Adding support for full API exposure path

Chris Wiechmann · Chris Wiechmann · commit 83369bb5dc42 · 2021-12-21T16:36:25.000+01:00
Fixes #2
diff --git a/src/main/java/com/axway/apim/openapi/validator/OpenAPIValidator.java b/src/main/java/com/axway/apim/openapi/validator/OpenAPIValidator.java
@@ -5,7 +5,9 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.LinkedHashMap;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Optional;
 
 import com.atlassian.oai.validator.OpenApiInteractionValidator;
@@ -29,6 +31,8 @@ public class OpenAPIValidator
 	
 	private OpenApiInteractionValidator validator;
 	
+	private MaxSizeHashMap<String, String> exposurePath2SpecifiedPathMap = new MaxSizeHashMap<String, String>();
+	
 	private int payloadLogMaxLength = 40;
 	
 	public static synchronized OpenAPIValidator getInstance(String openAPISpec)  {
@@ -63,6 +67,7 @@ public static synchronized OpenAPIValidator getInstance(String apiId, String use
     private OpenAPIValidator(String openAPISpec) {
 		super();
 		try {
+			exposurePath2SpecifiedPathMap.setMaxSize(1000);
 			// Check if openAPISpec is a valid URL
 			new URI(openAPISpec);
 			// If it does not fail, load it from the URL
@@ -89,7 +94,41 @@ private OpenAPIValidator(String apiId, String username, String password, String
     
     public boolean isValidRequest(String payload, String verb, String path, QueryStringHeaderSet queryParams, HeaderSet headers) {
     	Utils.traceMessage("Validate request: [verb: "+verb+", path: '"+path+"', payload: '"+Utils.getContentStart(payload, payloadLogMaxLength, true)+"']", TraceLevel.INFO);
-    	ValidationReport validationReport = validateRequest(payload, verb, path, queryParams, headers);
+    	ValidationReport validationReport = null;
+    	String originalPath = path;
+    	// The given path might be the FE-API exposed path which is not always part of the API-Specification. 
+    	// If for example the Petstore is exposed with /petstore/v3 the path we get might be /petstore/v3/store/order/78787 
+    	// and with that, the validation fails, as the specification doesn't contain this path.
+    	// The following code nevertheless tries to find the matching API path by removing the first part of the path and 
+    	// repeating the process max. 5 times. 
+    	
+    	boolean cachePath = false;
+    	// Perhaps the path has already looked up and matched to the specified path (e.g. /petstore/v3/store/order/78787 --> /store/order/{orderId} 
+    	if(exposurePath2SpecifiedPathMap.containsKey(path)) {
+    		// In that case perform the validation based on the cached path
+    		validationReport = validateRequest(payload, verb, exposurePath2SpecifiedPathMap.get(path), queryParams, headers);
+    	} else {
+    		// Otherwise try to find the belonging specified path
+	    	for(int i=0; i<5;i++) {
+	    		validationReport = validateRequest(payload, verb, path, queryParams, headers);
+	    		if(validationReport.hasErrors()) {
+	    			if(validationReport.getMessages().toString().contains("No API path found that matches request")) {
+	    				// Only cache the path, if a direct hit fails 
+	    				cachePath = true;
+	    				// Remove the first path (e.g. /petstore) from the path repeat the process
+	    				path = path.substring(path.indexOf("/", 1), path.length());
+	    			} else {
+	    				break;
+	    			}
+	    		} else {
+	    			break;
+	    		}
+	    	}
+			if(cachePath) {
+				exposurePath2SpecifiedPathMap.put(originalPath, path);
+			}
+    	}
+    	
     	if (validationReport.hasErrors()) {
     		return false;
     	} else {
@@ -192,4 +231,24 @@ public int getPayloadLogMaxLength() {
 	public void setPayloadLogMaxLength(int payloadLogMaxLength) {
 		this.payloadLogMaxLength = payloadLogMaxLength;
 	}
+	
+	static class MaxSizeHashMap<K, V> extends LinkedHashMap<K, V> {
+
+		private static final long serialVersionUID = 1L;
+
+		private int maxSize; 
+
+		@Override
+		protected boolean removeEldestEntry(Entry<K, V> eldest) {
+			return size() > maxSize;
+		}
+
+		public void setMaxSize(int maxSize) {
+			this.maxSize = maxSize;
+		}
+	}
+
+	public MaxSizeHashMap<String, String> getExposurePath2SpecifiedPathMap() {
+		return exposurePath2SpecifiedPathMap;
+	}
 }
diff --git a/src/test/java/com/axway/apim/openapi/validator/TestOpenAPIValidator.java b/src/test/java/com/axway/apim/openapi/validator/TestOpenAPIValidator.java
@@ -87,17 +87,43 @@ public void validGetRequestPetsByStatusPetstoreSwagger20() throws IOException
     }
     
     @Test
-    public void validDeleteRequestOrderBasedOnId() throws IOException
+    public void validRequestWithFullPathAndPathParameter() throws IOException
     {
     	String swagger = Files.readFile(this.getClass().getClassLoader().getResourceAsStream(TEST_PACKAGE + "PetstoreSwagger2.0.json"));
     	OpenAPIValidator validator = OpenAPIValidator.getInstance(swagger);
     	
-    	String path = "/store/order/1234";
+    	validator.getExposurePath2SpecifiedPathMap().setMaxSize(2);
+    	
+    	String path = "/api/petstore/v3/store/order/1234";
     	String verb = "DELETE";
     	HeaderSet headers = new HeaderSet();
     	headers.addHeader("Content-Type", "application/json");
     	
     	Assert.assertTrue(validator.isValidRequest(null, verb, path, null, headers), "Request should be valid!");
+    	// Run it a second time, which should use the cached path
+    	Assert.assertTrue(validator.isValidRequest(null, verb, path, null, headers), "Request should be valid!");
+    	
+    	path = "/api/petstore/v3/store/order/5345";
+    	Assert.assertTrue(validator.isValidRequest(null, verb, path, null, headers), "Request should be valid!");
+    	
+    	path = "/api/petstore/v3/store/order/434312";
+    	Assert.assertTrue(validator.isValidRequest(null, verb, path, null, headers), "Request should be valid!");
+    	
+    	Assert.assertEquals(validator.getExposurePath2SpecifiedPathMap().size(), 2, "Cached paths should be two as the size is limited");
+    }
+    
+    @Test
+    public void invalidRequestWithFullPathAndPathParameter() throws IOException
+    {
+    	String swagger = Files.readFile(this.getClass().getClassLoader().getResourceAsStream(TEST_PACKAGE + "PetstoreSwagger2.0.json"));
+    	OpenAPIValidator validator = OpenAPIValidator.getInstance(swagger);
+    	
+    	String path = "/api/petstore/v3/store/order/invalidPatameter";
+    	String verb = "DELETE";
+    	HeaderSet headers = new HeaderSet();
+    	headers.addHeader("Content-Type", "application/json");
+    	
+    	Assert.assertFalse(validator.isValidRequest(null, verb, path, null, headers));
     }
     
     @Test
