Merge pull request #1739 from kchobantonov/file-validation

WoH · web-flow · commit fba2b8120599 · 2025-01-27T11:40:10.000+01:00
required validation for file is not executed closes #1737 and closes #1128 and closes #1738
diff --git a/packages/cli/src/routeGeneration/templates/hapi.hbs b/packages/cli/src/routeGeneration/templates/hapi.hbs
@@ -107,7 +107,7 @@ export function RegisterRoutes(server: any) {
                             throw error;
                         }
 
-                        const boomErr = boomify(error instanceof Error ? error : new Error(error.message));
+                        const boomErr = boomify(error instanceof Error ? error : new Error(error.message), { statusCode: error.status || 500 });
                         boomErr.output.statusCode = error.status || 500;
                         boomErr.output.payload = {
                             name: error.name,
@@ -199,7 +199,7 @@ export function RegisterRoutes(server: any) {
                     throw error;
                 }
 
-                const boomErr = boomify(error instanceof Error ? error : new Error(error.message));
+                const boomErr = boomify(error instanceof Error ? error : new Error(error.message), { statusCode: error.status || 500 });
                 boomErr.output.statusCode = error.status || 401;
                 boomErr.output.payload = {
                     name: error.name,
diff --git a/packages/runtime/src/routeGeneration/templates/express/expressTemplateService.ts b/packages/runtime/src/routeGeneration/templates/express/expressTemplateService.ts
@@ -73,22 +73,19 @@ export class ExpressTemplateService extends TemplateService<ExpressApiHandlerPar
         case 'body':
           return this.validationService.ValidateParam(param, request.body, name, fieldErrors, true, undefined);
         case 'body-prop':
-          return this.validationService.ValidateParam(param, request.body[name], name, fieldErrors, true, 'body.');
+          return this.validationService.ValidateParam(param, request.body?.[name], name, fieldErrors, true, 'body.');
         case 'formData': {
           const files = Object.values(args).filter(p => p.dataType === 'file' || (p.dataType === 'array' && p.array && p.array.dataType === 'file'));
           if ((param.dataType === 'file' || (param.dataType === 'array' && param.array && param.array.dataType === 'file')) && files.length > 0) {
-            const requestFiles = request.files as { [fileName: string]: Express.Multer.File[] };
-            if (requestFiles[name] === undefined) {
-              return undefined;
-            }
+            const requestFiles = request.files as { [fileName: string]: Express.Multer.File[] } | undefined;
 
-            const fileArgs = this.validationService.ValidateParam(param, requestFiles[name], name, fieldErrors, false, undefined);
+            const fileArgs = this.validationService.ValidateParam(param, requestFiles?.[name], name, fieldErrors, false, undefined);
             if (param.dataType === 'array') {
               return fileArgs;
             }
-            return fileArgs.length === 1 ? fileArgs[0] : fileArgs;
+            return Array.isArray(fileArgs) && fileArgs.length === 1 ? fileArgs[0] : fileArgs;
           }
-          return this.validationService.ValidateParam(param, request.body[name], name, fieldErrors, false, undefined);
+          return this.validationService.ValidateParam(param, request.body?.[name], name, fieldErrors, false, undefined);
         }
         case 'res':
           return (status: number | undefined, data: any, headers: any) => {
@@ -114,11 +111,24 @@ export class ExpressTemplateService extends TemplateService<ExpressApiHandlerPar
     Object.keys(headers).forEach((name: string) => {
       response.set(name, headers[name]);
     });
+
+    // Check if the response is marked to be JSON
+    const isJsonResponse = response.get('Content-Type')?.includes('json') || false;
+
     if (data && typeof data.pipe === 'function' && data.readable && typeof data._read === 'function') {
       response.status(statusCode || 200);
       (data as Readable).pipe(response);
-    } else if (data !== null && data !== undefined) {
-      response.status(statusCode || 200).json(data);
+    } else if (data !== undefined && (data !== null || isJsonResponse)) {
+      // allow null response when it is a json response
+      if (typeof data === 'number' || isJsonResponse) {
+        // express treats number data as status code so use the json method instead
+        // or if the response was marked as json then use the json so for example strings are quoted
+        response.status(statusCode || 200).json(data);
+      } else {
+        // do not use json for every type since internally the send will invoke json if needed
+        // but for string data it will not quote it, so we can send string as plain/text data
+        response.status(statusCode || 200).send(data);
+      }
     } else {
       response.status(statusCode || 204).end();
     }
diff --git a/packages/runtime/src/routeGeneration/templates/hapi/hapiTemplateService.ts b/packages/runtime/src/routeGeneration/templates/hapi/hapiTemplateService.ts
@@ -127,7 +127,7 @@ export class HapiTemplateService extends TemplateService<HapiApiHandlerParameter
       return tsoaResponsed.value;
     }
 
