UNPKG

fastify/lib/validation.js

Version:

7.73 kBJavaScriptView Raw

1'use strict'
2
3const {
kSchemaHeaders: headersSchema,
kSchemaParams: paramsSchema,
kSchemaQuerystring: querystringSchema,
kSchemaBody: bodySchema,
kSchemaResponse: responseSchema
9} = require('./symbols')
10const scChecker = /^[1-5]{1}[0-9]{2}$|^[1-5]xx$|^default$/
11
12const {
FST_ERR_SCH_RESPONSE_SCHEMA_NOT_NESTED_2XX
14} = require('./errors')
15
16const { FSTWRN001 } = require('./warnings')
17
18function compileSchemasForSerialization (context, compile) {
if (!context.schema || !context.schema.response) {
  return
}
const { method, url } = context.config || {}
context[responseSchema] = Object.keys(context.schema.response)
  .reduce(function (acc, statusCode) {
    const schema = context.schema.response[statusCode]
    statusCode = statusCode.toLowerCase()
    if (!scChecker.exec(statusCode)) {
      throw new FST_ERR_SCH_RESPONSE_SCHEMA_NOT_NESTED_2XX()
    }
30
    if (schema.content) {
      const contentTypesSchemas = {}
      for (const mediaName of Object.keys(schema.content)) {
        const contentSchema = schema.content[mediaName].schema
        contentTypesSchemas[mediaName] = compile({
          schema: contentSchema,
          url,
          method,
          httpStatus: statusCode,
          contentType: mediaName
        })
      }
      acc[statusCode] = contentTypesSchemas
    } else {
      acc[statusCode] = compile({
        schema,
        url,
        method,
        httpStatus: statusCode
      })
    }
52
    return acc
  }, {})
55}
56
57function compileSchemasForValidation (context, compile, isCustom) {
const { schema } = context
if (!schema) {
  return
}
62
const { method, url } = context.config || {}
64
const headers = schema.headers
// the or part is used for backward compatibility
if (headers && (isCustom || Object.getPrototypeOf(headers) !== Object.prototype)) {
  // do not mess with schema when custom validator applied, e.g. Joi, Typebox
  context[headersSchema] = compile({ schema: headers, method, url, httpPart: 'headers' })
} else if (headers) {
  // The header keys are case insensitive
  //  https://datatracker.ietf.org/doc/html/rfc2616#section-4.2
  const headersSchemaLowerCase = {}
  Object.keys(headers).forEach(k => { headersSchemaLowerCase[k] = headers[k] })
  if (headersSchemaLowerCase.required instanceof Array) {
    headersSchemaLowerCase.required = headersSchemaLowerCase.required.map(h => h.toLowerCase())
  }
  if (headers.properties) {
    headersSchemaLowerCase.properties = {}
    Object.keys(headers.properties).forEach(k => {
      headersSchemaLowerCase.properties[k.toLowerCase()] = headers.properties[k]
    })
  }
  context[headersSchema] = compile({ schema: headersSchemaLowerCase, method, url, httpPart: 'headers' })
} else if (Object.prototype.hasOwnProperty.call(schema, 'headers')) {
  FSTWRN001('headers', method, url)
}
88
if (schema.body) {
  context[bodySchema] = compile({ schema: schema.body, method, url, httpPart: 'body' })
} else if (Object.prototype.hasOwnProperty.call(schema, 'body')) {
  FSTWRN001('body', method, url)
}
94
if (schema.querystring) {
  context[querystringSchema] = compile({ schema: schema.querystring, method, url, httpPart: 'querystring' })
} else if (Object.prototype.hasOwnProperty.call(schema, 'querystring')) {
  FSTWRN001('querystring', method, url)
}
100
if (schema.params) {
  context[paramsSchema] = compile({ schema: schema.params, method, url, httpPart: 'params' })
} else if (Object.prototype.hasOwnProperty.call(schema, 'params')) {
  FSTWRN001('params', method, url)
}
106}
107
108function validateParam (validatorFunction, request, paramName) {
const isUndefined = request[paramName] === undefined
const ret = validatorFunction && validatorFunction(isUndefined ? null : request[paramName])
111
if (ret?.then) {
  return ret
    .then((res) => { return answer(res) })
    .catch(err => { return err }) // return as simple error (not throw)
