我在API的验证内容策略上遇到了一个问题,所以在公共环境中共享我创建了一个简单的Open API Spec yaml文件,其中包含用于创建API的模式,然后添加了验证内容策略。当发送正确的JSON时,它会按预期进行验证,或者如果我错过了任何必需的字段,它会阻止正确的验证错误。然而,当我发送一个完全不相关的JSON时,它会顺利通过,期望是防止,否则它会破坏策略表达式。
根据其他线程之一的建议,我还尝试添加请求表示和指定的消息模式,但行为是相同的。
我还在https://www.jsonschemavalidator.net/上验证了它,其中验证如预期的
我不确定它是否忽略了一个事实,JSON验证忽略了额外的元素
使用的YAML的内容
openapi: "3.0.0"
info:
title: address-schema-validation
description: This is a loop back API to test schema validation
version: '1.0'
license:
name: MIT
paths:
/validate:
post:
summary: Submit a request for validation
operationId: validate
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/AddressBody"
responses:
'200':
description: valid payload
content:
application/json:
schema:
$ref: "#/components/schemas/AddressBody"
components:
schemas:
AddressBody:
type: object
properties:
address:
type: string
example: "01 Auckland"
name:
type: object
required:
- fistName
- lastName
properties:
fistName:
type: string
example: Fist Name
lastName:
type: string
example: Last Name
<policies>
<inbound>
<base />
<validate-content unspecified-content-type-action="prevent" max-size="102400" size-exceeded-action="prevent" errors-variable-name="requestBodyValidation">
<content type="application/json" validate-as="json" action="prevent" />
</validate-content>
<return-response>
<set-status code="200" reason="OK" />
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>@(context.Request.Body.As<String>())</set-body>
</return-response>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
{
"address": "01 Auckland",
"name": {
"fistName1": "Fist Name",
"lastName": "Last Name"
}
}
显示错误信息
{
"statusCode": 400,
"message": "Body of the request does not conform to the definition which is associated with the content type application/json. Required properties are missing from object: fistName. Line: 6, Position: 5"
}
下面的JSON预计会被阻止,但它不是
{"prevent":"me"}
实际上验证是按照预期完成的,为了防止意外的JSON,模式应该有一个必需的根元素,如果根元素是可选的,那么当发布完全不相关的JSON时,验证策略将简单地忽略意外的元素。