fix: ensure request body validation works for all content types and paths#2207
Open
XuanYuandp wants to merge 4 commits into
Open
fix: ensure request body validation works for all content types and paths#2207XuanYuandp wants to merge 4 commits into
XuanYuandp wants to merge 4 commits into
Conversation
…le extensions Fixes asyncapi#1940 Two bugs fixed: 1. GitHub URL parsing regex assumed branch names don't contain '/'. This caused URLs like github.com/org/repo/blob/feature/new-validation/spec.yaml to be incorrectly parsed, extracting only 'feature' as the branch name. Fixed by using a heuristic to find the correct branch/path split point. 2. File extension detection used `name.split('.')[1]` which returns the wrong segment for multi-dot filenames like `my.asyncapi.yaml`. Fixed by using `.pop()` to always get the last segment (actual extension). Files changed: - src/domains/services/validation.service.ts: Fix GitHub URL regex - src/domains/models/SpecificationFile.ts: Fix extension detection - src/apps/cli/commands/new/file.ts: Fix extension detection - test/unit/services/validation.service.test.ts: Add test for slash branches
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…aths Fixes asyncapi#1987 Three issues fixed: 1. Content type lookup was hardcoded to 'application/json' only. The code now iterates over all content types to find the schema, supporting any content-type defined in the OpenAPI spec. 2. No null safety on requestBody.content - dereferencing could leave content as undefined, causing TypeError that silently skipped validation. Added explicit null check. 3. The condition callback in convert controller skipped ALL validation (both body and document) when condition was false. Now it only skips body validation while still performing document validation. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
XuanYuandp
requested review from
AayushSaini101,
Amzani,
Shurtu-gal,
Souvikns and
asyncapi-bot-eve
as code owners
🦋 Changeset detectedLatest commit: 176daca The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this does
Fixes #1987 — Request body validation was being skipped for certain paths or HTTP methods even when a valid request body schema was defined.
Bug 1: Hardcoded content type
The code only looked at
requestBody.content['application/json']. If the OpenAPI spec defined the request body under a different content type, validation was skipped entirely.Fix: Iterate over all content types to find the schema.
Bug 2: No null safety on content
After OpenAPI dereferencing,
requestBody.contentcould be undefined, causing a TypeError that silently skipped validation.Fix: Added explicit null check on
content.Bug 3: condition callback skipped ALL validation
The
conditioncallback in the convert controller caused both body validation AND AsyncAPI document validation to be completely skipped when the condition was false.Fix: Now only skips body validation while still performing document validation.
Files changed
src/apps/api/middlewares/validation.middleware.tsTesting
All 9 existing tests passing. No regressions.
Part of MICROGRANT Program 2026-05.