huma icon indicating copy to clipboard operation
huma copied to clipboard

Published 20 hours ago verified publisher icon danielgtaylor

Validation for input tags like uri, hostname not working

Open spa5k opened this issue 1 year ago • 4 comments
trafficstars

Hey, I've been trying to add validation to the input that is coming, but even with wrong data that is not of the type, its still approving it.

package site

import (
	"context"
	"errors"
	"log/slog"
	"net/http"

	"github.com/danielgtaylor/huma/v2"
)

func CreateSiteHandler(api huma.API, path string, logger *slog.Logger, db database.Service, tokenService *internal.TokenManager) {
	type createSiteHandlerInputParams struct {
		Logo       string `json:"logo" required:"true" format:"uri" example:"https://example.com/logo.png"`
		Website    string `json:"website" required:"true" format:"uri" example:"https://example.com"`
		Twitter    string `json:"twitter" required:"true" format:"uri" example:"https://twitter.com/example"`
		PlatformID string `json:"platform_id" required:"true" example:"1234567890" format:"regex:^[a-zA-Z0-9_-]+$"`
		Platform   string `json:"platform" required:"true" enum:"shopify,wordpress,magento,wocommerce,custom" example:"shopify"`
		Name       string `json:"name" required:"true" example:"My Shopify Store"`
	}

	type CreateSiteInput struct {
		Body createSiteHandlerInputParams
	}

	type CreateSiteResponse struct {
		Body   models.Site `json:"body"`
		Status int         `header:"Status"`
	}

	huma.Register(api, huma.Operation{
		Path:        path,
		Method:      "POST",
		Description: "Create a new site",
		Tags:        []string{"Sites"},
		OperationID: "create-site",
		Middlewares: huma.Middlewares{
			middleware.ClientAuthenticationMiddleware(tokenService, logger),
		},
	}, func(ctx context.Context, input *CreateSiteInput) (*CreateSiteResponse, error) {
		clientID := ctx.Value("Client-ID")
		if clientID == nil {
			logger.Error("Client ID not found in context")
			return nil, errors.New("client ID not found in context")
		}

		....
		return &CreateSiteResponse{
			Body:   *site,
			Status: http.StatusCreated,
		}, nil
	})
}

For example, If I send input with this -

{
  "logo": "logo.png",
  "name": "My Store",
  "platform": "shopify",
  "platform_id": "abc!123",
  "twitter": "example",
  "website": "e"
}

it still passes successfully.

But it should fail on logo, platform_id, twitter and website

spa5k avatar Sep 04 '24 14:09 spa5k

@danielgtaylor Can you please check this a bit, is it the issue in code or a bug?

spa5k avatar Sep 25 '24 17:09 spa5k

@spa5k yes I am trying to catch up on all the issues, and will keep going through the list as I can find the time. Sorry for the delay I had a death in the family and last minute trip to Germany that threw off a lot of stuff in my life but I will get to it soon.

danielgtaylor avatar Sep 25 '24 17:09 danielgtaylor

No hurry, take care. Family comes first

spa5k avatar Sep 25 '24 17:09 spa5k

I can confirm this issue, it seems like, that the format tag does add a hint to the schema only, but it does not validate.

mbretter avatar Jun 17 '25 14:06 mbretter