@loopback/rest 6.0.0 → 7.0.1

package/src/validation/ajv-factory.provider.ts

@@ -4,16 +4,17 @@
 // License text available at https://opensource.org/licenses/MIT
 
 import {
-  bind,
   BindingScope,
   filterByTag,
   inject,
+  injectable,
   Provider,
 } from '@loopback/core';
 import AjvCtor from 'ajv';
 import debugModule from 'debug';
 import {RestBindings, RestTags} from '../keys';
 import {AjvFactory, AjvFormat, AjvKeyword, ValidationOptions} from '../types';
+import {openapiFormats} from './openapi-formats';
 
 const debug = debugModule('loopback:rest:ajv');
 
@@ -29,7 +30,7 @@ export const DEFAULT_AJV_VALIDATION_OPTIONS: ValidationOptions = {
 /**
  * A provider class that instantiate an AJV instance
  */
-@bind({scope: BindingScope.SINGLETON})
+@injectable({scope: BindingScope.SINGLETON})
 export class AjvFactoryProvider implements Provider<AjvFactory> {
   constructor(
     @inject(
@@ -57,8 +58,6 @@ export class AjvFactoryProvider implements Provider<AjvFactory> {
         jsonPointers: true,
         // nullable: support keyword "nullable" from Open API 3 specification.
         nullable: true,
-        // Allow OpenAPI spec binary format
-        unknownFormats: ['binary'],
         ...validationOptions,
       };
 
@@ -84,12 +83,17 @@ export class AjvFactoryProvider implements Provider<AjvFactory> {
         });
       }
 
+      for (const format of openapiFormats) {
+        ajvInst.addFormat(format.name, format);
+      }
+
       if (this.formats) {
         this.formats.forEach(format => {
           debug('Adding Ajv format %s', format.name);
           ajvInst.addFormat(format.name, format);
         });
       }
+
       return ajvInst;
     };
   }

package/src/validation/openapi-formats.ts

@@ -0,0 +1,92 @@
+// Copyright IBM Corp. 2020. All Rights Reserved.
+// Node module: @loopback/rest
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+import {AjvFormat} from '../types';
+
+/**
+ * int32: [-2147483648, 21474836 47]
+ */
+export const int32Format: AjvFormat = {
+  name: 'int32',
+  type: 'number',
+  validate: (value: number) => {
+    return (
+      Number.isInteger(value) && value >= -2147483648 && value <= 2147483647
+    );
+  },
+  async: false,
+};
+
+/**
+ * int64: [-9223372036854775808, 9223372036854775807]
+ */
+export const int64Format: AjvFormat = {
+  name: 'int64',
+  type: 'number',
+  validate: (value: number) => {
+    const max = Number.MAX_SAFE_INTEGER; // 9007199254740991
+    const min = Number.MIN_SAFE_INTEGER; // -9007199254740991
+    return Number.isInteger(value) && value >= min && value <= max;
+  },
+  async: false,
+};
+
+/**
+ * float: [-2^128, 2^128]
+ */
+export const floatFormat: AjvFormat = {
+  name: 'float',
+  type: 'number',
+  validate: (value: number) => {
+    return value >= -Math.pow(2, 128) && value <= Math.pow(2, 128);
+  },
+  async: false,
+};
+
+/**
+ * double: [-2^1024, 2^1024]
+ */
+export const doubleFormat: AjvFormat = {
+  name: 'double',
+  type: 'number',
+  validate: (value: number) => {
+    const max = Number.MAX_VALUE; // 1.7976931348623157e+308
+    const min = -Number.MAX_VALUE; // -1.7976931348623157e+308
+    return value >= min && value <= max;
+  },
+  async: false,
+};
+
+/**
+ * Base64 encoded string
+ */
+export const byteFormat: AjvFormat = {
+  name: 'byte',
+  type: 'string',
+  validate: (value: string) => {
+    const base64 = Buffer.from(value, 'base64').toString('base64');
+    return value === base64;
+  },
+  async: false,
+};
+
+/**
+ * Binary string
+ */
+export const binaryFormat: AjvFormat = {
+  name: 'binary',
+  type: 'string',
+  validate: (value: string) => true,
+  async: false,
+};
+
+export const openapiFormats: AjvFormat[] = [
+  int32Format,
+  int64Format,
+  floatFormat,
+  doubleFormat,
+  byteFormat,
+  binaryFormat,
+];

package/src/validation/request-body.validator.ts

@@ -12,7 +12,6 @@ import {
 } from '@loopback/openapi-v3';
 import ajv, {Ajv} from 'ajv';
 import debugModule from 'debug';
-import _ from 'lodash';
 import util from 'util';
 import {HttpErrors, RequestBody, RestHttpErrors} from '..';
 import {
@@ -119,11 +118,11 @@ function getKeyForOptions(
 }
 
 /**
- * Validate the request body data against JSON schema.
- * @param body - The request body data.
+ * Validate the value against JSON schema.
+ * @param value - The data value.
  * @param schema - The JSON schema used to perform the validation.
  * @param globalSchemas - Schema references.
- * @param options - Request body validation options.
+ * @param options - Value validation options.
  */
 export async function validateValueAgainstSchema(
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -156,11 +155,11 @@ export async function validateValueAgainstSchema(
   let validationErrors: ajv.ErrorObject[] = [];
   try {
     const validationResult = await validate(value);
-    // When value is optional & values is empty / null, ajv returns null
-    if (validationResult || validationResult === null) {
-      debug(`Value from ${options.source} passed AJV validation.`);
-      return;
-    }
+    debug(
+      `Value from ${options.source} passed AJV validation.`,
+      validationResult,
+    );
+    return validationResult;
   } catch (error) {
     validationErrors = error.errors;
   }
@@ -180,30 +179,32 @@ export async function validateValueAgainstSchema(
 
   // Throw invalid request body error
   if (options.source === 'body') {
-    const error = RestHttpErrors.invalidRequestBody();
-    addErrorDetails(error, validationErrors);
+    const error = RestHttpErrors.invalidRequestBody(
+      buildErrorDetails(validationErrors),
+    );
     throw error;
   }
 
   // Throw invalid value error
-  const error = new HttpErrors.BadRequest('Invalid value.');
-  addErrorDetails(error, validationErrors);
+  const error = RestHttpErrors.invalidData(value, options.name ?? '(unknown)', {
+    details: buildErrorDetails(validationErrors),
+  });
   throw error;
 }
 
-function addErrorDetails(
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  error: any,
+function buildErrorDetails(
   validationErrors: ajv.ErrorObject[],
-) {
-  error.details = _.map(validationErrors, e => {
-    return {
-      path: e.dataPath,
-      code: e.keyword,
-      message: e.message,
-      info: e.params,
-    };
-  });
+): RestHttpErrors.ValidationErrorDetails[] {
+  return validationErrors.map(
+    (e: ajv.ErrorObject): RestHttpErrors.ValidationErrorDetails => {
+      return {
+        path: e.dataPath,
+        code: e.keyword,
+        message: e.message ?? `must pass validation rule ${e.keyword}`,
+        info: e.params,
+      };
+    },
+  );
 }
 
 /**