Request validation plugin#1709
Request validation plugin#1709membphis merged 17 commits intoapache:masterfrom sshniro:request-validator
Conversation
membphis
left a comment
membphis
left a comment
There was a problem hiding this comment.
Add test case: Use illegal JSON request.
membphis
left a comment
membphis
left a comment
There was a problem hiding this comment.
we need more test cases about the header schema
|
|
||
|
|
||
| function _M.check_schema(conf) | ||
| return core.schema.check(schema, conf) |
There was a problem hiding this comment.
export the API create_validator : https://github.com/apache/incubator-apisix/blob/master/apisix/core/schema.lua#L26
then we can use it to confirm if the input conf is a valid JSON Schema.
There was a problem hiding this comment.
I do not understand this comment @membphis , ain't coreschema.check internally calls create_validator for validation?
There was a problem hiding this comment.
here is the an valid example you provide, the user maybe provide a invalid schema:
"body_schema": {
"type": "object",
"required": ["required_payload"],
"properties": {
"emum_payload": {
"type": "string", # the user maybe specified a wrong type, eg: `str`
"enum": ["enum_string_1", "enum_string_2"],
"default": "enum_string_1"
}
}
}here is detail:
# Conflicts: # conf/config.yaml # t/admin/plugins.t # t/debug/debug-mode.t
| end | ||
| end | ||
|
|
||
| if conf.body_schema then |
There was a problem hiding this comment.
another style, I think this one is better:
if not conf.body_schema then
return
end
ngx.req.read_body()
local body = ngx.req.get_body_data()
local req_body, err
if headers["content-type"] == "application/x-www-form-urlencoded" then
req_body, err = ngx.decode_args(body)
else -- JSON as default
req_body, err = core.json.decode(body)
end
if not req_body then
... ...
return
end
local ok, err = core.schema.check(conf.body_schema, req_body)
...
|
@sshniro you can rebase your branch with |
|
|
||
|
|
||
| function _M.check_schema(conf) | ||
| return core.schema.check(schema, conf) |
There was a problem hiding this comment.
here is the an valid example you provide, the user maybe provide a invalid schema:
"body_schema": {
"type": "object",
"required": ["required_payload"],
"properties": {
"emum_payload": {
"type": "string", # the user maybe specified a wrong type, eg: `str`
"enum": ["enum_string_1", "enum_string_2"],
"default": "enum_string_1"
}
}
}here is detail:
|
|
||
| **Using ENUMS:** | ||
|
|
||
| ```shell |
| "properties": { | ||
| "emum_payload": { | ||
| "type": "string", | ||
| enum: ["enum_string_1", "enum_string_2"] |
There was a problem hiding this comment.
this line should be wrong, it should be "enum":
|
|
||
| **JSON with multiple levels:** | ||
|
|
||
| ```shell |
|
we can merge first, then fix minor issues. |
|
@sshniro merged, many thx |
4 participants
Resolves #1643
The plugin uses the
json-schemavalidator to validate requests before sending them to upstream.This plugin can be used to validate the header and body data.