Add a config option to enable strict validation

This commit is contained in:
Egor Kislitsyn 2020-05-04 22:33:05 +04:00
parent 4b9ab67aa8
commit f070b5569c
No known key found for this signature in database
GPG key ID: 1B49CB15B71E7805
2 changed files with 14 additions and 5 deletions

View file

@ -653,6 +653,8 @@ config :pleroma, :restrict_unauthenticated,
profiles: %{local: false, remote: false}, profiles: %{local: false, remote: false},
activities: %{local: false, remote: false} activities: %{local: false, remote: false}
config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false
# Import environment specific config. This must remain at the bottom # Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above. # of this file so it overrides the configuration defined above.
import_config "#{Mix.env()}.exs" import_config "#{Mix.env()}.exs"

View file

@ -7,9 +7,10 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
@moduledoc """ @moduledoc """
This plug is based on [`OpenApiSpex.Plug.CastAndValidate`] This plug is based on [`OpenApiSpex.Plug.CastAndValidate`]
(https://github.com/open-api-spex/open_api_spex/blob/master/lib/open_api_spex/plug/cast_and_validate.ex). (https://github.com/open-api-spex/open_api_spex/blob/master/lib/open_api_spex/plug/cast_and_validate.ex).
The main difference is ignoring unexpected query params The main difference is ignoring unexpected query params instead of throwing
instead of throwing an error. Also, the default rendering an error and a config option (`[Pleroma.Web.ApiSpec.CastAndValidate, :strict]`)
error module is `Pleroma.Web.ApiSpec.RenderError`. to disable this behavior. Also, the default rendering error module
is `Pleroma.Web.ApiSpec.RenderError`.
""" """
@behaviour Plug @behaviour Plug
@ -45,7 +46,7 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
private_data = Map.put(private_data, :operation_id, operation_id) private_data = Map.put(private_data, :operation_id, operation_id)
conn = Conn.put_private(conn, :open_api_spex, private_data) conn = Conn.put_private(conn, :open_api_spex, private_data)
case cast_and_validate(spec, operation, conn, content_type) do case cast_and_validate(spec, operation, conn, content_type, strict?()) do
{:ok, conn} -> {:ok, conn} ->
conn conn
@ -98,7 +99,11 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
def call(conn, opts), do: OpenApiSpex.Plug.CastAndValidate.call(conn, opts) def call(conn, opts), do: OpenApiSpex.Plug.CastAndValidate.call(conn, opts)
defp cast_and_validate(spec, operation, conn, content_type) do defp cast_and_validate(spec, operation, conn, content_type, true = _strict) do
OpenApiSpex.cast_and_validate(spec, operation, conn, content_type)
end
defp cast_and_validate(spec, operation, conn, content_type, false = _strict) do
case OpenApiSpex.cast_and_validate(spec, operation, conn, content_type) do case OpenApiSpex.cast_and_validate(spec, operation, conn, content_type) do
{:ok, conn} -> {:ok, conn} ->
{:ok, conn} {:ok, conn}
@ -129,4 +134,6 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
i -> i i -> i
end) end)
end end
defp strict?, do: Pleroma.Config.get([__MODULE__, :strict], false)
end end