A Go project for handling OpenAPI files. We target:
- OpenAPI
v2.0
(formerly known as Swagger) - OpenAPI
v3.0
- OpenAPI
v3.1
Soon! Tracking issue here.
Licensed under the MIT License.
The project has received pull requests from many people. Thanks to everyone!
Please, give back to this project by becoming a sponsor.
Here's some projects that depend on kin-openapi:
- github.com/go-fuego/fuego - "Framework generating OpenAPI 3 spec from source code"
- github.com/a-h/rest - "Generate OpenAPI 3.0 specifications from Go code without annotations or magic comments"
- github.com/Tufin/oasdiff - "A diff tool for OpenAPI Specification 3"
- github.com/danielgtaylor/apisprout - "Lightweight, blazing fast, cross-platform OpenAPI 3 mock server with validation"
- github.com/deepmap/oapi-codegen - "Generate Go client and server boilerplate from OpenAPI 3 specifications"
- github.com/dunglas/vulcain - "Use HTTP/2 Server Push to create fast and idiomatic client-driven REST APIs"
- github.com/danielgtaylor/restish - "...a CLI for interacting with REST-ish HTTP APIs with some nice features built-in"
- github.com/goadesign/goa - "Design-based APIs and microservices in Go"
- github.com/hashicorp/nomad-openapi - "Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations."
- gitlab.com/jamietanna/httptest-openapi (blog post) - "Go OpenAPI Contract Verification for use with
net/http
" - github.com/SIMITGROUP/openapigenerator - "Openapi v3 microservices generator"
- https://github.com/projectsveltos/addon-controller - "Kubernetes add-on controller designed to manage tens of clusters."
- (Feel free to add your project by creating an issue or a pull request)
- libopenapi a fully featured, high performance OpenAPI 3.1, 3.0 and Swagger parser, library, validator and toolkit
- go-swagger stated OpenAPIv3 won't be supported
- swaggo has an open issue on OpenAPIv3
- go-openapi's spec3
Be sure to check OpenAPI Initiative's great tooling list as well as OpenAPI.Tools.
- openapi2 (godoc)
- Support for OpenAPI 2 files, including serialization, deserialization, and validation.
- openapi2conv (godoc)
- Converts OpenAPI 2 files into OpenAPI 3 files.
- openapi3 (godoc)
- Support for OpenAPI 3 files, including serialization, deserialization, and validation.
- openapi3filter (godoc)
- Validates HTTP requests and responses
- Provides a gorilla/mux router for OpenAPI operations
- openapi3gen (godoc)
- Generates
*openapi3.Schema
values for Go types.
- Generates
go run github.com/getkin/kin-openapi/cmd/validate@latest [--circular] [--defaults] [--examples] [--ext] [--patterns] -- <local YAML or JSON file>
Use openapi3.Loader
, which resolves all references:
loader := openapi3.NewLoader()
doc, err := loader.LoadFromFile("my-openapi-spec.json")
loader := openapi3.NewLoader()
doc, _ := loader.LoadFromData([]byte(`...`))
_ = doc.Validate(loader.Context)
router, _ := gorillamux.NewRouter(doc)
route, pathParams, _ := router.FindRoute(httpRequest)
// Do something with route.Operation
package main
import (
"context"
"fmt"
"net/http"
"github.com/getkin/kin-openapi/openapi3"
"github.com/getkin/kin-openapi/openapi3filter"
"github.com/getkin/kin-openapi/routers/gorillamux"
)
func main() {
ctx := context.Background()
loader := &openapi3.Loader{Context: ctx, IsExternalRefsAllowed: true}
doc, _ := loader.LoadFromFile(".../My-OpenAPIv3-API.yml")
// Validate document
_ = doc.Validate(ctx)
router, _ := gorillamux.NewRouter(doc)
httpReq, _ := http.NewRequest(http.MethodGet, "/items", nil)
// Find route
route, pathParams, _ := router.FindRoute(httpReq)
// Validate request
requestValidationInput := &openapi3filter.RequestValidationInput{
Request: httpReq,
PathParams: pathParams,
Route: route,
}
_ = openapi3filter.ValidateRequest(ctx, requestValidationInput)
// Handle that request
// --> YOUR CODE GOES HERE <--
responseHeaders := http.Header{"Content-Type": []string{"application/json"}}
responseCode := 200
responseBody := []byte(`{}`)
// Validate response
responseValidationInput := &openapi3filter.ResponseValidationInput{
RequestValidationInput: requestValidationInput,
Status: responseCode,
Header: responseHeaders,
}
responseValidationInput.SetBodyBytes(responseBody)
_ = openapi3filter.ValidateResponse(ctx, responseValidationInput)
}
By default, the library parses a body of the HTTP request and response
if it has one of the following content types: "text/plain"
or "application/json"
.
To support other content types you must register decoders for them:
func main() {
// ...
