Coerced types are thrown away #144
Comments
|
+1 for this. The "coersion" was working on 3.6.3, but no longer in 3.9.2. I have also confirmed that this impacts all parameters, i.e. query, path, headers body, etc. |
|
Yeah definitely sounds like an oversight on my part.
Any chance to provide a PR for a fix? Would gladly merge :)
…On Fri 4. Jun 2021 at 13.27, Miguel de Barros ***@***.***> wrote:
+1 for this.
The "cohesion" was working on 3.6.3, but no longer in 3.9.2.
I have also confirmed that this impacts all parameters, i.e. query, path,
headers body, etc.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#144 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABOSUMQ5HZ73H6TBJ2KQRZ3TRC2AVANCNFSM4Y5X2A5Q>
.
|
|
This seems to still be an open issue, as I am seeing this problem as well |
|
@anttiviljami The second PR on this issue seems rather stale, would you accept a new one to parse, and if the user choses, coerce the types via AJV coerceTypes option? |
|
Also, I'd like to update the Context object type so it can take in a type for the params, allowing typescript intellisense, like how Express requests work, since we are placing the parsed requests in that object. |
|
@nklisch Another PR would be appreciated indeed. 🙏 I like both ideas. 👍 |
|
Could this be a fix #571? Will be glad to collaborate on this and get it merge asap. Thank you! |
When a request is handled,
parseRequest()is called to parse the request using an operation. Then, the validator is called to validate the request. However, the parsed request is not passed to the validator; instead the validator parses the request again. It then validates the local parsed request usingcoerceTypes, which means AJV mutates that local parsed request only. This is then thrown away, meaning that the parsed request kept in the context and passed to the operation handlers does not have coerced types etc.Example: An operation has a header with
schema: {type: number}. On a raw request, of course all headers are strings. However, insidevalidateRequest(), the header is coerced so thatfoo: '42'becomesfoo: 42, but this coercion happens on a local copy of the parsed request. The result is that once the parsed request reaches the operation handler, the headers are again all strings.Shouldn't the validator take a parsed request instead of a raw request (which it currently internally parses one more time, then validates and potentially mutates it, before throwing it away), so that a parsed request could actually have coerced headers etc?
Edit: I just realized that
ParsedRequestalso actually only supports string params, so I guess this is somewhat deliberate? However, there are instances ofParsedRequestinside the validator which momentarily contain non-strings, sinceajvcoerces in-place, so that's not very robust. But again, that object is thrown away.Expanding
ParsedRequestinto headers and other parameters of typestring | number | booleanwould be a breaking change, but it would allow parameters to be coerced properly. Let me know if PRs are welcome in this area, and if so whether you have any specific thoughts or constraints to keep in mind.The text was updated successfully, but these errors were encountered: