Refactor: Pass in responseMetaData when validating request if available

Author: pboos

openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/OpenApiRequestValidator.java

@@ -14,6 +14,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.concurrent.RejectedExecutionException;
 import java.util.concurrent.ThreadPoolExecutor;
+import javax.annotation.Nullable;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.http.client.utils.URLEncodedUtils;
 
@@ -46,8 +47,8 @@ public boolean isReady() {
         return validator != null;
     }
 
-    public void validateRequestObjectAsync(final RequestMetaData request, String requestBody) {
-        executeAsync(() -> validateRequestObject(request, requestBody));
+    public void validateRequestObjectAsync(final RequestMetaData request, @Nullable ResponseMetaData response, String requestBody) {
+        executeAsync(() -> validateRequestObject(request, response, requestBody));
     }
 
     public void validateResponseObjectAsync(final RequestMetaData request, ResponseMetaData response, final String responseBody) {
@@ -63,10 +64,18 @@ private void executeAsync(Runnable command) {
     }
 
     public ValidationResult validateRequestObject(final RequestMetaData request, String requestBody) {
+        return validateRequestObject(request, null, requestBody);
+    }
+
+    public ValidationResult validateRequestObject(
+        final RequestMetaData request,
+        @Nullable final ResponseMetaData response,
+        String requestBody
+    ) {
         try {
             var simpleRequest = buildSimpleRequest(request, requestBody);
             var result = validator.validateRequest(simpleRequest);
-            validationReportHandler.handleValidationReport(request, Direction.REQUEST, requestBody, result);
+            validationReportHandler.handleValidationReport(request, response, Direction.REQUEST, requestBody, result);
             reportValidationHeartbeat();
             return buildValidationResult(result);
         } catch (Exception e) {
@@ -96,7 +105,7 @@ private static String nullSafeUrlDecode(String value) {
 
     public ValidationResult validateResponseObject(
         final RequestMetaData request,
-        ResponseMetaData response,
+        final ResponseMetaData response,
         final String responseBody
     ) {
         try {
@@ -112,7 +121,7 @@ public ValidationResult validateResponseObject(
                 Request.Method.valueOf(request.getMethod().toUpperCase()),
                 responseBuilder.build()
             );
-            validationReportHandler.handleValidationReport(request, Direction.RESPONSE, responseBody, result);
+            validationReportHandler.handleValidationReport(request, response, Direction.RESPONSE, responseBody, result);
             reportValidationHeartbeat();
             return buildValidationResult(result);
         } catch (Exception e) {

openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/ValidationReportHandler.java

@@ -7,10 +7,12 @@
 import com.getyourguide.openapi.validation.api.model.Direction;
 import com.getyourguide.openapi.validation.api.model.OpenApiViolation;
 import com.getyourguide.openapi.validation.api.model.RequestMetaData;
+import com.getyourguide.openapi.validation.api.model.ResponseMetaData;
 import com.getyourguide.openapi.validation.core.exclusions.InternalViolationExclusions;
 import com.getyourguide.openapi.validation.core.throttle.ValidationReportThrottler;
 import io.swagger.v3.oas.models.parameters.Parameter;
 import java.util.Optional;
+import javax.annotation.Nullable;
 import lombok.AllArgsConstructor;
 
 @AllArgsConstructor
@@ -22,6 +24,7 @@ public class ValidationReportHandler {
 
     public void handleValidationReport(
         RequestMetaData request,
+        @Nullable ResponseMetaData response,
         Direction direction,
         String body,
         ValidationReport result
@@ -30,7 +33,7 @@ public void handleValidationReport(
             result
                 .getMessages()
                 .stream()
-                .map(message -> buildOpenApiViolation(message, request, body, direction))
+                .map(message -> buildOpenApiViolation(message, request, response, body, direction))
                 .filter(violation -> !violationExclusions.isExcluded(violation))
                 .forEach(violation -> throttleHelper.throttle(violation, () -> logValidationError(violation)));
         }
@@ -44,6 +47,7 @@ private void logValidationError(OpenApiViolation openApiViolation) {
     private OpenApiViolation buildOpenApiViolation(
         ValidationReport.Message message,
         RequestMetaData request,
+        @Nullable ResponseMetaData response,
         String body,
         Direction direction
     ) {

openapi-validation-core/src/test/java/com/getyourguide/openapi/validation/core/OpenApiRequestValidatorTest.java

@@ -44,7 +44,7 @@ public void setup() {
     public void testWhenThreadPoolExecutorRejectsExecutionThenItShouldNotThrow() {
         Mockito.doThrow(new RejectedExecutionException()).when(threadPoolExecutor).execute(any());
 
