feat(rest): add query parameter validation

fix loopbackio#1573
YaelGit · Feb 13, 2019 · 2e12925 · 2e12925
1 parent 93f7bbf
commit 2e12925
Show file tree

Hide file tree

Showing 16 changed files with 417 additions and 30 deletions.
diff --git a/packages/rest/docs.json b/packages/rest/docs.json
@@ -26,7 +26,8 @@
     "src/providers/reject.provider.ts",
     "src/providers/send.provider.ts",
     "src/router/routing-table.ts",
-    "src/validation/request-body.validator.ts"
+    "src/validation/request-body.validator.ts",
+    "src/validation/request-query.validator.ts"
   ],
   "codeSectionDepth": 4
 }
diff --git a/packages/rest/src/__tests__/acceptance/file-upload/file-upload-with-parser.acceptance.ts b/packages/rest/src/__tests__/acceptance/file-upload/file-upload-with-parser.acceptance.ts
@@ -16,7 +16,7 @@ import {
   post,
   Request,
   requestBody,
-  RequestBody,
+  ValueWithSchema,
   RestApplication,
 } from '../../..';
 
@@ -97,10 +97,10 @@ class MultipartFormDataBodyParser implements BodyParser {
     return mediaType.startsWith(FORM_DATA);
   }
 
-  async parse(request: Request): Promise<RequestBody> {
+  async parse(request: Request): Promise<ValueWithSchema> {
     const storage = multer.memoryStorage();
     const upload = multer({storage});
-    return new Promise<RequestBody>((resolve, reject) => {
+    return new Promise<ValueWithSchema>((resolve, reject) => {
       // tslint:disable-next-line:no-any
       upload.any()(request, {} as any, err => {
         if (err) reject(err);

diff --git a/packages/rest/src/__tests__/unit/body-parser.unit.ts b/packages/rest/src/__tests__/unit/body-parser.unit.ts
@@ -14,7 +14,7 @@ import {
   JsonBodyParser,
   RawBodyParser,
   Request,
-  RequestBody,
+  ValueWithSchema,
   RequestBodyParser,
   RequestBodyParserOptions,
   StreamBodyParser,
@@ -254,7 +254,7 @@ describe('body parser', () => {
   describe('x-parser extension', () => {
     let spec: OperationObject;
     let req: Request;
-    let requestBody: RequestBody;
+    let requestBody: ValueWithSchema;
 
     it('skips body parsing', async () => {
       await loadRequestBodyWithXStream('stream');

diff --git a/packages/rest/src/__tests__/unit/coercion/paramObject.unit.ts b/packages/rest/src/__tests__/unit/coercion/paramObject.unit.ts
@@ -87,7 +87,7 @@ describe('coerce object param - optional', function() {
     test(OPTIONAL_ANY_OBJECT, {key: 'value'}, {key: 'value'});
     test(OPTIONAL_ANY_OBJECT, undefined, undefined);
     test(OPTIONAL_ANY_OBJECT, '', undefined);
-    test(OPTIONAL_ANY_OBJECT, 'null', null);
+    test(OPTIONAL_ANY_OBJECT, {key: 'null'}, {key: 'null'});
   });
 
