feat(operation): validate request body

aleksandryackovlev · Feb 18, 2020 · 37da559 · 37da559
1 parent fba043d
commit 37da559
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 3 deletions.
diff --git a/src/operation.ts b/src/operation.ts
@@ -1,6 +1,7 @@
 import jsf, { JSONSchema } from 'json-schema-faker';
 import { OpenAPIV3 } from 'openapi-types';
 import express from 'express';
+import Ajv from 'ajv';
 import { has, get } from 'lodash';
 
 import faker from 'faker';
@@ -23,6 +24,8 @@ jsf.define('examples', (value) => {
   return '';
 });
 
+const ajv = new Ajv({ unknownFormats: ['int32', 'int64', 'binary'] });
+
 function isReferenceObject(response: unknown): response is OpenAPIV3.ReferenceObject {
   return typeof response === 'object' && response !== null && '$ref' in response;
 }
@@ -153,13 +156,38 @@ class Operation {
     return true;
   }
 
+  // isParamsValid(): boolean {
+  //   return true;
+  // }
+
+  isBodyValid(req: express.Request): boolean {
+    if (has(this.operation, ['requestBody', 'content', 'application/json', 'schema'])) {
+      const isBodyValid = ajv.validate(
+        get(this.operation, ['requestBody', 'content', 'application/json', 'schema']),
+        req.body
+      );
+
+      return !!isBodyValid;
+    }
+
+    return true;
+  }
+
+  isRequestValid(req: express.Request): boolean {
+    return /* this.isParamsValid() && */ this.isBodyValid(req);
+  }
+
   generateResponse(req: express.Request, res: express.Response): express.Response {
     const responseSchema = this.getResponseSchema();
 
     if (!this.isRequestAuthorized(req)) {
       return res.status(401).json({ message: 'Unauthorized request' });
     }
 
+    if (!this.isRequestValid(req)) {
+      return res.status(400).json({ message: 'Bad request' });
+    }
+
     return res.json(responseSchema ? jsf.generate(responseSchema) : {});
   }
 }

diff --git a/test/integration.spec.ts b/test/integration.spec.ts
@@ -53,6 +53,15 @@ describe('middleware', () => {
     expect(response.body).toHaveProperty('message', 'Not found');
   });
 
+  it('should return an 400 error response if request body is not valid', async () => {
+    const response = await request
+      .post('/api/pet')
+      .set('Authorization', 'Bearer key')
+      .send({ name: 'doggie', photoUrls: ['http://some-url.com'], status: 'incorrect' });
+
+    expect(response.status).toBe(400);
+  });
+
   it.skip('should return an 400 error response if path params are not valid', async () => {
     const response = await request.get('/api/pet/2');
 
@@ -71,13 +80,13 @@ describe('middleware', () => {
     expect(response.status).toBe(200);
   });
 
-  it.skip('should return an 401 error response if security schema params are not valid', async () => {
+  it('should return an 401 error response if security schema params are not valid', async () => {
     const response = await request.get('/api/pet/2');
 
-    expect(response.status).toBe(200);
+    expect(response.status).toBe(401);
   });
 
-  it.skip('should return an 400 error response on invalid content-type response', async () => {
+  it.skip('should return an 400 error response on invalid content-type request', async () => {
     const response = await request.get('/api/pet/2');
 
     expect(response.status).toBe(200);