feat: add request and response schema validator conditionaly

Author: SiloGecho97

.gitignore

@@ -30,3 +30,4 @@
 
 # Ignore master key for decrypting credentials and more.
 /config/master.key
+.byebug_history

Gemfile

@@ -35,12 +35,13 @@ gem "thruster", require: false
 # Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin Ajax possible
 # gem "rack-cors"
 gem "committee"
+gem "openapi_first"
 gem "scalar_ruby", "~> 1.1"
 
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem "debug", platforms: %i[ mri windows ], require: "debug/prelude"
-
+  gem "byebug"
   # Static analysis for security vulnerabilities [https://brakemanscanner.org/]
   gem "brakeman", require: false
 

Gemfile.lock

@@ -83,6 +83,7 @@ GEM
     brakeman (7.0.0)
       racc
     builder (3.3.0)
+    byebug (11.1.3)
     committee (5.5.1)
       json_schema (~> 0.14, >= 0.14.3)
       openapi_parser (~> 2.0)
@@ -105,6 +106,7 @@ GEM
       raabro (~> 1.4)
     globalid (1.2.1)
       activesupport (>= 6.1)
+    hana (1.3.7)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
     io-console (0.8.0)
@@ -114,6 +116,11 @@ GEM
       reline (>= 0.4.2)
     json (2.10.2)
     json_schema (0.21.0)
+    json_schemer (2.4.0)
+      bigdecimal
+      hana (~> 1.3)
+      regexp_parser (~> 2.0)
+      simpleidn (~> 0.2)
     kamal (2.5.3)
       activesupport (>= 7.0)
       base64 (~> 0.2)
@@ -161,6 +168,13 @@ GEM
       racc (~> 1.4)
     nokogiri (1.18.3-x86_64-linux-gnu)
       racc (~> 1.4)
+    openapi_first (2.4.0)
+      hana (~> 1.3)
+      json_schemer (>= 2.1, < 3.0)
+      openapi_parameters (>= 0.3.3, < 2.0)
+      rack (>= 2.2, < 4.0)
+    openapi_parameters (0.4.0)
+      rack (>= 2.2)
     openapi_parser (2.2.4)
     ostruct (0.6.1)
     parallel (1.26.3)
@@ -251,6 +265,7 @@ GEM
     ruby-progressbar (1.13.0)
     scalar_ruby (1.1.0)
     securerandom (0.4.1)
+    simpleidn (0.2.3)
     solid_cable (3.0.7)
       actioncable (>= 7.2)
       activejob (>= 7.2)
@@ -304,9 +319,11 @@ PLATFORMS
 DEPENDENCIES
   bootsnap
   brakeman
+  byebug
   committee
   debug
   kamal
+  openapi_first
   puma (>= 5.0)
   rails (~> 8.0.2)
   rubocop-rails-omakase

config/application.rb

@@ -5,7 +5,8 @@
 # Require the gems listed in Gemfile, including any gems
 # you've limited to :test, :development, or :production.
 Bundler.require(*Rails.groups)
-
+require_relative "../lib/open_api_schema/request_validator_middleware"
+require_relative "../lib/open_api_schema/response_validator_middleware"
 module PocDocsFirst
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
@@ -29,12 +30,7 @@ class Application < Rails::Application
     # Skip views, helpers and assets when generating a new resource.
     config.api_only = true
 
-    config.middleware.use Committee::Middleware::RequestValidation,
-      schema_path: "docs/openapi.json",
-      coerce_date_times: true,
-      params_key: "action_dispatch.request.request_parameters",
-      query_hash_key: "action_dispatch.request.query_parameters",
-      strict_reference_validation: true
-    config.middleware.use Committee::Middleware::ResponseValidation, schema_path: "docs/openapi.json", strict_reference_validation: true
+    config.middleware.use ::OpenApiSchema::RequestValidatorMiddleware
+    config.middleware.use ::OpenApiSchema::ResponseValidatorMiddleware
   end
 end

docs/openapi.json

@@ -67,7 +67,7 @@
                 "schema": {
                   "type": "object",
                   "properties": {
-                    "id": { "type": "number" },
+                    "id": { "type": "string" },
                     "message": { "type": "string" },
                     "created_at": { "type": "string", "format": "date-time" },
                     "updated_at": { "type": "string", "format": "date-time" }

lib/open_api_schema/request_validator_middleware.rb

@@ -0,0 +1,32 @@
+
+module OpenApiSchema
+  class RequestValidatorMiddleware
+    def initialize(app)
+      @app = app
+      @request_validator = Committee::Middleware::RequestValidation.new(app, schema_path: "docs/openapi.json", strict_reference_validation: true,  coerce_date_times: true,  params_key: "action_dispatch.request.request_parameters", query_hash_key: "action_dispatch.request.query_parameters")
+    end
+
+    # Handles the middleware call to validate the schema if the "Validate-Schema" header is present.
+    # If the header is set to "1", it validates the request and response schema.
+    # Otherwise, it continues the request-response cycle as usual.
+    #
+    # @param env [Hash] The Rack environment hash.
+    # @return [Array] The status, headers, and body of the response.
+    def call(env)
+      status, headers, response = @app.call(env)
+
+
+      if condition_for_request_validation?(env)
+        status, headers, response = @request_validator.call(env)
+      end
+
+      [ status, headers, response ]
+    end
+
+    private
+
+    def condition_for_request_validation?(env)
+      env.key?("HTTP_VALIDATE_SCHEMA")
+    end
+  end
+end

lib/open_api_schema/response_validator_middleware.rb

@@ -0,0 +1,31 @@
+
+module OpenApiSchema
+  class ResponseValidatorMiddleware
+    def initialize(app)
+      @app = app
+      @response_validator = Committee::Middleware::ResponseValidation.new(app, schema_path: "docs/openapi.json", strict_reference_validation: true)
+    end
+
+    # Handles the middleware call to validate the schema if the "Validate-Schema" header is present.
+    # If the header is set to "1", it validates the request and response schema.
+    # Otherwise, it continues the request-response cycle as usual.
+    #
+    # @param env [Hash] The Rack environment hash.
+    # @return [Array] The status, headers, and body of the response.
+    def call(env)
+      status, headers, response = @app.call(env)
+
+      if condition_for_response_validation?(env)
+        status, headers, response = @response_validator.call(env)
+      end
+
+      [ status, headers, response ]
+    end
+
+    private
+
+    def condition_for_response_validation?(env)
+      env.key?("HTTP_VALIDATE_SCHEMA")
+    end
+  end
+end