-    const response = data !== null && data !== undefined ? h.response(data).code(200) : h.response('').code(204);
+    const response = data !== null && data !== undefined ? h.response(data).code(200) : h.response().code(204);
 
     Object.keys(headers).forEach((name: string) => {
       response.header(name, headers[name]);
diff --git a/packages/runtime/src/routeGeneration/templates/koa/koaTemplateService.ts b/packages/runtime/src/routeGeneration/templates/koa/koaTemplateService.ts
@@ -86,17 +86,13 @@ export class KoaTemplateService extends TemplateService<KoaApiHandlerParameters,
           const files = Object.values(args).filter(p => p.dataType === 'file' || (p.dataType === 'array' && p.array && p.array.dataType === 'file'));
           const contextRequest = context.request as any;
           if ((param.dataType === 'file' || (param.dataType === 'array' && param.array && param.array.dataType === 'file')) && files.length > 0) {
-            if (contextRequest.files[name] === undefined) {
-              return undefined;
-            }
-
-            const fileArgs = this.validationService.ValidateParam(param, contextRequest.files[name], name, errorFields, false, undefined);
+            const fileArgs = this.validationService.ValidateParam(param, contextRequest.files?.[name], name, errorFields, false, undefined);
             if (param.dataType === 'array') {
               return fileArgs;
             }
-            return fileArgs.length === 1 ? fileArgs[0] : fileArgs;
+            return Array.isArray(fileArgs) && fileArgs.length === 1 ? fileArgs[0] : fileArgs;
           }
-          return this.validationService.ValidateParam(param, contextRequest.body[name], name, errorFields, false, undefined);
+          return this.validationService.ValidateParam(param, contextRequest.body?.[name], name, errorFields, false, undefined);
         }
         case 'res':
           return async (status: number | undefined, data: any, headers: any): Promise<void> => {
diff --git a/tests/esm/integration/express.spec.ts b/tests/esm/integration/express.spec.ts
@@ -33,6 +33,7 @@ describe('Express Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/dynamic-controllers-express-server.spec.ts b/tests/integration/dynamic-controllers-express-server.spec.ts
@@ -1242,6 +1242,7 @@ describe('Express Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/express-router-server.spec.ts b/tests/integration/express-router-server.spec.ts
@@ -39,6 +39,7 @@ describe('Express Router Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/express-server-custom-multer.spec.ts b/tests/integration/express-server-custom-multer.spec.ts
@@ -41,6 +41,22 @@ describe('Express Server With custom multer', () => {
       });
     });
 
+    it('cannot post a file with no file', async () => {
+      const formData = { notAFileAttribute: 'not a file' };
+      verifyFileUploadRequest(basePath + '/PostTest/File', formData, (_err, res) => {
+        expect(res.status).to.equal(400);
+        expect(res.text).to.equal('{"fields":{"someFile":{"message":"\'someFile\' is required"}},"message":"An error occurred during the request.","name":"ValidateError","status":400}');
+      });
+    });
+
+    it('can post a file with no file', async () => {
+      const formData = { notAFileAttribute: 'not a file' };
+      verifyFileUploadRequest(basePath + '/PostTest/FileOptional', formData, (_err, res) => {
+        expect(res.status).to.equal(200);
+        expect(res.text).to.equal('no file');
+      });
+    });
+
     it('can post multiple files with other form fields', () => {
       const formData = {
         a: 'b',
@@ -197,6 +213,7 @@ describe('Express Server With custom multer', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/express-server-root-security.spec.ts b/tests/integration/express-server-root-security.spec.ts
@@ -68,6 +68,7 @@ describe('Express Server with api_key Root Security', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/express-server.spec.ts b/tests/integration/express-server.spec.ts
@@ -1514,7 +1514,7 @@ describe('Express Server', () => {
       const mainResourceId = 'main-123';
 
       return verifyGetRequest(basePath + `/SubResourceTest/${mainResourceId}/SubResource`, (_err, res) => {
-        expect(res.body).to.equal(mainResourceId);
+        expect(res.text).to.equal(mainResourceId);
       });
     });
 
