express-gateway icon indicating copy to clipboard operation
express-gateway copied to clipboard

Published 20 hours ago verified publisher icon ExpressGateway

Foreign fields not declared in schemas should be warned in EG

Open StickNitro opened this issue 7 years ago • 1 comments

The headerPrefix doesn’t seem to be getting applied in 1.6.1, my config is:

      - headers: &common-headers
          - action:
              headerPrefix: eg-
              forwardHeaders:
                user-id: 'consumer.token.authenticatedUserId'
                last-login: 'consumer.token.createdAt’

I am getting the user-id header, however it is named user-id instead of eg-user-id as expected

See comments below from gist

Serhii Kuts @DrMegavolt 10:35 @StickNitro I’ve checked there was a fallback to headerPrefix https://github.com/ExpressGateway/express-gateway/blame/de501c6509a5256d867b5709f30bc20d6fdf8a08/lib/policies/headers/headers.js#L5 now it is removed. to make properties consistent @XVincentX I’m curious is it possible to allow fields that are not in schema but still output a warning that field not from schema is in configuration ?

Vincenzo Chianese @XVincentX 10:39 I was exactly thinking the same. There should be an option for sure. @StickNitro Could you open an issue on the Gateway repository so I can track that and verify?

StickNitro avatar Jan 25 '18 12:01 StickNitro

It turns out this might not be that easy.

I've checked our schema validator (ajv) and it does not have a way to simply detect properties that are not part of the schema. It can discard them automagically, but it seems like it hasn't got any way to return "foreign" properties in a schema so we can notice the user.

Given that, we have multiple ways to handle this:

  1. Discard all foreign properties that is — if you do not declare them in the schema, you don't get it in your policy/plugin/condition. Super strict.

  2. Roll out our own mechanism to detect such properties. This might be extremely tricky given that the a JSON Schema can be pretty complicated as well as nested, circular references…I would't go in such dungeon. An idea I was having in mind: let's take the original object, give it to ajv; it will return a new version with deleted property. We could try to compare the original object with the filtered one: if we detect missing properties with regards to the original data, then there's a foreign property we can signal to the user.

I can continue to investigate (ask guys at Ajv or dig into the source code). However before going into such dungeon let's make sure we're all on the same page and eventually schedule it.

@altsang @DrMegavolt @kevinswiber

XVincentX avatar Jan 26 '18 14:01 XVincentX