Consolidate shared code across middlewares

Remove case for SecurityRequirementsError
Improve test coverage

Author: zucchinho

context.go

@@ -0,0 +1,19 @@
+package ginmiddleware
+
+import (
+	"context"
+
+	"github.com/gin-gonic/gin"
+)
+
+func getRequestContext(
+	c *gin.Context,
+	options *Options,
+) context.Context {
+	requestContext := context.WithValue(context.Background(), GinContextKey, c)
+	if options != nil {
+		requestContext = context.WithValue(requestContext, UserDataKey, options.UserData)
+	}
+
+	return requestContext
+}

error.go

@@ -0,0 +1,35 @@
+package ginmiddleware
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/getkin/kin-openapi/routers"
+	"github.com/gin-gonic/gin"
+)
+
+func handleValidationError(
+	c *gin.Context,
+	err error,
+	options *Options,
+	generalStatusCode int,
+) {
+	var errorHandler ErrorHandler
+	// if an error handler is provided, use that
+	if options != nil && options.ErrorHandler != nil {
+		errorHandler = options.ErrorHandler
+	} else {
+		errorHandler = func(c *gin.Context, message string, statusCode int) {
+			c.AbortWithStatusJSON(statusCode, gin.H{"error": message})
+		}
+	}
+
+	if errors.Is(err, routers.ErrPathNotFound) {
+		errorHandler(c, err.Error(), http.StatusNotFound)
+	} else {
+		errorHandler(c, err.Error(), generalStatusCode)
+	}
+
+	// in case the handler didn't internally call Abort, stop the chain
+	c.Abort()
+}

oapi_validate_request.go

@@ -15,7 +15,6 @@
 package ginmiddleware
 
 import (
-	"context"
 	"errors"
 	"fmt"
 	"log"
@@ -65,22 +64,7 @@ func OapiRequestValidatorWithOptions(swagger *openapi3.T, options *Options) gin.
 	return func(c *gin.Context) {
 		err := ValidateRequestFromContext(c, router, options)
 		if err != nil {
-			// using errors.Is did not work
-			if options != nil && options.ErrorHandler != nil && err.Error() == routers.ErrPathNotFound.Error() {
-				options.ErrorHandler(c, err.Error(), http.StatusNotFound)
-				// in case the handler didn't internally call Abort, stop the chain
-				c.Abort()
-			} else if options != nil && options.ErrorHandler != nil {
-				options.ErrorHandler(c, err.Error(), http.StatusBadRequest)
-				// in case the handler didn't internally call Abort, stop the chain
-				c.Abort()
-			} else if err.Error() == routers.ErrPathNotFound.Error() {
-				// note: i am not sure if this is the best way to handle this
-				c.AbortWithStatusJSON(http.StatusNotFound, gin.H{"error": err.Error()})
-			} else {
-				// note: i am not sure if this is the best way to handle this
-				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": err.Error()})
-			}
+			handleValidationError(c, err, options, http.StatusBadRequest)
 		}
 		c.Next()
 	}
@@ -89,38 +73,14 @@ func OapiRequestValidatorWithOptions(swagger *openapi3.T, options *Options) gin.
 // ValidateRequestFromContext is called from the middleware above and actually does the work
 // of validating a request.
 func ValidateRequestFromContext(c *gin.Context, router routers.Router, options *Options) error {
-	req := c.Request
-	route, pathParams, err := router.FindRoute(req)
-
-	// We failed to find a matching route for the request.
+	validationInput, err := getRequestValidationInput(c.Request, router, options)
 	if err != nil {
-		switch e := err.(type) {
-		case *routers.RouteError:
-			// We've got a bad request, the path requested doesn't match
-			// either server, or path, or something.
-			return errors.New(e.Reason)
-		default:
-			// This should never happen today, but if our upstream code changes,
-			// we don't want to crash the server, so handle the unexpected error.
-			return fmt.Errorf("error validating route: %s", err.Error())
-		}
-	}
-
-	validationInput := &openapi3filter.RequestValidationInput{
-		Request:    req,
-		PathParams: pathParams,
-		Route:      route,
+		return fmt.Errorf("error getting request validation input from route: %w", err)
 	}
 
-	// Pass the gin context into the request validator, so that any callbacks
+	// Pass the gin context into the response validator, so that any callbacks
 	// which it invokes make it available.
-	requestContext := context.WithValue(context.Background(), GinContextKey, c)
-
-	if options != nil {
-		validationInput.Options = &options.Options
-		validationInput.ParamDecoder = options.ParamDecoder
-		requestContext = context.WithValue(requestContext, UserDataKey, options.UserData)
-	}
+	requestContext := getRequestContext(c, options)
 
 	err = openapi3filter.ValidateRequest(requestContext, validationInput)
 	if err != nil {

oapi_validate_response.go

@@ -16,7 +16,6 @@ package ginmiddleware
 
 import (
 	"bytes"
-	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -47,9 +46,9 @@ func OapiResponseValidatorFromYamlFile(path string) (gin.HandlerFunc, error) {
 	return OapiRequestValidator(swagger), nil
 }
 
