swagger-tools
Advanced tools
Comparing version 0.7.3 to 0.7.4
@@ -45,5 +45,2 @@ /* | ||
* | ||
* This middleware requires that you use the appropriate middleware to populate req.body and req.query before this | ||
* middleware. This middleware also makes no attempt to work around invalid Swagger documents. | ||
* | ||
* @param {object} resourceListing - The resource listing object | ||
@@ -118,32 +115,29 @@ * @param {object[]} resources - The array of resources | ||
if (apiMetadata) { | ||
metadata = { | ||
api: apiMetadata.api, | ||
apiDeclaration: apiMetadata.apiDeclaration, | ||
apiIndex: apiMetadata.apiIndex, | ||
params: {}, | ||
resourceIndex: apiMetadata.resourceIndex, | ||
resourceListing: apiMetadata.resourceListing | ||
}; | ||
// Request does not match an API defined in the Swagger document(s) | ||
if (!apiMetadata) { | ||
return next(); | ||
} | ||
if (_.isPlainObject(apiMetadata.operations[req.method])) { | ||
metadata.operation = apiMetadata.operations[req.method].operation; | ||
metadata.operationPath = apiMetadata.operations[req.method].operationPath; | ||
metadata.authorizations = metadata.operation.authorizations || apiMetadata.apiDeclaration.authorizations; | ||
} | ||
metadata = { | ||
api: apiMetadata.api, | ||
apiDeclaration: apiMetadata.apiDeclaration, | ||
apiIndex: apiMetadata.apiIndex, | ||
params: {}, | ||
resourceIndex: apiMetadata.resourceIndex, | ||
resourceListing: apiMetadata.resourceListing | ||
}; | ||
req.swagger = metadata; | ||
if (_.isPlainObject(apiMetadata.operations[req.method])) { | ||
metadata.operation = apiMetadata.operations[req.method].operation; | ||
metadata.operationPath = apiMetadata.operations[req.method].operationPath; | ||
metadata.authorizations = metadata.operation.authorizations || apiMetadata.apiDeclaration.authorizations; | ||
} | ||
// Collect the parameter values | ||
if (metadata && metadata.operation) { | ||
_.each(metadata.operation.parameters, function (parameter, index) { | ||
var val = helpers.getParameterValue('1.2', parameter, apiMetadata.keys, match, req); | ||
req.swagger = metadata; | ||
metadata.params[parameter.name] = { | ||
path: metadata.operationPath.concat(['parameters', index.toString()]), | ||
schema: parameter, | ||
value: val | ||
}; | ||
}); | ||
if (metadata.operation) { | ||
// Process the operation parameters | ||
helpers.processOperationParameters('1.2', apiMetadata.keys, match, req, res, next); | ||
} else { | ||
return next(); | ||
} | ||
@@ -153,5 +147,3 @@ } catch (err) { | ||
} | ||
return next(); | ||
}; | ||
}; |
@@ -71,5 +71,2 @@ /* | ||
* | ||
* This middleware requires that you use the appropriate middleware to populate req.body and req.query before this | ||
* middleware. This middleware also makes no attempt to work around invalid Swagger documents. | ||
* | ||
* @param {object} swaggerObject - The Swagger object | ||
@@ -142,32 +139,28 @@ * | ||
if (pathMetadata) { | ||
metadata = { | ||
apiPath : pathMetadata.apiPath, | ||
path: pathMetadata.path, | ||
params: {}, | ||
swaggerObject: pathMetadata.swaggerObject.resolved | ||
}; | ||
// Request does not match an API defined in the Swagger document | ||
if (!pathMetadata) { | ||
return next(); | ||
} | ||
if (_.isPlainObject(pathMetadata.operations[method])) { | ||
metadata.operation = pathMetadata.operations[method].operation; | ||
