-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request validation plugin #1709
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add test case: Use illegal JSON request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need more test cases about the header schema
|
||
|
||
function _M.check_schema(conf) | ||
return core.schema.check(schema, conf) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
export the API create_validator
: https://github.com/apache/incubator-apisix/blob/master/apisix/core/schema.lua#L26
then we can use it to confirm if the input conf
is a valid JSON Schema.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not understand this comment @membphis , ain't coreschema.check
internally calls create_validator
for validation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here is the an valid example you provide, the user maybe provide a invalid schema:
"body_schema": {
"type": "object",
"required": ["required_payload"],
"properties": {
"emum_payload": {
"type": "string", # the user maybe specified a wrong type, eg: `str`
"enum": ["enum_string_1", "enum_string_2"],
"default": "enum_string_1"
}
}
}
here is detail:
# Conflicts: # conf/config.yaml # t/admin/plugins.t # t/debug/debug-mode.t
end | ||
end | ||
|
||
if conf.body_schema then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
another style, I think this one is better:
if not conf.body_schema then
return
end
ngx.req.read_body()
local body = ngx.req.get_body_data()
local req_body, err
if headers["content-type"] == "application/x-www-form-urlencoded" then
req_body, err = ngx.decode_args(body)
else -- JSON as default
req_body, err = core.json.decode(body)
end
if not req_body then
... ...
return
end
local ok, err = core.schema.check(conf.body_schema, req_body)
...
@sshniro you can rebase your branch with |
|
||
|
||
function _M.check_schema(conf) | ||
return core.schema.check(schema, conf) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here is the an valid example you provide, the user maybe provide a invalid schema:
"body_schema": {
"type": "object",
"required": ["required_payload"],
"properties": {
"emum_payload": {
"type": "string", # the user maybe specified a wrong type, eg: `str`
"enum": ["enum_string_1", "enum_string_2"],
"default": "enum_string_1"
}
}
}
here is detail:
|
||
**Using ENUMS:** | ||
|
||
```shell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should use json
here
"properties": { | ||
"emum_payload": { | ||
"type": "string", | ||
enum: ["enum_string_1", "enum_string_2"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this line should be wrong, it should be "enum":
|
||
**JSON with multiple levels:** | ||
|
||
```shell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
json
ditto
we can merge first, then fix minor issues. |
@sshniro merged, many thx |
Resolves #1643
The plugin uses the
json-schema
validator to validate requests before sending them to upstream.This plugin can be used to validate the header and body data.