Reject requests with null value if "nullable" is not set about express-openapi-validator HOT 7 CLOSED

@tafm You can now get the desired behavior by setting coerceTypes: false. This will ensure that null values are not coerced to the default value of typespecified in the spec. e.g. type: string would coerce a null to ''

v1.8.0 allows you to set coerceTypes to false

from express-openapi-validator.

@sheldhur do you know whether its possible to turn off defaults for required parameters only via Ajv. I beleive doing so will be one way to solve this problem

such a solution also aligns with avoiding Common Mistakes (as described in the OpenAPI spec)

Common Mistakes
There are two common mistakes when using the default keyword:
Using default with required parameters or properties, for example, with path parameters. This does not make sense – if a value is required, the client must always send it, and the default value is never used.

from express-openapi-validator.

@tafm thanks for the heads up on coerceTypes. i'll release an update of 1.8 to include the change.

i'll also investigate openapi-schema-to-json-schema.

all in all, please let me know what we can do to make this work for you.

you're interest and feedback is much appreciated. thanks!

from express-openapi-validator.

changing this from bug to enhancement as it hasn't been implemented yet.

from express-openapi-validator.

@tafm I've started some work in this area
please see #46 for details

this sets the foundation to solve the issue you described.

ultimately, it makes express-openapi-validator aware of the nullable property. essentially, if nullable: true it will allow the null value to pass through. if nullable: false or nullable is not provided, it will convert the value to its default value (as it does today). in the case of string, if a default value is not provided it is empty string.

from express-openapi-validator.

@cdimascio hi. You can change keyword behavior.

https://ajv.js.org/custom.html

from express-openapi-validator.

@cdimascio thank you very much, this is exactly i need to enable in production. Im still unnable to use now, but not really for a "lack" of feature but some incompatibility between json schemas and open api (setting coerceTypes to false makes ajv invalidate: "not of type string"). I had a look at the code and how to fix, one way its using the library openapi-schema-to-json-schema

const toJSONschema = require('openapi-schema-to-json-schema')
then replace const validator = this.ajv.compile(schema); to const validator = this.ajv.compile(toJSONschema(schema)); this converts types with nullable: true for a array of types [oldType, null]. Strangelly i think a better idea would be replace to anyOf, but works.

Another little issue its that coerceTypes is hardcoded to true at the npm repository / js files, the .ts files are right on github.

from express-openapi-validator.