sq

Author: Jamie Tanna

oapi_validate.go

@@ -171,6 +171,15 @@ func performRequestValidationForErrorHandlerWithOpts(next http.Handler, w http.R
 		return
 	}
 
+	// // TODO
+	// me := openapi3.MultiError{}
+	// if errors.As(err, &me) {
+	// 	fmt.Printf("me: %v\n", me)
+	// 	// errFunc := getMultiErrorHandlerFromOptions(options)
+	// 	// return errFunc(me)
+	// }
+	// // TODO
+
 	switch e := err.(type) {
 	case *openapi3filter.RequestError:
 		// We've got a bad request

oapi_validate_example_test.go

@@ -479,9 +479,6 @@ components:
 				out += "required\n"
 			}
 
-			fmt.Printf("e: %#v\n", e)
-			fmt.Printf("e.Err: %#v\n", e.Err)
-
 			if childErr := e.Unwrap(); childErr != nil {
 				out += "There was a child error, which was "
 				switch e := childErr.(type) {
@@ -531,8 +528,7 @@ components:
 	fmt.Println("# A request that is malformed is rejected with HTTP 400 Bad Request (with an invalid request body), and is then logged by the ErrorHandlerWithOpts")
 
 	body := map[string]string{
-		"id":   "not-long-enough",
-		"name": "Jamie",
+		"id": "not-long-enough",
 	}
 
