@naturalcycles/backend-lib 9.42.0 → 9.42.2

package/dist/server/serverStatsMiddleware.js

@@ -63,7 +63,7 @@ export const serverStatsHTMLHandler = (req, res) => {
                 '<tr>',
                 `<td><pre>${endpoint}</pre></td>`,
                 `<td align="right"><pre>${stat.total}</pre></td>`,
-                // eslint-disable-next-line @typescript-eslint/no-base-to-string
+                // oxlint-disable-next-line @typescript-eslint/no-base-to-string typescript/restrict-template-expressions
                 ...families.map(f => `<td align="right"><pre>${stat[f]}</pre></td>`),
                 ...percentiles.map(pc => `<td align="right"><pre>${stat.pc[pc]}</pre></td>`),
                 '</tr>',

package/dist/validation/ajv/ajvValidateRequest.d.ts

@@ -3,7 +3,19 @@ import type { BackendRequest } from '../../server/server.model.js';
 import { type ReqValidationOptions } from '../validateRequest.util.js';
 declare class AjvValidateRequest {
     body<IN, OUT>(req: BackendRequest, schema: SchemaHandledByAjv<IN, OUT>, opt?: ReqValidationOptions<AjvValidationError>): OUT;
+    /**
+     * Query validation uses type coercion (unlike body validation),
+     * so the passed in schemas do not need to specify only string values.
+     *
+     * Coercion mutates the input, even if the end result is that the input failed the validation.
+     */
     query<IN, OUT>(req: BackendRequest, schema: SchemaHandledByAjv<IN, OUT>, opt?: ReqValidationOptions<AjvValidationError>): OUT;
+    /**
+     * Params validation uses type coercion (unlike body validation),
+     * so the passed in schemas do not need to specify only string values.
+     *
+     * Coercion mutates the input, even if the end result is that the input failed the validation.
+     */
     params<IN, OUT>(req: BackendRequest, schema: SchemaHandledByAjv<IN, OUT>, opt?: ReqValidationOptions<AjvValidationError>): OUT;
     /**
      * Does NOT mutate `req.headers`,

package/dist/validation/ajv/ajvValidateRequest.js

@@ -1,15 +1,27 @@
 import { _deepCopy } from '@naturalcycles/js-lib/object';
-import { AjvSchema, } from '@naturalcycles/nodejs-lib/ajv';
+import { AjvSchema, getCoercingAjv, } from '@naturalcycles/nodejs-lib/ajv';
 import { handleValidationError } from '../validateRequest.util.js';
 class AjvValidateRequest {
     body(req, schema, opt = {}) {
         return this.validate(req, 'body', schema, opt);
     }
+    /**
+     * Query validation uses type coercion (unlike body validation),
+     * so the passed in schemas do not need to specify only string values.
+     *
+     * Coercion mutates the input, even if the end result is that the input failed the validation.
+     */
     query(req, schema, opt = {}) {
-        return this.validate(req, 'query', schema, opt);
+        return this.validate(req, 'query', schema, { coerceTypes: true, ...opt });
     }
+    /**
+     * Params validation uses type coercion (unlike body validation),
+     * so the passed in schemas do not need to specify only string values.
+     *
+     * Coercion mutates the input, even if the end result is that the input failed the validation.
+     */
     params(req, schema, opt = {}) {
-        return this.validate(req, 'params', schema, opt);
+        return this.validate(req, 'params', schema, { coerceTypes: true, ...opt });
     }
     /**
      * Does NOT mutate `req.headers`,
@@ -27,7 +39,9 @@ class AjvValidateRequest {
     }
     validate(req, reqProperty, schema, opt = {}) {
         const input = req[reqProperty] || {};
-        const ajvSchema = AjvSchema.create(schema);
+        const { coerceTypes } = opt;
+        const ajv = coerceTypes ? getCoercingAjv() : undefined;
+        const ajvSchema = AjvSchema.create(schema, { ajv });
         const [error, output] = ajvSchema.getValidationResult(input, {
             inputName: `request.${reqProperty}`,
         });

package/dist/validation/validateRequest.util.d.ts

@@ -11,4 +11,13 @@ export interface ReqValidationOptions<ERR extends AppError> {
      * If true - `genericErrorHandler` will report it to errorReporter (aka Sentry).
      */
     report?: boolean | ((err: ERR) => boolean);
+    /**
+     * Defaults to false, because it promotes type safe thinking.
+     *
+     * If set to true, AJV will try to coerce the types after the validation fails and retry the validation.
+     *
+     * To be used in places where we know that we are going to receive data with the wrong type,
+     * typically: request path params and request query params.
+     */
+    coerceTypes?: boolean;
 }