metadata.operationParameters = pathMetadata.operations[method].parameters || []; | ||
metadata.operationPath = ['paths', pathMetadata.apiPath, method]; | ||
metadata.security = metadata.operation.security || metadata.swaggerObject.security || []; | ||
} | ||
metadata = { | ||
apiPath : pathMetadata.apiPath, | ||
path: pathMetadata.path, | ||
params: {}, | ||
swaggerObject: pathMetadata.swaggerObject.resolved | ||
}; | ||
req.swagger = metadata; | ||
if (_.isPlainObject(pathMetadata.operations[method])) { | ||
metadata.operation = pathMetadata.operations[method].operation; | ||
metadata.operationParameters = pathMetadata.operations[method].parameters || []; | ||
metadata.operationPath = ['paths', pathMetadata.apiPath, method]; | ||
metadata.security = metadata.operation.security || metadata.swaggerObject.security || []; | ||
} | ||
// Collect the parameter values | ||
if (metadata && metadata.operation) { | ||
_.each(metadata.operationParameters, function (paramMetadata) { | ||
var parameter = paramMetadata.schema; | ||
var val = helpers.getParameterValue('2.0', parameter, pathMetadata.keys, match, req); | ||
req.swagger = metadata; | ||
metadata.params[parameter.name] = { | ||
path: paramMetadata.path, | ||
schema: parameter, | ||
value: val | ||
}; | ||
}); | ||
if (metadata.operation) { | ||
// Process the operation parameters | ||
helpers.processOperationParameters('2.0', pathMetadata.keys, match, req, res, next); | ||
} else { | ||
return next(); | ||
} | ||
@@ -177,5 +170,3 @@ } catch (err) { | ||
} | ||
return next(); | ||
}; | ||
}; |
@@ -29,2 +29,3 @@ /* | ||
var async = require('async'); | ||
var bp = require('body-parser'); | ||
var fs = require('fs'); | ||
@@ -34,4 +35,25 @@ var helpers = require('../lib/helpers'); | ||
var path = require('path'); | ||
var qs = require('qs'); | ||
var validators = require('../lib/validators'); | ||
// Upstream middlewares | ||
var jsonBodyParser = bp.json(); | ||
var queryParser = function (req, res, next) { | ||
if (!req.query) { | ||
req.query = req.url.indexOf('?') > -1 ? qs.parse(parseurl(req).query, {}) : {}; | ||
} | ||
return next(); | ||
}; | ||
var urlEncodedBodyParser = bp.urlencoded({extended: false}); | ||
var bodyParser = function (req, res, callback) { | ||
urlEncodedBodyParser(req, res, function (err) { | ||
if (err) { | ||
callback(err); | ||
} else { | ||
jsonBodyParser(req, res, callback); | ||
} | ||
}); | ||
}; | ||
var isModelType = function isModelType (spec, type) { | ||
@@ -339,3 +361,4 @@ return spec.primitives.indexOf(type) === -1; | ||
module.exports.getParameterValue = function getParameterValue (version, parameter, pathKeys, match, req) { | ||
var getParameterValue = module.exports.getParameterValue = function getParameterValue (version, parameter, pathKeys, | ||
match, req) { | ||
var defaultVal = version === '1.2' ? parameter.defaultValue : parameter.default; | ||
@@ -350,6 +373,2 @@ var paramType = version === '1.2' ? parameter.paramType : parameter.in; | ||
case 'formData': | ||
if (!req.body) { | ||
throw new Error('Server configuration error: req.body is not defined but is required'); | ||
} | ||
if (isModelParameter(version, parameter)) { | ||
@@ -375,6 +394,2 @@ val = req.body; | ||
case 'query': | ||
if (!req.query) { | ||
throw new Error('Server configuration error: req.query is not defined but is required'); | ||
} | ||
val = req.query[parameter.name]; | ||