}
117
return answer(ret)
119
function answer (ret) {
  if (ret === false) return validatorFunction.errors
  if (ret && ret.error) return ret.error
  if (ret && ret.value) request[paramName] = ret.value
  return false
}
126}
127
128function validate (context, request, execution) {
const runExecution = execution === undefined
130
if (runExecution || !execution.skipParams) {
  const params = validateParam(context[paramsSchema], request, 'params')
  if (params) {
    if (typeof params.then !== 'function') {
      return wrapValidationError(params, 'params', context.schemaErrorFormatter)
    } else {
      return validateAsyncParams(params, context, request)
    }
  }
}
141
if (runExecution || !execution.skipBody) {
  const body = validateParam(context[bodySchema], request, 'body')
  if (body) {
    if (typeof body.then !== 'function') {
      return wrapValidationError(body, 'body', context.schemaErrorFormatter)
    } else {
      return validateAsyncBody(body, context, request)
    }
  }
}
152
if (runExecution || !execution.skipQuery) {
  const query = validateParam(context[querystringSchema], request, 'query')
  if (query) {
    if (typeof query.then !== 'function') {
      return wrapValidationError(query, 'querystring', context.schemaErrorFormatter)
    } else {
      return validateAsyncQuery(query, context, request)
    }
  }
}
163
const headers = validateParam(context[headersSchema], request, 'headers')
if (headers) {
  if (typeof headers.then !== 'function') {
    return wrapValidationError(headers, 'headers', context.schemaErrorFormatter)
  } else {
    return validateAsyncHeaders(headers, context, request)
  }
}
172
return false
174}
175
176function validateAsyncParams (validatePromise, context, request) {
return validatePromise
  .then((paramsResult) => {
    if (paramsResult) {
      return wrapValidationError(paramsResult, 'params', context.schemaErrorFormatter)
    }
182
    return validate(context, request, { skipParams: true })
  })
185}
186
187function validateAsyncBody (validatePromise, context, request) {
return validatePromise
  .then((bodyResult) => {
    if (bodyResult) {
      return wrapValidationError(bodyResult, 'body', context.schemaErrorFormatter)
    }
193
    return validate(context, request, { skipParams: true, skipBody: true })
  })
196}
197
198function validateAsyncQuery (validatePromise, context, request) {
return validatePromise
  .then((queryResult) => {
    if (queryResult) {
      return wrapValidationError(queryResult, 'querystring', context.schemaErrorFormatter)
    }
204
    return validate(context, request, { skipParams: true, skipBody: true, skipQuery: true })
  })
207}
208
209function validateAsyncHeaders (validatePromise, context, request) {
return validatePromise
  .then((headersResult) => {
    if (headersResult) {
      return wrapValidationError(headersResult, 'headers', context.schemaErrorFormatter)
    }
215
    return false
  })
218}
219
220function wrapValidationError (result, dataVar, schemaErrorFormatter) {
if (result instanceof Error) {
  result.statusCode = result.statusCode || 400
  result.code = result.code || 'FST_ERR_VALIDATION'
  result.validationContext = result.validationContext || dataVar
  return result
}
227
const error = schemaErrorFormatter(result, dataVar)
error.statusCode = error.statusCode || 400
error.code = error.code || 'FST_ERR_VALIDATION'
error.validation = result
error.validationContext = dataVar
return error
234}
235
236module.exports = {
symbols: { bodySchema, querystringSchema, responseSchema, paramsSchema, headersSchema },
compileSchemasForValidation,
compileSchemasForSerialization,
validate
241}

1	`'use strict'`
2
3	`const {`
4	`kSchemaHeaders: headersSchema,`
5	`kSchemaParams: paramsSchema,`
6	`kSchemaQuerystring: querystringSchema,`
7	`kSchemaBody: bodySchema,`
8	`kSchemaResponse: responseSchema`
9	`} = require('./symbols')`
10	`const scChecker = /^[1-5]{1}[0-9]{2}$\|^[1-5]xx$\|^default$/`
