optional file upload

cdimascio · Dec 30, 2019 · 81243f8 · 81243f8
1 parent 17dadc2
commit 81243f8
Show file tree

Hide file tree

Showing 12 changed files with 334 additions and 43 deletions.
diff --git a/src/framework/types.ts b/src/framework/types.ts
@@ -1,4 +1,5 @@
 import * as ajv from 'ajv';
+import * as multer from 'multer';
 import { Request, Response, NextFunction } from 'express';
 export { OpenAPIFrameworkArgs };
 
@@ -55,7 +56,8 @@ export interface OpenApiValidatorOpts {
   securityHandlers?: SecurityHandlers;
   coerceTypes?: boolean | 'array';
   unknownFormats?: true | string[] | 'ignore';
-  multerOpts?: {};
+  fileUploader?: boolean | multer.Options;
+  multerOpts?: multer.Options;
   $refParser?: {
     mode: 'bundle' | 'dereference';
   };

diff --git a/src/index.ts b/src/index.ts
@@ -27,6 +27,7 @@ export class OpenApiValidator {
     if (options.validateRequests == null) options.validateRequests = true;
     if (options.validateResponses == null) options.validateResponses = false;
     if (options.validateSecurity == null) options.validateSecurity = true;
+    if (options.fileUploader == null) options.fileUploader = {};
     if (options.$refParser == null) options.$refParser = { mode: 'bundle' };
 
     if (options.validateResponses === true) {
@@ -83,7 +84,9 @@ export class OpenApiValidator {
 
     this.installPathParams(app, context);
     this.installMetadataMiddleware(app, context);
-    this.installMultipartMiddleware(app, context);
+    if (this.options.fileUploader) {
+      this.installMultipartMiddleware(app, context);
+    }
 
     const components = context.apiDoc.components;
     if (this.options.validateSecurity && components?.securitySchemes) {
@@ -218,6 +221,20 @@ export class OpenApiValidator {
       );
     }
 
+    const multerOpts = options.multerOpts;
+    if (securityHandlers != null) {
+      if (typeof multerOpts !== 'object' || Array.isArray(securityHandlers)) {
+        throw ono('multerOpts must be an object or undefined');
+      }
+      deprecationWarning('multerOpts is deprecated. Use fileUploader instead.');
+    }
+
+    if (options.multerOpts && options.fileUploader) {
+      throw ono(
+        'multerOpts and fileUploader may not be used together. Use fileUploader to specify upload options.',
+      );
+    }
+
     const unknownFormats = options.unknownFormats;
     if (typeof unknownFormats === 'boolean') {
       if (!unknownFormats) {
@@ -243,5 +260,9 @@ export class OpenApiValidator {
       };
       delete options.securityHandlers;
     }
+    if (options.multerOpts) {
+      options.fileUploader = options.multerOpts;
+      delete options.multerOpts;
+    }
   }
 }
diff --git a/src/middlewares/openapi.multipart.ts b/src/middlewares/openapi.multipart.ts
@@ -12,7 +12,7 @@ const multer = require('multer');
 
 export function multipart(
   OpenApiContext: OpenApiContext,
-  multerOpts: {} = {},
+  multerOpts: {},
 ): OpenApiRequestHandler {
   const mult = multer(multerOpts);
   return (req, res, next) => {
@@ -35,7 +35,6 @@ export function multipart(
           // case we must follow the $ref to check the type.
 
           if (req.files) {
-
             // to handle single and multiple file upload at the same time, let us this initialize this count variable
             // for example { "files": 5 }
             const count_by_fieldname = (<Express.Multer.File[]>req.files)
@@ -46,18 +45,15 @@ export function multipart(
               }, {});
 
