EXXETA / Openapi Cop
Licence: mit
A proxy that validates responses and requests against an OpenAPI document.
Stars: ✭ 338
Programming Languages
typescript
32286 projects
Projects that are alternatives of or similar to Openapi Cop
Swagger Parser
Swagger 2.0 and OpenAPI 3.0 parser/validator
Stars: ✭ 710 (+110.06%)
Mutual labels: swagger, openapi, validation
openapi-schemas
JSON Schemas for every version of the OpenAPI Specification
Stars: ✭ 22 (-93.49%)
Mutual labels: validation, swagger, openapi
Openapi Spec Validator
OpenAPI Spec validator
Stars: ✭ 161 (-52.37%)
Mutual labels: swagger, openapi, validation
Dredd
Language-agnostic HTTP API Testing Tool
Stars: ✭ 3,770 (+1015.38%)
Mutual labels: swagger, openapi, validation
Swagger2
Loading, parsing and validating requests to HTTP services based on Swagger v2.0 documents
Stars: ✭ 20 (-94.08%)
Mutual labels: swagger, openapi, validation
Openapi Spring Webflux Validator
🌱 A friendly kotlin library to validate API endpoints using an OpenApi 3.0 and Swagger 2.0 specification
Stars: ✭ 67 (-80.18%)
Mutual labels: swagger, openapi, validation
openapi-schema-validator
OpenAPI schema validator for Python
Stars: ✭ 35 (-89.64%)
Mutual labels: validation, swagger, openapi
Autorest
OpenAPI (f.k.a Swagger) Specification code generator. Supports C#, PowerShell, Go, Java, Node.js, TypeScript, Python
Stars: ✭ 3,607 (+967.16%)
Mutual labels: swagger, openapi
validada
Another library for defensive data analysis.
Stars: ✭ 29 (-91.42%)
Mutual labels: validation, data-validation
Safrs
SqlAlchemy Flask-Restful Swagger Json:API OpenAPI
Stars: ✭ 255 (-24.56%)
Mutual labels: swagger, openapi
Pode
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers
Stars: ✭ 329 (-2.66%)
Mutual labels: swagger, openapi
tssg-syntax-parser
Parser to generate AST from TSSG Syntax
Stars: ✭ 17 (-94.97%)
Mutual labels: swagger, openapi
Pyswagger
An OpenAPI (fka Swagger) client & converter in python, which is type-safe, dynamic, spec-compliant.
Stars: ✭ 326 (-3.55%)
Mutual labels: swagger, openapi
oas2
OpenAPI 2.0 (aka Swagger) utils for Golang.
Stars: ✭ 19 (-94.38%)
Mutual labels: swagger, openapi
json-ref-resolver
[Deprecated] Recursively resolve JSON pointers and remote authorities.
Stars: ✭ 27 (-92.01%)
Mutual labels: swagger, openapi
Openapi Typescript Codegen
NodeJS library that generates Typescript or Javascript clients based on the OpenAPI specification
Stars: ✭ 249 (-26.33%)
Mutual labels: swagger, openapi
5gc apis
RESTful APIs of main Network Functions in the 3GPP 5G Core Network
Stars: ✭ 253 (-25.15%)
Mutual labels: swagger, openapi
Generator Express No Stress Typescript
🚄 A Yeoman generator for Express.js based 12-factor apps and apis using Typescript
Stars: ✭ 297 (-12.13%)
Mutual labels: swagger, openapi
Martian
The HTTP abstraction library for Clojure/script, supporting Swagger, Schema, re-frame and more
Stars: ✭ 294 (-13.02%)
Mutual labels: swagger, openapi
openapi-cop
OpenAPI Compliance Proxy that validates requests and responses against an OpenAPI document
The idea is to place the proxy between a client (e.g. a frontend app) and a web server to catch invalid requests or responses during development. Use this proxy locally or set it up in your development server. In production environments, use the silent flag to forward unmodified response bodies. In any case, validation headers are set that allow to trace down violations of your OpenAPI definition.
FAQ
Can I use this in production?
This tool was originally meant for development scenarios. You can use this in production but we cannot give you any security guarantees. Also running the JSON schema validation is quite CPU-expensive and you likely do not want to validate in both directions in production because of that overhead.Do I need this if I already generate my client from the OpenAPI?
