• Stars
    star
    525
  • Rank 84,404 (Top 2 %)
  • Language
    PHP
  • License
    MIT License
  • Created about 5 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

It validates PSR-7 messages (HTTP request/response) against OpenAPI specifications

Latest Stable Version Build Status License contributions welcome

OpenAPI PSR-7 Message (HTTP Request/Response) Validator

This package can validate PSR-7 messages against OpenAPI (3.0.x) specifications expressed in YAML or JSON.

Installation

composer require league/openapi-psr7-validator

OpenAPI (OAS) Terms

There are some specific terms that are used in the package. These terms come from OpenAPI:

  • specification - an OpenAPI document describing an API, expressed in JSON or YAML file
  • data - actual thing that we validate against a specification, including body and metadata
  • schema - the part of the specification that describes the body of the request / response
  • keyword - properties that are used to describe the instance are called key words, or schema keywords
  • path - a relative path to an individual endpoint
  • operation - a method that we apply on the path (like get /password)
  • response - described response (includes status code, content types etc)

How To Validate

ServerRequest Message

You can validate \Psr\Http\Message\ServerRequestInterface instance like this:

$yamlFile = "api.yaml";
$jsonFile = "api.json";

$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromYamlFile($yamlFile)->getServerRequestValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromYaml(file_get_contents($yamlFile))->getServerRequestValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromJson(file_get_contents($jsonFile))->getServerRequestValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromJsonFile($jsonFile)->getServerRequestValidator();
#or
$schema = new \cebe\openapi\spec\OpenApi(); // generate schema object by hand
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromSchema($schema)->getServerRequestValidator();

$match = $validator->validate($request);

As a result you would get and OperationAddress $match which has matched the given request. If you already know the operation which should match your request (i.e you have routing in your project), you can use RouterRequestValidator

$address = new \League\OpenAPIValidation\PSR7\OperationAddress('/some/operation', 'post');

$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromSchema($schema)->getRoutedRequestValidator();

$validator->validate($address, $request);

This would simplify validation a lot and give you more performance.

Request Message

You can validate \Psr\Http\Message\RequestInterface instance like this:

$yamlFile = "api.yaml";
$jsonFile = "api.json";

$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromYamlFile($yamlFile)->getRequestValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromYaml(file_get_contents($yamlFile))->getRequestValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromJson(file_get_contents($jsonFile))->getRequestValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromJsonFile($jsonFile)->getRequestValidator();
#or
$schema = new \cebe\openapi\spec\OpenApi(); // generate schema object by hand
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromSchema($schema)->getRequestValidator();

$match = $validator->validate($request);

Response Message

Validation of \Psr\Http\Message\ResponseInterface is a bit more complicated . Because you need not only YAML file and Response itself, but also you need to know which operation this response belongs to (in terms of OpenAPI).

Example:

$yamlFile = "api.yaml";
$jsonFile = "api.json";

$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromYamlFile($yamlFile)->getResponseValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromYaml(file_get_contents($yamlFile))->getResponseValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromJson(file_get_contents($jsonFile))->getResponseValidator();
#or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromJsonFile($jsonFile)->getResponseValidator();
#or
$schema = new \cebe\openapi\spec\OpenApi(); // generate schema object by hand
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromSchema($schema)->getResponseValidator();

$operation = new \League\OpenAPIValidation\PSR7\OperationAddress('/password/gen', 'get') ;

$validator->validate($operation, $response);

Reuse Schema After Validation

\League\OpenAPIValidation\PSR7\ValidatorBuilder reads and compiles schema in memory as instance of \cebe\openapi\spec\OpenApi. Validators use this instance to perform validation logic. You can reuse this instance after the validation like this:

$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromYamlFile($yamlFile)->getServerRequestValidator();
# or
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)->fromYamlFile($yamlFile)->getResponseValidator();

/** @var \cebe\openapi\spec\OpenApi */
$openApi = $validator->getSchema();

PSR-15 Middleware

PSR-15 middleware can be used like this:

$yamlFile = 'api.yaml';
$jsonFile = 'api.json';

