Validate header parameters #122
Conversation
lib/committee/drivers/open_api_2.rb
Outdated
| @@ -133,6 +133,9 @@ def call | |||
| param_schema.items = param_data["items"] | |||
| end | |||
|
|
|||
| # if parameter is defined in header, uppercase name parameter to recognize CGI header. | |||
| param_data["name"].upcase! if param_data["in"] == "header" | |||
There was a problem hiding this comment.
Can we just perform the upcase when doing the validation? I think having all the logic in one place is just going to make everything in a little more readable.
lib/committee/request_unpacker.rb
Outdated
| @coerce_form_params = options[:coerce_form_params] | ||
| @optimistic_json = options[:optimistic_json] | ||
| @schema = options[:schema] | ||
| @allow_form_params = options[:allow_form_params] |
There was a problem hiding this comment.
What do you think about having allow_header_params on by default? As you noticed, it seems to be part of the spec, and the reason that allow_query_params and allow_form_params exist is that they're doing something that's a little abnormal from the standard Committee conventions. Header parameters are almost entirely orthogonal to other types of parameters, and I suspect it's fine just to always allow them.
There was a problem hiding this comment.
Thank you for your pointing it out.
I think allow_header_params should be true by default too.
In the same way as other parameter, I'll set default parameter on RequestValidation's constructor.
| headers[headerized_key] = env[key] | ||
| headers | ||
| end | ||
| end |
There was a problem hiding this comment.
I'm a tad bit concerned about the potential for different types of parameters to start colliding. For example, you could have a param called Encoding that appeared as both a header and as a form parameter, and Committee would have a hard time differentiating between the two.
What do you think about separating headers out into separate buckets? Maybe the best solution would be if RequestUnpacker returned a [headers, params] where each element could be validated separately, but a cheaper solution might be to just have a special __committee_headers key in the params hash for now that's extracted during validation. Thoughts?
There was a problem hiding this comment.
As you pointed out, I think header and parameter are orthogonal too.
In current PR implementation, collision is occured and this is not good for us.
So separating headers out into separate buckets is good idea.
I think the best solution is separeting params and headers on RequestUnpacker#call too.
The following is idea for implementation.
Committee::Drivers::OpenAPI2::Linkhas newheader_schemaattribute that isJsonSchema::SchemaObject to validate header.Committee::Drivers::HyperSchemadoes't haveheader_schema. This attribute only be in OpenAPI.
RequestUnpackerreturns array, params and headers.RequestValidatorvalidates params and headers separately. params are validated with Link#schema, headers are validated with Link#header_schema.
If the above solution looks good, I'll implement it.
There was a problem hiding this comment.
Thanks for thinking it through so thoroughly! Yes, that sounds good to me.
tzmfreedom
force-pushed
the
validate_header_parameters
branch
3 times, most recently
from
09f9e50 to
7231af9
Compare
tzmfreedom
force-pushed
the
validate_header_parameters
branch
from
7231af9 to
719db39
Compare
|
Thank you for the significant chunk of work here @tzmfreedom! Once again, apologies for the delay in getting back to you on it — if it happens again in the future, feel free to bump the thread to get it back to the top of my inbox. This looks good me! |
|
Released as 2.1.0. |
On current version of committee, parameters in header is not validated when parameter is defined in header on OpenAPI 2.0 format.
So the following OpenAPI description is not working because current version does't extract and validate header values.
This pull request solve them.