In case your client and server code is generated from the OpenAPI spec, you might still want to use this proxy. Generated code does usually only provide typing information, but JSON Schema defines much more than that. For example you might define a string property to match a given RegEx and start with the letter "C". This will not be ensured by your generated code at compile time, but will be caught by openapi-cop.Can I use this with other programming languages?
Yes. This is a proxy and not a middleware. You can use it between whatever HTTP-endpoints you have in your architecture.Installation
Do npm install -g openapi-cop, or npm install openapi-cop to install locally.
CLI Usage
The openapi-cop node package installs itself as an executable linked as openapi-cop. Run the command with the --help flag to get information about the CLI:
Usage: openapi-cop [options]
Options:
-s, --file <file> path to the OpenAPI definition file
-h, --host <host> the host of the proxy server (default: "localhost")
-p, --port <port> port number on which to run the proxy (default: 8888)
-t, --target <target> full base path of the target API (format: http(s)://host:port/basePath)
--default-forbid-additional-properties disallow additional properties when not explicitly specified
--silent do not send responses with validation errors, just set validation headers
-w, --watch [watchLocation] watch for changes in a file or directory (falls back to the OpenAPI file)
and restart server accordingly
-v, --verbose show verbose output
-V, --version output the version number
-h, --help output usage information
The proxy validates the requests and responses in the communication with a target server. By default, the proxy will respond with a 500 status code when the validation fails.
Sample validation failure response
{
"error": {
"message": "openapi-cop Proxy validation failed",
"request": {
"method": "POST",
"path": "/pets",
"headers": {
"host": "localhost:8888",
"user-agent": "curl/7.59.0",
"accept": "*/*",
"content-type": "application/json",
"content-length": "16"
},
"query": {},
"body": {
"data": "sent"
}
},
"response": {
"statusCode": 201,
"body": "{}",
"headers": {
"x-powered-by": "Express",
"openapi-cop-openapi-file": "7-petstore.yaml",
"content-type": "application/json; charset=utf-8",
"content-length": "2",
"etag": "W/\"2-vyGp6PvFo4RvsFtPoIWeCReyIC8\"",
"date": "Thu, 25 Jul 2019 13:39:58 GMT",
"connection": "close"
},
"request": {
"uri": {
"protocol": "http:",
"slashes": true,
"auth": null,
"host": "localhost:8889",
"port": "8889",
"hostname": "localhost",
"hash": null,
"search": null,
"query": null,
"pathname": "/pets",
"path": "/pets",
"href": "http://localhost:8889/pets"
},
"method": "POST",
"headers": {
"host": "localhost:8888",
"user-agent": "curl/7.59.0",
"accept": "*/*",
"content-type": "application/json",
"content-length": "16",
"accept-encoding": "gzip, deflate"
}
}
},
"validationResults": {
"request": {
"valid": true,
"errors": null
},
"response": {
"valid": false,
"errors": [
{
"keyword": "required",
"dataPath": "",
"schemaPath": "#/required",
"params": {
"missingProperty": "code"
},
"message": "should have required property 'code'"
}
]
},
"responseHeaders": {
"valid": true,
"errors": null
}
}
}
}
Two headers are added to the response:
-
openapi-cop-validation-result: contains the validation results as JSON.Interface
{ request: { valid: boolean; errors?: Ajv.ErrorObject[] | null; }, response: { valid: boolean; errors?: Ajv.ErrorObject[] | null; }, responseHeaders: { valid: boolean; errors?: Ajv.ErrorObject[] | null; } }
-
openapi-cop-source-request: contains a simplified version of the original request sent by the client as JSON.Interface
{ method: string; path: string; headers: { [key: string]: string | string[]; }; query?: { [key: string]: string | string[]; } | string; body?: any; }
See the references of OpenAPI Backend and Ajv for more information.
When the --silent is provided, the proxy will forward the server's response body without modification. In this case, the validation headers are still added.
Module Usage
To run the proxy programatically use runProxy, which returns a Promise<http.Server>:
import {runProxy} from 'openapi-cop';
const server = await runProxy({
port: 8888,
host: 'proxyhost',
targetUrl: 'http://targethost:8989',
apiDocFile: '/path/to/openapi-file.yaml',
defaultForbidAdditionalProperties: false,
silent: false
});
Made By
Alexis and Daniel
at
Join us now!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].