-// OapiRequestValidator is an gin middleware function which validates incoming HTTP requests
+// OapiResponseValidator is an gin middleware function which validates outgoing HTTP responses
 // to make sure that they conform to the given OAPI 3.0 specification. When
-// OAPI validation fails on the request, we return an HTTP/400 with error message
+// OAPI validation fails on the request, we return an HTTP/500 with error message
 func OapiResponseValidator(swagger *openapi3.T) gin.HandlerFunc {
 	return OapiResponseValidatorWithOptions(swagger, nil)
 }
@@ -67,64 +66,28 @@ func OapiResponseValidatorWithOptions(swagger *openapi3.T, options *Options) gin
 	return func(c *gin.Context) {
 		err := ValidateResponseFromContext(c, router, options)
 		if err != nil {
-			if options != nil && options.ErrorHandler != nil {
-				options.ErrorHandler(c, err.Error(), http.StatusInternalServerError)
-				// in case the handler didn't internally call Abort, stop the chain
-				c.Abort()
-			} else {
-				c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
-			}
+			handleValidationError(c, err, options, http.StatusInternalServerError)
 		}
-	}
-}
 
-type responseInterceptor struct {
-	gin.ResponseWriter
-	body *bytes.Buffer
-}
-
-func (w *responseInterceptor) Write(b []byte) (int, error) {
-	return w.body.Write(b)
+		// in case an error was encountered before Next() was called, call it here
+		c.Next()
+	}
 }
 
 // ValidateResponseFromContext is called from the middleware above and actually does the work
 // of validating a response.
 func ValidateResponseFromContext(c *gin.Context, router routers.Router, options *Options) error {
-	req := c.Request
-	route, pathParams, err := router.FindRoute(req)
-
-	// We failed to find a matching route for the request.
+	reqValidationInput, err := getRequestValidationInput(c.Request, router, options)
 	if err != nil {
-		switch e := err.(type) {
-		case *routers.RouteError:
-			// We've got a bad request, the path requested doesn't match
-			// either server, or path, or something.
-			return errors.New(e.Reason)
-		default:
-			// This should never happen today, but if our upstream code changes,
-			// we don't want to crash the server, so handle the unexpected error.
-			return fmt.Errorf("error validating route: %s", err.Error())
-		}
-	}
-
-	reqValidationInput := &openapi3filter.RequestValidationInput{
-		Request:    req,
-		PathParams: pathParams,
-		Route:      route,
+		return fmt.Errorf("error getting request validation input from route: %w", err)
 	}
 
-	// Pass the gin context into the request validator, so that any callbacks
+	// Pass the gin context into the response validator, so that any callbacks
 	// which it invokes make it available.
-	requestContext := context.WithValue(context.Background(), GinContextKey, c)
-
-	if options != nil {
-		reqValidationInput.Options = &options.Options
-		reqValidationInput.ParamDecoder = options.ParamDecoder
-		requestContext = context.WithValue(requestContext, UserDataKey, options.UserData)
-	}
+	requestContext := getRequestContext(c, options)
 
 	// wrap the response writer in a bodyWriter so we can capture the response body
-	bw := &responseInterceptor{ResponseWriter: c.Writer, body: bytes.NewBufferString("")}
+	bw := newResponseInterceptor(c.Writer)
 	c.Writer = bw
 
 	// Call the next handler in the chain, which will actually process the request
@@ -146,7 +109,6 @@ func ValidateResponseFromContext(c *gin.Context, router routers.Router, options
 	}
 
 	err = openapi3filter.ValidateResponse(requestContext, rspValidationInput)
-
 	if err != nil {
 		// restore the original response writer
 		c.Writer = bw.ResponseWriter
@@ -164,8 +126,6 @@ func ValidateResponseFromContext(c *gin.Context, router routers.Router, options
 			// openapi errors seem to be multi-line with a decent message on the first
 			errorLines := strings.Split(e.Error(), "\n")
 			return fmt.Errorf("error in openapi3filter.ResponseError: %s", errorLines[0])
-		case *openapi3filter.SecurityRequirementsError:
-			return fmt.Errorf("error in openapi3filter.SecurityRequirementsError: %s", e.Error())
 		default:
 			// This should never happen today, but if our upstream code changes,
 			// we don't want to crash the server, so handle the unexpected error.

