Server validation of body schemas

[Max Goldstein]

I want my server (written in Java) to validate that the bodies of incoming POST and PUT requests matches the Schema Object for that operation's body parameter defined in my Swagger spec. I'd also like to validate that outgoing response bodies conform to the schema defined in the response object.

I'm aware of swagger-inflector but it doesn't seem particularly well-maintained. It validates query parameters (and presumably URL ones as well) but it doesn't validate the body, at least in my testing. Some of my other concerns is that it doesn't appear to validate the multipleOf property (source) or enforce the discriminator property.

My current best idea is to use the JSON Schema validator (27 hundred commits) and follow up with custom code to validate the discriminator and readOnly properties (which Swagger adds to JSON Schema). Is there a better library that I'm unaware of? Is there some other solution that I should know about?

[tony tam]

Well swagger-inflector does validate payloads with the options here:

https://github.com/swagger-api/swagger-inflector#payload-validation

However, you can “borrow” the logic that validates payloads and do your own logic.  The hardest part is to “resolve fully” the spec (that means in-lining references) before using any schema validator.

--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Max Goldstein]

I'll give that option a shot and report back.

I'm already set up with the node swagger parser so inlining references is not a problem.

[Max Goldstein]

Sorry for the delay, but the inflector does indeed not validate multipleOf or the discriminator. This doesn't give me confidence in using it.

Does anyone know of any request/response validator, in any language, that validates the discriminant?

[tony tam]

That’s the closest project I know of.  And if something isn’t supported, you can always file an issue so that it becomes so?  That’s the normal way to get features in.

The hardest part of validating payloads isn’t the validation itself—it’s figuring out what schema to use, and when.

On Sep 20, 2016, at 7:39 AM, Max Goldstein <maxgol...@gmail.com> wrote:

Sorry for the delay, but the inflector does indeed not validate multipleOf or the discriminator. This doesn't give me confidence in using it.

Does anyone know of any request/response validator, in any language, that validates the discriminant?

[James Navin]

You could look at https://bitbucket.org/atlassian/swagger-request-validator (disclaimer - I wrote it)

It uses the JSON Schema validator to handle the schema validation, and has adapters for some common libraries. If there's something missing that you need feel free to raise a PR or a ticket in the issue tracker.

[tony tam]

Thanks for sharing this, James.  Perhaps you can send a PR to the swagger.io site so we can add it in the OSS tools section?

[James Navin]

Great idea. I just opened a PR.

Cheers.

To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "Swagger" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/swagger-swaggersocket/5VozQjzCjz0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to swagger-swaggersocket+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

James Navin
Email: jfn...@gmail.com

Web: www.jamesnavin.net