From 70cce6566180f510b2f0c87048e2d8d6f8035ded Mon Sep 17 00:00:00 2001 From: Frank Keefer <83428590+frankkeefer@users.noreply.github.com> Date: Sat, 14 Sep 2024 15:49:22 -0400 Subject: [PATCH] feat(path-to-regexp): path-to-regexp 8.1.0 update (#976) * feat(path-to-regexp): path-to-regexp update to 8.1.0 * feat(path-to-regexp): cleanup notes for PR * feat(path-to-regexp): potential version bump if approved * feat(path-to-regexp): pr change request + added notes for changes --------- Co-authored-by: fkeefer Co-authored-by: Carmine DiMascio --- package-lock.json | 46 +++++++++++++++++++++++----- package.json | 4 +-- src/framework/base.path.ts | 6 ++-- src/framework/openapi.spec.loader.ts | 12 ++++++++ src/middlewares/openapi.metadata.ts | 9 ++---- 5 files changed, 59 insertions(+), 18 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0a837da5..fb0d8fdc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ "media-typer": "^1.1.0", "multer": "^1.4.5-lts.1", "ono": "^7.1.3", - "path-to-regexp": "^6.3.0" + "path-to-regexp": "^8.1.0" }, "devDependencies": { "@types/cookie-parser": "^1.4.2", @@ -2624,6 +2624,15 @@ "node": ">= 0.10.0" } }, + "node_modules/express/node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "dev": true, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/express/node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", @@ -2759,6 +2768,15 @@ "node": ">= 0.8" } }, + "node_modules/finalhandler/node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "dev": true, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/finalhandler/node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", @@ -4230,12 +4248,12 @@ } }, "node_modules/micromatch": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", - "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", "dev": true, "dependencies": { - "braces": "^3.0.2", + "braces": "^3.0.3", "picomatch": "^2.3.1" }, "engines": { @@ -5235,9 +5253,12 @@ } }, "node_modules/path-to-regexp": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz", - "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==" + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.1.0.tgz", + "integrity": "sha512-Bqn3vc8CMHty6zuD+tG23s6v2kwxslHEhTj4eYaVKGIEB+YX/2wd0/rgXLFD9G9id9KCtbVy/3ZgmvZjpa0UdQ==", + "engines": { + "node": ">=16" + } }, "node_modules/path-type": { "version": "4.0.0", @@ -5812,6 +5833,15 @@ "node": ">= 0.8.0" } }, + "node_modules/serve-static/node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "dev": true, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/set-blocking": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", diff --git a/package.json b/package.json index c1eb41ac..dc33c1c5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "express-openapi-validator", - "version": "5.3.6", + "version": "5.3.7", "description": "Automatically validate API requests and responses with OpenAPI 3 and Express.", "main": "dist/index.js", "scripts": { @@ -45,7 +45,7 @@ "media-typer": "^1.1.0", "multer": "^1.4.5-lts.1", "ono": "^7.1.3", - "path-to-regexp": "^6.3.0" + "path-to-regexp": "^8.1.0" }, "devDependencies": { "@types/cookie-parser": "^1.4.2", diff --git a/src/framework/base.path.ts b/src/framework/base.path.ts index f67dbdd2..1f56e92f 100644 --- a/src/framework/base.path.ts +++ b/src/framework/base.path.ts @@ -26,7 +26,7 @@ export class BasePath { } if (/{\w+}/.test(urlPath)) { // has variable that we need to check out - urlPath = urlPath.replace(/{(\w+)}/g, (substring, p1) => `:${p1}(.*)`); + urlPath = urlPath.replace(/{(\w+)}/g, (substring, p1) => `:"${p1}"`); } this.expressPath = urlPath; for (const variable in server.variables) { @@ -69,7 +69,9 @@ export class BasePath { }, []); const allParamCombos = cartesian(...allParams); - const toPath = compile(this.expressPath); + // path-to-regexp v 8.x.x requires we escape the open and close parentheses `(`,`)` added a replace function to catch that use case. + const filteredExpressPath = this.expressPath.replace(/[(]/g, '\\\\(').replace(/[)]/g, '\\\\)'); + const toPath = compile(filteredExpressPath); const paths = new Set(); for (const combo of allParamCombos) { paths.add(toPath(combo)); diff --git a/src/framework/openapi.spec.loader.ts b/src/framework/openapi.spec.loader.ts index 73dcfe17..f080f9a4 100644 --- a/src/framework/openapi.spec.loader.ts +++ b/src/framework/openapi.spec.loader.ts @@ -113,10 +113,22 @@ export class OpenApiSpecLoader { // {/path} => /path(*) <--- RFC 6570 format (not supported by openapi) // const pass1 = part.replace(/\{(\/)([^\*]+)(\*)}/g, '$1:$2$3'); + //if wildcard path use new path-to-regex expected model + if(/[*]/g.test(part)){ + // /v1/{path}* => /v1/*path) + // /v1/{path}(*) => /v1/*path) + const pass1 = part.replace(/\/{([^}]+)}\({0,1}(\*)\){0,1}/g, '/$2$1'); + + // substitute params with express equivalent + // /path/{multi}/test/{/*path}=> /path/:multi/test/{/*path} + return pass1.replace(/\{([^\/}]+)}/g, ':$1'); + //return pass1; + } // instead create our own syntax that is compatible with express' pathToRegex // /{path}* => /:path*) // /{path}(*) => /:path*) const pass1 = part.replace(/\/{([^}]+)}\({0,1}(\*)\){0,1}/g, '/:$1$2'); + // substitute params with express equivalent // /path/{id} => /path/:id return pass1.replace(/\{([^}]+)}/g, ':$1'); diff --git a/src/middlewares/openapi.metadata.ts b/src/middlewares/openapi.metadata.ts index 6d217be3..b2675c09 100644 --- a/src/middlewares/openapi.metadata.ts +++ b/src/middlewares/openapi.metadata.ts @@ -80,19 +80,16 @@ export function applyOpenApiMetadata( const pathKey = openApiRoute.substring((methods).basePath.length); const schema = openApiContext.apiDoc.paths[pathKey][method.toLowerCase()]; const _schema = responseApiDoc?.paths[pathKey][method.toLowerCase()]; - - const keys = []; const strict = !!req.app.enabled('strict routing'); const sensitive = !!req.app.enabled('case sensitive routing'); const pathOpts = { sensitive, strict, }; - const regexp = pathToRegexp(expressRoute, keys, pathOpts); - const matchedRoute = regexp.exec(path); - + const regexpObj = pathToRegexp(expressRoute, pathOpts); + const matchedRoute = regexpObj.regexp.exec(path); if (matchedRoute) { - const paramKeys = keys.map((k) => k.name); + const paramKeys = regexpObj.keys.map((k) => k.name); try { const paramsVals = matchedRoute.slice(1).map(decodeURIComponent); const pathParams = zipObject(paramKeys, paramsVals);