-        openApiRequestValidator.validateRequestObjectAsync(mock(), null);
+        openApiRequestValidator.validateRequestObjectAsync(mock(), null, null);
     }
 
     @Test

openapi-validation-core/src/test/java/com/getyourguide/openapi/validation/core/ValidationReportHandlerTest.java

@@ -46,7 +46,7 @@ public void testWhenParameterNameIsPresentThenItShouldAddItToTheMessage() {
         var request = mockRequestMetaData();
         var validationReport = mockValidationReport("parameterName");
 
-        validationReportHandler.handleValidationReport(request, Direction.REQUEST, null, validationReport);
+        validationReportHandler.handleValidationReport(request, null, Direction.REQUEST, null, validationReport);
 
         var argumentCaptor = ArgumentCaptor.forClass(OpenApiViolation.class);
         verify(logger).log(argumentCaptor.capture());

spring-boot-starter/spring-boot-starter-web-spring2.7/src/main/java/com/getyourguide/openapi/validation/filter/OpenApiValidationHttpFilter.java

@@ -1,13 +1,15 @@
 package com.getyourguide.openapi.validation.filter;
 
 import com.getyourguide.openapi.validation.api.model.RequestMetaData;
+import com.getyourguide.openapi.validation.api.model.ResponseMetaData;
 import com.getyourguide.openapi.validation.api.model.ValidationResult;
 import com.getyourguide.openapi.validation.api.selector.TrafficSelector;
 import com.getyourguide.openapi.validation.core.OpenApiRequestValidator;
 import com.getyourguide.openapi.validation.factory.ContentCachingWrapperFactory;
 import com.getyourguide.openapi.validation.factory.ServletMetaDataFactory;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import javax.annotation.Nullable;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -59,12 +61,17 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         try {
             super.doFilter(requestWrapper, responseWrapper, chain);
         } finally {
+            var responseMetaData = metaDataFactory.buildResponseMetaData(responseWrapper);
             if (!alreadyDidRequestValidation) {
-                validateRequest(requestWrapper, requestMetaData, RunType.ASYNC);
+                validateRequest(requestWrapper, requestMetaData, responseMetaData, RunType.ASYNC);
             }
 
-            var validateResponseResult =
-                validateResponse(responseWrapper, requestMetaData, getRunTypeForResponseValidation(requestMetaData));
+            var validateResponseResult = validateResponse(
+                responseWrapper,
+                requestMetaData,
+                responseMetaData,
+                getRunTypeForResponseValidation(requestMetaData)
+            );
             throwStatusExceptionOnViolation(validateResponseResult, "Response validation failed");
 
             responseWrapper.copyBodyToResponse(); // Needs to be done on every call, otherwise there won't be a response body
@@ -87,14 +94,15 @@ private boolean validateRequestWithFailOnViolation(
             return false;
         }
 
-        var validateRequestResult = validateRequest(request, requestMetaData, RunType.SYNC);
+        var validateRequestResult = validateRequest(request, requestMetaData, null, RunType.SYNC);
         throwStatusExceptionOnViolation(validateRequestResult, "Request validation failed");
         return true;
     }
 
     private ValidationResult validateRequest(
         ContentCachingRequestWrapper request,
         RequestMetaData requestMetaData,
+        @Nullable ResponseMetaData responseMetaData,
         RunType runType
     ) {
         if (!trafficSelector.canRequestBeValidated(requestMetaData)) {
@@ -106,7 +114,7 @@ private ValidationResult validateRequest(
             : null;
 
         if (runType == RunType.ASYNC) {
-            validator.validateRequestObjectAsync(requestMetaData, requestBody);
+            validator.validateRequestObjectAsync(requestMetaData, responseMetaData, requestBody);
             return ValidationResult.NOT_APPLICABLE;
         } else {
             return validator.validateRequestObject(requestMetaData, requestBody);
@@ -116,9 +124,9 @@ private ValidationResult validateRequest(
     private ValidationResult validateResponse(
         ContentCachingResponseWrapper response,
         RequestMetaData requestMetaData,
+        ResponseMetaData responseMetaData,
         RunType runType
     ) {
-        var responseMetaData = metaDataFactory.buildResponseMetaData(response);
         if (!trafficSelector.canResponseBeValidated(requestMetaData, responseMetaData)) {
             return ValidationResult.NOT_APPLICABLE;
         }

spring-boot-starter/spring-boot-starter-web/src/main/java/com/getyourguide/openapi/validation/filter/OpenApiValidationHttpFilter.java