11
12	`const {`
13	`FST_ERR_SCH_RESPONSE_SCHEMA_NOT_NESTED_2XX`
14	`} = require('./errors')`
15
16	`const { FSTWRN001 } = require('./warnings')`
17
18	`function compileSchemasForSerialization (context, compile) {`
19	`if (!context.schema \|\| !context.schema.response) {`
20	`return`
21	`}`
22	`const { method, url } = context.config \|\| {}`
23	`context[responseSchema] = Object.keys(context.schema.response)`
24	`.reduce(function (acc, statusCode) {`
25	`const schema = context.schema.response[statusCode]`
26	`statusCode = statusCode.toLowerCase()`
27	`if (!scChecker.exec(statusCode)) {`
28	`throw new FST_ERR_SCH_RESPONSE_SCHEMA_NOT_NESTED_2XX()`
29	`}`
30
31	`if (schema.content) {`
32	`const contentTypesSchemas = {}`
33	`for (const mediaName of Object.keys(schema.content)) {`
34	`const contentSchema = schema.content[mediaName].schema`
35	`contentTypesSchemas[mediaName] = compile({`
36	`schema: contentSchema,`
37	`url,`
38	`method,`
39	`httpStatus: statusCode,`
40	`contentType: mediaName`
41	`})`
42	`}`
43	`acc[statusCode] = contentTypesSchemas`
44	`} else {`
45	`acc[statusCode] = compile({`
46	`schema,`
47	`url,`
48	`method,`
49	`httpStatus: statusCode`
50	`})`
51	`}`
52
53	`return acc`
54	`}, {})`
55	`}`
56
57	`function compileSchemasForValidation (context, compile, isCustom) {`
58	`const { schema } = context`
59	`if (!schema) {`
60	`return`
61	`}`
62
63	`const { method, url } = context.config \|\| {}`
64
65	`const headers = schema.headers`
66	`// the or part is used for backward compatibility`
67	`if (headers && (isCustom \|\| Object.getPrototypeOf(headers) !== Object.prototype)) {`
68	`// do not mess with schema when custom validator applied, e.g. Joi, Typebox`
69	`context[headersSchema] = compile({ schema: headers, method, url, httpPart: 'headers' })`
70	`} else if (headers) {`
71	`// The header keys are case insensitive`
72	`// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2`
73	`const headersSchemaLowerCase = {}`
74	`Object.keys(headers).forEach(k => { headersSchemaLowerCase[k] = headers[k] })`
75	`if (headersSchemaLowerCase.required instanceof Array) {`
76	`headersSchemaLowerCase.required = headersSchemaLowerCase.required.map(h => h.toLowerCase())`
77	`}`
78	`if (headers.properties) {`
79	`headersSchemaLowerCase.properties = {}`
80	`Object.keys(headers.properties).forEach(k => {`
81	`headersSchemaLowerCase.properties[k.toLowerCase()] = headers.properties[k]`
82	`})`
83	`}`
84	`context[headersSchema] = compile({ schema: headersSchemaLowerCase, method, url, httpPart: 'headers' })`
85	`} else if (Object.prototype.hasOwnProperty.call(schema, 'headers')) {`
86	`FSTWRN001('headers', method, url)`
87	`}`
88
89	`if (schema.body) {`
90	`context[bodySchema] = compile({ schema: schema.body, method, url, httpPart: 'body' })`
91	`} else if (Object.prototype.hasOwnProperty.call(schema, 'body')) {`
92	`FSTWRN001('body', method, url)`
93	`}`
94
95	`if (schema.querystring) {`
96	`context[querystringSchema] = compile({ schema: schema.querystring, method, url, httpPart: 'querystring' })`
97	`} else if (Object.prototype.hasOwnProperty.call(schema, 'querystring')) {`
98	`FSTWRN001('querystring', method, url)`
99	`}`
100
101	`if (schema.params) {`
102	`context[paramsSchema] = compile({ schema: schema.params, method, url, httpPart: 'params' })`
103	`} else if (Object.prototype.hasOwnProperty.call(schema, 'params')) {`
104	`FSTWRN001('params', method, url)`
105	`}`
106	`}`
107
108	`function validateParam (validatorFunction, request, paramName) {`
109	`const isUndefined = request[paramName] === undefined`
110	`const ret = validatorFunction && validatorFunction(isUndefined ? null : request[paramName])`
111
112	`if (ret?.then) {`
113	`return ret`
114	`.then((res) => { return answer(res) })`
115	`.catch(err => { return err }) // return as simple error (not throw)`
116	`}`
117
118	`return answer(ret)`
119
120	`function answer (ret) {`
121	`if (ret === false) return validatorFunction.errors`
