|
1 | | -# `net/http` Middleware |
| 1 | +# OpenAPI Validation Middleware for `net/http`-compatible servers |
| 2 | + |
| 3 | +An HTTP middleware to perform validation of incoming requests via an OpenAPI specification. |
| 4 | + |
| 5 | +This project is a lightweight wrapper over the excellent [kin-openapi](https://github.com/getkin/kin-openapi) library's [`openapi3filter` package](https://pkg.go.dev/github.com/getkin/kin-openapi/openapi3filter). |
| 6 | + |
| 7 | +This is _intended_ to be used with code that's generated through [`oapi-codegen`](https://github.com/oapi-codegen/oapi-codegen), but should work otherwise. |
2 | 8 |
|
3 | 9 | ⚠️ This README may be for the latest development version, which may contain unreleased changes. Please ensure you're looking at the README for the latest release version. |
4 | 10 |
|
5 | | -Middleware for servers that implement `net/http` handlers, for use with [deepmap/oapi-codegen](https://github.com/deepmap/oapi-codegen), which has been tested to work with: |
| 11 | +## Usage |
| 12 | + |
| 13 | +You can add the middleware to your project with: |
| 14 | + |
| 15 | +```sh |
| 16 | +go get github.com/oapi-codegen/nethttp-middleware |
| 17 | +``` |
| 18 | + |
| 19 | +There is a full example of usage in [the Go doc for this project](https://pkg.go.dev/github.com/oapi-codegen/nethttp-middleware#pkg-examples). |
| 20 | + |
| 21 | +A simplified version of this code is as follows: |
| 22 | + |
| 23 | +```go |
| 24 | +rawSpec := ` |
| 25 | +openapi: "3.0.0" |
| 26 | +# ... |
| 27 | +` |
| 28 | +spec, _ := openapi3.NewLoader().LoadFromData([]byte(rawSpec)) |
| 29 | + |
| 30 | +// NOTE that we need to make sure that the `Servers` aren't set, otherwise the OpenAPI validation middleware will validate that the `Host` header (of incoming requests) are targeting known `Servers` in the OpenAPI spec |
| 31 | +// See also: Options#SilenceServersWarning |
| 32 | +spec.Servers = nil |
| 33 | + |
| 34 | +router := http.NewServeMux() |
| 35 | + |
| 36 | +router.HandleFunc("/resource", func(w http.ResponseWriter, r *http.Request) { |
| 37 | + fmt.Printf("%s /resource was called\n", r.Method) |
| 38 | + |
| 39 | + if r.Method == http.MethodPost { |
| 40 | + w.WriteHeader(http.StatusNoContent) |
| 41 | + return |
| 42 | + } |
| 43 | + |
| 44 | + w.WriteHeader(http.StatusMethodNotAllowed) |
| 45 | +}) |
| 46 | + |
| 47 | +use := func(r *http.ServeMux, middlewares ...func(next http.Handler) http.Handler) http.Handler { |
| 48 | + var s http.Handler |
| 49 | + s = r |
| 50 | + |
| 51 | + for _, mw := range middlewares { |
| 52 | + s = mw(s) |
| 53 | + } |
| 54 | + |
| 55 | + return s |
| 56 | +} |
| 57 | + |
| 58 | +// create middleware |
| 59 | +mw := middleware.OapiRequestValidatorWithOptions(spec, &middleware.Options{ |
| 60 | + Options: openapi3filter.Options{ |
| 61 | + AuthenticationFunc: authenticationFunc, |
| 62 | + }, |
| 63 | +}) |
| 64 | + |
| 65 | +// then wire it in |
| 66 | +server := use(router, mw) |
| 67 | + |
| 68 | +// now all HTTP routes will be handled by the middleware, and any requests that are invalid will be rejected |
| 69 | +``` |
| 70 | + |
| 71 | +## FAQs |
| 72 | + |
| 73 | +### Which HTTP servers should this work with? |
| 74 | + |
| 75 | +If you're using something that's compliant with `net/http` (which should be all Go web frameworks / routers / HTTP servers) it should work as-is. |
| 76 | + |
| 77 | +We explicitly test with the following servers, as they correspond with versions used by users of [oapi-codegen/oapi-codegen](https://github.com/oapi-codegen/oapi-codegen): |
6 | 78 |
|
7 | 79 | - [Chi](https://github.com/go-chi/chi) |
8 | 80 | - [gorilla/mux](https://github.com/gorilla/mux) |
9 | 81 | - [net/http](https://pkg.go.dev/net/http) |
10 | 82 |
|
11 | | -But if you're using something that's compliant with `net/http` it should work as-is. |
| 83 | +### "This doesn't support ..." / "I think it's a bug that ..." |
| 84 | + |
| 85 | +As this project is a lightweight wrapper over [kin-openapi](https://github.com/getkin/kin-openapi)'s [`openapi3filter` package](https://pkg.go.dev/github.com/getkin/kin-openapi/openapi3filter), it's _likely_ that any bugs/features are better sent upstream. |
| 86 | + |
| 87 | +However, it's worth raising an issue here instead, as it'll allow us to triage it before it goes to the kin-openapi maintainers. |
| 88 | + |
| 89 | +Additionally, as `oapi-codegen` contains [a number of middleware modules](https://github.com/search?q=org%3Aoapi-codegen+middleware&type=repositories), we'll very likely want to implement the same functionality across all the middlewares, so it may take a bit more coordination to get the changes in across our middlewares. |
| 90 | + |
| 91 | +### I've just updated my version of `kin-openapi`, and now I can't build my code 😠 |
| 92 | + |
| 93 | +The [kin-openapi](https://github.com/getkin/kin-openapi) project - which we 💜 for providing a great library and set of tooling for interacting with OpenAPI - is a pre-v1 release, which means that they're within their rights to push breaking changes. |
| 94 | + |
| 95 | +This may lead to breakage in your consuming code, and if so, sorry that's happened! |
12 | 96 |
|
13 | | -Licensed under the Apache-2.0. |
| 97 | +We'll be aware of the issue, and will work to update both the core `oapi-codegen` and the middlewares accordingly. |
0 commit comments