             // add file(s) to body
-            Object
-              .entries(count_by_fieldname)
-              .forEach(
-                ([fieldname, count]: [string, number]) => {
-                  // TODO maybe also check in the api doc if it is a single upload or multiple
-                  const is_multiple = count > 1;
-                  req.body[fieldname] = (is_multiple)
-                    ? new Array(count).fill('')
-                    : '';
-                },
-              );
-
+            Object.entries(count_by_fieldname).forEach(
+              ([fieldname, count]: [string, number]) => {
+                // TODO maybe also check in the api doc if it is a single upload or multiple
+                const is_multiple = count > 1;
+                req.body[fieldname] = is_multiple
+                  ? new Array(count).fill('')
+                  : '';
+              },
+            );
           }
           next();
         }
@@ -74,7 +70,9 @@ function isValidContentType(req: Request): boolean {
 }
 
 function isMultipart(req: OpenApiRequest): boolean {
-  return (<any>req?.openapi)?.schema?.requestBody?.content?.['multipart/form-data'];
+  return (<any>req?.openapi)?.schema?.requestBody?.content?.[
+    'multipart/form-data'
+  ];
 }
 
 function error(req: OpenApiRequest, err: Error): ValidationError {

diff --git a/src/middlewares/parsers/body.parse.ts b/src/middlewares/parsers/body.parse.ts
@@ -62,8 +62,8 @@ export class BodySchemaParser {
     requestBody: OpenAPIV3.RequestBodyObject,
   ): BodySchema {
     const bodyContentSchema =
-      requestBody.content[contentType.contentType] &&
-      requestBody.content[contentType.contentType].schema;
+      requestBody.content[contentType.withoutBoundary] &&
+      requestBody.content[contentType.withoutBoundary].schema;
 
     let bodyContentRefSchema = null;
     if (bodyContentSchema && '$ref' in bodyContentSchema) {

diff --git a/src/middlewares/util.ts b/src/middlewares/util.ts
@@ -7,7 +7,7 @@ export class ContentType {
   public contentType: string = null;
   public mediaType: string = null;
   public charSet: string = null;
-  private withoutBoundary: string = null;
+  public withoutBoundary: string = null;
   private constructor(contentType: string | null) {
     this.contentType = contentType;
     if (contentType) {

diff --git a/test/common/app.common.ts b/test/common/app.common.ts
@@ -98,15 +98,15 @@ export function routes(app) {
     });
   });
 
-  app.post('/v1/pets/:id/photos', function(req: Request, res: Response): void {
-    // req.file is the `avatar` file
-    // req.body will hold the text fields, if there were any
-    const files = req.files;
-    res.status(200).json({
-      files,
-      metadata: req.body.metadata,
-    });
-  });
+  // app.post('/v1/pets/:id/photos', function(req: Request, res: Response): void {
+  //   // req.file is the `avatar` file
+  //   // req.body will hold the text fields, if there were any
+  //   const files = req.files;
+  //   res.status(200).json({
+  //     files,
+  //     metadata: req.body.metadata,
+  //   });
+  // });
   app.post('/v1/pets_charset', function(req: Request, res: Response): void {
     // req.file is the `avatar` file
     // req.body will hold the text fields, if there were any

diff --git a/test/common/app.ts b/test/common/app.ts
@@ -21,7 +21,6 @@ export async function createApp(
   app.use(bodyParser.json({ type: 'application/hal+json' }));
   app.use(bodyParser.text());
   app.use(logger('dev'));
-  app.use(express.json());
   app.use(express.urlencoded({ extended: false }));
   app.use(cookieParser());
   app.use(express.static(path.join(__dirname, 'public')));

diff --git a/test/common/myapp.ts b/test/common/myapp.ts
@@ -9,12 +9,12 @@ import { OpenApiValidator } from '../../src';
 
 const app = express();
 
