express-ajv-swagger-validation
Advanced tools
This package provides data validation within an Express, Koa or Fastify app according to a Swagger/OpenAPI definition. It uses Ajv under the hood for validation.
DEPRECATION NOTICE: As this package gone through a long way, as we added support for OpenAPI definitions, while also adding support for more frameworks such as Koa and Fastify, we finally took the step of changing express-ajv-swagger-validation name to something that describes it better. As of now we'll be using the name openapi-validator-middleware instead.
There are no code changes in openapi-validator-middleware@2.0.0 compared to express-ajv-swagger-validation@1.2.0 apart from the name change.
Table of Contents
Install using the node package registry:
npm install --save express-ajv-swagger-validation
Then import the module in your code:
const swaggerValidation = require('express-ajv-swagger-validation');
This middleware function validates the request body, headers, path parameters and query parameters according to the paths definition of the swagger file. Make sure to use this middleware inside a route definition in order to have req.route.path assigned to the most accurate express route.
Initialize the middleware using a swagger definition. The function executes synchronously and does not return anything.
pathToSwaggerFile: Path to the swagger definition.options: Additional options for the middleware (see below).Options currently supported:
framework - Defines in which framework the middleware is working ('fastify', 'koa' or 'express'). As default, set to 'express'.
formats - Array of formats that can be added to ajv configuration, each element in the array should include name and pattern.
formats: [
{ name: 'double', pattern: /\d+\.(\d+)+/ },
{ name: 'int64', pattern: /^\d{1,19}$/ },
{ name: 'int32', pattern: /^\d{1,10}$/ }
]
keywords - Array of keywords that can be added to ajv configuration, each element in the array can be either an object or a function.
If the element is an object, it must include name and definition. If the element is a function, it should accept ajv as its first argument and inside the function you need to call ajv.addKeyword to add your custom keyword
beautifyErrors- Boolean that indicates if to beautify the errors, in this case it will create a string from the Ajv error.
query/limit should be <= 100 - query parampath/petId should NOT be shorter than 3 characters - path param not in formatbody/[0].test.field1 should be string - Item in an array bodybody/test should have required property 'field1' - nested fieldbody should have required property 'name' - Missing field in bodyYou can see more examples in the tests.
firstError - Boolean that indicates if to return only the first error.
makeOptionalAttributesNullable - Boolean that forces preprocessing of Swagger schema to include 'null' as possible type for all non-required properties. Main use-case for this is to ensure correct handling of null values when Ajv type coercion is enabled
ajvConfigBody - Object that will be passed as config to new Ajv instance which will be used for validating request body. Can be useful to e. g. enable type coercion (to automatically convert strings to numbers etc). See Ajv documentation for supported values.
ajvConfigParams - Object that will be passed as config to new Ajv instance which will be used for validating request body. See Ajv documentation for supported values.
contentTypeValidation - Boolean that indicates if to perform content type validation in case consume field is specified and the request body is not empty.
expectFormFieldsInBody - Boolean that indicates whether form fields of non-file type that are specified in the schema should be validated against request body (e. g. Multer is copying text form fields to body)
errorFormatter - optional custom function that will be invoked to create a validation error that will be thrown if Ajv validation fails. Function should accept two parameters: (errors, middlewareOptions) and return an error that will be thrown.
swaggerValidation.init('test/unit-tests/input-validation/pet-store-swagger.yaml');
const app = express();
app.use(bodyParser.json());
app.get('/pets', swaggerValidation.validate, (req, res, next) => {
return res.json({ result: 'OK' });
});
app.post('/pets', swaggerValidation.validate, (req, res, next) => {
return res.json({ result: 'OK' });
});
app.get('/pets/:petId', swaggerValidation.validate, (req, res, next) => {
return res.json({ result: 'OK' });
});
app.use((err, req, res) => {
if (err instanceof swaggerValidation.InputValidationError) {
return res.status(400).json({ more_info: JSON.stringify(err.errors) });
}
});
const server = app.listen(serverPort, () => {});
'use strict';
const Koa = require('koa');
const Router = require('koa-router');
const bodyParser = require('koa-bodyparser');
const inputValidation = require('../../src/middleware');
let app = new Koa();
let router = new Router();
app.use(bodyParser());
app.use(router.routes());
module.exports = inputValidation.init('test/pet-store-swagger.yaml', {framework: 'koa'});
router.get('/pets', inputValidation.validate, async (ctx, next) => {
ctx.status = 200;
ctx.body = { result: 'OK' };
});
router.post('/pets', inputValidation.validate, async (ctx, next) => {
ctx.status = 200;
ctx.body = { result: 'OK' };
});
router.get('/pets/:petId', inputValidation.validate, async (ctx, next) => {
ctx.status = 200;
ctx.body = { result: 'OK' };
});
router.put('/pets', inputValidation.validate, async (ctx, next) => {
ctx.status = 200;
ctx.body = { result: 'OK' };
});
return app;
'use strict';
const fastify = require('fastify');
const inputValidation = require('../../src/middleware');
async function getApp() {
inputValidation.init('test/pet-store-swagger.yaml', {
framework: 'fastify'
});
const app = fastify({ logger: true });
app.register(inputValidation.validate());
app.setErrorHandler(async (err, req, reply) => {
if (err instanceof inputValidation.InputValidationError) {
return reply.status(400).send({ more_info: JSON.stringify(err.errors) });
}
reply.status(500);
reply.send();
});
app.get('/pets', (req, reply) => {
reply.status(204).send();
});
await app.ready();
return app;
}
It is important to set the type property of any Schema Objects explicitly to object. Although it isn't required in the OpenAPI specification, it is necessary in order for Ajv to work correctly.
Multipart/form-data (files) support is based on express/multer.
When using this package as middleware for fastify, the validations errors are being thrown.
When using this package as middleware for koa, the validations errors are being thrown.
This package supports Koa servers that use koa-router, koa-bodyparser and koa-multer.
The tests use mocha, istanbul and mochawesome. Run them using the node test script:
npm test
FAQs
Input validation using Swagger (Open API) and ajv
The npm package express-ajv-swagger-validation receives a total of 286 weekly downloads. As such, express-ajv-swagger-validation popularity was classified as not popular.
We found that express-ajv-swagger-validation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.