feat: throw RequestValidationError on invalid JSON in query parameter

oas-tools · Oct 29, 2023 · 703af41 · 703af41
1 parent 09623c0
commit 703af41
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 4 deletions.
diff --git a/src/middleware/native/oas-params.js b/src/middleware/native/oas-params.js
@@ -1,6 +1,8 @@
 import _ from "lodash";
-import { schema } from "../../utils/index.js";
-import { OASBase, logger } from "@oas-tools/commons";
+import { schema, commons } from "../../utils/index.js";
+import { OASBase, logger, errors } from "@oas-tools/commons";
+
+const { RequestValidationError } = errors;
 
 export class OASParams extends OASBase {
 
@@ -126,7 +128,11 @@ function _parseValue(val, paramDefinition, schema, type) {
             if (paramDefinition.content) {
                 const contentType = Object.keys(paramDefinition.content)[0];
                 if (contentType.toLocaleLowerCase() === "application/json") {
-                    return JSON.parse(val);   
+                    try {
+                        return JSON.parse(val);   
+                    } catch {
+                        commons.handle(RequestValidationError, `Invalid JSON in parameter '${paramDefinition.name}'.`, true);
+                    }
                 } else {
                     logger.warn(`Content type ${contentType} is not supported. Raw value will be returned.`);
                     return val

diff --git a/tests/suites/params.test.js b/tests/suites/params.test.js
@@ -1,13 +1,17 @@
 import {init, close} from '../testServer/index.js';
+import fs from 'fs';
 import assert from 'assert';
 import axios from 'axios';
 
 export default () => {
+    let cfg;
 
     describe('\n    OAS-Params Middleware tests', () => {
 
         before(async () => {
-            await init(); //init server with default config
+            cfg = JSON.parse(fs.readFileSync('tests/testServer/.oastoolsrc'));
+            cfg.logger.level = 'off'; // Set to 'error' if any test fail to see the error message
+            await init(cfg); //init server with default config
         });
 
         it('Should parse path params correctly (explode false)', async () => {
@@ -71,6 +75,28 @@ export default () => {
             });
         });
 
+        it('Should parse query params correctly (content application/json)', async () => {
+            await axios.get('http://localhost:8080/api/v1/oasParams/json?queryparamjson={"key":"value","otherkey":"othervalue"}')
+            .then(res => {
+                let expected = {
+                    params: {
+                        queryparamjson: {key: 'value', otherkey: 'othervalue'}
+                    },
+                    body: {}
+                }
+                assert.deepStrictEqual(res.data, expected);
+            });
+        });
+
+        it('Should fail when JSON query params are not valid JSON', async () => {
+            await axios.get('http://localhost:8080/api/v1/oasParams/json?queryparamjson={"key":,"otherkey":"othervalue"}')
+            .then(() => assert.fail('Got unexpected response, expected 400'))
+            .catch(err => {
+                assert.match(err.response?.data?.error, /.*Invalid JSON in parameter '.*'*/);
+                assert.equal(err.response.status, 400);
+            })
+        });
+
         it('Should parse header params correctly (explode false)', async () => {
             await axios.get('http://localhost:8080/api/v1/oasParams', { headers: { headerparam: '2022-06-19T00:00:00.000Z' } })
             .then(res => {

diff --git a/tests/testServer/api/3.0.yaml b/tests/testServer/api/3.0.yaml
@@ -30,6 +30,14 @@ paths:
         - $ref: 'subschemas/oasparams.yaml#/explode/cookieparams/0'
       responses:
         '200': {$ref: 'subschemas/responses.yaml#/200'}
+  /api/v1/oasParams/json:
+    x-router-controller: oasParamsTestController
+    get:
+      operationId: getRequest
+      parameters:
+        - $ref: 'subschemas/oasparams.yaml#/json/queryparams/0'
+      responses:
+        '200': {$ref: 'subschemas/responses.yaml#/200'}
   /api/v1/oasParams/{testparamsimple}/{testparamslabel}/{testparamsmatrix}:
     x-router-controller: oasParamsTestController
     get:

diff --git a/tests/testServer/api/subschemas/oasparams.yaml b/tests/testServer/api/subschemas/oasparams.yaml
@@ -136,6 +136,21 @@ explode:
       schema:
         type: array
 
+json:
+  queryparams:
+    - name: queryparamjson
+      description: query parameter content application/json
+      in: query
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              key:
+                type: string
+              otherkey:
+                type: string
+
 body:
   schemaWithDefaults:
     type: array

diff --git a/tests/testServer/controllers/oasParamsTestController.js b/tests/testServer/controllers/oasParamsTestController.js
@@ -17,6 +17,14 @@ export function getRequestExplode(req, res, next) {
   service.getRequest(req.params, res, next);
 }
 
+/**
+ * @oastools {method} GET
+ * @oastools {path} /json
+ */
+export function getRequestJson(req, res, next) {
+  service.getRequest(req.params, res, next);
+}
+
 /**
  * @oastools {method} GET
  * @oastools {path} /explode/{testparamsimple}/{testparamslabel}/{testparamsmatrix}