feat: update receiver regex validation #430
Conversation
🦋 Changeset detectedLatest commit: a4b56ec The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
✅ Deploy Preview for openpayments-preview canceled.
|
Note: I purposefully did not add a changeset. This only changes the schema (and a test). Can just use the fetch-schemas script in rafiki to get these changes. |
| @@ -42,10 +42,11 @@ components: | |||
| type: string | |||
| description: The URL of the incoming payment or ILP STREAM connection that is being paid. | |||
| format: uri | |||
| pattern: '^https://(.+)/(incoming-payments|connections)/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$' | |||
| pattern: '^(https|http)://(.+)/incoming-payments/(.+)$' | |||
There was a problem hiding this comment.
As for the id change:
-
figured it was correct to loosen it to any sort of id (not necessarily uuid) after discussing with Max. Thinking was that while we use uuid's in rafiki this is really a detail which might vary from implementation to implementation and it shouldn't (I think) matter what sort of id scheme the api implementation uses. More opinions welcome.
-
I changed it to match anything but perhaps chars/numbers only would be better? I just wasn't sure about forbidding the use of query variables and such. While we don't support anything like this I don't know that we should have an opinion against it:
incoming-payments/123?something=1
There was a problem hiding this comment.
I think matching anything is fine in this case
BlairCurrey
requested review from
mkurapov,
sabineschaller,
njlie and
JoblersTune
Looks like I was wrong about this and do need to version bump @mkurapov do you happen to know off the top of your head why we pass in a spec but also refer to a different internal one like this? It just seems like we would either do one or the other. |
|
@BlairCurrey re:
What do you mean by pass in a spec here? |
| test.each` | ||
| body | message | description | ||
| ${{ receiver: 'ht999tp://something.com/incoming-payments' }} | ${'body.receiver must match pattern "^(https|http):..(.+).incoming-payments.(.+)$"'} | ${'invalid receiver, unknown protocol'} | ||
| ${{ receiver: 'http://something.com/incoming-payments' }} | ${'body.receiver must match pattern "^(https|http):..(.+).incoming-payments.(.+)$"'} | ${'invalid receiver, missing incoming payment id'} | ||
| ${{ receiver: 'http://something.com/connections/c3a0d182-b221-4612-a500-07ad106b5f5d' }} | ${'body.receiver must match pattern "^(https|http):..(.+).incoming-payments.(.+)$"'} | ${'invalid receiver, wrong path'} |
There was a problem hiding this comment.
maybe it would be good to have one happy path case
There was a problem hiding this comment.
... In a separate test block, so that we can just hardcode the 'body.receiver must match pattern "^(https|http):..(.+).incoming-payments.(.+)$"' error message in the result without needing it in the test.each part
There was a problem hiding this comment.
I'll make some happy-path tests in a new test group.
Im not necessarily against hardcoding the message here but just want to note that the test is for the quote resource in general and could be extended to validate different fields which would require parameterizing the message like this, like the existing tests do for /incoming-payments.
There was a problem hiding this comment.
removed message param and added happy path cases
| @@ -42,10 +42,11 @@ components: | |||
| type: string | |||
| description: The URL of the incoming payment or ILP STREAM connection that is being paid. | |||
| format: uri | |||
| pattern: '^https://(.+)/(incoming-payments|connections)/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$' | |||
| pattern: '^(https|http)://(.+)/incoming-payments/(.+)$' | |||
There was a problem hiding this comment.
I think matching anything is fine in this case
What I meant was passing in a spec when creating the client in rafiki, but after a more careful reading I see that is not whats happening. I guess what I was seeing was not a validation error from the client but from the backend route's validator middleware. Which makes sense. So I take back that concern - was just confusion on my end. |
Co-authored-by: Max Kurapov <[email protected]>
Changes proposed in this pull request
changes the receiver regex so that:
httpand any id (instead of just uuid)/connections/pathContext
I noticed when using the client in the local environment that a receiver with an
httpurl fails validation, which is necessary for local development. We are already using such a url, we're just not using the client for it (see the bruno/postmanCreate Quoterequest body). Widening that was the main goal and the other changes are more cleanup.fixes #429