oapi_validate_response_test.go

@@ -35,11 +35,9 @@ func TestOapiResponseValidator(t *testing.T) {
 	swagger, err := openapi3.NewLoader().LoadFromData(testResponseSchema)
 	require.NoError(t, err, "Error initializing swagger")
 
-	// Create a new echo router
+	// Create a new gin router
 	g := gin.New()
 
-	// Set up an authenticator to check authenticated function. It will allow
-	// access to "someScope", but disallow others.
 	options := Options{
 		ErrorHandler: func(c *gin.Context, message string, statusCode int) {
 			c.String(statusCode, "test: "+message)
@@ -51,17 +49,21 @@ func TestOapiResponseValidator(t *testing.T) {
 		UserData: "hi!",
 	}
 
-	// Install our OpenApi based request validator
+	// Install our OpenApi based response validator
 	g.Use(OapiResponseValidatorWithOptions(swagger, &options))
 
-	tests := []struct {
-		name        string
-		operationID string
-	}{
-		{
-			name:        "GET /resource",
-			operationID: "getResource",
-		},
+	// Test an incorrect route
+	{
+		rec := doGet(t, g, "http://deepmap.ai/incorrect")
+		assert.Equal(t, http.StatusNotFound, rec.Code)
+		assert.Contains(t, rec.Body.String(), "no matching operation was found")
+	}
+
+	// Test wrong server
+	{
+		rec := doGet(t, g, "http://wrongserver.ai/resource")
+		assert.Equal(t, http.StatusNotFound, rec.Code)
+		assert.Contains(t, rec.Body.String(), "no matching operation was found")
 	}
 
 	// getResource
@@ -235,7 +237,7 @@ func TestOapiResponseValidator(t *testing.T) {
 
 				rec := doPost(t, g, "http://deepmap.ai/resource", gin.H{"name": "Wilhelm Scream"})
 				assert.Equal(t, tt.wantStatus, rec.Code)
-				if tt.wantStatus == http.StatusOK {
+				if tt.wantStatus == http.StatusCreated {
 					switch tt.contentType {
 					case "application/json":
 						assert.JSONEq(t, tt.wantRsp, rec.Body.String())
@@ -249,6 +251,20 @@ func TestOapiResponseValidator(t *testing.T) {
 		}
 	}
 
+	tests := []struct {
+		name        string
+		operationID string
+	}{
+		{
+			name:        "GET /resource",
+			operationID: "getResource",
+		},
+		{
+			name:        "POST /resource",
+			operationID: "createResource",
+		},
+	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			switch tt.operationID {
@@ -259,5 +275,35 @@ func TestOapiResponseValidator(t *testing.T) {
 			}
 		})
 	}
+}
 
+func TestOapiResponseValidatorNoOptions(t *testing.T) {
+	swagger, err := openapi3.NewLoader().LoadFromData(testResponseSchema)
+	require.NoError(t, err, "Error initializing swagger")
+
+	mw := OapiResponseValidator(swagger)
+	assert.NotNil(t, mw, "Response validator is nil")
+}
+
+func TestOapiResponseValidatorFromYamlFile(t *testing.T) {
+	// Test that we can load a response validator from a yaml file
+	{
+		mw, err := OapiResponseValidatorFromYamlFile("test_response_spec.yaml")
+		assert.NoError(t, err, "Error initializing response validator")
+		assert.NotNil(t, mw, "Response validator is nil")
+	}
+
+	// Test that we get an error when the file does not exist
+	{
+		mw, err := OapiResponseValidatorFromYamlFile("nonexistent.yaml")
+		assert.Error(t, err, "Expected error initializing response validator")
+		assert.Nil(t, mw, "Response validator is not nil")
+	}
+
+	// Test that we get an error when the file is not a valid yaml file
+	{
+		mw, err := OapiResponseValidatorFromYamlFile("README.md")
+		assert.Error(t, err, "Expected error initializing response validator")
+		assert.Nil(t, mw, "Response validator is not nil")
+	}
 }

response_interceptor.go

@@ -0,0 +1,25 @@
+package ginmiddleware
+
+import (
+	"bytes"
+
+	"github.com/gin-gonic/gin"
+)
+
+type responseInterceptor struct {
+	gin.ResponseWriter
+	body *bytes.Buffer
+}
+
+var _ gin.ResponseWriter = &responseInterceptor{}
+
+func newResponseInterceptor(w gin.ResponseWriter) *responseInterceptor {
+	return &responseInterceptor{
+		ResponseWriter: w,
+		body:           bytes.NewBufferString(""),
+	}
+}
+
+func (w *responseInterceptor) Write(b []byte) (int, error) {
+	return w.body.Write(b)
+}