@@ -1523,7 +1523,7 @@ describe('Express Server', () => {
       const subResourceId = 'sub-456';
 
       return verifyGetRequest(basePath + `/SubResourceTest/${mainResourceId}/SubResource/${subResourceId}`, (_err, res) => {
-        expect(res.body).to.equal(`${mainResourceId}:${subResourceId}`);
+        expect(res.text).to.equal(`${mainResourceId}:${subResourceId}`);
       });
     });
   });
@@ -1559,6 +1559,22 @@ describe('Express Server', () => {
       });
     });
 
+    it('cannot post a file with no file', async () => {
+      const formData = { notAFileAttribute: 'not a file' };
+      verifyFileUploadRequest(basePath + '/PostTest/File', formData, (_err, res) => {
+        expect(res.status).to.equal(400);
+        expect(res.text).to.equal('{"fields":{"someFile":{"message":"\'someFile\' is required"}},"message":"An error occurred during the request.","name":"ValidateError","status":400}');
+      });
+    });
+
+    it('can post a file with no file', async () => {
+      const formData = { notAFileAttribute: 'not a file' };
+      verifyFileUploadRequest(basePath + '/PostTest/FileOptional', formData, (_err, res) => {
+        expect(res.status).to.equal(200);
+        expect(res.text).to.equal('no file');
+      });
+    });
+
     it('can post multiple files with other form fields', () => {
       const formData = {
         a: 'b',
@@ -1723,6 +1739,7 @@ describe('Express Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/hapi-server.spec.ts b/tests/integration/hapi-server.spec.ts
@@ -1437,8 +1437,24 @@ describe('Hapi Server', () => {
     it('cannot post a file with wrong attribute name', async () => {
       const formData = { wrongAttributeName: '@../package.json' };
       verifyFileUploadRequest(basePath + '/PostTest/File', formData, (_err, res) => {
-        expect(res.status).to.equal(500);
-        expect(res.text).to.equal('{"message":"Unexpected field","name":"MulterError","status":500}');
+        expect(res.status).to.equal(400);
+        expect(res.text).to.equal('{"name":"ValidateError","fields":{"someFile":{"message":"\'someFile\' is required"}},"message":"Bad Request"}');
+      });
+    });
+
+    it('cannot post a file with no file', async () => {
+      const formData = { notAFileAttribute: 'not a file' };
+      verifyFileUploadRequest(basePath + '/PostTest/File', formData, (_err, res) => {
+        expect(res.status).to.equal(400);
+        expect(res.text).to.equal('{"name":"ValidateError","fields":{"someFile":{"message":"\'someFile\' is required"}},"message":"Bad Request"}');
+      });
+    });
+
+    it('can post a file with no file', async () => {
+      const formData = { notAFileAttribute: 'not a file' };
+      verifyFileUploadRequest(basePath + '/PostTest/FileOptional', formData, (_err, res) => {
+        expect(res.status).to.equal(200);
+        expect(res.text).to.equal('no file');
       });
     });
 
