Add a config option to enable strict validation
This commit is contained in:
parent
4b9ab67aa8
commit
f070b5569c
@ -653,6 +653,8 @@ config :pleroma, :restrict_unauthenticated,
|
|||||||
profiles: %{local: false, remote: false},
|
profiles: %{local: false, remote: false},
|
||||||
activities: %{local: false, remote: false}
|
activities: %{local: false, remote: false}
|
||||||
|
|
||||||
|
config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false
|
||||||
|
|
||||||
# Import environment specific config. This must remain at the bottom
|
# Import environment specific config. This must remain at the bottom
|
||||||
# of this file so it overrides the configuration defined above.
|
# of this file so it overrides the configuration defined above.
|
||||||
import_config "#{Mix.env()}.exs"
|
import_config "#{Mix.env()}.exs"
|
||||||
|
@ -7,9 +7,10 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
|
|||||||
@moduledoc """
|
@moduledoc """
|
||||||
This plug is based on [`OpenApiSpex.Plug.CastAndValidate`]
|
This plug is based on [`OpenApiSpex.Plug.CastAndValidate`]
|
||||||
(https://github.com/open-api-spex/open_api_spex/blob/master/lib/open_api_spex/plug/cast_and_validate.ex).
|
(https://github.com/open-api-spex/open_api_spex/blob/master/lib/open_api_spex/plug/cast_and_validate.ex).
|
||||||
The main difference is ignoring unexpected query params
|
The main difference is ignoring unexpected query params instead of throwing
|
||||||
instead of throwing an error. Also, the default rendering
|
an error and a config option (`[Pleroma.Web.ApiSpec.CastAndValidate, :strict]`)
|
||||||
error module is `Pleroma.Web.ApiSpec.RenderError`.
|
to disable this behavior. Also, the default rendering error module
|
||||||
|
is `Pleroma.Web.ApiSpec.RenderError`.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@behaviour Plug
|
@behaviour Plug
|
||||||
@ -45,7 +46,7 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
|
|||||||
private_data = Map.put(private_data, :operation_id, operation_id)
|
private_data = Map.put(private_data, :operation_id, operation_id)
|
||||||
conn = Conn.put_private(conn, :open_api_spex, private_data)
|
conn = Conn.put_private(conn, :open_api_spex, private_data)
|
||||||
|
|
||||||
case cast_and_validate(spec, operation, conn, content_type) do
|
case cast_and_validate(spec, operation, conn, content_type, strict?()) do
|
||||||
{:ok, conn} ->
|
{:ok, conn} ->
|
||||||
conn
|
conn
|
||||||
|
|
||||||
@ -98,7 +99,11 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
|
|||||||
|
|
||||||
def call(conn, opts), do: OpenApiSpex.Plug.CastAndValidate.call(conn, opts)
|
def call(conn, opts), do: OpenApiSpex.Plug.CastAndValidate.call(conn, opts)
|
||||||
|
|
||||||
defp cast_and_validate(spec, operation, conn, content_type) do
|
defp cast_and_validate(spec, operation, conn, content_type, true = _strict) do
|
||||||
|
OpenApiSpex.cast_and_validate(spec, operation, conn, content_type)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp cast_and_validate(spec, operation, conn, content_type, false = _strict) do
|
||||||
case OpenApiSpex.cast_and_validate(spec, operation, conn, content_type) do
|
case OpenApiSpex.cast_and_validate(spec, operation, conn, content_type) do
|
||||||
{:ok, conn} ->
|
{:ok, conn} ->
|
||||||
{:ok, conn}
|
{:ok, conn}
|
||||||
@ -129,4 +134,6 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
|
|||||||
i -> i
|
i -> i
|
||||||
end)
|
end)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp strict?, do: Pleroma.Config.get([__MODULE__, :strict], false)
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user