Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Colon in OpenAPI path are mistaken as parameters

See original GitHub issue

Describe the bug

I’m working on some APIs that follow the format of /accounts:lookUp for example. Right now, EOV treats it the same as /accounts{lookUp} instead of the literal colon followed by some more words.

BTW, I’m happy to help fixing this.

To Reproduce

  1. Load an API specification that has /accounts:lookUp > get as one of the methods. (See example below.)
  2. Optionally also set operationHandlers.
  3. Send an HTTP request to GET /accounts:bogus.

Actual behavior

EOV populates the metadata of /accounts:lookUp to the bogus request as well, with pathParams set to {lookUp: "bogus"} (as if lookUp were a parameter).

If operationHandlers is used, the handler for the lookUp operation is also called for the bogus request. (This is even more problematic if there are multiple operations like /accounts:lookUp, /accounts:signIn since one can shadow the others depending on ordering.)

Expected behavior

As far as I can tell, colons do not have special meanings in OpenAPI v2 / v3 spec, and EOV should just treat it as a literal colon. (This means the implementation should probably escape : to (:) before passing it to express / pathToRegexp. And then {pathParam} replacements can follow.)

EDIT: Escaping : to \\: won’t work in Express 4 (which depends on very old path-to-regexp), but (:) works (which is an unnamed capture that matches only the : character).

Examples and context

paths:
  "/accounts:lookUp":
    get:
       # ...

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:7 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
yuchenshicommented, Aug 14, 2020

@cdimascio I believe : is a valid URL character in the path part of an HTTP(S) URL. To quote RFC3986:

      path-absolute = "/" [ segment-nz *( "/" segment ) ]
      segment       = *pchar
      segment-nz    = 1*pchar
      pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"

The last line above explictly allows : in pchar. In practice, there also exists many URLs like https://en.wikipedia.org/wiki/Template:Welcome and APIs like Google Identity Platform accounts:signInWithPassword that make use of colons in paths. I ran into this when I was trying to work with an existing API like the latter.

See also: https://stackoverflow.com/a/43283492

0reactions
siimsonicommented, Oct 13, 2020

Hi all,

It appears I’m having the same problem with conversion of OpenAPI routes to Express routes.

Example:

  • OpenAPI route “/{param1}:{param2}”
  • Converted to Express route: “/:param1::param2” (causes exception: “Missing parameter name at X”)

Edit:

This seems to (sort-of) fix it, at least as far as avoiding the crash goes, but admittedly I haven’t tested this too much yet: https://github.com/siimsoni/express-openapi-validator/commit/ace87f66786c86875c44894b0e18276779adb8fe

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to escape colons and other special characters in a YAML ...
Swagger editor interprets the colon ( : ) as a special character, despite the quotation marks. According to the accepted answer to this...
Read more >
Paths and Operations - Swagger
The API client needs to provide appropriate parameter values when making an API call, such as /users/5 or /users/12 . Operations. For each...
Read more >
Command-line Interface — Dredd latest documentation
Arguments . api-description-document . URL or path to the API description document (API Blueprint, OpenAPI 2). Sample values: ./api-blueprint.apib , .
Read more >
REST API Best Practices for Parameter and Query String Usage
Path parameters are not optional and are part of the endpoint itself. ... separate path arguments, while some API doc styles use a...
Read more >
Common Mistakes Developers Make In Their RAML Files
Do you see the missing colon at the end of application/json ? It is what changes the meaning of the whole definition because...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Broken ref when using different file for request & response

Next page

Support for Status Code and Header validation in response.