122	`if (ret && ret.error) return ret.error`
123	`if (ret && ret.value) request[paramName] = ret.value`
124	`return false`
125	`}`
126	`}`
127
128	`function validate (context, request, execution) {`
129	`const runExecution = execution === undefined`
130
131	`if (runExecution \|\| !execution.skipParams) {`
132	`const params = validateParam(context[paramsSchema], request, 'params')`
133	`if (params) {`
134	`if (typeof params.then !== 'function') {`
135	`return wrapValidationError(params, 'params', context.schemaErrorFormatter)`
136	`} else {`
137	`return validateAsyncParams(params, context, request)`
138	`}`
139	`}`
140	`}`
141
142	`if (runExecution \|\| !execution.skipBody) {`
143	`const body = validateParam(context[bodySchema], request, 'body')`
144	`if (body) {`
145	`if (typeof body.then !== 'function') {`
146	`return wrapValidationError(body, 'body', context.schemaErrorFormatter)`
147	`} else {`
148	`return validateAsyncBody(body, context, request)`
149	`}`
150	`}`
151	`}`
152
153	`if (runExecution \|\| !execution.skipQuery) {`
154	`const query = validateParam(context[querystringSchema], request, 'query')`
155	`if (query) {`
156	`if (typeof query.then !== 'function') {`
157	`return wrapValidationError(query, 'querystring', context.schemaErrorFormatter)`
158	`} else {`
159	`return validateAsyncQuery(query, context, request)`
160	`}`
161	`}`
162	`}`
163
164	`const headers = validateParam(context[headersSchema], request, 'headers')`
165	`if (headers) {`
166	`if (typeof headers.then !== 'function') {`
167	`return wrapValidationError(headers, 'headers', context.schemaErrorFormatter)`
168	`} else {`
169	`return validateAsyncHeaders(headers, context, request)`
170	`}`
171	`}`
172
173	`return false`
174	`}`
175
176	`function validateAsyncParams (validatePromise, context, request) {`
177	`return validatePromise`
178	`.then((paramsResult) => {`
179	`if (paramsResult) {`
180	`return wrapValidationError(paramsResult, 'params', context.schemaErrorFormatter)`
181	`}`
182
183	`return validate(context, request, { skipParams: true })`
184	`})`
185	`}`
186
187	`function validateAsyncBody (validatePromise, context, request) {`
188	`return validatePromise`
189	`.then((bodyResult) => {`
190	`if (bodyResult) {`
191	`return wrapValidationError(bodyResult, 'body', context.schemaErrorFormatter)`
192	`}`
193
194	`return validate(context, request, { skipParams: true, skipBody: true })`
195	`})`
196	`}`
197
198	`function validateAsyncQuery (validatePromise, context, request) {`
199	`return validatePromise`
200	`.then((queryResult) => {`
201	`if (queryResult) {`
202	`return wrapValidationError(queryResult, 'querystring', context.schemaErrorFormatter)`
203	`}`
204
205	`return validate(context, request, { skipParams: true, skipBody: true, skipQuery: true })`
206	`})`
207	`}`
208
209	`function validateAsyncHeaders (validatePromise, context, request) {`
210	`return validatePromise`
211	`.then((headersResult) => {`
212	`if (headersResult) {`
213	`return wrapValidationError(headersResult, 'headers', context.schemaErrorFormatter)`
214	`}`
215
216	`return false`
217	`})`
218	`}`
219
220	`function wrapValidationError (result, dataVar, schemaErrorFormatter) {`
221	`if (result instanceof Error) {`
222	`result.statusCode = result.statusCode \|\| 400`
223	`result.code = result.code \|\| 'FST_ERR_VALIDATION'`
224	`result.validationContext = result.validationContext \|\| dataVar`
225	`return result`
226	`}`
227
228	`const error = schemaErrorFormatter(result, dataVar)`
229	`error.statusCode = error.statusCode \|\| 400`
230	`error.code = error.code \|\| 'FST_ERR_VALIDATION'`
231	`error.validation = result`
232	`error.validationContext = dataVar`
233	`return error`
234	`}`
235
236	`module.exports = {`
237	`symbols: { bodySchema, querystringSchema, responseSchema, paramsSchema, headersSchema },`
238	`compileSchemasForValidation,`
239	`compileSchemasForSerialization,`
240	`validate`
241	`}`