@@ -1606,6 +1622,7 @@ describe('Hapi Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/inversify-async-server.spec.ts b/tests/integration/inversify-async-server.spec.ts
@@ -43,6 +43,7 @@ describe('Inversify async IoC Express Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/inversify-dynamic-container.spec.ts b/tests/integration/inversify-dynamic-container.spec.ts
@@ -10,7 +10,7 @@ const basePath = '/v1';
 describe('Inversify Express Server Dynamic Container', () => {
   it('can handle get request with no path argument', () => {
     return verifyGetRequest(basePath + '/ManagedTest?tsoa=abc123456', (err, res) => {
-      const model = res.body as string;
+      const model = res.text;
       expect(model).to.equal(basePath + '/ManagedTest');
     });
   });
@@ -32,6 +32,7 @@ describe('Inversify Express Server Dynamic Container', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/inversify-glob.spec.ts b/tests/integration/inversify-glob.spec.ts
@@ -50,6 +50,7 @@ describe('Inversify Express Server with ControllerPathGlob', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/inversify-server.spec.ts b/tests/integration/inversify-server.spec.ts
@@ -92,6 +92,7 @@ describe('Inversify Express Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/koa-multer-options.spec.ts b/tests/integration/koa-multer-options.spec.ts
@@ -97,6 +97,7 @@ describe('Koa Server (with multerOpts)', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/koa-server-no-additional-allowed.spec.ts b/tests/integration/koa-server-no-additional-allowed.spec.ts
@@ -482,6 +482,7 @@ describe('Koa Server (with noImplicitAdditionalProperties turned on)', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/koa-server.spec.ts b/tests/integration/koa-server.spec.ts
@@ -1418,7 +1418,23 @@ describe('Koa Server', () => {
       const formData = { wrongAttributeName: '@../package.json' };
       verifyFileUploadRequest(basePath + '/PostTest/File', formData, (_err, res) => {
         expect(res.status).to.equal(500);
-        expect(res.text).to.equal('{"message":"Unexpected field","name":"MulterError","status":500}');
+        expect(res.text).to.equal('Unexpected field');
+      });
+    });
+
+    it('cannot post a file with no file', async () => {
+      const formData = { notAFileAttribute: 'not a file' };
+      verifyFileUploadRequest(basePath + '/PostTest/File', formData, (_err, res) => {
+        expect(res.status).to.equal(400);
+        expect(res.text).to.equal('{"fields":{"someFile":{"message":"\'someFile\' is required"}}}');
+      });
+    });
+
+    it('can post a file with no file', async () => {
+      const formData = { notAFileAttribute: 'not a file' };
+      verifyFileUploadRequest(basePath + '/PostTest/FileOptional', formData, (_err, res) => {
+        expect(res.status).to.equal(200);
+        expect(res.text).to.equal('no file');
       });
     });
 
@@ -1589,6 +1605,7 @@ describe('Koa Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,
diff --git a/tests/integration/openapi3-express.spec.ts b/tests/integration/openapi3-express.spec.ts
@@ -464,6 +464,7 @@ describe('OpenAPI3 Express Server', () => {
           }
 
           if (err) {
+            verifyResponse(err, res);
             reject({
               error: err,
               response: parsedError,

Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ export class HapiTemplateService extends TemplateService<HapiApiHandlerParameter`
`127`	`127`	`return tsoaResponsed.value;`
`128`	`128`	`}`
`129`	`129`
`130`		`- const response = data !== null && data !== undefined ? h.response(data).code(200) : h.response('').code(204);`
	`130`	`+ const response = data !== null && data !== undefined ? h.response(data).code(200) : h.response().code(204);`
`131`	`131`
`132`	`132`	`Object.keys(headers).forEach((name: string) => {`
`133`	`133`	`response.header(name, headers[name]);`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ describe('Express Server', () => {`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`if (err) {`
	`36`	`+ verifyResponse(err, res);`
`36`	`37`	`reject({`
`37`	`38`	`error: err,`
`38`	`39`	`response: parsedError,`
Original file line number	Diff line number	Diff line change
`@@ -1242,6 +1242,7 @@ describe('Express Server', () => {`
`1242`	`1242`	`}`
`1243`	`1243`
`1244`	`1244`	`if (err) {`
	`1245`	`+ verifyResponse(err, res);`
`1245`	`1246`	`reject({`
`1246`	`1247`	`error: err,`
`1247`	`1248`	`response: parsedError,`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ describe('Express Router Server', () => {`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`if (err) {`
	`42`	`+ verifyResponse(err, res);`
`42`	`43`	`reject({`
`43`	`44`	`error: err,`
`44`	`45`	`response: parsedError,`
Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ describe('Express Server with api_key Root Security', () => {`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`if (err) {`
	`71`	`+ verifyResponse(err, res);`
`71`	`72`	`reject({`
`72`	`73`	`error: err,`
`73`	`74`	`response: parsedError,`