Merge pull request #143 from bufferings/fix-response-validation

bufferings · web-flow · commit fe2bd5ec2b60 · 2025-10-14T03:41:12.000+09:00
Fix response validation bug
diff --git a/.changeset/fix-response-validation-bug.md b/.changeset/fix-response-validation-bug.md
@@ -0,0 +1,5 @@
+---
+'@korix/kori': patch
+---
+
+Fix response validation bug where validators received stringified JSON instead of objects
diff --git a/docs/en/extensions/zod-openapi-plugin.md b/docs/en/extensions/zod-openapi-plugin.md
@@ -369,27 +369,31 @@ Document all possible error responses:
 
 ```typescript
 const CommonErrorSchema = z.object({
-  error: z
-    .string()
-    .meta({ description: 'Error type', example: 'Validation Error' }),
-  message: z.string().meta({ description: 'Human-readable error message' }),
-  details: z
-    .array(
-      z.object({
-        field: z.string(),
-        message: z.string(),
-      }),
-    )
-    .optional(),
+  error: z.object({
+    type: z
+      .string()
+      .meta({ description: 'Error type', example: 'VALIDATION_ERROR' }),
+    message: z.string().meta({ description: 'Human-readable error message' }),
+    details: z
+      .array(
+        z.object({
+          field: z.string(),
+          message: z.string(),
+        }),
+      )
+      .optional(),
+  }),
 });
 
 app.post('/users', {
   responseSchema: zodResponseSchema({
     '201': UserResponseSchema,
     '400': CommonErrorSchema,
     '409': z.object({
-      error: z.literal('Conflict'),
-      message: z.literal('Email already exists'),
+      error: z.object({
+        type: z.literal('CONFLICT'),
+        message: z.literal('Email already exists'),
+      }),
     }),
   }),
   // ... rest of configuration
diff --git a/docs/en/guide/openapi.md b/docs/en/guide/openapi.md
@@ -157,8 +157,10 @@ const ProductSchema = z.object({
 });
 
 const ErrorSchema = z.object({
-  error: z.string(),
-  message: z.string(),
+  error: z.object({
+    type: z.string(),
+    message: z.string(),
+  }),
 });
 
 app.get('/products/:id', {
diff --git a/docs/en/guide/response-validation.md b/docs/en/guide/response-validation.md
@@ -40,8 +40,10 @@ const UserSchema = z.object({
 });
 
 const ErrorSchema = z.object({
-  error: z.string(),
-  message: z.string(),
+  error: z.object({
+    type: z.string(),
+    message: z.string(),
+  }),
 });
 
 app.get('/users/:id', {
@@ -56,10 +58,7 @@ app.get('/users/:id', {
 
     if (userId === 999) {
       // This 404 response will be validated against ErrorSchema
-      return ctx.res.notFound({
-        error: 'NOT_FOUND',
-        message: 'User not found',
-      });
+      return ctx.res.notFound({ message: 'User not found' });
     }
 
     // This 200 response will be validated against UserSchema
diff --git a/docs/ja/guide/openapi.md b/docs/ja/guide/openapi.md
@@ -157,8 +157,10 @@ const ProductSchema = z.object({
 });
 
 const ErrorSchema = z.object({
-  error: z.string(),
-  message: z.string(),
+  error: z.object({
+    type: z.string(),
+    message: z.string(),
+  }),
 });
 
 app.get('/products/:id', {
diff --git a/docs/ja/guide/response-validation.md b/docs/ja/guide/response-validation.md
@@ -40,8 +40,10 @@ const UserSchema = z.object({
 });
 
 const ErrorSchema = z.object({
-  error: z.string(),
-  message: z.string(),
+  error: z.object({
+    type: z.string(),
+    message: z.string(),
+  }),
 });
 
 app.get('/users/:id', {
@@ -56,10 +58,7 @@ app.get('/users/:id', {
 
     if (userId === 999) {
       // この404レスポンスはErrorSchemaに対してバリデーションされる
-      return ctx.res.notFound({
-        error: 'NOT_FOUND',
-        message: 'User not found',
-      });
+      return ctx.res.notFound({ message: 'User not found' });
     }
 
     // この200レスポンスはUserSchemaに対してバリデーションされる
diff --git a/packages/kori/src/context/response.ts b/packages/kori/src/context/response.ts
@@ -549,7 +549,7 @@ type BodyConfig<T> = {
 
 function setBodyJsonInternal<T>({ res, body }: BodyConfig<T>): void {
   res.bodyKind = 'json';
-  res.bodyValue = JSON.stringify(body);
+  res.bodyValue = body;
 }
 
 function setBodyTextInternal({ res, body }: BodyConfig<string>): void {
@@ -848,6 +848,13 @@ const sharedMethods = {
     let body: BodyInit | null = null;
     switch (this.bodyKind) {
       case 'json':
+        try {
+          body = JSON.stringify(this.bodyValue);
+        } catch (error) {
+          const message = error instanceof Error ? error.message : String(error);
+          throw new KoriResponseBuildError(`Failed to serialize response body as JSON: ${message}`);
+        }
+        break;
       case 'text':
       case 'html':
         body = this.bodyValue as string;
diff --git a/packages/kori/tests/_internal/core/route-handler-composer.test.ts b/packages/kori/tests/_internal/core/route-handler-composer.test.ts
