feat(operations): validate request params

aleksandryackovlev · Feb 20, 2020 · 391b38f · 391b38f
1 parent dff5717
commit 391b38f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 7 deletions.
diff --git a/src/operation.ts b/src/operation.ts
@@ -5,7 +5,7 @@ import Ajv from 'ajv';
 import { has, get, set } from 'lodash';
 
 import faker from 'faker';
-import { pathToRegexp } from 'path-to-regexp';
+import { pathToRegexp, match } from 'path-to-regexp';
 
 jsf.extend('faker', () => {
   // faker.locale = locale;
@@ -24,7 +24,7 @@ jsf.define('examples', (value) => {
   return '';
 });
 
-const ajv = new Ajv({ unknownFormats: ['int32', 'int64', 'binary'] });
+const ajv = new Ajv({ coerceTypes: true, unknownFormats: ['int32', 'int64', 'binary'] });
 
 function isReferenceObject(response: unknown): response is OpenAPIV3.ReferenceObject {
   return typeof response === 'object' && response !== null && '$ref' in response;
@@ -37,6 +37,8 @@ class Operation {
 
   operation: OpenAPIV3.OperationObject;
 
+  pathPattern: string;
+
   securitySchemes: { [key: string]: OpenAPIV3.SecuritySchemeObject } | null;
 
   constructor({
@@ -50,13 +52,13 @@ class Operation {
     operation: OpenAPIV3.OperationObject;
     securitySchemes?: { [key: string]: OpenAPIV3.SecuritySchemeObject };
   }) {
-    const pathPattern = path.replace(/\{([^/}]+)\}/g, (p1: string, p2: string): string => `:${p2}`);
+    this.pathPattern = path.replace(/\{([^/}]+)\}/g, (p1: string, p2: string): string => `:${p2}`);
 
     this.method = method.toUpperCase();
     this.operation = operation;
     this.securitySchemes = securitySchemes || null;
 
-    this.pathRegexp = pathToRegexp(pathPattern);
+    this.pathRegexp = pathToRegexp(this.pathPattern);
   }
 
   getResponseSchema(): JSONSchema | null {
@@ -214,6 +216,17 @@ class Operation {
         }
       }
 
+      const matchPath = match(this.pathPattern);
+      const matchObject = matchPath(req.path);
+
+      if ((matchObject && matchObject.params) || schemas.path) {
+        const isPathValid = ajv.validate(schemas.path, (matchObject && matchObject.params) || {});
+
+        if (!isPathValid) {
+          return false;
+        }
+      }
+
       return true;
     }
 

diff --git a/test/integration.spec.ts b/test/integration.spec.ts
@@ -62,10 +62,10 @@ describe('middleware', () => {
     expect(response.status).toBe(400);
   });
 
-  it.skip('should return an 400 error response if path params are not valid', async () => {
-    const response = await request.get('/api/pet/2');
+  it('should return an 400 error response if path params are not valid', async () => {
+    const response = await request.get('/api/pet/foo').set('api_key', 'someKey');
 
-    expect(response.status).toBe(200);
+    expect(response.status).toBe(400);
   });
 
   it('should return an 400 error response if query params are not valid', async () => {