use the agreed approach with schema hash

Author: mfori

packages/input_schema/package.json

@@ -49,6 +49,7 @@
     },
     "dependencies": {
         "@apify/consts": "^2.41.0",
+        "@apify/input_secrets": "file:../input_secrets",
         "acorn-loose": "^8.4.0",
         "countries-list": "^3.0.0"
     },

packages/input_schema/src/intl.ts

@@ -33,6 +33,8 @@ const intlStrings = {
         'Field schema.properties.{fieldKey} does not exist, but it is specified in schema.required. Either define the field or remove it from schema.required.',
     'inputSchema.validation.proxyGroupMustBeArrayOfStrings':
         'Field {rootName}.{fieldKey}.apifyProxyGroups must be an array of strings.',
+    'inputSchema.validation.secretFieldSchemaChanged':
+        'The field schema.properties.{fieldKey} is a secret field, but its schema has changed. Please update the value in the input editor.',
 };
 
 /**

packages/input_schema/src/schema.json

@@ -153,7 +153,10 @@
                     "title": { "type": "string" },
                     "description": { "type": "string" },
                     "example": { "type": "string" },
+                    "pattern": { "type": "string" },
                     "nullable": { "type": "boolean" },
+                    "minLength": { "type": "integer" },
+                    "maxLength": { "type": "integer" },
                     "editor": { "enum": ["textfield", "textarea", "hidden"] },
                     "isSecret": { "enum": [true] },
                     "sectionCaption": { "type": "string" },
@@ -166,71 +169,102 @@
             "type": "object",
             "properties": {
                 "type": { "enum": ["array"] },
-                "editor": { "enum": ["json", "requestListSources", "pseudoUrls", "globs", "keyValue", "stringList", "select", "hidden"] }
+                "editor": { "enum": ["json", "requestListSources", "pseudoUrls", "globs", "keyValue", "stringList", "select", "hidden"] },
+                "isSecret": { "type": "boolean" }
             },
             "additionalProperties": true,
             "required": ["type", "title", "description", "editor"],
             "if": {
                 "properties": {
-                    "editor": { "const": "select" }
+                    "isSecret": {
+                        "not": {
+                            "const": true
+                        }
+                    }
                 }
             },
             "then": {
-                "additionalProperties": false,
-                "required": ["items"],
-                "properties": {
-                    "type": { "enum": ["array"] },
-                    "editor": { "enum": ["select"] },
-                    "title": { "type": "string" },
-                    "description": { "type": "string" },
-                    "default": { "type": "array" },
-                    "prefill": { "type": "array" },
-                    "example": { "type": "array" },
-                    "nullable": { "type": "boolean" },
-                    "minItems": { "type": "integer" },
-                    "maxItems": { "type": "integer" },
-                    "uniqueItems": { "type": "boolean" },
-                    "sectionCaption": { "type": "string" },
-                    "sectionDescription": { "type": "string" },
-                    "items": {
-                        "type": "object",
-                        "additionalProperties": false,
-                        "properties": {
-                            "type": { "enum": ["string"] },
-                            "enum": {
-                                "type": "array",
-                                "items": { "type": "string" },
-                                "uniqueItems": true
+                "if": {
+                    "properties": {
+                        "editor": { "const": "select" }
+                    }
+                },
+                "then": {
+                    "additionalProperties": false,
+                    "required": ["items"],
+                    "properties": {
+                        "type": { "enum": ["array"] },
+                        "editor": { "enum": ["select"] },
+                        "title": { "type": "string" },
+                        "description": { "type": "string" },
+                        "default": { "type": "array" },
+                        "prefill": { "type": "array" },
+                        "example": { "type": "array" },
+                        "nullable": { "type": "boolean" },
+                        "minItems": { "type": "integer" },
+                        "maxItems": { "type": "integer" },
+                        "uniqueItems": { "type": "boolean" },
+                        "sectionCaption": { "type": "string" },
+                        "sectionDescription": { "type": "string" },
+                        "items": {
+                            "type": "object",
+                            "additionalProperties": false,
+                            "properties": {
+                                "type": { "enum": ["string"] },
+                                "enum": {
+                                    "type": "array",
+                                    "items": { "type": "string" },
+                                    "uniqueItems": true
+                                },
+                                "enumTitles": {
+                                    "type": "array",
+                                    "items": { "type": "string" }
+                                }
                             },
-                            "enumTitles": {
-                                "type": "array",
-                                "items": { "type": "string" }
-                            }
+                            "required": ["type", "enum"]
                         },
-                        "required": ["type", "enum"]
+                        "isSecret": { "enum": [false] }
+                    }
+                },
+                "else": {
+                    "additionalProperties": false,
+                    "properties": {
+                        "type": { "enum": ["array"] },
+                        "editor": { "enum": ["json", "requestListSources", "pseudoUrls", "globs", "keyValue", "stringList", "hidden"] },
+                        "title": { "type": "string" },
+                        "description": { "type": "string" },
+                        "default": { "type": "array" },
+                        "prefill": { "type": "array" },
+                        "example": { "type": "array" },
+                        "nullable": { "type": "boolean" },
+                        "minItems": { "type": "integer" },
+                        "maxItems": { "type": "integer" },
+                        "uniqueItems": { "type": "boolean" },
+                        "sectionCaption": { "type": "string" },
+                        "sectionDescription": { "type": "string" },
+                        "placeholderKey": { "type": "string" },
+                        "placeholderValue": { "type": "string" },
+                        "patternKey": { "type": "string" },
+                        "patternValue": { "type": "string" },
+                        "isSecret": { "enum": [false] }
                     }
                 }
             },
             "else": {
                 "additionalProperties": false,
                 "properties": {
                     "type": { "enum": ["array"] },
-                    "editor": { "enum": ["json", "requestListSources", "pseudoUrls", "globs", "keyValue", "stringList", "hidden"] },
+                    "editor": { "enum": ["json", "hidden"] },
                     "title": { "type": "string" },
                     "description": { "type": "string" },
-                    "default": { "type": "array" },
-                    "prefill": { "type": "array" },
                     "example": { "type": "array" },
                     "nullable": { "type": "boolean" },
                     "minItems": { "type": "integer" },
                     "maxItems": { "type": "integer" },
                     "uniqueItems": { "type": "boolean" },
                     "sectionCaption": { "type": "string" },
                     "sectionDescription": { "type": "string" },
-                    "placeholderKey": { "type": "string" },
-                    "placeholderValue": { "type": "string" },
-                    "patternKey": { "type": "string" },
-                    "patternValue": { "type": "string" }
+                    "isSecret": { "enum": [true] }
                 }
             }
         },
@@ -282,7 +316,11 @@
                     "title": { "type": "string" },
                     "description": { "type": "string" },
                     "example": { "type": "object" },
+                    "patternKey": { "type": "string" },
+                    "patternValue": { "type": "string" },
                     "nullable": { "type": "boolean" },
+                    "minProperties": { "type": "integer" },
+                    "maxProperties": { "type": "integer" },
                     "editor": { "enum": ["json", "hidden"] },
                     "sectionCaption": { "type": "string" },
                     "sectionDescription": { "type": "string" },