-app.use(bodyParser.urlencoded());
+app.use(bodyParser.urlencoded({ extended: true }));
 app.use(bodyParser.text());
 app.use(bodyParser.json());
 app.use(logger('dev'));
-app.use(express.json());
-app.use(express.urlencoded({ extended: false }));
+// app.use(express.json());
+// app.use(express.urlencoded({ extended: true }));
 app.use(cookieParser());
 app.use(express.static(path.join(__dirname, 'public')));
 const spec = path.join(__dirname, 'openapi.yaml');
@@ -44,6 +44,13 @@ app.get('/v1/pets/:id', function(req: Request, res: Response): void {
   res.json({ id: req.params.id, name: 'sparky' });
 });
 
+app.get('/v1/pets/:id/form_urlencoded', function(
+  req: Request,
+  res: Response,
+): void {
+  res.json(req.body);
+});
+
 // 2a. Add a route upload file(s)
 app.post('/v1/pets/:id/photos', function(req: Request, res: Response): void {
   // DO something with the file

diff --git a/test/multipart.disabled.spec.ts b/test/multipart.disabled.spec.ts
@@ -0,0 +1,112 @@
+import * as express from 'express';
+import * as path from 'path';
+import { expect } from 'chai';
+import * as request from 'supertest';
+import { createApp } from './common/app';
+import * as packageJson from '../package.json';
+
+describe(packageJson.name, () => {
+  let app = null;
+  before(async () => {
+    const apiSpec = path.join('test', 'resources', 'multipart.yaml');
+    app = await createApp({ apiSpec, fileUploader: false }, 3003, app =>
+      app.use(
+        `${app.basePath}`,
+        express
+          .Router()
+          .post(`/sample_2`, (req, res) => res.json(req.body))
+          .post(`/sample_1`, (req, res) => res.json(req.body))
+          .get('/range', (req, res) => res.json(req.body)),
+      ),
+    );
+  });
+  after(() => {
+    (<any>app).server.close();
+  });
+  describe(`multipart disabled`, () => {
+    it('should throw 400 when required multipart file field', async () =>
+      request(app)
+        .post(`${app.basePath}/sample_2`)
+        .set('Content-Type', 'multipart/form-data')
+        .set('Accept', 'application/json')
+        .expect(400)
+        .then(e => {
+          expect(e.body)
+            .has.property('errors')
+            .with.length(2);
+          expect(e.body.errors[0])
+            .has.property('message')
+            .equal("should have required property 'file'");
+          expect(e.body.errors[1])
+            .has.property('message')
+            .equal("should have required property 'metadata'");
+        }));
+
+    it('should throw 400 when required form field is missing during multipart upload', async () =>
+      request(app)
+        .post(`${app.basePath}/sample_2`)
+        .set('Content-Type', 'multipart/form-data')
+        .set('Accept', 'application/json')
+        .attach('file', 'package.json')
+        .expect(400));
+
+    it('should validate x-www-form-urlencoded form_pa and and form_p2', async () =>
+      request(app)
+        .post(`${app.basePath}/sample_2`)
+        .set('Content-Type', 'application/x-www-form-urlencoded')
+        .set('Accept', 'application/json')
+        .send('form_p1=stuff&form_p2=morestuff')
+        .expect(200));
+
+    // TODO make this work when fileUpload i.e. multer is disabled
+    it.skip('should return 200 for multipart/form-data with p1 and p2 fields present (with fileUpload false)', async () =>
+      request(app)
+        .post(`${app.basePath}/sample_1`)
+        .set('Content-Type', 'multipart/form-data')
+        .field('p1', 'some data')
+        .field('p2', 'some data 2')
+        .expect(200));
+
+    it('should throw 405 get method not allowed', async () =>
+      request(app)
+        .get(`${app.basePath}/sample_2`)
+        .set('Content-Type', 'multipart/form-data')
+        .set('Accept', 'application/json')
+        .expect('Content-Type', /json/)
+        .attach('file', 'package.json')
+        .field('metadata', 'some-metadata')
+        .expect(405));
+
+    it('should throw 415 unsupported media type', async () =>
+      request(app)
+        .post(`${app.basePath}/sample_2`)
+        .send({ test: 'test' })
+        .set('Content-Type', 'application/json')
+        .expect('Content-Type', /json/)
+        .expect(415)
+        .then(r => {
+          expect(r.body)
+            .has.property('errors')
+            .with.length(1);
+          expect(r.body.errors[0])
+            .has.property('message')
+            .equal('unsupported media type application/json');
+        }));
+
+    it('should return 400 when improper range specified', async () =>
+      request(app)
+        .get(`${app.basePath}/range`)
+        .query({
+          number: 2,
+        })
+        .set('Accept', 'application/json')
+        .expect('Content-Type', /json/)
+        .expect(400)
+        .then(r => {
+          const e = r.body.errors;
+          expect(e).to.have.length(1);
+          expect(e[0].path).to.contain('number');
+          expect(e[0].message).to.equal('should be >= 5');
+        }));
+  });
+});
diff --git a/test/multipart.spec.ts b/test/multipart.spec.ts
@@ -1,3 +1,4 @@
+import * as express from 'express';
 import * as path from 'path';
 import { expect } from 'chai';
 import * as request from 'supertest';
@@ -7,16 +8,30 @@ import * as packageJson from '../package.json';
 describe(packageJson.name, () => {
   let app = null;
   before(async () => {
-    const apiSpec = path.join('test', 'resources', 'openapi.yaml');
-    app = await createApp({ apiSpec }, 3003);
+    const apiSpec = path.join('test', 'resources', 'multipart.yaml');
+    app = await createApp({ apiSpec }, 3003, app =>
+      app.use(
+        `${app.basePath}`,
+        express
+          .Router()
+          .post(`/sample_2`, (req, res) => {
+            const files = req.files;
+            res.status(200).json({
+              files,
+              metadata: req.body.metadata,
+            });
+          })
+          .post(`/sample_1`, (req, res) => res.json(req.body)),
+      ),
+    );
   });
   after(() => {
     (<any>app).server.close();
   });
-  describe(`GET .../pets/:id/photos`, () => {
+  describe(`multipart`, () => {
     it('should throw 400 when required multipart file field', async () =>
       request(app)
-        .post(`${app.basePath}/pets/10/photos`)
+        .post(`${app.basePath}/sample_2`)
         .set('Content-Type', 'multipart/form-data')
         .set('Accept', 'application/json')
         .expect(400)
@@ -31,15 +46,15 @@ describe(packageJson.name, () => {
 