   context('nested values are not coerced', () => {

diff --git a/packages/rest/src/__tests__/unit/request.query.validator.test.ts b/packages/rest/src/__tests__/unit/request.query.validator.test.ts
@@ -0,0 +1,193 @@
+import {expect} from '@loopback/testlab';
+import {validateRequestQuery} from '../../validation/request-query.validator';
+import {RestHttpErrors} from '../../';
+import {aBodySpec} from '../helpers';
+import {
+  ReferenceObject,
+  SchemaObject,
+  SchemasObject,
+} from '@loopback/openapi-v3-types';
+
+const INVALID_MSG = RestHttpErrors.INVALID_REQUEST_QUERY_MESSAGE;
+
+const PING_SCHEMA = {
+  properties: {
+    pageSize: {type: 'integer', minimum: 0, maximum: 100, multipleOf: 5},
+    pageNumber: {type: 'number', minimum: 10, maximum: 200, multipleOf: 3},
+    pageBool: {type: 'boolean'},
+    pageName: {type: 'string', maxLength: 5, minLength: 1, pattern: '[abc]+'},
+  },
+  required: ['pageSize'],
+};
+
+describe('validateRequestQuery', () => {
+  it('accepts valid data omitting optional properties', () => {
+    validateRequestQuery(
+      {value: {pageSize: 5}, schema: PING_SCHEMA},
+      aBodySpec(PING_SCHEMA),
+    );
+  });
+
+  it('rejects data missing a required property', () => {
+    const details: RestHttpErrors.ValidationErrorDetails[] = [
+      {
+        path: '',
+        code: 'required',
+        message: "should have required property 'pageSize'",
+        info: {missingProperty: 'pageSize'},
+      },
+    ];
+    verifyValidationRejectsInputWithError(
+      INVALID_MSG,
+      'VALIDATION_FAILED',
+      details,
+      {
+        description: 'missing required "pageSize"',
+      },
+      PING_SCHEMA,
+    );
+  });
+
+  it('rejects data containing values of a wrong type', () => {
+    const details: RestHttpErrors.ValidationErrorDetails[] = [
+      {
+        path: '.pageBool',
+        code: 'type',
+        message: 'should be boolean',
+        info: {type: 'boolean'},
+      },
+    ];
+    verifyValidationRejectsInputWithError(
+      INVALID_MSG,
+      'VALIDATION_FAILED',
+      details,
+      {
+        pageSize: 5,
+        pageBool: 1111,
+      },
+      PING_SCHEMA,
+    );
+  });
+
+  it('rejects invalid values for number properties', () => {
+    const details: RestHttpErrors.ValidationErrorDetails[] = [
+      {
+        path: '.pageNumber',
+        code: 'type',
+        message: 'should be number',
+        info: {type: 'number'},
+      },
+    ];
+    const schema: SchemaObject = {
+      properties: {
+        pageNumber: {type: 'number'},
+      },
+    };
+    verifyValidationRejectsInputWithError(
+      INVALID_MSG,
+      'VALIDATION_FAILED',
+      details,
+      {pageNumber: 'string value'},
+      schema,
+    );
+  });
+
+  it('rejects invalid values for number properties', () => {
+    const details: RestHttpErrors.ValidationErrorDetails[] = [
+      {
+        path: '.pageNumber',
+        code: 'type',
+        message: 'should be number',
+        info: {type: 'number'},
+      },
+    ];
+    const schema: SchemaObject = {
+      properties: {
+        pageNumber: {type: 'number'},
+      },
+    };
+    verifyValidationRejectsInputWithError(
+      INVALID_MSG,
+      'VALIDATION_FAILED',
+      details,
+      {pageNumber: 'string value'},
+      schema,
+    );
+  });
+
+  it('rejects invalid values for number properties', () => {
+    const details: RestHttpErrors.ValidationErrorDetails[] = [
+      {
+        path: '.pageSize',
+        code: 'type',
+        message: 'should be number',
+        info: {type: 'number'},
+      },
+      {
+        path: '.pageNumber',
+        code: 'type',
+        message: 'should be number',
+        info: {type: 'number'},
+      },
+      {
+        path: '.pageBool',
+        code: 'type',
+        message: 'should be boolean',
+        info: {type: 'boolean'},
+      },
+      {
+        path: '.pageName',
+        code: 'type',
+        message: 'should be string',
+        info: {type: 'string'},
+      },
+    ];
+    const schema: SchemaObject = {
+      properties: {
+        pageSize: {type: 'number'},
+        pageNumber: {type: 'number'},
+        pageBool: {type: 'boolean'},
+        pageName: {type: 'string'},
+      },
+    };
+    verifyValidationRejectsInputWithError(
+      INVALID_MSG,
+      'VALIDATION_FAILED',
+      details,
+      {
+        pageSize: 'string value',
+        pageNumber: 'string value',
+        pageBool: 1111,
+        pageName: 123,
+      },
+      schema,
+    );
+  });
+});
+
+// ----- HELPERS ----- /
+
+function verifyValidationRejectsInputWithError(
+  expectedMessage: string,
+  expectedCode: string,
+  expectedDetails: RestHttpErrors.ValidationErrorDetails[] | undefined,
+  query: object | null,
+  schema: SchemaObject | ReferenceObject,
+  schemas?: SchemasObject,
+  required?: boolean,
+) {
+  try {
+    validateRequestQuery(
+      {value: query, schema},
+      aBodySpec(schema, {required}),
+      schemas,
+    );
+    throw new Error(
+      "expected Function { name: 'validateRequestQuery' } to throw exception",
+    );
+  } catch (err) {
+    expect(err.message).to.equal(expectedMessage);
+    expect(err.code).to.equal(expectedCode);
+    expect(err.details).to.deepEqual(expectedDetails);
+  }
+}
diff --git a/packages/rest/src/body-parsers/body-parser.json.ts b/packages/rest/src/body-parsers/body-parser.json.ts
@@ -14,7 +14,7 @@ import {
   invokeBodyParserMiddleware,
   builtinParsers,
 } from './body-parser.helpers';
-import {BodyParser, RequestBody} from './types';
+import {BodyParser, ValueWithSchema} from './types';
 import {sanitizeJsonParse} from '../parse-json';
 
 export class JsonBodyParser implements BodyParser {
@@ -34,7 +34,7 @@ export class JsonBodyParser implements BodyParser {
     return !!is(mediaType, '*/json', '*/*+json');
   }
 
-  async parse(request: Request): Promise<RequestBody> {
+  async parse(request: Request): Promise<ValueWithSchema> {
     let body = await invokeBodyParserMiddleware(this.jsonParser, request);
     // https://github.com/expressjs/body-parser/blob/master/lib/types/json.js#L71-L76
     const contentLength = request.get('content-length');

diff --git a/packages/rest/src/body-parsers/body-parser.raw.ts b/packages/rest/src/body-parsers/body-parser.raw.ts
@@ -14,7 +14,7 @@ import {
   invokeBodyParserMiddleware,
   builtinParsers,
 } from './body-parser.helpers';
-import {BodyParser, RequestBody} from './types';
+import {BodyParser, ValueWithSchema} from './types';
 