@@ -393,2 +408,59 @@ | ||
module.exports.processOperationParameters = function processOperationParameters (version, pathKeys, pathMatch, req, res, | ||
next) { | ||
var swaggerMetadata = req.swagger; | ||
var parameters = !_.isUndefined(swaggerMetadata) ? | ||
(version === '1.2' ? swaggerMetadata.operation.parameters : swaggerMetadata.operationParameters) : | ||
undefined; | ||
if (!parameters) { | ||
return next(); | ||
} | ||
async.map(_.reduce(parameters, function (requestParsers, parameter) { | ||
var paramType = version === '1.2' ? parameter.paramType : parameter.schema.in; | ||
var parser; | ||
switch (paramType) { | ||
case 'body': | ||
case 'form': | ||
case 'formData': | ||
parser = bodyParser; | ||
break; | ||
case 'query': | ||
parser = queryParser; | ||
break; | ||
} | ||
if (parser && requestParsers.indexOf(parser) === -1) { | ||
requestParsers.push(parser); | ||
} | ||
return requestParsers; | ||
}, []), function (parser, callback) { | ||
parser(req, res, callback); | ||
}, function (err) { | ||
if (err) { | ||
return next(err); | ||
} | ||
_.each(parameters, function (parameterOrMetadata, index) { | ||
var parameter = version === '1.2' ? parameterOrMetadata : parameterOrMetadata.schema; | ||
swaggerMetadata.params[parameter.name] = { | ||
path: version === '1.2' ? | ||
swaggerMetadata.operationPath.concat(['parameters', index.toString()]) : | ||
parameterOrMetadata.path, | ||
schema: parameter, | ||
value: getParameterValue(version, parameter, pathKeys, pathMatch, req) | ||
}; | ||
}); | ||
return next(); | ||
}); | ||
}; | ||
module.exports.send400 = function send400 (req, res, next, err) { | ||
@@ -586,2 +658,8 @@ var validationMessage; | ||
}); | ||
if (_.isUndefined(schema) && operation.responses.default) { | ||
schema = operation.responses.default; | ||
vPath.push(['responses', 'default']); | ||
} | ||
} | ||
@@ -605,2 +683,3 @@ } | ||
if (err.failedValidation) { | ||
err.originalResponse = data; | ||
err.message = 'Response validation failed: ' + err.message.charAt(0).toLowerCase() + err.message.substring(1); | ||
@@ -607,0 +686,0 @@ } |
{ | ||
"name": "swagger-tools", | ||
"version": "0.7.3", | ||
"version": "0.7.4", | ||
"description": "Various tools for using and integrating with Swagger.", | ||
@@ -41,3 +41,2 @@ "main": "index.js", | ||
"devDependencies": { | ||
"body-parser": "^1.5.2", | ||
"bower": "^1.3.12", | ||
@@ -55,3 +54,2 @@ "brfs": "^1.2.0", | ||
"jshint-stylish": "^0.4.0", | ||
"qs": "^0.6.6", | ||
"supertest": "^0.13.0", | ||
@@ -63,2 +61,3 @@ "uglifyify": "^2.5.0", | ||
"async": "^0.9.0", | ||
"body-parser": "^1.10.0", | ||
"commander": "^2.5.1", | ||
@@ -69,2 +68,3 @@ "json-refs": "^0.1.4", | ||
"path-to-regexp": "^0.2.5", | ||
"qs": "^2.3.3", | ||
"serve-static": "^1.7.1", | ||
@@ -71,0 +71,0 @@ "spark-md5": "0.0.5", |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
853623
15
17294
16
19
+ Addedbody-parser@^1.10.0
+ Addedqs@^2.3.3
+ Addedbody-parser@1.20.2(transitive)
+ Addedbytes@3.1.2(transitive)
+ Addedcontent-type@1.0.5(transitive)
+ Addediconv-lite@0.4.24(transitive)
+ Addedmedia-typer@0.3.0(transitive)
+ Addedmime-db@1.52.0(transitive)
+ Addedmime-types@2.1.35(transitive)
+ Addedqs@2.4.26.11.0(transitive)
+ Addedraw-body@2.5.2(transitive)
+ Addedsafer-buffer@2.1.2(transitive)
+ Addedtype-is@1.6.18(transitive)
+ Addedunpipe@1.0.0(transitive)