@@ -1,6 +1,7 @@
 package com.getyourguide.openapi.validation.filter;
 
 import com.getyourguide.openapi.validation.api.model.RequestMetaData;
+import com.getyourguide.openapi.validation.api.model.ResponseMetaData;
 import com.getyourguide.openapi.validation.api.model.ValidationResult;
 import com.getyourguide.openapi.validation.api.selector.TrafficSelector;
 import com.getyourguide.openapi.validation.core.OpenApiRequestValidator;
@@ -15,6 +16,7 @@
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import javax.annotation.Nullable;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.core.Ordered;
@@ -59,12 +61,17 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         try {
             super.doFilter(requestWrapper, responseWrapper, chain);
         } finally {
+            var responseMetaData = metaDataFactory.buildResponseMetaData(responseWrapper);
             if (!alreadyDidRequestValidation) {
-                validateRequest(requestWrapper, requestMetaData, RunType.ASYNC);
+                validateRequest(requestWrapper, requestMetaData, responseMetaData, RunType.ASYNC);
             }
 
-            var validateResponseResult =
-                validateResponse(responseWrapper, requestMetaData, getRunTypeForResponseValidation(requestMetaData));
+            var validateResponseResult = validateResponse(
+                responseWrapper,
+                requestMetaData,
+                responseMetaData,
+                getRunTypeForResponseValidation(requestMetaData)
+            );
             throwStatusExceptionOnViolation(validateResponseResult, "Response validation failed");
 
             responseWrapper.copyBodyToResponse(); // Needs to be done on every call, otherwise there won't be a response body
@@ -87,14 +94,15 @@ private boolean validateRequestWithFailOnViolation(
             return false;
         }
 
-        var validateRequestResult = validateRequest(request, requestMetaData, RunType.SYNC);
+        var validateRequestResult = validateRequest(request, requestMetaData, null, RunType.SYNC);
         throwStatusExceptionOnViolation(validateRequestResult, "Request validation failed");
         return true;
     }
 
     private ValidationResult validateRequest(
         ContentCachingRequestWrapper request,
         RequestMetaData requestMetaData,
+        @Nullable ResponseMetaData responseMetaData,
         RunType runType
     ) {
         if (!trafficSelector.canRequestBeValidated(requestMetaData)) {
@@ -106,7 +114,7 @@ private ValidationResult validateRequest(
             : null;
 
         if (runType == RunType.ASYNC) {
-            validator.validateRequestObjectAsync(requestMetaData, requestBody);
+            validator.validateRequestObjectAsync(requestMetaData, responseMetaData, requestBody);
             return ValidationResult.NOT_APPLICABLE;
         } else {
             return validator.validateRequestObject(requestMetaData, requestBody);
@@ -116,9 +124,9 @@ private ValidationResult validateRequest(
     private ValidationResult validateResponse(
         ContentCachingResponseWrapper response,
         RequestMetaData requestMetaData,
+        ResponseMetaData responseMetaData,
         RunType runType
     ) {
-        var responseMetaData = metaDataFactory.buildResponseMetaData(response);
         if (!trafficSelector.canResponseBeValidated(requestMetaData, responseMetaData)) {
             return ValidationResult.NOT_APPLICABLE;
         }

spring-boot-starter/spring-boot-starter-webflux-spring2.7/src/main/java/com/getyourguide/openapi/validation/filter/OpenApiValidationWebFilter.java

@@ -1,13 +1,15 @@
 package com.getyourguide.openapi.validation.filter;
 
 import com.getyourguide.openapi.validation.api.model.RequestMetaData;
+import com.getyourguide.openapi.validation.api.model.ResponseMetaData;
 import com.getyourguide.openapi.validation.api.model.ValidationResult;
 import com.getyourguide.openapi.validation.api.selector.TrafficSelector;
 import com.getyourguide.openapi.validation.core.OpenApiRequestValidator;
 import com.getyourguide.openapi.validation.factory.ReactiveMetaDataFactory;
 import com.getyourguide.openapi.validation.filter.decorator.BodyCachingServerHttpRequestDecorator;
 import com.getyourguide.openapi.validation.filter.decorator.BodyCachingServerHttpResponseDecorator;
 import com.getyourguide.openapi.validation.filter.decorator.DecoratorBuilder;
+import javax.annotation.Nullable;
 import lombok.AllArgsConstructor;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
@@ -59,18 +61,21 @@ private Mono<Void> decorateWithValidation(ServerWebExchange exchange, WebFilterC
                 // Note: Errors are not handled here. They could be handled with SignalType.ON_ERROR, but then the response body can't be accessed.
                 //       Reason seems to be that those don't use the decorated response that is set here, but use the previous response object.
                 if (signalType == SignalType.ON_COMPLETE) {
+                    var responseMetaData = metaDataFactory.buildResponseMetaData(responseDecorated);
                     if (!alreadyDidRequestValidation) {
-                        validateRequest(requestDecorated, requestMetaData, RunType.ASYNC);
+                        validateRequest(requestDecorated, requestMetaData, responseMetaData, RunType.ASYNC);
                     }
                     if (!alreadyDidResponseValidation) {
-                        validateResponse(responseDecorated, requestMetaData, RunType.ASYNC);
+                        validateResponse(
+                            requestMetaData, responseMetaData, responseDecorated.getCachedBody(), RunType.ASYNC);
                     }
                 }
             });
     }
 
