Add validation by YAVI

Author: making

todo-api/pom.xml

@@ -46,6 +46,11 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>am.ik.yavi</groupId>
+			<artifactId>yavi</artifactId>
+			<version>0.15.0</version>
+		</dependency>
 		<dependency>
 			<groupId>io.micrometer</groupId>
 			<artifactId>micrometer-tracing-bridge-brave</artifactId>

todo-api/src/main/java/lol/maki/dev/todo/Todo.java

@@ -1,13 +1,58 @@
 package lol.maki.dev.todo;
 
-import java.time.Instant;
-
+import am.ik.yavi.arguments.Arguments7Validator;
+import am.ik.yavi.arguments.BooleanValidator;
+import am.ik.yavi.arguments.InstantValidator;
+import am.ik.yavi.arguments.StringValidator;
+import am.ik.yavi.builder.BooleanValidatorBuilder;
+import am.ik.yavi.builder.InstantValidatorBuilder;
+import am.ik.yavi.builder.StringValidatorBuilder;
 import com.fasterxml.jackson.annotation.JsonInclude;
+import java.time.Instant;
+import java.util.function.Function;
 import org.jilt.Builder;
 
-@Builder(toBuilder = "from")
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public record Todo(String todoId, String todoTitle, boolean finished, Instant createdAt, String createdBy,
 		Instant updatedAt, String updatedBy) {
 
+	private static Function<String, InstantValidator<Instant>> instantValidator = (
+			name) -> InstantValidatorBuilder.of(name, c -> c.notNull()).build();
+
+	private static Function<String, StringValidator<String>> usernameValidator = (
+			name) -> StringValidatorBuilder.of(name, c -> c.email().notBlank().lessThanOrEqual(255)).build();
+
+	public static StringValidator<String> todoIdValidator = StringValidatorBuilder
+		.of("todoId", c -> c.notBlank().lessThanOrEqual(255))
+		.build();
+
+	public static StringValidator<String> todoTitleValidator = StringValidatorBuilder
+		.of("todoTitle", c -> c.notBlank().lessThanOrEqual(255))
+		.build();
+
+	public static BooleanValidator<Boolean> finishedValidator = BooleanValidatorBuilder.of("finished", c -> c.notNull())
+		.build();
+
+	public static InstantValidator<Instant> createdAtValidator = instantValidator.apply("createdAt");
+
+	public static InstantValidator<Instant> updatedAtValidator = instantValidator.apply("updatedAt");
+
+	public static StringValidator<String> createdByValidator = usernameValidator.apply("createdBy");
+
+	public static StringValidator<String> updatedByValidator = usernameValidator.apply("updatedBy");
+
+	public static Arguments7Validator<String, String, Boolean, Instant, String, Instant, String, Todo> validator = todoIdValidator
+		.split(todoTitleValidator)
+		.split(finishedValidator)
+		.split(createdAtValidator)
+		.split(createdByValidator)
+		.split(updatedAtValidator)
+		.split(updatedByValidator)
+		.apply(Todo::new);
+
+	@Builder(className = "TodoBuilder", factoryMethod = "todo", toBuilder = "from", packageName = "lol.maki.dev.todo")
+	public static Todo create(String todoId, String todoTitle, boolean finished, Instant createdAt, String createdBy,
+			Instant updatedAt, String updatedBy) {
+		return validator.validated(todoId, todoTitle, finished, createdAt, createdBy, updatedAt, updatedBy);
+	}
 }

todo-api/src/main/java/lol/maki/dev/todo/TodoController.java

@@ -1,5 +1,7 @@
 package lol.maki.dev.todo;
 
+import am.ik.yavi.core.ConstraintViolations;
+import am.ik.yavi.core.ConstraintViolationsException;
 import java.net.URI;
 import java.util.List;
 import java.util.Map;
@@ -41,19 +43,20 @@ public ResponseEntity<Todo> getTodo(@PathVariable("todoId") String todoId) {
 	}
 