@@ -144,7 +144,7 @@ describe('composeRouteHandler', () => {
 
       expect(res.getStatus()).toBe(200);
       expect(res.getContentType()).toBe('application/json; charset=utf-8');
-      expect(res.getBody()).toBe(JSON.stringify({ ok: true }));
+      expect(res.getBody()).toEqual({ ok: true });
       expect(handler).toHaveBeenCalledTimes(1);
     });
   });
@@ -354,7 +354,7 @@ describe('composeRouteHandler', () => {
       expect(res.getStatus()).toBe(200);
       expect(handler).toHaveBeenCalledTimes(1);
 
-      const responseBody = JSON.parse(res.getBody() as string);
+      const responseBody = res.getBody() as any;
       expect(responseBody.body).toEqual({ test: 'data', __validated: 'body' });
       expect(responseBody.params).toEqual({ __validated: 'params' });
       expect(responseBody.queries).toEqual({ __validated: 'queries' });
@@ -386,7 +386,7 @@ describe('composeRouteHandler', () => {
       expect(routeOnFail).toHaveBeenCalledTimes(1);
       expect(instanceOnFail).not.toHaveBeenCalled();
       expect(res.getStatus()).toBe(400);
-      expect(JSON.parse(res.getBody() as string).error.message).toBe('route handled');
+      expect((res.getBody() as any).error.message).toBe('route handled');
       expect(handler).not.toHaveBeenCalled();
     });
 
@@ -413,7 +413,7 @@ describe('composeRouteHandler', () => {
       expect(routeOnFail).toHaveBeenCalledTimes(1);
       expect(instanceOnFail).toHaveBeenCalledTimes(1);
       expect(res.getStatus()).toBe(400);
-      expect(JSON.parse(res.getBody() as string).error.message).toBe('instance handled');
+      expect((res.getBody() as any).error.message).toBe('instance handled');
       expect(handler).not.toHaveBeenCalled();
     });
 
@@ -534,7 +534,7 @@ describe('composeRouteHandler', () => {
       expect(routeOnFail).toHaveBeenCalledTimes(1);
       expect(instanceOnFail).not.toHaveBeenCalled();
       expect(res.getStatus()).toBe(400);
-      expect(JSON.parse(res.getBody() as string).error.message).toBe('route handled response failure');
+      expect((res.getBody() as any).error.message).toBe('route handled response failure');
     });
 
     test('stops early at instance handler', async () => {
@@ -560,7 +560,7 @@ describe('composeRouteHandler', () => {
       expect(routeOnFail).toHaveBeenCalledTimes(1);
       expect(instanceOnFail).toHaveBeenCalledTimes(1);
       expect(res.getStatus()).toBe(400);
-      expect(JSON.parse(res.getBody() as string).error.message).toBe('instance handled response failure');
+      expect((res.getBody() as any).error.message).toBe('instance handled response failure');
     });
 
     test('cascades through all handlers to fallback', async () => {
@@ -631,7 +631,7 @@ describe('composeRouteHandler', () => {
       expect(errorHook2).toHaveBeenCalledTimes(1);
       expect(errorHook3).not.toHaveBeenCalled();
       expect(res.getStatus()).toBe(400);
-      expect(JSON.parse(res.getBody() as string).error.message).toBe('handled by hook2');
+      expect((res.getBody() as any).error.message).toBe('handled by hook2');
     });
 
     test('falls back to 500 when no error hook handles', async () => {
@@ -674,7 +674,7 @@ describe('composeRouteHandler', () => {
       expect(errorHook2).toHaveBeenCalledTimes(1);
       expect(errorHook3).not.toHaveBeenCalled();
       expect(res.getStatus()).toBe(400);
-      expect(JSON.parse(res.getBody() as string).error.message).toBe('recovered by hook2');
+      expect((res.getBody() as any).error.message).toBe('recovered by hook2');
     });
   });
 });
diff --git a/packages/kori/tests/context/handler-context.test.ts b/packages/kori/tests/context/handler-context.test.ts
@@ -40,8 +40,7 @@ describe('KoriHandlerContext contract', () => {
       const extendedCtx = ctx.withRes({ ok: (data: unknown) => ctx.res.json({ ok: true, data }) });
 
       const response = extendedCtx.res.ok({ message: 'success' });
-      const bodyString = response.getBody() as string;
-      const bodyObj = JSON.parse(bodyString);
+      const bodyObj = response.getBody();
       expect(bodyObj).toEqual({ ok: true, data: { message: 'success' } });
     });
 
diff --git a/turbo.json b/turbo.json
@@ -1,6 +1,5 @@
 {
   "$schema": "https://turbo.build/schema.json",
-  "ui": "tui",
   "tasks": {
     "//#clean:root": {
       "cache": false

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@korix/kori': patch
 +---
++
 +Fix response validation bug where validators received stringified JSON instead of objects
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"$schema": "https://turbo.build/schema.json",`
`3`		`- "ui": "tui",`
`4`	`3`	`"tasks": {`
`5`	`4`	`"//#clean:root": {`
`6`	`5`	`"cache": false`