 /**
  * Parsing the request body into Buffer
@@ -35,7 +35,7 @@ export class RawBodyParser implements BodyParser {
     return !!is(mediaType, 'application/octet-stream');
   }
 
-  async parse(request: Request): Promise<RequestBody> {
+  async parse(request: Request): Promise<ValueWithSchema> {
     const body = await invokeBodyParserMiddleware(this.rawParser, request);
     return {value: body};
   }

diff --git a/packages/rest/src/body-parsers/body-parser.stream.ts b/packages/rest/src/body-parsers/body-parser.stream.ts
@@ -4,7 +4,7 @@
 // License text available at https://opensource.org/licenses/MIT
 
 import {Request} from '../types';
-import {BodyParser, RequestBody} from './types';
+import {BodyParser, ValueWithSchema} from './types';
 import {builtinParsers} from './body-parser.helpers';
 
 /**
@@ -21,7 +21,7 @@ export class StreamBodyParser implements BodyParser {
     return false;
   }
 
-  async parse(request: Request): Promise<RequestBody> {
+  async parse(request: Request): Promise<ValueWithSchema> {
     return {value: request};
   }
 }
diff --git a/packages/rest/src/body-parsers/body-parser.text.ts b/packages/rest/src/body-parsers/body-parser.text.ts
@@ -14,7 +14,7 @@ import {
   invokeBodyParserMiddleware,
   builtinParsers,
 } from './body-parser.helpers';
-import {BodyParser, RequestBody} from './types';
+import {BodyParser, ValueWithSchema} from './types';
 
 export class TextBodyParser implements BodyParser {
   name = builtinParsers.text;
@@ -37,7 +37,7 @@ export class TextBodyParser implements BodyParser {
     return !!is(mediaType, 'text/*');
   }
 
-  async parse(request: Request): Promise<RequestBody> {
+  async parse(request: Request): Promise<ValueWithSchema> {
     const body = await invokeBodyParserMiddleware(this.textParser, request);
     return {value: body};
   }

diff --git a/packages/rest/src/body-parsers/body-parser.ts b/packages/rest/src/body-parsers/body-parser.ts
@@ -22,7 +22,7 @@ import {
 import {
   BodyParser,
   BodyParserFunction,
-  RequestBody,
+  ValueWithSchema,
   REQUEST_BODY_PARSER_TAG,
 } from './types';
 
@@ -45,7 +45,7 @@ export class RequestBodyParser {
   async loadRequestBodyIfNeeded(
     operationSpec: OperationObject,
     request: Request,
-  ): Promise<RequestBody> {
+  ): Promise<ValueWithSchema> {
     const {requestBody, customParser} = await this._matchRequestBodySpec(
       operationSpec,
       request,
@@ -78,7 +78,7 @@ export class RequestBodyParser {
     operationSpec: OperationObject,
     request: Request,
   ) {
-    const requestBody: RequestBody = {
+    const requestBody: ValueWithSchema = {
       value: undefined,
     };
     if (!operationSpec.requestBody) return {requestBody};

diff --git a/packages/rest/src/body-parsers/body-parser.urlencoded.ts b/packages/rest/src/body-parsers/body-parser.urlencoded.ts
@@ -14,7 +14,7 @@ import {
   invokeBodyParserMiddleware,
   builtinParsers,
 } from './body-parser.helpers';
-import {BodyParser, RequestBody} from './types';
+import {BodyParser, ValueWithSchema} from './types';
 
 export class UrlEncodedBodyParser implements BodyParser {
   name = builtinParsers.urlencoded;
@@ -32,7 +32,7 @@ export class UrlEncodedBodyParser implements BodyParser {
     return !!is(mediaType, 'urlencoded');
   }
 
-  async parse(request: Request): Promise<RequestBody> {
+  async parse(request: Request): Promise<ValueWithSchema> {
     const body = await invokeBodyParserMiddleware(
       this.urlencodedParser,
       request,

diff --git a/packages/rest/src/body-parsers/types.ts b/packages/rest/src/body-parsers/types.ts
@@ -8,7 +8,7 @@ import {Request} from '../types';
 /**
  * Request body with metadata
  */
-export type RequestBody = {
+export type ValueWithSchema = {
   /**
    * Parsed value of the request body
    */
@@ -46,13 +46,13 @@ export interface BodyParser {
    * Parse the request body
    * @param request http request
    */
-  parse(request: Request): Promise<RequestBody>;
+  parse(request: Request): Promise<ValueWithSchema>;
 }
 
 /**
  * Plain function for body parsing
  */
-export type BodyParserFunction = (request: Request) => Promise<RequestBody>;
+export type BodyParserFunction = (request: Request) => Promise<ValueWithSchema>;
 
 /**
  * Binding tag for request body parser extensions