$psr15Middleware = (new \League\OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)->fromYamlFile($yamlFile)->getValidationMiddleware();
#or
$psr15Middleware = (new \League\OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)->fromYaml(file_get_contents($yamlFile))->getValidationMiddleware();
#or
$psr15Middleware = (new \League\OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)->fromJsonFile($jsonFile)->getValidationMiddleware();
#or
$psr15Middleware = (new \League\OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)->fromJson(file_get_contents($jsonFile))->getValidationMiddleware();
#or
$schema = new \cebe\openapi\spec\OpenApi(); // generate schema object by hand
$validator = (new \League\OpenAPIValidation\PSR7\ValidationMiddlewareBuilder)->fromSchema($schema)->getValidationMiddleware();

SlimFramework Middleware

Slim framework uses slightly different middleware interface, so here is an adapter which you can use like this:

$yamlFile = 'api.yaml';
$jsonFile = 'api.json';

$psr15Middleware = (new \League\OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)->fromYamlFile($yamlFile)->getValidationMiddleware();
#or
$psr15Middleware = (new \League\OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)->fromYaml(file_get_contents($yamlFile))->getValidationMiddleware();
#or
$psr15Middleware = (new \League\OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)->fromJsonFile($jsonFile)->getValidationMiddleware();
#or
$psr15Middleware = (new \League\OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)->fromJson(file_get_contents($jsonFile))->getValidationMiddleware();
#or
$schema = new \cebe\openapi\spec\OpenApi(); // generate schema object by hand
$validator = (new \League\OpenAPIValidation\PSR7\ValidationMiddlewareBuilder)->fromSchema($schema)->getValidationMiddleware();

$slimMiddleware = new \League\OpenAPIValidation\PSR15\SlimAdapter($psr15Middleware);

/** @var \Slim\App $app */
$app->add($slimMiddleware);

Caching Layer / PSR-6 Support

PSR-7 Validator has a built-in caching layer (based on PSR-6 interfaces) which saves time on parsing OpenAPI specs. It is optional. You enable caching if you pass a configured Cache Pool Object to the static constructor like this:

// Configure a PSR-6 Cache Pool
$cachePool = new ArrayCachePool();

// Pass it as a 2nd argument
$validator = (new \League\OpenAPIValidation\PSR7\ValidatorBuilder)
    ->fromYamlFile($yamlFile)
    ->setCache($cachePool)
    ->getResponseValidator();
# or
$psr15Middleware = (new \OpenAPIValidation\PSR15\ValidationMiddlewareBuilder)
    ->fromYamlFile($yamlFile)
    ->setCache($cachePool)
    ->getValidationMiddleware();

You can use ->setCache($pool, $ttl) call for both PSR-7 and PSR-15 builder in order to set proper expiration ttl in seconds (or explicit null)

If you want take control over the cache key for schema item, or your cache does not support cache key generation by itself you can ->overrideCacheKey('my_custom_key') to ensure cache uses key you want.

Standalone OpenAPI Validator

The package contains a standalone validator which can validate any data against an OpenAPI schema like this:

$spec = <<<SPEC
schema:
  type: string
  enum:
  - a
  - b
SPEC;
$data = "c";

$spec   = cebe\openapi\Reader::readFromYaml($spec);
# (optional) reference resolving
$spec->resolveReferences(new ReferenceContext($spec, "/"));
$schema = new cebe\openapi\spec\Schema($spec->schema);

try {
    (new \League\OpenAPIValidation\Schema\SchemaValidator())->validate($data, $schema);
} catch(\League\OpenAPIValidation\Schema\Exception\KeywordMismatch $e) {
    // you can evaluate failure details
    // $e->keyword() == "enum"
    // $e->data() == "c"
    // $e->dataBreadCrumb()->buildChain() -- only for nested data
}

Custom Type Formats

As you know, OpenAPI allows you to add formats to types:

schema:
  type: string
  format: binary

This package contains a bunch of built-in format validators:

  • string type:
    • byte
    • date
    • date-time
    • email
    • hostname
    • ipv4
    • ipv6
    • uri
    • uuid (uuid4)
  • number type
    • float
    • double

You can also add your own formats. Like this:

# A format validator must be a callable
# It must return bool value (true if format matched the data, false otherwise)

# A callable class:
$customFormat = new class()
{
    function __invoke($value): bool
    {
        return $value === "good value";
    }
};

