implemented path parameter matching

Author: SAPRD2

helpers/regex_maker.go

@@ -0,0 +1,94 @@
+package helpers
+
+import (
+	"bytes"
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+func GetRegexForPath(tpl string) (*regexp.Regexp, error) {
+
+	// Check if it is well-formed.
+	idxs, errBraces := BraceIndices(tpl)
+	if errBraces != nil {
+		return nil, errBraces
+	}
+
+	// Backup the original.
+	template := tpl
+
+	// Now let's parse it.
+	defaultPattern := "[^/]+"
+
+	pattern := bytes.NewBufferString("^")
+	var end int
+
+	for i := 0; i < len(idxs); i += 2 {
+
+		// Set all values we are interested in.
+		raw := tpl[end:idxs[i]]
+		end = idxs[i+1]
+		parts := strings.SplitN(tpl[idxs[i]+1:end-1], ":", 2)
+		name := parts[0]
+		patt := defaultPattern
+		if len(parts) == 2 {
+			patt = parts[1]
+		}
+
+		// Name or pattern can't be empty.
+		if name == "" || patt == "" {
+			return nil, fmt.Errorf("mux: missing name or pattern in %q", tpl[idxs[i]:end])
+		}
+
+		// Build the regexp pattern.
+		_, err := fmt.Fprintf(pattern, "%s(%s)", regexp.QuoteMeta(raw), patt)
+		if err != nil {
+			return nil, err
+		}
+
+	}
+
+	// Add the remaining.
+	raw := tpl[end:]
+	pattern.WriteString(regexp.QuoteMeta(raw))
+
+	pattern.WriteByte('$')
+
+	// Compile full regexp.
+	reg, errCompile := regexp.Compile(pattern.String())
+	if errCompile != nil {
+		return nil, errCompile
+	}
+
+	// Check for capturing groups which used to work in older versions
+	if reg.NumSubexp() != len(idxs)/2 {
+		return nil, fmt.Errorf(fmt.Sprintf("route %s contains capture groups in its regexp. ", template) + "Only non-capturing groups are accepted: e.g. (?:pattern) instead of (pattern)")
+	}
+
+	// Done!
+	return reg, nil
+}
+
+func BraceIndices(s string) ([]int, error) {
+	var level, idx int
+	var idxs []int
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '{':
+			if level++; level == 1 {
+				idx = i
+			}
+		case '}':
+			if level--; level == 0 {
+				idxs = append(idxs, idx, i+1)
+			} else if level < 0 {
+				return nil, fmt.Errorf("mux: unbalanced braces in %q", s)
+			}
+		}
+	}
+	if level != 0 {
+		return nil, fmt.Errorf("mux: unbalanced braces in %q", s)
+	}
+	return idxs, nil
+}

helpers/regex_maker_test.go

@@ -0,0 +1,141 @@
+package helpers
+
+import (
+	"testing"
+)
+
+func TestGetRegexForPath(t *testing.T) {
+	tests := []struct {
+		name     string
+		tpl      string
+		wantErr  bool
+		wantExpr string
+	}{
+		{
+			name:     "well-formed template with default pattern",
+			tpl:      "/orders/{id}",
+			wantErr:  false,
+			wantExpr: "^/orders/([^/]+)$",
+		},
+		{
+			name:     "well-formed template with custom pattern",
+			tpl:      "/orders/{id:[0-9]+}",
+			wantErr:  false,
+			wantExpr: "^/orders/([0-9]+)$",
+		},
+		{
+			name:    "missing name in template",
+			tpl:     "/orders/{:pattern}",
+			wantErr: true,
+		},
+		{
+			name:    "missing pattern in template",
+			tpl:     "/orders/{name:}",
+			wantErr: true,
+		},
+		{
+			name:    "unbalanced braces in template",
+			tpl:     "/orders/{id",
+			wantErr: true,
+		},
+		{
+			name:    "unbalanced braces in template",
+			tpl:     "/orders/id}",
+			wantErr: true,
+		},
+		{
+			name:     "template with multiple variables",
+			tpl:      "/orders/{id:[0-9]+}/items/{itemId}",
+			wantErr:  false,
+			wantExpr: "^/orders/([0-9]+)/items/([^/]+)$",
+		},
+		{
+			name:     "OData formatted URL with single quotes",
+			tpl:      "/entities('{id}')",
+			wantErr:  false,
+			wantExpr: "^/entities\\('([^/]+)'\\)$",
+		},
+		{
+			name:     "OData formatted URL with custom pattern",
+			tpl:      "/entities('{id:[0-9]+}')",
+			wantErr:  false,
+			wantExpr: "^/entities\\('([0-9]+)'\\)$",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := GetRegexForPath(tt.tpl)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GetRegexForPath() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !tt.wantErr && got.String() != tt.wantExpr {
+				t.Errorf("GetRegexForPath() = %v, want %v", got.String(), tt.wantExpr)
+			}
+		})
+	}
+}
+
+func TestBraceIndices(t *testing.T) {
+	tests := []struct {
+		name    string
+		s       string
+		want    []int
+		wantErr bool
+	}{
+		{
+			name:    "well-formed braces",
+			s:       "/orders/{id}/items/{itemId}",
+			want:    []int{8, 12, 19, 27},
+			wantErr: false,
+		},
+		{
+			name:    "unbalanced braces",
+			s:       "/orders/{id/items/{itemId}",
+			wantErr: true,
+		},
+		{
+			name:    "unbalanced braces",
+			s:       "/orders/{id}/items/{itemId",
+			wantErr: true,
+		},
+		{
+			name:    "no braces",
+			s:       "/orders/id/items/itemId",
+			want:    []int{},
+			wantErr: false,
+		},
+		{
+			name:    "OData formatted URL with single quotes",
+			s:       "/entities('{id}')",
+			want:    []int{11, 15},
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := BraceIndices(tt.s)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("BraceIndices() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !tt.wantErr && !equal(got, tt.want) {
+				t.Errorf("BraceIndices() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func equal(a, b []int) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	for i := range a {
+		if a[i] != b[i] {
+			return false
+		}
+	}
+	return true
+}

