Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Request validation plugin #1709

Merged
merged 17 commits into from
Jul 21, 2020
Merged

Request validation plugin #1709

merged 17 commits into from
Jul 21, 2020

Conversation

sshniro
Copy link
Member

@sshniro sshniro commented Jun 13, 2020
edited
Loading

Resolves #1643
The plugin uses the json-schema validator to validate requests before sending them to upstream.
This plugin can be used to validate the header and body data.

@sshniro
Copy link
Member Author

sshniro commented Jun 13, 2020

@membphis , @moonming should I write more test cases for different types of schema validations or rely on the JSON schema validator itself?

@sshniro sshniro requested review from moonming and membphis June 13, 2020 22:01
membphis
membphis requested changes Jun 14, 2020
View reviewed changes
Copy link
Member

@membphis membphis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add test case: Use illegal JSON request.

membphis
membphis requested changes Jun 16, 2020
View reviewed changes
Copy link
Member

@membphis membphis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need more test cases about the header schema

apisix/plugins/request-validation.lua


function _M.check_schema(conf)
return core.schema.check(schema, conf)
Copy link
Member

@membphis membphis Jun 16, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

export the API create_validator : https://github.com/apache/incubator-apisix/blob/master/apisix/core/schema.lua#L26

then we can use it to confirm if the input conf is a valid JSON Schema.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not understand this comment @membphis , ain't coreschema.check internally calls create_validator for validation?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here is the an valid example you provide, the user maybe provide a invalid schema:

"body_schema": {
    "type": "object",
    "required": ["required_payload"],
    "properties": {
            "emum_payload": {
            "type": "string",  # the user maybe specified a wrong type, eg: `str`
            "enum": ["enum_string_1", "enum_string_2"],
            "default": "enum_string_1"
        }
    }
}

here is detail:

image

@membphis membphis mentioned this pull request Jun 23, 2020
Closed
Nirojan Selvanathan and others added 3 commits July 16, 2020 19:48
Merge branch 'master' into request-validator
0c81b44 
# Conflicts:
#	conf/config.yaml
#	t/admin/plugins.t
#	t/debug/debug-mode.t
@sshniro
Down merge changes
e961fc4
@sshniro
Adding test cases for header conf
ba75aaa
membphis
membphis previously requested changes Jul 17, 2020
View reviewed changes
apisix/plugins/request-validation.lua
end
end

if conf.body_schema then
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

another style, I think this one is better:

if not conf.body_schema then
    return
end

ngx.req.read_body()
local body = ngx.req.get_body_data()
local req_body, err

if headers["content-type"] == "application/x-www-form-urlencoded" then
    req_body, err = ngx.decode_args(body)
else -- JSON as default
    req_body, err = core.json.decode(body)
end

if not req_body then
    ... ...
    return 
end

local ok, err = core.schema.check(conf.body_schema, req_body)
...

@membphis
Copy link
Member

@sshniro you can rebase your branch with master, the CI will faster.

membphis
membphis reviewed Jul 17, 2020
View reviewed changes
apisix/plugins/request-validation.lua


function _M.check_schema(conf)
return core.schema.check(schema, conf)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here is the an valid example you provide, the user maybe provide a invalid schema:

"body_schema": {
    "type": "object",
    "required": ["required_payload"],
    "properties": {
            "emum_payload": {
            "type": "string",  # the user maybe specified a wrong type, eg: `str`
            "enum": ["enum_string_1", "enum_string_2"],
            "default": "enum_string_1"
        }
    }
}

here is detail:

image

doc/plugins/request-validation.md

**Using ENUMS:**

```shell
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should use json here

doc/plugins/request-validation.md
"properties": {
"emum_payload": {
"type": "string",
enum: ["enum_string_1", "enum_string_2"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line should be wrong, it should be "enum":

doc/plugins/request-validation.md

**JSON with multiple levels:**

```shell
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

json ditto

@moonming
Copy link
Member

we can merge first, then fix minor issues.

@membphis membphis mentioned this pull request Jul 21, 2020
Closed
@membphis membphis dismissed their stale review July 21, 2020 13:36

#1881 fix later

@membphis membphis merged commit a617999 into apache:master Jul 21, 2020
@membphis
Copy link
Member

@sshniro merged, many thx

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@shenal shenal shenal left review comments

@membphis membphis membphis approved these changes

@moonming moonming Awaiting requested review from moonming

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

request help: How to validate request in APISIX
4 participants
@sshniro @membphis @moonming @shenal