     /**
      * Validate request and fail on violation if configured to do so.
+     *
      * @return true if validation is done as part of this method
      */
     private boolean validateRequestWithFailOnViolation(
@@ -83,11 +88,11 @@ private boolean validateRequestWithFailOnViolation(
 
         if (requestDecorated.getHeaders().containsKey("Content-Type") && requestDecorated.getHeaders().containsKey("Content-Length")) {
             requestDecorated.setOnBodyCachedListener(() -> {
-                var validateRequestResult = validateRequest(requestDecorated, requestMetaData, RunType.SYNC);
+                var validateRequestResult = validateRequest(requestDecorated, requestMetaData, null, RunType.SYNC);
                 throwStatusExceptionOnViolation(validateRequestResult, "Request validation failed");
             });
         } else {
-            var validateRequestResult = validateRequest(requestDecorated, requestMetaData, RunType.SYNC);
+            var validateRequestResult = validateRequest(requestDecorated, requestMetaData, null, RunType.SYNC);
             throwStatusExceptionOnViolation(validateRequestResult, "Request validation failed");
         }
         return true;
@@ -101,6 +106,7 @@ private static void throwStatusExceptionOnViolation(ValidationResult validateReq
 
     /**
      * Validate response and fail on violation if configured to do so.
+     *
      * @return true if validation is done as part of this method
      */
     private boolean validateResponseWithFailOnViolation(
@@ -112,7 +118,12 @@ private boolean validateResponseWithFailOnViolation(
         }
 
         responseDecorated.setOnBodyCachedListener(() -> {
-            var validateResponseResult = validateResponse(responseDecorated, requestMetaData, RunType.SYNC);
+            var validateResponseResult = validateResponse(
+                requestMetaData,
+                metaDataFactory.buildResponseMetaData(responseDecorated),
+                responseDecorated.getCachedBody(),
+                RunType.SYNC
+            );
             throwStatusExceptionOnViolation(validateResponseResult, "Response validation failed");
         });
         return true;
@@ -121,37 +132,38 @@ private boolean validateResponseWithFailOnViolation(
     private ValidationResult validateRequest(
         BodyCachingServerHttpRequestDecorator request,
         RequestMetaData requestMetaData,
+        @Nullable ResponseMetaData responseMetaData,
         RunType runType
     ) {
         if (!trafficSelector.canRequestBeValidated(requestMetaData)) {
             return ValidationResult.NOT_APPLICABLE;
         }
 
         if (runType == RunType.SYNC) {
-            return validator.validateRequestObject(requestMetaData, request.getCachedBody());
+            return validator.validateRequestObject(requestMetaData, responseMetaData, request.getCachedBody());
         } else {
-            validator.validateRequestObjectAsync(requestMetaData, request.getCachedBody());
+            validator.validateRequestObjectAsync(requestMetaData, responseMetaData, request.getCachedBody());
             return ValidationResult.NOT_APPLICABLE;
         }
     }
 
     private ValidationResult validateResponse(
-        BodyCachingServerHttpResponseDecorator response,
         RequestMetaData requestMetaData,
+        @Nullable ResponseMetaData responseMetaData,
+        @Nullable String responseBody,
         RunType runType
     ) {
-        var responseMetaData = metaDataFactory.buildResponseMetaData(response);
         if (!trafficSelector.canResponseBeValidated(requestMetaData, responseMetaData)) {
             return ValidationResult.NOT_APPLICABLE;
         }
 
         if (runType == RunType.SYNC) {
-            return validator.validateResponseObject(requestMetaData, responseMetaData, response.getCachedBody());
+            return validator.validateResponseObject(requestMetaData, responseMetaData, responseBody);
         } else {
-            validator.validateResponseObjectAsync(requestMetaData, responseMetaData, response.getCachedBody());
+            validator.validateResponseObjectAsync(requestMetaData, responseMetaData, responseBody);
             return ValidationResult.NOT_APPLICABLE;
         }
     }
 
-    private enum RunType { SYNC, ASYNC }
+    private enum RunType {SYNC, ASYNC}
 }