 	data, err := json.Marshal(body)
@@ -617,3 +613,209 @@ components:
 	// Received an HTTP 401 response. Expected HTTP 401
 	// Response body: You're not allowed!
 }
+
+func ExampleOapiRequestValidatorWithOptions_withErrorHandlerWithOptsAndMultiError() {
+	rawSpec := `
+openapi: "3.0.0"
+info:
+  version: 1.0.0
+  title: TestServer
+servers:
+  - url: http://example.com/
+paths:
+  /resource:
+    post:
+      operationId: createResource
+      responses:
+        '204':
+          description: No content
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              properties:
+                id:
+                  type: string
+                  minLength: 100
+                name:
+                  type: string
+                  enum:
+                  - Marcin
+              additionalProperties: false
+`
+
+	must := func(err error) {
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	use := func(r *http.ServeMux, middlewares ...func(next http.Handler) http.Handler) http.Handler {
+		var s http.Handler
+		s = r
+
+		for _, mw := range middlewares {
+			s = mw(s)
+		}
+
+		return s
+	}
+
+	logResponseBody := func(rr *httptest.ResponseRecorder) {
+		if rr.Result().Body != nil {
+			data, _ := io.ReadAll(rr.Result().Body)
+			if len(data) > 0 {
+				fmt.Printf("Response body: %s", data)
+			}
+		}
+	}
+
+	spec, err := openapi3.NewLoader().LoadFromData([]byte(rawSpec))
+	must(err)
+
+	// NOTE that we need to make sure that the `Servers` aren't set, otherwise the OpenAPI validation middleware will validate that the `Host` header (of incoming requests) are targeting known `Servers` in the OpenAPI spec
+	// See also: Options#SilenceServersWarning
+	spec.Servers = nil
+
+	router := http.NewServeMux()
+
+	router.HandleFunc("/resource", func(w http.ResponseWriter, r *http.Request) {
+		fmt.Printf("%s /resource was called\n", r.Method)
+
+		if r.Method == http.MethodPost {
+			w.WriteHeader(http.StatusNoContent)
+			return
+		}
+
+		w.WriteHeader(http.StatusMethodNotAllowed)
+	})
+
+	errorHandlerFunc := func(ctx context.Context, w http.ResponseWriter, r *http.Request, opts middleware.ErrorHandlerOpts) {
+		err := opts.Error
+
+		if opts.MatchedRoute == nil {
+			fmt.Printf("ErrorHandlerWithOpts: An HTTP %d was returned by the middleware with error message: %s\n", opts.StatusCode, err.Error())
+
+			// NOTE that you may want to override the default (an HTTP 400 Bad Request) to an HTTP 404 Not Found (or maybe an HTTP 405 Method Not Allowed, depending on what the requested resource was)
+			http.Error(w, fmt.Sprintf("No route was found (according to ErrorHandlerWithOpts), and we changed the HTTP status code to %d", http.StatusNotFound), http.StatusNotFound)
+			return
+		}
+
+		switch e := err.(type) {
+		case *openapi3filter.SecurityRequirementsError:
+			out := fmt.Sprintf("A SecurityRequirementsError was returned when attempting to authenticate the request to %s %s against %d Security Schemes: %s\n", opts.MatchedRoute.Route.Method, opts.MatchedRoute.Route.Path, len(e.SecurityRequirements), e.Error())
+			for _, sr := range e.SecurityRequirements {
+				for k, v := range sr {
+					out += fmt.Sprintf("- %s: %v\n", k, v)
+				}
+			}
+
+			fmt.Printf("ErrorHandlerWithOpts: %s\n", out)
+
+			http.Error(w, "You're not allowed!", opts.StatusCode)
+			return
+		case *openapi3filter.RequestError:
+			out := fmt.Sprintf("A RequestError was returned when attempting to validate the request to %s %s: %s\n", opts.MatchedRoute.Route.Method, opts.MatchedRoute.Route.Path, e.Error())
+
+			if e.RequestBody != nil {
+				out += "This operation has a request body, which was "
+				if !e.RequestBody.Required {
+					out += "not "
+				}
+				out += "required\n"
+			}
+
+			if childErr := e.Unwrap(); childErr != nil {
+				out += "There was a child error, which was "
+				switch e := childErr.(type) {
+				case *openapi3.SchemaError:
+					out += "a SchemaError, which failed to validate on the " + e.SchemaField + " field"
+				default:
+					out += "an unknown type (" + reflect.TypeOf(e).String() + ")"
+				}
+			}
+
+			fmt.Printf("ErrorHandlerWithOpts: %s\n", out)
+
+			http.Error(w, "A bad request was made - but I'm not going to tell you where or how", opts.StatusCode)
+			return
+		}
+
+		http.Error(w, err.Error(), opts.StatusCode)
+	}
+
+	// create middleware
+	mw := middleware.OapiRequestValidatorWithOptions(spec, &middleware.Options{
+		Options: openapi3filter.Options{
+			// make sure that multiple errors in a given request are returned
+			MultiError: true,
+		},
+		ErrorHandlerWithOpts: errorHandlerFunc,
+	})
+
+	// then wire it in
+	server := use(router, mw)
+
+	// ================================================================================
+	fmt.Println("# A request that is malformed is rejected with HTTP 400 Bad Request (with no request body), and is then logged by the ErrorHandlerWithOpts")
+
+	req, err := http.NewRequest(http.MethodPost, "/resource", nil)
+	must(err)
+	req.Header.Set("Content-Type", "application/json")
+
+	rr := httptest.NewRecorder()
+
+	server.ServeHTTP(rr, req)
+
+	fmt.Printf("Received an HTTP %d response. Expected HTTP 400\n", rr.Code)
+	logResponseBody(rr)
+	fmt.Println()
+
+	// ================================================================================
+	fmt.Println("# A request that is malformed is rejected with HTTP 400 Bad Request (with an invalid request body, with multiple issues), and is then logged by the ErrorHandlerWithOpts")
+
+	body := map[string]string{
+		"id":   "not-long-enough",
+		"name": "Jamie",
+	}
+
+	data, err := json.Marshal(body)
+	must(err)
+
+	req, err = http.NewRequest(http.MethodPost, "/resource", bytes.NewReader(data))
+	must(err)
+	req.Header.Set("Content-Type", "application/json")
+
+	rr = httptest.NewRecorder()
+
+	server.ServeHTTP(rr, req)
+
+	fmt.Printf("Received an HTTP %d response. Expected HTTP 400\n", rr.Code)
+	logResponseBody(rr)
+	fmt.Println()
+
+	// Output:
+	// # A request that is malformed is rejected with HTTP 400 Bad Request (with no request body), and is then logged by the ErrorHandlerWithOpts
+	// ErrorHandlerWithOpts: A RequestError was returned when attempting to validate the request to POST /resource: request body has an error: value is required but missing
+	// This operation has a request body, which was required
+	// There was a child error, which was an unknown type (*errors.errorString)
+	// Received an HTTP 400 response. Expected HTTP 400
+	// Response body: A bad request was made - but I'm not going to tell you where or how
+	//
+	// # A request that is malformed is rejected with HTTP 400 Bad Request (with an invalid request body), and is then logged by the ErrorHandlerWithOpts
+	// ErrorHandlerWithOpts: A RequestError was returned when attempting to validate the request to POST /resource: request body has an error: doesn't match schema: Error at "/id": minimum string length is 100
+	// Schema:
+	//   {
+	//     "minLength": 100,
+	//     "type": "string"
+	//   }
+	//
+	// Value:
+	//   "not-long-enough"
+	//
+	// This operation has a request body, which was required
+	// There was a child error, which was a SchemaError, which failed to validate on the minLength field
+	// Received an HTTP 400 response. Expected HTTP 400
+	// Response body: A bad request was made - but I'm not going to tell you where or how
+}