     it('should throw 400 when required form field is missing during multipart upload', async () =>
       request(app)
-        .post(`${app.basePath}/pets/10/photos`)
-        .set('Content-Type', 'multipart/form-data')
+        .post(`${app.basePath}/sample_2`)
+        .set('Content-Type', 'multipart/sample_2')
         .set('Accept', 'application/json')
         .attach('file', 'package.json')
         .expect(400));
 
     it('should validate multipart file and metadata', async () =>
       request(app)
-        .post(`${app.basePath}/pets/10/photos`)
+        .post(`${app.basePath}/sample_2`)
         .set('Content-Type', 'multipart/form-data')
         .set('Accept', 'application/json')
         .attach('file', 'package.json')
@@ -58,7 +73,7 @@ describe(packageJson.name, () => {
 
     it('should throw 405 get method not allowed', async () =>
       request(app)
-        .get(`${app.basePath}/pets/10/photos`)
+        .get(`${app.basePath}/sample_2`)
         .set('Content-Type', 'multipart/form-data')
         .set('Accept', 'application/json')
         .expect('Content-Type', /json/)
@@ -68,7 +83,7 @@ describe(packageJson.name, () => {
 
     it('should throw 415 unsupported media type', async () =>
       request(app)
-        .post(`${app.basePath}/pets/10/photos`)
+        .post(`${app.basePath}/sample_2`)
         .send({ test: 'test' })
         .set('Content-Type', 'application/json')
         .expect('Content-Type', /json/)