fix(api): skip openapi validation for internal routes and metrics endpoint

Author: henrybarreto

api/pkg/openapi/openapi.go

@@ -7,7 +7,6 @@ import (
 	"io"
 	"net/http"
 	"net/url"
-	"strings"
 	"sync"
 
 	"github.com/getkin/kin-openapi/openapi3"
@@ -120,10 +119,6 @@ func (v *OpenAPIValidator) ValidateResponse(r *http.Request, response *http.Resp
 		return result
 	}
 
-	if v.shouldSkipPath(r.URL.Path) {
-		return result
-	}
-
 	route, pathParams, err := v.router.FindRoute(r)
 	if err != nil {
 		v.logger.WithFields(logrus.Fields{
@@ -206,25 +201,3 @@ func GetDefaultSchemaPath() *url.URL {
 
 	return u
 }
-
-// shouldSkipPath determines if a path should be skipped from validation
-func (v *OpenAPIValidator) shouldSkipPath(path string) bool {
-	// Skip internal endpoints
-	if strings.HasPrefix(path, "/internal") {
-		return true
-	}
-
-	skipPaths := []string{
-		"/api/healthcheck",
-		"/metrics",
-		"/openapi",
-	}
-
-	for _, skipPath := range skipPaths {
-		if strings.HasPrefix(path, skipPath) {
-			return true
-		}
-	}
-
-	return false
-}

api/routes/middleware/openapi.go

@@ -45,6 +45,8 @@ type OpenAPIValidatorConfig struct {
 	FailOnMismatch bool
 	// SchemaPath overrides the default schema path
 	SchemaPath *url.URL
+	// Skipper defines a function to skip middleware. If Skipper returns true, middleware is skipped.
+	Skipper func(echo.Context) bool
 }
 
 type OpenAPIValidationMessage struct {
@@ -60,6 +62,10 @@ func OpenAPIValidator(cfg *OpenAPIValidatorConfig) echo.MiddlewareFunc {
 
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
+			if cfg.Skipper != nil && cfg.Skipper(c) {
+				return next(c)
+			}
+
 			validator := getOrCreateValidator(*cfg)
 			if validator == nil {
 				return next(c)

api/server.go

@@ -3,10 +3,12 @@ package main
 import (
 	"context"
 	"os"
+	"strings"
 
 	"github.com/getsentry/sentry-go"
 	"github.com/labstack/echo/v4"
 	"github.com/shellhub-io/shellhub/api/routes"
+	"github.com/shellhub-io/shellhub/api/routes/middleware"
 	"github.com/shellhub-io/shellhub/api/services"
 	"github.com/shellhub-io/shellhub/api/store/mongo"
 	"github.com/shellhub-io/shellhub/api/store/mongo/options"
@@ -204,7 +206,20 @@ func (s *Server) routerOptions() ([]routes.Option, error) {
 	if envs.IsDevelopment() {
 		log.Info("Enabling OpenAPI validation in development mode")
 
-		opts = append(opts, routes.WithOpenAPIValidator(nil))
+		opts = append(opts, routes.WithOpenAPIValidator(&middleware.OpenAPIValidatorConfig{
+			// NOTE: By default, metrics and internal endpoints are skipped from validation for now.
+			Skipper: func(ctx echo.Context) bool {
+				routes := []string{"/metrics", "/internal"}
+
+				for _, path := range routes {
+					if strings.HasPrefix(ctx.Request().URL.Path, path) {
+						return true
+					}
+				}
+
+				return false
+			},
+		}))
 	}
 
 	return opts, nil