# Or just a closure:
$customFormat = function ($value): bool {
    return $value === "good value";
};

# Register your callable like this before validating your data
\League\OpenAPIValidation\Schema\TypeFormats\FormatsContainer::registerFormat('string', 'custom', $customFormat);

Exceptions

The package throws a list of various exceptions which you can catch and handle. There are some of them:

  • Schema related:
    • \League\OpenAPIValidation\Schema\Exception\KeywordMismatch - Indicates that data was not matched against a schema's keyword
      • \League\OpenAPIValidation\Schema\Exception\TypeMismatch - Validation for type keyword failed against a given data. For example type:string and value is 12
      • \League\OpenAPIValidation\Schema\Exception\FormatMismatch - data mismatched a given type format. For example type: string, format: email won't match not-email.
  • PSR7 Messages related:
    • \League\OpenAPIValidation\PSR7\Exception\NoContentType - HTTP message(request/response) contains no Content-Type header. General HTTP errors.
    • \League\OpenAPIValidation\PSR7\Exception\NoPath - path is not found in the spec
    • \League\OpenAPIValidation\PSR7\Exception\NoOperation - operation os not found in the path
    • \League\OpenAPIValidation\PSR7\Exception\NoResponseCode - response code not found under the operation in the spec
    • Validation exceptions (check parent exception for possible root causes):
      • \League\OpenAPIValidation\PSR7\Exception\ValidationFailed - generic exception for failed PSR-7 message
      • \League\OpenAPIValidation\PSR7\Exception\Validation\InvalidBody - body does not match schema
      • \League\OpenAPIValidation\PSR7\Exception\Validation\InvalidCookies - cookies does not match schema or missing required cookie
      • \League\OpenAPIValidation\PSR7\Exception\Validation\InvalidHeaders - header does not match schema or missing required header
      • \League\OpenAPIValidation\PSR7\Exception\Validation\InvalidPath - path does not match pattern or pattern values does not match schema
      • \League\OpenAPIValidation\PSR7\Exception\Validation\InvalidQueryArgs - query args does not match schema or missing required argument
      • \League\OpenAPIValidation\PSR7\Exception\Validation\InvalidSecurity - request does not match security schema or invalid security headers
    • Request related:
      • \League\OpenAPIValidation\PSR7\Exception\MultipleOperationsMismatchForRequest - request matched multiple operations in the spec, but validation failed for all of them.

Testing

You can run the tests with:

vendor/bin/phpunit

Contribution Guide

Feel free to open an Issue or add a Pull request. There is a certain code style that this package follows: doctrine/coding-standard.

To conform to this style please use a git hook, shipped with this package at .githooks/pre-commit.

How to use it:

  1. Clone the package locally and navigate to the folder
  2. Create a symlink to the hook like this: ln -s -f ../../.githooks/pre-commit .git/hooks/pre-commit
  3. Add execution rights: chmod +x .git/hooks/pre-commit
  4. Now commit any new changes and the code will be checked and formatted accordingly.
  5. If there are any issues with your code, check the log here: .phpcs-report.txt

Credits

People:

Resources:

  • Icons made by Freepik, licensed by CC 3.0 BY
  • cebe/php-openapi package for Reading OpenAPI files
  • slim3-psr15 package for Slim middleware adapter

License

The MIT License (MIT). Please see License.md file for more information.

TODO

  • Support Discriminator Object (note: apparently, this is not so straightforward, as discriminator can point to any external scheme)

More Repositories

1

flysystem

Abstraction for local and remote filesystems
PHP
13,354
star
2

oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server
PHP
6,362
star
3

omnipay

A framework agnostic, multi-gateway payment processing library for PHP 5.6+
PHP
5,813
star
4

fractal

Output complex, flexible, AJAX/RESTful data structures.
PHP
3,524
star
5

oauth2-client

Easy integration with OAuth 2.0 service providers.
PHP
3,508
star
6

csv

CSV data manipulation made easy in PHP
PHP
3,337
star
7

commonmark

Highly-extensible PHP Markdown parser which fully supports the CommonMark and GFM specs.
PHP
2,738
star
8

