An OpenAPI proxy that only allows data that matches your swagger.json

栏目: IT技术 · 发布时间: 4年前

内容简介：OpenAPIThe idea is to place the proxy between a client (e.g. a frontend app) and a web server to catch invalid requests or responses during development. Use this proxy locally or set it up in your development server. In production environments, use the sil

openapi-cop

OpenAPI Co mpliance P roxy that validates requests and responses against an OpenAPI document

The idea is to place the proxy between a client (e.g. a frontend app) and a web server to catch invalid requests or responses during development. Use this proxy locally or set it up in your development server. In production environments, use the silent flag to forward unmodified response bodies. In any case, validation headers are set that allow to trace down violations of your OpenAPI definition.

An OpenAPI proxy that only allows data that matches your swagger.json

FAQ

Can I use this in production?

This tool was originally meant for development scenarios. You can use this in production but we cannot give you any security guarantees. Also running the JSON schema validation is quite CPU-expensive and you likely do not want to validate in both directions in production because of that overhead.

Do I need this if I already generate my client from the OpenAPI?

In case your client and server code is generated from the OpenAPI spec, you might still want to use this proxy. Generated code does usually only provide typing information, but JSON Schema defines much more than that. For example you might define a string property to match a given RegEx and start with the letter "C". This will not be ensured by your generated code at compile time, but will be caught by openapi-cop.

Can I use this with other programming languages?

Yes. This is a proxy and not a middleware. You can use it between whatever HTTP-endpoints you have in your architecture.

Installation

Do npm install -g openapi-cop , or npm install openapi-cop to install locally.

CLI Usage

The openapi-cop node package installs itself as an executable linked as openapi-cop . Run the command with the --help flag to get information about the CLI:

Usage: openapi-cop [options]

Options:
  -s, --file <file>                       path to the OpenAPI definition file
  -h, --host <host>                       the host of the proxy server (default: "localhost")
  -p, --port <port>                       port number on which to run the proxy (default: 8888)
  -t, --target <target>                   full base path of the target API (format: http(s)://host:port/basePath)
  --default-forbid-additional-properties  disallow additional properties when not explicitly specified
  --silent                                do not send responses with validation errors, just set validation headers
  -w, --watch [watchLocation]             watch for changes in a file or directory (falls back to the OpenAPI file)
                                             and restart server accordingly
  -v, --verbose                           show verbose output
  -V, --version                           output the version number
  -h, --help                              output usage information

The proxy validates the requests and responses in the communication with a target server. By default, the proxy will respond with a 500 status code when the validation fails.

Sample validation failure response

{
    "error": {
        "message": "openapi-cop Proxy validation failed",
        "request": {
            "method": "POST",
            "path": "/pets",
            "headers": {
                "host": "localhost:8888",
                "user-agent": "curl/7.59.0",
                "accept": "*/*",
                "content-type": "application/json",
                "content-length": "16"
            },
            "query": {},
            "body": {
                "data": "sent"
            }
        },
        "response": {
            "statusCode": 201,
            "body": "{}",
            "headers": {
                "x-powered-by": "Express",
                "openapi-cop-openapi-file": "7-petstore.yaml",
                "content-type": "application/json; charset=utf-8",
                "content-length": "2",
                "etag": "W/\"2-vyGp6PvFo4RvsFtPoIWeCReyIC8\"",
                "date": "Thu, 25 Jul 2019 13:39:58 GMT",
                "connection": "close"
            },
            "request": {
                "uri": {
                    "protocol": "http:",
                    "slashes": true,
                    "auth": null,
                    "host": "localhost:8889",
                    "port": "8889",
                    "hostname": "localhost",
                    "hash": null,
                    "search": null,
                    "query": null,
                    "pathname": "/pets",
                    "path": "/pets",
                    "href": "http://localhost:8889/pets"
                },
                "method": "POST",
                "headers": {
                    "host": "localhost:8888",
                    "user-agent": "curl/7.59.0",
                    "accept": "*/*",
                    "content-type": "application/json",
                    "content-length": "16",
                    "accept-encoding": "gzip, deflate"
                }
            }
        },
        "validationResults": {
            "request": {
                "valid": true,
                "errors": null
            },
            "response": {
                "valid": false,
                "errors": [
                    {
                        "keyword": "required",
                        "dataPath": "",
                        "schemaPath": "#/required",
                        "params": {
                            "missingProperty": "code"
                        },
                        "message": "should have required property 'code'"
                    }
                ]
            },
            "responseHeaders": {
                "valid": true,
                "errors": null
            }
        }
    }
}

Two headers are added to the response:

openapi-cop-validation-result : contains the validation results as JSON.

Interface

{
    request: {
      valid: boolean;
      errors?: Ajv.ErrorObject[] | null;
    },
    response: {
      valid: boolean;
      errors?: Ajv.ErrorObject[] | null;
    },
    responseHeaders: {
      valid: boolean;
      errors?: Ajv.ErrorObject[] | null;
    }
}

openapi-cop-source-request : contains a simplified version of the original request sent by the client as JSON.

Interface

{
  method: string;
  path: string;
  headers: {
    [key: string]: string | string[];
  };
  query?: {
    [key: string]: string | string[];
  } | string;
  body?: any;
}

See the references of OpenAPI Backend and Ajv for more information.

When the --silent is provided, the proxy will forward the server's response body without modification. In this case, the validation headers are still added.

Module Usage

To run the proxy programatically use runProxy , which returns a Promise<http.Server> :

import {runProxy} from 'openapi-cop';

const server = await runProxy({
  port: 8888,
  host: 'proxyhost',
  targetUrl: 'http://targethost:8989',
  apiDocFile: '/path/to/openapi-file.yaml',
  defaultForbidAdditionalProperties: false,
  silent: false
});

Made By

Alexis and Daniel

Join us now!

以上所述就是小编给大家介绍的《An OpenAPI proxy that only allows data that matches your swagger.json》，希望对大家有所帮助，如果大家有任何疑问请给我留言，小编会及时回复大家的。在此也非常感谢大家对码农网的支持！

查看所有标签

猜你喜欢:

An OpenAPI proxy that only allows data that matches your swagger.json

本站部分资源来源于网络，本站转载出于传递更多信息之目的，版权归原作者或者来源机构所有，如转载稿涉及版权问题，请联系我们。

码农书籍

About Face 4: 交互设计精髓

[美] 艾伦·库伯、[美] 罗伯特·莱曼、[美] 戴维·克罗宁、[美] 克里斯托弗·诺埃塞尔 / 倪卫国、刘松涛、杭敏、薛菲 / 电子工出版社 / 2015-10 / 118.00元

《About Face 4: 交互设计精髓》是《About Face 3：交互设计精髓》的升级版，此次升级把全书的结构重组优化，更加精练和易用；更新了一些适合当下时代的术语和实例，文字全部重新编译，更加清晰易读；增加了更多目标导向设计过程的细节，更新了现行实践，重点增加移动和触屏平台交互设计，其实《About Face 4: 交互设计精髓》多数内容适用于多种平台。《About F......一起来看看《About Face 4: 交互设计精髓》这本书的介绍吧!

码农工具

JS 压缩/解压工具

在线压缩/解压 JS 代码

RGB转16进制工具

RGB HEX 互转工具