feature: add server validation the Http Client #351
Conversation
…-257/server-validation
SO-257
|
@XVincentX @philsturgeon @lag-of-death Pay special attention to tests so see whether we're all in alignment. |
|
@chris-miaskowski I fixed the build for you. |
| @@ -63,36 +63,42 @@ export const router: IRouter<IHttpOperation, IHttpRequest, IHttpConfig> = { | |||
| }; | |||
| }); | |||
|
|
|||
| matches = matches.filter(match => match.pathMatch !== MatchType.NOMATCH); | |||
There was a problem hiding this comment.
this route function is so long and full of ifs, mutations and throwing errors. The cognitive load one has to invest to understand it is a bit too much. Can this be refactored before it's too late?
There was a problem hiding this comment.
I want to ditch it completely and use a routing library, such as https://github.com/delvedor/find-my-way
Happy to see this refactored though.
There was a problem hiding this comment.
@XVincentX to your point on the library I'm happy to replace the code if you find a library that does what we need. We have a very special use case here - we not only route but check the server validity.
@lag-of-death I'm happy to see what I can do if you can suggest a refactoring.
There was a problem hiding this comment.
at least we could move all these ifs that throw errors and make an array of "tuples" like so:
[{predicate: () => false, action: () => throw 'A'}, {predicate: () => true, action: () => throw 'B'}]
and move this array out of route
There was a problem hiding this comment.
Hey I'd like to leave that for some other time. I'm usually all for boy scouting but lots of things will change in the code base in next weeks/months so that may soon be irrelevant.
|
P.S: I'm jumping on this in the afternoon. |
…htio/prism into feature/so-257/server-validation
|
Thanks for the review everyone! I hear you all! |
…htio/prism into feature/so-257/server-validation
…-257/server-validation
…htio/prism into feature/so-257/server-validation
Co-Authored-By: Phil Sturgeon <me@philsturgeon.uk>
Co-Authored-By: Vincenzo Chianese <vincenz.chianese@icloud.com>
Co-Authored-By: Vincenzo Chianese <vincenz.chianese@icloud.com>
SO-257
…htio/prism into feature/so-257/server-validation
- don't embarrass yourself Chris! Read the docs! SO-257
…htio/prism into feature/so-257/server-validation
| #### Server Validation | ||
|
|
||
| OpenAPI lets API spec authors make only certain servers available, and they also allow certain operations to be restricted to certain servers. Make sure the server URL you plan to use is a valid server this the particular operation you are attempting. | ||
| by providing a `__server` query param. |
There was a problem hiding this comment.
I guess this should be on the same line
| @@ -37,23 +39,41 @@ export function factory<Resource, Input, Output, Config, LoadOpts>( | |||
| // build the config for this request | |||
| const configMerger = configMergerFactory(defaultConfig, customConfig, c); | |||
| const configObj: Config | undefined = configMerger(input); | |||
There was a problem hiding this comment.
This is probably an old leftover.
| const configObj: Config | undefined = configMerger(input); | |
| const configObj: Config = configMerger(input); |
| }); | ||
|
|
||
| const expectedPayload = (serverUrl: string) => | ||
| `{"type":"https://stoplight.io/prism/errors#NO_SERVER_MATCHED_ERROR","title":"Route not resolved, no server matched.","status":404,"detail":"The base url ${serverUrl} hasn\'t been matched with any of the provided servers"}`; |
There was a problem hiding this comment.
I'm wondering if there's a way to check out this stuff without using this templated string.
|
|
||
| expect(response.statusCode).toBe(422); | ||
| expect(response.payload).toEqual( | ||
| '{"type":"https://stoplight.io/prism/errors#UNPROCESSABLE_ENTITY","title":"Invalid request body payload","status":422,"detail":"Your request body is not valid: [{\\"path\\":[\\"body\\"],\\"code\\":\\"type\\",\\"message\\":\\"should be object\\",\\"severity\\":0}]"}', |
There was a problem hiding this comment.
Yeah, it might be worth parse this content
| expect(response.payload).toEqual( | ||
| '{"type":"https://stoplight.io/prism/errors#UNPROCESSABLE_ENTITY","title":"Invalid request body payload","status":422,"detail":"Your request body is not valid: [{\\"path\\":[\\"body\\"],\\"code\\":\\"type\\",\\"message\\":\\"should be object\\",\\"severity\\":0}]"}', | ||
| ); | ||
| await server.fastify.close(); |
There was a problem hiding this comment.
This should be in a after statement
| @@ -228,6 +295,67 @@ describe.each([['petstore.oas2.json'], ['petstore.oas3.json']])('server %s', fil | |||
| } | |||
| }); | |||
|
|
|||
| describe('server validation: given __server query param', () => { | |||
There was a problem hiding this comment.
According to Phil (or at least, if I understood correctly), these should be two nested describe blocks
| }); | ||
|
|
||
| // oas2 does not support overriding servers | ||
| if (file === 'petstore.oas3.json') { |
There was a problem hiding this comment.
This is ok for now, but maybe we could have oas3 specific tests instead of branching
| On the other hand, putting a server which is not defined in the specification, for example: | ||
|
|
||
| ```bash | ||
| curl -X GET localhost:4010/pet?__server=ftp://acme.com/api |
There was a problem hiding this comment.
Oh this is weird that we introduced FTP here just without any explanation, just snuck it in there. I honestly do not know if FTP is even allowed in OpenAPI, it doesn't mentioned either way but... it has never come up. https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#serverObject
This PR adds server validation the Prism Http Server and Prism Http Client.
What changed?
We have exposed a query parameter
__serverthat you can use to check whether the server matches the one in the spec.This is now supported in the CLI
prism mock spec.json curl -X GET /pet?__server=http://someserver.com/basePathand in the JS-API
More details in the README.md file