glide

Wonderfully easy on-demand image manipulation library with an HTTP based API.
PHP
2,550
star
9

climate

PHP's best friend for the terminal.
PHP
1,867
star
10

html-to-markdown

Convert HTML to Markdown with PHP
PHP
1,619
star
11

flysystem-aws-s3-v3

[READYONLY SUB-SPLIT]Flysystem Adapter for AWS SDK V3
PHP
1,557
star
12

skeleton

A skeleton repository for League Packages
PHP
1,525
star
13

event

Event package for your app and domain
PHP
1,519
star
14

plates

Native PHP template system
PHP
1,470
star
15

geotools

Geo-related tools PHP 7.3+ library built atop Geocoder and React libraries
PHP
1,366
star
16

color-extractor

Extract colors from an image like a human would do.
PHP
1,297
star
17

mime-type-detection

League Mime Type Detection
PHP
1,262
star
18

uri

[READ-ONLY] URI manipulation Library
PHP
1,032
star
19

pipeline

League\Pipeline
PHP
959
star
20

oauth1-client

OAuth 1 Client
PHP
936
star
21

tactician

A small, flexible command bus
PHP
858
star
22

container

Small but powerful dependency injection container
PHP
843
star
23

period

PHP's time range API
PHP
720
star
24

route

Fast PSR-7 based routing and dispatch component including PSR-15 middleware, built on top of FastRoute.
PHP
651
star
25

iso3166

A PHP library providing ISO 3166-1 data.
PHP
639
star
26

factory-muffin

Enables the rapid creation of objects for testing
PHP
533
star
27

config

Simple yet expressive schema-based configuration library for PHP apps
PHP
478
star
28

uri-interfaces

League URI Interfaces
PHP
459
star
29

shunt

[ABANDONED] PHP library for executing commands on multiple remote machines, via SSH
PHP
436
star
30

oauth2-google

Google Provider for the OAuth 2.0 Client
PHP
396
star
31

uri-parser

RFC3986/RFC3987 compliant URI parser
PHP
394
star
32

flysystem-bundle

Symfony bundle integrating Flysystem into Symfony applications
PHP
361
star
33

flysystem-cached-adapter

Flysystem Adapter Cache Decorator.
PHP
356
star
34

statsd

A library for working with StatsD
PHP
351
star
35

url

A simple PHP library to parse and manipulate URLs
PHP
347
star
36

booboo

A modern error handler capable of logging and formatting errors in a variety of ways.
PHP
338
star
37

omnipay-common

Core components for the Omnipay PHP payment processing library
PHP
330
star
38

monga

Simple and swift MongoDB abstraction.
PHP
328
star
39

flysystem-sftp

[READ-ONLY SUBSPLIT] Flysystem Adapter for SFTP
PHP
308
star
40

uri-components

[READ-ONLY] League URI components objects
PHP
307
star
41

omnipay-paypal

PayPal driver for the Omnipay PHP payment processing library
PHP
299
star
42

oauth2-facebook

Facebook Provider for the OAuth 2.0 Client
PHP
299
star
43

tactician-bundle

Bundle to integrate Tactician with Symfony projects
PHP
245
star
44

uri-schemes

Collection of URI Immutable Value Objects
PHP
216
star
45

uri-manipulations

Functions and Middleware to manipulate URI Objects
PHP
199
star
46

uri-hostname-parser

A lightweight hostname parser according to public suffix list ICANN section
PHP
197
star
47

omnipay-stripe

Stripe driver for the Omnipay PHP payment processing library
PHP
184
star
48

oauth2-server-bundle

Symfony bundle for the OAuth2 Server.
PHP
183
star
49

json-guard

Validation of json-schema.org compliant schemas.
PHP
175
star
50

flysystem-local

PHP
152
star
51

commonmark-ext-table

The table extension for CommonMark PHP implementation
PHP
128
star
52

glide-laravel

Glide adapter for Laravel
PHP
121
star
53

oauth2-github

GitHub Provider for the OAuth 2.0 Client
PHP
109
star
54

flysystem-ziparchive

Flysystem Adapter for ZipArchive's
PHP
101
star
55

omnipay-example

Example application for Omnipay PHP payments library
PHP
100
star
56

glide-symfony

Glide adapter for Symfony
PHP
96
star
57

oauth2-linkedin

LinkedIn Provider for the OAuth 2.0 Client
PHP
83
star
58

flysystem-memory

Flysystem Memory Adapter
PHP
75
star
59

tactician-container

Load Tactician handlers from any PSR-11/container-interop container
PHP
75
star
60

