support for path validation for odata-formatted openapi specs

Author: SAPRD2

paths/paths.go

@@ -4,10 +4,12 @@
 package paths
 
 import (
+	"bytes"
 	"fmt"
 	"net/http"
 	"net/url"
 	"path/filepath"
+	"regexp"
 	"strings"
 
 	"github.com/pb33f/libopenapi/orderedmap"
@@ -195,7 +197,11 @@ func comparePaths(mapped, requested, basePaths []string) bool {
 	var imploded []string
 	for i, seg := range mapped {
 		s := seg
-		if strings.Contains(seg, "{") {
+		r, err := getRegexForPath(seg)
+		if err != nil {
+			return false
+		}
+		if r.MatchString(requested[i]) {
 			s = requested[i]
 		}
 		imploded = append(imploded, s)
@@ -204,3 +210,87 @@ func comparePaths(mapped, requested, basePaths []string) bool {
 	r := filepath.Join(requested...)
 	return checkPathAgainstBase(l, r, basePaths)
 }
+
+func getRegexForPath(tpl string) (*regexp.Regexp, error) {
+
+	// Check if it is well-formed.
+	idxs, errBraces := braceIndices(tpl)
+	if errBraces != nil {
+		return nil, errBraces
+	}
+
+	// Backup the original.
+	template := tpl
+
+	// Now let's parse it.
+	defaultPattern := "[^/]+"
+
+	pattern := bytes.NewBufferString("^")
+	var end int
+
+	for i := 0; i < len(idxs); i += 2 {
+
+		// Set all values we are interested in.
+		raw := tpl[end:idxs[i]]
+		end = idxs[i+1]
+		parts := strings.SplitN(tpl[idxs[i]+1:end-1], ":", 2)
+		name := parts[0]
+		patt := defaultPattern
+		if len(parts) == 2 {
+			patt = parts[1]
+		}
+
+		// Name or pattern can't be empty.
+		if name == "" || patt == "" {
+			return nil, fmt.Errorf("mux: missing name or pattern in %q", tpl[idxs[i]:end])
+		}
+
+		// Build the regexp pattern.
+		_, err := fmt.Fprintf(pattern, "%s(%s)", regexp.QuoteMeta(raw), patt)
+		if err != nil {
+			return nil, err
+		}
+
+	}
+
+	// Add the remaining.
+	raw := tpl[end:]
+	pattern.WriteString(regexp.QuoteMeta(raw))
+
+	// Compile full regexp.
+	reg, errCompile := regexp.Compile(pattern.String())
+	if errCompile != nil {
+		return nil, errCompile
+	}
+
+	// Check for capturing groups which used to work in older versions
+	if reg.NumSubexp() != len(idxs)/2 {
+		return nil, fmt.Errorf(fmt.Sprintf("route %s contains capture groups in its regexp. ", template) + "Only non-capturing groups are accepted: e.g. (?:pattern) instead of (pattern)")
+	}
+
+	// Done!
+	return reg, nil
+}
+
+func braceIndices(s string) ([]int, error) {
+	var level, idx int
+	var idxs []int
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '{':
+			if level++; level == 1 {
+				idx = i
+			}
+		case '}':
+			if level--; level == 0 {
+				idxs = append(idxs, idx, i+1)
+			} else if level < 0 {
+				return nil, fmt.Errorf("mux: unbalanced braces in %q", s)
+			}
+		}
+	}
+	if level != 0 {
+		return nil, fmt.Errorf("mux: unbalanced braces in %q", s)
+	}
+	return idxs, nil
+}

paths/paths_test.go

@@ -695,3 +695,22 @@ paths:
 	assert.Equal(t, 0, len(errs), "Errors found: %v", errs)
 	assert.NotNil(t, pathItem)
 }
+
+func TestNewValidator_ODataFormattedOpenAPISpecs(t *testing.T) {
+
+	// load a doc
+	b, _ := os.ReadFile("../test_specs/odata_spec.json")
+	doc, _ := libopenapi.NewDocument(b)
+
+	m, _ := doc.BuildV3Model()
+
+	request, _ := http.NewRequest(http.MethodGet, "https://things.com/entities('1')", nil)
+
+	pathItem, _, _ := FindPath(request, &m.Model)
+	assert.NotNil(t, pathItem)
+
+	request, _ = http.NewRequest(http.MethodGet, "https://things.com/orders(RelationshipNumber='dummy',ValidityEndDate=datetime'1492041600000')", nil)
+
+	pathItem, _, _ = FindPath(request, &m.Model)
+	assert.NotNil(t, pathItem)
+}

test_specs/odata_spec.json

@@ -0,0 +1,61 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Sample OData Service",
+    "version": "1.0.0"
+  },
+  "paths": {
+    "/entities('{Entity}')": {
+      "parameters": [
+        {
+          "description": "key: Entity",
+          "in": "path",
+          "name": "Entity",
+          "required": true,
+          "schema": {
+            "type": "integer",
+            "format": "int32"
+          }
+        }
+      ],
+      "get": {
+        "responses": {
+          "200": {
+            "description": "Successful response"
+          }
+        }
+      }
+    },
+    "/orders(RelationshipNumber='{RelationshipNumber}',ValidityEndDate=datetime'{ValidityEndDate}')": {
+      "parameters": [
+        {
+          "name": "RelationshipNumber",
+          "in": "path",
+          "required": true,
+          "description": "BP Relationship Number",
+          "schema": {
+            "type": "string",
+            "maxLength": 12
+          }
+        },
+        {
+          "name": "ValidityEndDate",
+          "in": "path",
+          "required": true,
+          "description": "Validity Date (Valid To)",
+          "schema": {
+            "type": "string",
+            "example": "/Date(1492041600000)/"
+          }
+        }
+      ],
+      "get": {
+        "responses": {
+          "200": {
+            "description": "Retrieved entity"
+          }
+        }
+      }
+    }
+  }
+}