Skip to content

Commit

Permalink
apply linter/formatter
Browse files Browse the repository at this point in the history
  • Loading branch information
Carmine DiMascio committed Nov 9, 2019
1 parent 55440a8 commit 82c4bed
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 33 deletions.
31 changes: 20 additions & 11 deletions src/middlewares/openapi.request.validator.ts
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,10 @@ export class RequestValidator {

private buildMiddleware(path, pathSchema, contentType) {
const parameters = this.parametersToSchema(path, pathSchema.parameters);
const securityQueryParameter = this.getSecurityQueryParams(pathSchema, this._apiDocs.components.securitySchemes);
const securityQueryParameter = this.getSecurityQueryParams(
pathSchema,
this._apiDocs.components.securitySchemes,
);

let requestBody = pathSchema.requestBody;

Expand All @@ -87,7 +90,11 @@ export class RequestValidator {

const validator = this.ajv.compile(schema);
return (req, res, next) => {
this.rejectUnknownQueryParams(req.query, schema.properties.query, securityQueryParameter);
this.rejectUnknownQueryParams(
req.query,
schema.properties.query,
securityQueryParameter,
);

const shouldUpdatePathParams =
Object.keys(req.openapi.pathParams).length > 0;
Expand Down Expand Up @@ -160,7 +167,7 @@ export class RequestValidator {
private rejectUnknownQueryParams(query, schema, whiteList = []) {
if (!schema.properties) return;
const knownQueryParams = new Set(Object.keys(schema.properties));
whiteList.forEach ( item => knownQueryParams.add(item));
whiteList.forEach(item => knownQueryParams.add(item));
const queryParams = Object.keys(query);
for (const q of queryParams) {
if (!knownQueryParams.has(q)) {
Expand Down Expand Up @@ -189,14 +196,16 @@ export class RequestValidator {
}

private getSecurityQueryParams(pathSchema, securitySchema) {
return (pathSchema.security && securitySchema) ? pathSchema.security
.filter( obj => Object.entries(obj).length !== 0 )
.map( sec => {
const securityKey = Object.keys(sec)[0];
return securitySchema[securityKey];
})
.filter(sec => sec && sec.in && sec.in === 'query')
.map(sec => sec.name) : [];
return pathSchema.security && securitySchema
? pathSchema.security
.filter(obj => Object.entries(obj).length !== 0)
.map(sec => {
const securityKey = Object.keys(sec)[0];
return securitySchema[securityKey];
})
.filter(sec => sec && sec.in && sec.in === 'query')
.map(sec => sec.name)
: [];
}

private parametersToSchema(path, parameters = []) {
Expand Down
33 changes: 11 additions & 22 deletions test/security.top.level.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -48,18 +48,14 @@ describe(packageJson.name, () => {
const body = r.body;
expect(body.errors).to.be.an('array');
expect(body.errors).to.have.length(1);
expect(body.errors[0].message).to.equals(
"'X-API-Key' header required",
);
expect(body.errors[0].message).to.equals("'X-API-Key' header required");
}));


it('should return 200 if apikey exists', async () =>
request(app)
.get(`${basePath}/api_key`)
.set('X-API-Key', 'test')
.expect(200)
);
.expect(200));

it('should return 404 if apikey exist, but path doesnt exist', async () =>
request(app)
Expand All @@ -70,9 +66,7 @@ describe(packageJson.name, () => {
const body = r.body;
expect(body.errors).to.be.an('array');
expect(body.errors).to.have.length(1);
expect(body.errors[0].message).to.equals(
'not found',
);
expect(body.errors[0].message).to.equals('not found');
}));

it('should return 405 if apikey exist, but invalid method used', async () =>
Expand All @@ -84,32 +78,27 @@ describe(packageJson.name, () => {
const body = r.body;
expect(body.errors).to.be.an('array');
expect(body.errors).to.have.length(1);
expect(body.errors[0].message).to.equals(
'POST method not allowed',
);
expect(body.errors[0].message).to.equals('POST method not allowed');
}));

it('should return 200 if apikey exist as query param', async () =>
request(app)
.get(`${basePath}/api_query_key`)
.query({ "APIKey": 'test' })
.expect(200)
);
.query({ APIKey: 'test' })
.expect(200));

it('should return 200 if apikey exist as query param with another query parmeter in the request', async () =>
request(app)
.get(`${basePath}/api_query_keys`)
.query({ "APIKey": 'test' })
.query({ "param1": 'anotherTest' })
.expect(200)
);
.query({ APIKey: 'test' })
.query({ param1: 'anotherTest' })
.expect(200));

it('should return 200 if apikey exist as query param with no query parmeter in the request but in the spec', async () =>
request(app)
.get(`${basePath}/api_query_keys`)
.query({ "APIKey": 'test' })
.expect(200)
);
.query({ APIKey: 'test' })
.expect(200));
it('should return 200 if apikey or anonymous', async () =>
request(app)
.get(`${basePath}/api_key_or_anonymous`)
Expand Down

0 comments on commit 82c4bed

Please sign in to comment.