stack-attack

StackPHP Middleware based on Rack::Attack
PHP
74
star
61

flysystem-webdav

[READ ONLY] WebDAV adapter for Flysystem
PHP
70
star
62

flysystem-dropbox

Flysystem Adapter for Dropbox [ABANDONED] replacement: https://packagist.org/packages/spatie/flysystem-dropbox
PHP
67
star
63

stack-robots

StackPHP middleware providing robots.txt disallow for non-production environments
PHP
67
star
64

oauth2-instagram

Instagram Provider for the OAuth 2.0 Client
PHP
65
star
65

tactician-logger

Adds PSR-3 logging support to the Tactician Command Bus
PHP
62
star
66

omnipay-mollie

Mollie driver for the Omnipay PHP payment processing library
PHP
62
star
67

di

An Ultra-Fast Dependency Injection Container. DEPRECATED
PHP
58
star
68

tactician-doctrine

Tactician plugins for the Doctrine ORM, primarily transactions
PHP
57
star
69

omnipay-authorizenet

Authorize.Net driver for the Omnipay payment processing library
PHP
57
star
70

omnipay-sagepay

Sage Pay driver for the Omnipay PHP payment processing library
PHP
55
star
71

flysystem-azure-blob-storage

PHP
53
star
72

flysystem-aws-s3-v2

Flysystem Adapter for AWS SDK V2
PHP
50
star
73

DEPRECATED-squery

PHP wrapper for osquery
PHP
49
star
74

phpunit-coverage-listener

Report code coverage statistics to third-party services
PHP
48
star
75

thephpleague.github.io

The League of Extraordinary Packages website
SCSS
45
star
76

construct-finder

PHP code construct finder
PHP
42
star
77

factory-muffin-faker

A wrapper around faker for factory muffin
PHP
40
star
78

uri-query-parser

a parser and a builder to work with URI query string the right way in PHP
PHP
37
star
79

flysystem-rackspace

Flysystem Adapter for Rackspace
PHP
37
star
80

flysystem-azure

Flysystem adapter for the Windows Azure.
PHP
35
star
81

flysystem-sftp-v3

PHP
35
star
82

omnipay-braintree

Braintree Driver for Omnipay Gateway
PHP
34
star
83

json-reference

A library for working with JSON References.
PHP
33
star
84

uri-src

URI manipulation Library
PHP
29
star
85

commonmark-extras

Useful extensions for the league/commonmark parser
PHP
28
star
86

uploads

Receive, validate, and distribute uploaded files.
PHP
27
star
87

object-mapper

PHP
27
star
88

omnipay-dummy

Dummy driver for the Omnipay PHP payment processing library
PHP
26
star
89

flysystem-replicate-adapter

Flysystem Adapter Decorator for Replicating Filesystems.
PHP
24
star
90

omnipay-paymentexpress

PaymentExpress driver for the Omnipay PHP payment processing library
PHP
24
star
91

omnipay-worldpay

WorldPay driver for the Omnipay PHP payment processing library
PHP
23
star
92

flysystem-ftp

[SUB-SPLIT] Flysystem FTP Adapter
PHP
23
star
93

flysystem-async-aws-s3

PHP
22
star
94

omnipay-migs

MIGS driver for the Omnipay PHP payment processing library
PHP
21
star
95

omnipay-payfast

PayFast driver for the Omnipay PHP payment processing library
PHP
21
star
96

flysystem-google-cloud-storage

PHP
20
star
97

omnipay-firstdata

First Data driver for the Omnipay PHP payment processing library
PHP
20
star
98

omnipay-multisafepay

MultiSafepay driver for the Omnipay PHP payment processing library
PHP
19
star
99

flysystem-gridfs

GridFS Adapter for Flysystem
PHP
19
star
100

tactician-bernard

Tactician integration with the Bernard queueing library
PHP
19
star