Giters

cdimascio / express-openapi-validator

🦋 Auto-validates api requests, responses, and securities using ExpressJS and an OpenAPI 3.x specification

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

version 5.1.1, apiKey cookie authentication results in error

vaporii opened this issue · comments

commented

When attempting to access any endpoint secured with cookie authentication, the following error occurs:
Cannot read properties of undefined (reading 'connect.sid')

To reproduce the error, create an OpenAPI spec sheet with an endpoint secured with cookie authentication. Then, write a TypeScript backend using express and express-openapi-validator. (Examples at bottom of page)

When accessing the endpoint secured with cookie authentication, the following error is returned:

Unauthorized: Cannot read properties of undefined (reading 'connect.sid')
    at Function.create (/devfolder/node_modules/express-openapi-validator/dist/framework/types.js:42:24)
    at /devfolder/node_modules/express-openapi-validator/dist/middlewares/openapi.security.js:78:43
    at processTicksAndRejections (node:internal/process/task_queues:95:5) {
  status: 401,
  path: '/api/v3/url/{urlId}',
  headers: undefined,
  errors: [
    {
      path: '/api/v3/url/{urlId}',
      message: "Cannot read properties of undefined (reading 'connect.sid')"
    }
  ]
}

The endpoint should always be authenticated (see code below), but as seen above in the error, that does not happen.

Examples

OpenAPI spec snippet

/url/{urlId}:
    put:
      tags:
        - url
      summary: Update a URL
      description: Update a URL
      operationId: updateUrl
      requestBody:
        description: Update a URL
        content:
          application/json:
            schema:
              type: object
              properties:
                longUrl:
                  type: string
                  format: uri
                alias:
                  type: string
      parameters:
        - name: urlId
          in: path
          description: The URL ID to update
          required: true
          schema:
            type: integer
            format: int64
      responses:
        "200":
          description: Successful operation
      security:
        - tokenAuth: []
      x-eov-operation-handler: controllers/Url

Security schema

  securitySchemes:
    tokenAuth:
      type: apiKey
      in: cookie
      name: connect.sid

TypeScript backend example

import * as OpenApiValidator from "express-openapi-validator";
import express from "express";
import dotenv from "dotenv";
dotenv.config();

import { createUser } from "./utils";

const PORT = 5555;

const app = express();

app.use(express.json());

app.use(
  OpenApiValidator.middleware({
    apiSpec: "spec.yaml",
    validateRequests: true,
    validateSecurity: {
      handlers: {
        tokenAuth: async (req, scopes, schema) => {
          return true;
        },
      },
    },
  })
);

app.use(
  (
    err: any,
    req: express.Request,
    res: express.Response,
    next: express.NextFunction
  ) => {
    console.log(err);
    // format error
    res.status(err.status || 500).json({
      message: err.message,
      errors: err.errors,
    });
  }
)

app.listen(PORT, () => {
  console.log("Listening on http://localhost:" + PORT);
});
commented

nevermind i'm stupid