Add a config option to enable strict validation

This commit is contained in:
Egor Kislitsyn 2020-05-04 22:33:05 +04:00
parent 4b9ab67aa8
commit f070b5569c
No known key found for this signature in database
GPG key ID: 1B49CB15B71E7805
2 changed files with 14 additions and 5 deletions

View file

@ -653,6 +653,8 @@ config :pleroma, :restrict_unauthenticated,
profiles: %{local: false, remote: false},
activities: %{local: false, remote: false}
config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false
# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{Mix.env()}.exs"

View file

@ -7,9 +7,10 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
@moduledoc """
This plug is based on [`OpenApiSpex.Plug.CastAndValidate`]
(https://github.com/open-api-spex/open_api_spex/blob/master/lib/open_api_spex/plug/cast_and_validate.ex).
The main difference is ignoring unexpected query params
instead of throwing an error. Also, the default rendering
error module is `Pleroma.Web.ApiSpec.RenderError`.
The main difference is ignoring unexpected query params instead of throwing
an error and a config option (`[Pleroma.Web.ApiSpec.CastAndValidate, :strict]`)
to disable this behavior. Also, the default rendering error module
is `Pleroma.Web.ApiSpec.RenderError`.
"""
@behaviour Plug
@ -45,7 +46,7 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
private_data = Map.put(private_data, :operation_id, operation_id)
conn = Conn.put_private(conn, :open_api_spex, private_data)
case cast_and_validate(spec, operation, conn, content_type) do
case cast_and_validate(spec, operation, conn, content_type, strict?()) do
{:ok, conn} ->
conn
@ -98,7 +99,11 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
def call(conn, opts), do: OpenApiSpex.Plug.CastAndValidate.call(conn, opts)
defp cast_and_validate(spec, operation, conn, content_type) do
defp cast_and_validate(spec, operation, conn, content_type, true = _strict) do
OpenApiSpex.cast_and_validate(spec, operation, conn, content_type)
end
defp cast_and_validate(spec, operation, conn, content_type, false = _strict) do
case OpenApiSpex.cast_and_validate(spec, operation, conn, content_type) do
{:ok, conn} ->
{:ok, conn}
@ -129,4 +134,6 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
i -> i
end)
end
defp strict?, do: Pleroma.Config.get([__MODULE__, :strict], false)
end