Add a config option to enable strict validation

author Egor Kislitsyn <egor@kislitsyn.com>

Mon, 4 May 2020 18:33:05 +0000 (22:33 +0400)

committer Egor Kislitsyn <egor@kislitsyn.com>

Mon, 4 May 2020 18:33:05 +0000 (22:33 +0400)
author Egor Kislitsyn <egor@kislitsyn.com>
Mon, 4 May 2020 18:33:05 +0000 (22:33 +0400)
committer Egor Kislitsyn <egor@kislitsyn.com>
Mon, 4 May 2020 18:33:05 +0000 (22:33 +0400)
diff --git a/config/config.exs b/config/config.exs

index a6c6d6f99e7c593caffe00062d61671eea94d121..ca9bbab6480c43ccebaecaca106ad22c8059bd6c 100644 (file)
--- a/config/config.exs
+++ b/config/config.exs
@@ -653,6 +653,8 @@ config :pleroma, :restrict_unauthenticated,
    profiles: %{local: false, remote: false},
    activities: %{local: false, remote: false}
  
+config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false
+
  # Import environment specific config. This must remain at the bottom
  # of this file so it overrides the configuration defined above.
  import_config "#{Mix.env()}.exs"
diff --git a/lib/pleroma/web/api_spec/cast_and_validate.ex b/lib/pleroma/web/api_spec/cast_and_validate.ex

index b94517c5234376a812246940072c02beaeeba11a..bd9026237044c7ba9f576c8718d69dadc101e9b7 100644 (file)
--- a/lib/pleroma/web/api_spec/cast_and_validate.ex
+++ b/lib/pleroma/web/api_spec/cast_and_validate.ex
@@ -7,9 +7,10 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
    @moduledoc """
    This plug is based on [`OpenApiSpex.Plug.CastAndValidate`]
    (https://github.com/open-api-spex/open_api_spex/blob/master/lib/open_api_spex/plug/cast_and_validate.ex).
-  The main difference is ignoring unexpected query params
-  instead of throwing an error. Also, the default rendering
-  error module is `Pleroma.Web.ApiSpec.RenderError`.
+  The main difference is ignoring unexpected query params instead of throwing
+  an error and a config option (`[Pleroma.Web.ApiSpec.CastAndValidate, :strict]`)
+  to disable this behavior. Also, the default rendering error module
+  is `Pleroma.Web.ApiSpec.RenderError`.
    """
  
    @behaviour Plug
@@ -45,7 +46,7 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
      private_data = Map.put(private_data, :operation_id, operation_id)
      conn = Conn.put_private(conn, :open_api_spex, private_data)
  
-    case cast_and_validate(spec, operation, conn, content_type) do
+    case cast_and_validate(spec, operation, conn, content_type, strict?()) do
        {:ok, conn} ->
          conn
  
@@ -98,7 +99,11 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
  
    def call(conn, opts), do: OpenApiSpex.Plug.CastAndValidate.call(conn, opts)
  
-  defp cast_and_validate(spec, operation, conn, content_type) do
+  defp cast_and_validate(spec, operation, conn, content_type, true = _strict) do
+    OpenApiSpex.cast_and_validate(spec, operation, conn, content_type)
+  end
+
+  defp cast_and_validate(spec, operation, conn, content_type, false = _strict) do
      case OpenApiSpex.cast_and_validate(spec, operation, conn, content_type) do
        {:ok, conn} ->
          {:ok, conn}
@@ -129,4 +134,6 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
        i -> i
      end)
    end
+
+  defp strict?, do: Pleroma.Config.get([__MODULE__, :strict], false)
  end
author	Egor Kislitsyn <egor@kislitsyn.com>
	Mon, 4 May 2020 18:33:05 +0000 (22:33 +0400)
committer	Egor Kislitsyn <egor@kislitsyn.com>
	Mon, 4 May 2020 18:33:05 +0000 (22:33 +0400)
config/config.exs		patch \| blob \| history
lib/pleroma/web/api_spec/cast_and_validate.ex		patch \| blob \| history