 	@PostMapping(path = "")
-	public ResponseEntity<Todo> postTodos(@RequestBody Todo todo, @AuthenticationPrincipal Jwt jwt,
+	public ResponseEntity<Todo> postTodos(@RequestBody Map<String, Object> request, @AuthenticationPrincipal Jwt jwt,
 			UriComponentsBuilder builder) {
 		String email = jwt.getClaimAsString("email");
-		Todo created = this.todoService.create(todo.todoTitle(), email);
+		Todo created = this.todoService.create((String) request.get("todoTitle"), email);
 		URI uri = builder.pathSegment("todos", created.todoId()).build().toUri();
 		return ResponseEntity.created(uri).body(created);
 	}
 
 	@PatchMapping(path = "/{todoId}")
-	public ResponseEntity<Todo> patchTodo(@PathVariable("todoId") String todoId, @RequestBody Todo todo,
-			@AuthenticationPrincipal Jwt jwt) {
+	public ResponseEntity<Todo> patchTodo(@PathVariable("todoId") String todoId,
+			@RequestBody Map<String, Object> request, @AuthenticationPrincipal Jwt jwt) {
 		String email = jwt.getClaimAsString("email");
-		Todo updated = this.todoService.update(todoId, todo.todoTitle(), todo.finished(), email);
+		Todo updated = this.todoService.update(todoId, (String) request.get("todoTitle"),
+				(Boolean) request.get("finished"), email);
 		return ResponseEntity.ok(updated);
 	}
 
@@ -68,4 +71,11 @@ public ResponseEntity<?> handleNotFound(TodoService.NotFoundException e) {
 		return ResponseEntity.status(HttpStatus.NOT_FOUND).body(Map.of("message", e.getMessage()));
 	}
 
+	@ExceptionHandler(ConstraintViolationsException.class)
+	public ResponseEntity<?> handleConstraintViolations(ConstraintViolationsException e) {
+		return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+			.body(Map.of("message", "Validation failed", "violations",
+					ConstraintViolations.of(e.violations()).details()));
+	}
+
 }

todo-api/src/test/java/lol/maki/dev/todo/TodoApiApplicationTests.java

@@ -1,22 +1,18 @@
 package lol.maki.dev.todo;
 
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.TextNode;
 import java.net.URI;
 import java.time.Instant;
 import java.util.List;
 import java.util.Set;
 import java.util.UUID;
 import java.util.function.Function;
-
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.TextNode;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.MethodOrderer;
 import org.junit.jupiter.api.Order;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestMethodOrder;
-import org.testcontainers.junit.jupiter.Testcontainers;
-import org.zalando.logbook.spring.LogbookClientHttpRequestInterceptor;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -28,6 +24,8 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.client.RestClient;
+import org.testcontainers.junit.jupiter.Testcontainers;
+import org.zalando.logbook.spring.LogbookClientHttpRequestInterceptor;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -227,6 +225,27 @@ void shouldReturnNotFoundForNonExistentTodo() {
 			.isEqualTo(new TextNode("Todo not found: todoId=%s".formatted(todoId)));
 	}
 
+	@Test
+	void shouldReturnBadRequestForInvalidTodo() {
+		String accessToken = this.accessTokenSupplier.apply(Set.of("todo:write"));
+		ResponseEntity<JsonNode> response = this.restClient.post()
+			.uri("/todos")
+			.contentType(MediaType.APPLICATION_JSON)
+			.headers(httpHeaders -> httpHeaders.setBearerAuth(accessToken))
+			.body("""
+					{"todoTitle": ""}
+					""")
+			.retrieve()
+			.toEntity(JsonNode.class);
+		assertThat(response.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
+		assertThat(response.getBody()).isNotNull();
+		assertThat(response.getBody().get("message")).isEqualTo(new TextNode("Validation failed"));
+		assertThat(response.getBody().has("violations")).isTrue();
+		assertThat(response.getBody().get("violations").size()).isEqualTo(1);
+		assertThat(response.getBody().get("violations").get(0).get("defaultMessage"))
+			.isEqualTo(new TextNode("\"todoTitle\" must not be blank"));
+	}
+
 	@Test
 	@Order(3)
 	void shouldUpdateTodoWithSufficientScope() {