the validation for Both these examples can be supported having the proposed feature (that is already used internally as a monkey-patch). |
Another reason that I forgot. It seems Committee just supports JSON responses. because it always tries to So I think it would be nice to have an easy way to filter out endpoints with different media type. |
Thank you for more detail information, that's very helpful :) Your example ( It is indeed small and very easy code so I wouldn't mind to merge this. Now, committee provide For example, we create # return path for validation, if return nil we doesn't validation
def validation_path_hook(request)
# only
request.path.start_with?('/something') ? request.path : nil
# except
request.path.start_with?('/something') ? nil : request.path
# prefix option (/v1/test => /test)
request.path.gsub(/^\/v1/, "")
end I think this way can cover multiple use cases in one way. |
Thank you for your reply. Well, in general, I think that having a generic method is better than a specific one. The discriminator to validate or not a request, might be more complex than just the
Checking them on a method called Anyway, if you don't feel to merge it, it's fine. We are already using this feature via monkey-patch. I though it was nice to share it and make it official. |
Thanks! Your proposal should be solved, so I want to solve it in some way. I forgot about the prefix option, as I was trying to solve multiple problems at once but it's not good.
|
Sorry for my late reply. Your proposal looks ok to me. To me, not from a Ruby/Rails background, "hook" it's not clear, in general. What do you think? Anyway, I will take care of removing the |
Thanks! I think when we use 'only', the user expect array argument. So I think 'accept_request_filter' is good because it's clear what happens for all user :) |
bead983
to
deb6df0
Compare
Renamed :only to :accept_request_filter deb6df0 |
That's great change, I'm going to accept :) |
deb6df0
to
ac8f7b0
Compare
Done ✔️ |
Thanks! It's a very good change !!!! |
You are welcome. And thank you for your support 👍 |
I just released 3.3.0 which include this changes 🎉 |
Summary
This small PR adds
:only
and:except
to the configuration options.They allow to whitelist and blacklist the validation based on custom criteria.
Whitelist can be useful in case of a big codebase, without API schema, where the schema is written gradually, over time.
Blacklist can be useful in case of specific path that are non standard, or should not included in the current schema (i.e. internal endpoints with their own schema).