parameters/path_parameters.go

@@ -6,6 +6,7 @@ package parameters
 import (
 	"fmt"
 	"net/http"
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -54,14 +55,34 @@ func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, p
 				if pathSegments[x] == "" { // skip empty segments
 					continue
 				}
-				i := strings.IndexRune(pathSegments[x], '{')
-				if i > -1 {
+
+				r, err := helpers.GetRegexForPath(pathSegments[x])
+				if err != nil {
+					continue
+				}
+
+				re := regexp.MustCompile(r.String())
+				matches := re.FindStringSubmatch(submittedSegments[x])
+				matches = matches[1:]
+
+				// Check if it is well-formed.
+				idxs, errBraces := helpers.BraceIndices(pathSegments[x])
+				if errBraces != nil {
+					continue
+				}
+
+				idx := 0
+
+				for _, match := range matches {
+
 					isMatrix := false
 					isLabel := false
 					// isExplode := false
 					isSimple := true
-					paramTemplate := pathSegments[x][i+1 : len(pathSegments[x])-1]
+					paramTemplate := pathSegments[x][idxs[idx]+1 : idxs[idx+1]-1]
+					idx += 2 // move to the next brace pair
 					paramName := paramTemplate
+
 					// check for an asterisk on the end of the parameter (explode)
 					if strings.HasSuffix(paramTemplate, helpers.Asterisk) {
 						// isExplode = true
@@ -83,12 +104,7 @@ func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, p
 						continue
 					}
 
-					paramValue := ""
-
-					// extract the parameter value from the path.
-					if x < len(submittedSegments) {
-						paramValue = submittedSegments[x]
-					}
+					paramValue := match
 
 					if paramValue == "" {
 						// Mandatory path parameter cannot be empty

parameters/path_parameters_test.go

@@ -1443,3 +1443,60 @@ paths:
 	assert.False(t, valid)
 	assert.Len(t, errors, 1)
 }
+
+func TestNewValidator_ODataFormattedOpenAPISpecs(t *testing.T) {
+
+	spec := `openapi: 3.0.0
+paths:
+  /entities('{Entity}'):
+    parameters:
+    - description: 'key: Entity'
+      in: path
+      name: Entity
+      required: true
+      schema:
+        type: integer
+    get:
+      operationId: one
+  /orders(RelationshipNumber='{RelationshipNumber}',ValidityEndDate=datetime'{ValidityEndDate}'):
+    parameters:
+    - name: RelationshipNumber
+      in: path
+      required: true
+      schema:
+        type: integer
+    - name: ValidityEndDate
+      in: path
+      required: true
+      schema:
+        type: string
+    get:
+      operationId: one
+`
+	doc, _ := libopenapi.NewDocument([]byte(spec))
+
+	m, _ := doc.BuildV3Model()
+
+	v := NewParameterValidator(&m.Model)
+
+	request, _ := http.NewRequest(http.MethodGet, "https://things.com/entities('1')", nil)
+
+	valid, errors := v.ValidatePathParams(request)
+
+	assert.True(t, valid)
+	assert.Len(t, errors, 0)
+
+	request, _ = http.NewRequest(http.MethodGet, "https://things.com/orders(RelationshipNumber='1234',ValidityEndDate=datetime'1492041600000')", nil)
+
+	valid, errors = v.ValidatePathParams(request)
+
+	assert.True(t, valid)
+	assert.Len(t, errors, 0)
+
+	request, _ = http.NewRequest(http.MethodGet, "https://things.com/orders(RelationshipNumber='dummy',ValidityEndDate=datetime'1492041600000')", nil)
+
+	valid, errors = v.ValidatePathParams(request)
+	assert.False(t, valid)
+	assert.Len(t, errors, 1)
+
+}