express-openapi-validator
express-openapi-validator copied to clipboard
cdimascio
Invalid example for NestJS. Looks like response validation is broken.
Describe the bug Invalid example for NestJS https://github.com/cdimascio/express-openapi-validator/tree/master/examples/9-nestjs
To Reproduce
- Clone repository.
- Install dependencies 'npm ci'
- Notice that response validation is turned on https://github.com/cdimascio/express-openapi-validator/blob/master/examples/9-nestjs/src/app.module.ts#L22
- Go to https://github.com/cdimascio/express-openapi-validator/blob/master/examples/9-nestjs/src/modules/ping/ping.controller.ts#L15
- Change the response to '{ pongInvalid: value }'
- Start server 'npm run start'
- Make a GET request to "localhost:3000/ping/123"
Actual behavior The response "{"pongInvalid":"123"}" returned without error.
Expected behavior An error with an invalid response structure should be triggered.
Additional info Also tried on a brand new NestJS version, same result.
System node -v -> v18.16.0 nest -v -> 10.1.17
Adding a required prop (and optionally, like below, an additionalProperties prop) in the openapi spec :
get:
operationId: ping
responses:
200:
description: Returns value
content:
application/json:
schema:
type: object
properties:
pong:
type: string
required:
- pong
additionalProperties: false
then you'll get it work :
$ curl -X GET localhost:3000/ping/a
{"name":"Internal Server Error","status":500,"path":"/ping/a","errors":[{"path":".response.pong","message":"should have required property 'pong'","errorCode":"required.openapi.validation"}]}⏎
So I would say it's not broken : as far as I know, it just follows the openapi standard 🥳
To make it more obvious, maybe the example spec should just be changed by adding these 2 props required and additionalProperties ?