// Register a body's decoder for content type "application/xml".
openapi3filter.RegisterBodyDecoder("application/xml", xmlBodyDecoder)
// Now you can validate HTTP request that contains a body with content type "application/xml".
requestValidationInput := &openapi3filter.RequestValidationInput{
Request: httpReq,
PathParams: pathParams,
Route: route,
}
if err := openapi3filter.ValidateRequest(ctx, requestValidationInput); err != nil {
panic(err)
}
// ...
// And you can validate HTTP response that contains a body with content type "application/xml".
if err := openapi3filter.ValidateResponse(ctx, responseValidationInput); err != nil {
panic(err)
}
}
func xmlBodyDecoder(body io.Reader, h http.Header, schema *openapi3.SchemaRef, encFn openapi3filter.EncodingFn) (decoded any, err error) {
// Decode body to a primitive, []any, or map[string]any.
}
By default, the library checks unique items using the following predefined function:
func isSliceOfUniqueItems(xs []any) bool {
s := len(xs)
m := make(map[string]struct{}, s)
for _, x := range xs {
key, _ := json.Marshal(&x)
m[string(key)] = struct{}{}
}
return s == len(m)
}
In the predefined function json.Marshal
is used to generate a string that can
be used as a map key which is to check the uniqueness of an array
when the array items are objects or arrays. You can register
you own function according to your input data to get better performance:
func main() {
// ...
// Register a customized function used to check uniqueness of array.
openapi3.RegisterArrayUniqueItemsChecker(arrayUniqueItemsChecker)
// ... other validate codes
}
func arrayUniqueItemsChecker(items []any) bool {
// Check the uniqueness of the input slice
}
By default, the error message returned when validating a value includes the error reason, the schema, and the input value.
For example, given the following schema:
{
"type": "string",
"allOf": [
{ "pattern": "[A-Z]" },
{ "pattern": "[a-z]" },
{ "pattern": "[0-9]" },
{ "pattern": "[!@#$%^&*()_+=-?~]" }
]
}
Passing the input value "secret"
to this schema will produce the following error message:
string doesn't match the regular expression "[A-Z]"
Schema:
{
"pattern": "[A-Z]"
}
Value:
"secret"
Including the original value in the error message can be helpful for debugging, but it may not be appropriate for sensitive information such as secrets.
To disable the extra details in the schema error message, you can set the openapi3.SchemaErrorDetailsDisabled
option to true
:
func main() {
// ...
// Disable schema error detailed error messages
openapi3.SchemaErrorDetailsDisabled = true
// ... other validate codes
}
This will shorten the error message to present only the reason:
string doesn't match the regular expression "[A-Z]"
For more fine-grained control over the error message, you can pass a custom openapi3filter.Options
object to openapi3filter.RequestValidationInput
that includes a openapi3filter.CustomSchemaErrorFunc
.
func validationOptions() *openapi3filter.Options {
options := &openapi3filter.Options{}
options.WithCustomSchemaErrorFunc(safeErrorMessage)
return options
}
func safeErrorMessage(err *openapi3.SchemaError) string {
return err.Reason
}
This will change the schema validation errors to return only the Reason
field, which is guaranteed to not include the original value.
ReferencesComponentInRootDocument
is a useful helper function to check if a component reference
coincides with a reference in the root document's component objects fixed fields.
This can be used to determine if two schema definitions are of the same structure, helpful for code generation tools when generating go type models.
doc, err = loader.LoadFromFile("openapi.yml")
for _, path := range doc.Paths.InMatchingOrder() {
pathItem := doc.Paths.Find(path)
if pathItem.Get == nil || pathItem.Get.Responses.Status(200) {
continue
}
for _, s := range pathItem.Get.Responses.Status(200).Value.Content {
name, match := ReferencesComponentInRootDocument(doc, s.Schema)
fmt.Println(path, match, name) // /record true #/components/schemas/BookRecord
}
}
openapi3.Discriminator.Mapping
andopenapi3.OAuthFlow.Scopes
fields went from amap[string]string
to the new typeStringMap
- Downgraded
github.com/gorilla/mux
dep from1.8.1
to1.8.0
.
openapi3.CircularReferenceError
andopenapi3.CircularReferenceCounter
are removed.openapi3.Loader
now implements reference backtracking, so any kind of circular references should be properly resolved.InternalizeRefs
now takes a refNameResolver that has access toopenapi3.T
and more properties of the reference needing resolving.- The
DefaultRefNameResolver
has been updated, choosing names that will be less likely to collide with each other. Because of this internalized specs will likely change slightly. openapi3.Format
andopenapi3.FormatCallback
are removed and the type ofopenapi3.SchemaStringFormats
has changed.
- The
openapi3filter.ErrFunc
andopenapi3filter.LogFunc
func types now take the validated request's context as first argument.
openapi3.Schema.Type
&openapi2.Parameter.Type
fields went from astring
to the type*Type
with methods:Includes
,Is
,Permits
&Slice
.