packages/input_schema/src/utilities.ts

@@ -3,6 +3,7 @@ import type { ValidateFunction } from 'ajv';
 import { countries } from 'countries-list';
 
 import { PROXY_URL_REGEX, URL_REGEX } from '@apify/consts';
+import { isEncryptedValueForFieldSchema, isEncryptedValueForFieldType } from '@apify/input_secrets';
 
 import { parseAjvError } from './input_schema';
 import { m } from './intl';
@@ -133,13 +134,34 @@ export function validateInputUsingValidator(
     // Process AJV validation errors
     if (!isValid) {
         errors = validator.errors!
+            .filter((error) => {
+                // Remove type errors on encrypted object/array secrets
+                // We are storing encrypted objects/arrays as strings, so AJV will throw type the error here.
+                if (error.keyword === 'type' && error.instancePath) {
+                    const path = error.instancePath.replace(/^\//, '').split('/')[0];
+                    const propSchema = inputSchema.properties?.[path];
+                    const value = input[path];
+
+                    // Check if the property is a secret and if the value is an encrypted object/array.
+                    // We do additional validation of the field schema in the later part of this function
+                    if (
+                        propSchema?.isSecret
+                        && typeof value === 'string'
+                        && (propSchema.type === 'object' || propSchema.type === 'array')
+                        && isEncryptedValueForFieldType(value, propSchema.type)
+                    ) {
+                        return false;
+                    }
+                }
+                return true;
+            })
             .map((error) => parseAjvError(error, 'input', properties, input))
             .filter((error) => !!error) as any[];
     }
 
     Object.keys(properties).forEach((property) => {
         const value = input[property];
-        const { type, editor, patternKey, patternValue } = properties[property];
+        const { type, editor, patternKey, patternValue, isSecret } = properties[property];
         const fieldErrors = [];
         // Check that proxy is required, if yes, valides that it's correctly setup
         if (type === 'object' && editor === 'proxy') {
@@ -215,7 +237,7 @@ export function validateInputUsingValidator(
             }
         }
         // Check that object items fit patternKey and patternValue
-        if (type === 'object' && value) {
+        if (type === 'object' && value && typeof value === 'object') {
             if (patternKey) {
                 const check = new RegExp(patternKey);
                 const invalidKeys: any[] = [];
@@ -249,6 +271,15 @@ export function validateInputUsingValidator(
             }
         }
 
+        // Additional validation for secret fields
+        if (isSecret && value && typeof value === 'string') {
+            // If the value is a valid encrypted string for the field type,
+            // we check if the field schema is likely to be still valid (is unchanged from the time of encryption).
+            if (isEncryptedValueForFieldType(value, type) && !isEncryptedValueForFieldSchema(value, properties[property])) {
+                fieldErrors.push(m('inputSchema.validation.secretFieldSchemaChanged', { rootName: 'input', fieldKey: property }));
+            }
+        }
+
         if (fieldErrors.length > 0) {
             const message = fieldErrors.join(', ');
             errors.push({ fieldKey: property, message });