package/dist/validation/validateRequest.util.js

@@ -11,6 +11,7 @@ export function handleValidationError(error, originalProperty, opt = {}) {
     if (opt.redactPaths) {
         redact(opt.redactPaths, originalProperty, error);
     }
+    makeErrorUserReadable(error);
     throw new AppError(error.message, {
         backendResponseStatusCode: 400,
         report,
@@ -29,3 +30,9 @@ function redact(redactPaths, obj, error) {
         error.message = error.message.replaceAll(secret, REDACTED);
     });
 }
+/**
+ * Mutates error
+ */
+function makeErrorUserReadable(error) {
+    error.message = error.message.replaceAll('[Object: null prototype] ', '');
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@naturalcycles/backend-lib",
   "type": "module",
-  "version": "9.42.0",
+  "version": "9.42.2",
   "peerDependencies": {
     "@sentry/node": "^10"
   },

package/src/server/serverStatsMiddleware.ts

@@ -87,7 +87,7 @@ export const serverStatsHTMLHandler: BackendRequestHandler = (req, res) => {
         '<tr>',
         `<td><pre>${endpoint}</pre></td>`,
         `<td align="right"><pre>${stat.total}</pre></td>`,
-        // eslint-disable-next-line @typescript-eslint/no-base-to-string
+        // oxlint-disable-next-line @typescript-eslint/no-base-to-string typescript/restrict-template-expressions
         ...families.map(f => `<td align="right"><pre>${stat[f]}</pre></td>`),
         ...percentiles.map(pc => `<td align="right"><pre>${stat.pc![pc]}</pre></td>`),
         '</tr>',

package/src/validation/ajv/ajvValidateRequest.ts

@@ -2,6 +2,7 @@ import { _deepCopy } from '@naturalcycles/js-lib/object'
 import {
   AjvSchema,
   type AjvValidationError,
+  getCoercingAjv,
   type SchemaHandledByAjv,
 } from '@naturalcycles/nodejs-lib/ajv'
 import type { BackendRequest } from '../../server/server.model.js'
@@ -16,20 +17,32 @@ class AjvValidateRequest {
     return this.validate(req, 'body', schema, opt)
   }
 
+  /**
+   * Query validation uses type coercion (unlike body validation),
+   * so the passed in schemas do not need to specify only string values.
+   *
+   * Coercion mutates the input, even if the end result is that the input failed the validation.
+   */
   query<IN, OUT>(
     req: BackendRequest,
     schema: SchemaHandledByAjv<IN, OUT>,
     opt: ReqValidationOptions<AjvValidationError> = {},
   ): OUT {
-    return this.validate(req, 'query', schema, opt)
+    return this.validate(req, 'query', schema, { coerceTypes: true, ...opt })
   }
 
+  /**
+   * Params validation uses type coercion (unlike body validation),
+   * so the passed in schemas do not need to specify only string values.
+   *
+   * Coercion mutates the input, even if the end result is that the input failed the validation.
+   */
   params<IN, OUT>(
     req: BackendRequest,
     schema: SchemaHandledByAjv<IN, OUT>,
     opt: ReqValidationOptions<AjvValidationError> = {},
   ): OUT {
-    return this.validate(req, 'params', schema, opt)
+    return this.validate(req, 'params', schema, { coerceTypes: true, ...opt })
   }
 
   /**
@@ -58,7 +71,10 @@ class AjvValidateRequest {
     opt: ReqValidationOptions<AjvValidationError> = {},
   ): OUT {
     const input: IN = req[reqProperty] || {}
-    const ajvSchema = AjvSchema.create(schema)
+
+    const { coerceTypes } = opt
+    const ajv = coerceTypes ? getCoercingAjv() : undefined
+    const ajvSchema = AjvSchema.create(schema, { ajv })
 
     const [error, output] = ajvSchema.getValidationResult(input, {
       inputName: `request.${reqProperty}`,

package/src/validation/validateRequest.util.ts

@@ -17,6 +17,8 @@ export function handleValidationError<T, ERR extends AppError>(
     redact(opt.redactPaths, originalProperty, error)
   }
 
+  makeErrorUserReadable(error)
+
   throw new AppError(error.message, {
     backendResponseStatusCode: 400,
     report,
@@ -38,6 +40,13 @@ function redact(redactPaths: string[], obj: any, error: Error): void {
     })
 }
 
+/**
+ * Mutates error
+ */
+function makeErrorUserReadable<ERR extends AppError>(error: ERR): void {
+  error.message = error.message.replaceAll('[Object: null prototype] ', '')
+}
+
 export interface ReqValidationOptions<ERR extends AppError> {
   /**
    * Pass a 'dot-paths' (e.g `pw`, or `input.pw`) that needs to be redacted from the output, in case of error.
@@ -50,4 +59,14 @@ export interface ReqValidationOptions<ERR extends AppError> {
    * If true - `genericErrorHandler` will report it to errorReporter (aka Sentry).
    */
   report?: boolean | ((err: ERR) => boolean)
+
+  /**
+   * Defaults to false, because it promotes type safe thinking.
+   *
+   * If set to true, AJV will try to coerce the types after the validation fails and retry the validation.
+   *
+   * To be used in places where we know that we are going to receive data with the wrong type,
+   * typically: request path params and request query params.
+   */
+  coerceTypes?: boolean
 }