Paths
field ofopenapi3.T
is now a pointerResponses
field ofopenapi3.Operation
is now a pointeropenapi3.Paths
went frommap[string]*PathItem
to a struct with anExtensions
field and methods:Set
,Value
,Len
,Map
, andNew*
.openapi3.Callback
went frommap[string]*PathItem
to a struct with anExtensions
field and methods:Set
,Value
,Len
,Map
, andNew*
.openapi3.Responses
went frommap[string]*ResponseRef
to a struct with anExtensions
field and methods:Set
,Value
,Len
,Map
, andNew*
.(openapi3.Responses).Get(int)
renamed to(*openapi3.Responses).Status(int)
- Introduce
openapi3.RequestBodies
(an alias onmap[string]*openapi3.ResponseRef
) and use it in place ofopenapi3.Responses
for fieldopenapi3.Components.Responses
.
- Dropped
openapi3filter.DefaultOptions
. Use&openapi3filter.Options{}
directly instead.
- The string format
email
has been removed by default. To use it please callopenapi3.DefineStringFormat("email", openapi3.FormatOfStringForEmail)
. - Field
openapi3.T.Components
is now a pointer. - Fields
openapi3.Schema.AdditionalProperties
andopenapi3.Schema.AdditionalPropertiesAllowed
are replaced byopenapi3.Schema.AdditionalProperties.Schema
andopenapi3.Schema.AdditionalProperties.Has
respectively. - Type
openapi3.ExtensionProps
is now justmap[string]any
and extensions are accessible through theExtensions
field.
(openapi3.ValidationOptions).ExamplesValidationDisabled
has been unexported.(openapi3.ValidationOptions).SchemaFormatValidationEnabled
has been unexported.(openapi3.ValidationOptions).SchemaPatternValidationDisabled
has been unexported.
- Changed
func (*_) Validate(ctx context.Context) error
tofunc (*_) Validate(ctx context.Context, opts ...ValidationOption) error
. openapi3.WithValidationOptions(ctx context.Context, opts *ValidationOptions) context.Context
prototype changed toopenapi3.WithValidationOptions(ctx context.Context, opts ...ValidationOption) context.Context
.
openapi3.SchemaFormatValidationDisabled
has been removed in favour of an optionopenapi3.EnableSchemaFormatValidation()
passed toopenapi3.T.Validate
. The default behaviour is also now to not validate formats, as the OpenAPI spec mentions theformat
is an open value.
- The prototype of
openapi3gen.NewSchemaRefForValue
changed:- It no longer returns a map but that is still accessible under the field
(*Generator).SchemaRefs
. - It now takes in an additional argument (basically
doc.Components.Schemas
) which gets written to so$ref
cycles can be properly handled.
- It no longer returns a map but that is still accessible under the field
- Renamed
openapi2.Swagger
toopenapi2.T
. - Renamed
openapi2conv.FromV3Swagger
toopenapi2conv.FromV3
. - Renamed
openapi2conv.ToV3Swagger
toopenapi2conv.ToV3
. - Renamed
openapi3.LoadSwaggerFromData
toopenapi3.LoadFromData
. - Renamed
openapi3.LoadSwaggerFromDataWithPath
toopenapi3.LoadFromDataWithPath
. - Renamed
openapi3.LoadSwaggerFromFile
toopenapi3.LoadFromFile
. - Renamed
openapi3.LoadSwaggerFromURI
toopenapi3.LoadFromURI
. - Renamed
openapi3.NewSwaggerLoader
toopenapi3.NewLoader
. - Renamed
openapi3.Swagger
toopenapi3.T
. - Renamed
openapi3.SwaggerLoader
toopenapi3.Loader
. - Renamed
openapi3filter.ValidationHandler.SwaggerFile
toopenapi3filter.ValidationHandler.File
. - Renamed
routers.Route.Swagger
torouters.Route.Spec
.
- Type
openapi3filter.Route
moved torouters
(andRoute.Handler
was dropped. See #329) - Type
openapi3filter.RouteError
moved torouters
(so didErrPathNotFound
andErrMethodNotAllowed
which are nowRouteError
s) - Routers'
FindRoute(...)
method now takes only one argument:*http.Request
getkin/kin-openapi/openapi3filter.Router
moved togetkin/kin-openapi/routers/legacy
openapi3filter.NewRouter()
and its relatedWithSwaggerFromFile(string)
,WithSwagger(*openapi3.Swagger)
,AddSwaggerFromFile(string)
andAddSwagger(*openapi3.Swagger)
are all replaced with a single<router package>.NewRouter(*openapi3.Swagger)
- NOTE: the
NewRouter(doc)
call now requires that the user ensuresdoc
is valid (doc.Validate() != nil
). This used to be asserted.
- NOTE: the
Field (*openapi3.SwaggerLoader).LoadSwaggerFromURIFunc
of type func(*openapi3.SwaggerLoader, *url.URL) (*openapi3.Swagger, error)
was removed after the addition of the field (*openapi3.SwaggerLoader).ReadFromURIFunc
of type func(*openapi3.SwaggerLoader, *url.URL) ([]byte, error)
.