lua-oasvalidator offers a comprehensive API for validating HTTP requests in accordance with OpenAPI specifications. It encompasses various validation categories including Path, Body, Parameters, and Response.
The API functions return a an error_code of type integer and optionally string for having error messages in case of validation failure. A successful validation returns 0 as error code. The error message follows this JSON schema:
{
"errorCode": "INVALID_BODY",
"detail": {
"specRef": "#/paths/%2Fpet/put/requestBody/content/application%2Fjson/schema",
"code": "type",
"description": "The property type 'string' is not on the approved list: 'array'.",
"instance": "#/photoUrls",
"schema": "#/properties/photoUrls"
}
}errorCode: Corresponds to theValidationErrorenum value.detail: Provides aspecRefpointing to the exact location in the OpenAPI spec where the request failed. This is URI-encoded to handle special characters.- Additional fields in
detailoffer context-specific insights such as the type of error and relevant references.
- Additional fields in
Following table categorize various types of validation errors:
NONE = 0
INVALID_METHOD = -1
INVALID_ROUTE = -2
INVALID_PATH_PARAM = -3
INVALID_QUERY_PARAM = -4
INVALID_HEADER_PARAM = -5
INVALID_BODY = -6
INVALID_RSP = -7Designed with performance and optimization as priorities, lua-oasvalidator performs lazy deserialization and parsing of request components (path, query, header parameters, and body) only when all preceding validations pass.
Four overloaded methods are available to validate different combinations of request components (e.g., with/without body or headers) to accommodate various HTTP methods and use-cases.
The following API reference outlines each function and its sequence of validation checks.
- Constructor
- Validate Route
- Validate Body
- Validate Path Parameters
- Validate Query Parameters
- Validate Header Parameters
- Validate Request
- Validate Request (Overloaded)
- Validate Request (Overloaded)
- Validate Request (Overloaded)
Initializes an OASValidator object with the OpenAPI specification from the provided file path in Lua by invoking the GetValidators function and returns the validators.
local validators = oasvalidator.GetValidators(spec_path, method_map)spec_path: The file path to the OpenAPI specification inJSONformat as a Luastring.method_map: An optional table where each key is an HTTP method and the value is a table/list of methods that can be treated as the key method. This allows certain HTTP methods to be treated as others.
local oasvalidator = require("oasvalidator")
method_map = {
HEAD = { "GET" }, -- Treat `HEAD` requests as `GET` requests, if `HEAD` method is not defined for the path
OPTIONS= {"GET", "POST", "PUT", "DELETE", "HEAD", "PATCH"} -- `OPTIONS` will be treated as other methods, of they are not defined for the path
}
local validators = oasvalidator.GetValidators("/path/to/openapi/spec.json", method_map) -- method_map is optionalThe OAS specification can be provided as a file path or as a JSON string. If the method_map is provided, it allows certain HTTP methods to be treated as others. For instance, with the mapping HEAD = { "GET" }, a HEAD request can be validated as the GET request, if HEAD method is not defined for the path.
This function returns a new instance of validators. In case of throws Lua error.
Validates the HTTP method and path/route against the OpenAPI specification. In case of validation failure, an optional second return value provides error details.
- HTTP method
- Route
local result, error_msg = validators:ValidateRoute(method, http_path)method: The HTTP method (e.g., "GET", "POST") as a Luastring.http_path: The HTTP path (e.g., "/api/v1/resource") as a Luastring.
result: An integer indicating the result of the validation. A return value of0signifies successful validation, whereas other values indicate specific types of validation failures.error_msg: Optional second return value, a JSON-formattedstringcontaining details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2
local result, error_msg = validators:ValidateRoute("GET", "/api/v1/resource")
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringin case of a validation error.
Validates the JSON body of the HTTP request against the JSON schema defined in the OpenAPI specification for the specific route. In case of validation failure, an optional second return value provides error details.
- HTTP method
- Route
- Body schema
local result, error_msg = validators:ValidateBody(method, http_path, json_body)method: The HTTP method (e.g., "POST", "PUT") as a Luastring.http_path: The HTTP path (e.g., "/api/v1/resource") as a Luastring.json_body: The JSON body of the HTTP request as a Luastring.
result: An integer indicating the result of the validation. A return value of0signifies successful validation, while other values indicate specific types of validation failures.error_msg: Optional second return value, a JSON-formattedstringcontaining details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2INVALID_BODY = -6
local result, error_msg = validators:ValidateBody("POST", "/api/v1/resource", "{\"key\": \"value\"}")
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringin case of a validation error.
Validates the path parameters of the HTTP request according to the OpenAPI specification. An optional second return value provides details if validation fails.
- HTTP method
- Route
- Path parameters (in the sequence provided in the OpenAPI spec)
local result, error_msg = validators:ValidatePathParam(method, http_path)method: The HTTP method (e.g., "GET", "DELETE") as a Luastring.http_path: The HTTP path with parameters (e.g., "/api/v1/resource/{id}") as a Luastring.
result: An integer indicating the outcome of the validation. A return value of0signifies successful validation, while other values indicate different types of validation failures.error_msg: Optional second return value, a JSON-formattedstringwith details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2INVALID_PATH_PARAM = -3
local result, error_msg = validators:ValidatePathParam("GET", "/api/v1/resource/123")
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringif a validation error occurs.
Validates the query parameters of the HTTP request according to the OpenAPI specification. An optional second return value provides details if validation fails.
- HTTP method
- Route
- Query parameters (in the sequence provided in the OpenAPI spec)
local result, error_msg = validators:ValidateQueryParam(method, http_path)method: The HTTP method (e.g., "GET", "DELETE") as a Luastring.http_path: The HTTP path including query parameters (e.g., "/api/v1/resource?name=value") as a Luastring.
result: An integer indicating the outcome of the validation. A return value of0signifies successful validation, whereas other values indicate different types of validation failures.error_msg: Optional second return value, a JSON-formattedstringcontaining details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2INVALID_QUERY_PARAM = -3
local result, error_msg = validators:ValidateQueryParam("GET", "/api/v1/resource?name=value")
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringin case of a validation error.
Validates the header parameters of the HTTP request according to the OpenAPI specification. An optional second return value provides details if validation fails.
- HTTP method
- Route
- Header parameters
local result, error_msg = validators:ValidateHeaders(method, http_path, headers)method: The HTTP method (e.g., "GET", "POST") as a Luastring.http_path: The HTTP path (e.g., "/api/v1/resource") as a Luastring.headers: The HTTP headers as a Lua table of key/value pairs.
result: An integer indicating the outcome of the validation. A return value of0signifies successful validation, whereas other values indicate different types of validation failures.error_msg: Optional second return value, a JSON-formattedstringcontaining details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2INVALID_HEADER_PARAM = -3
local headers = {["Authorization"] = "Bearer token"}
local result, error_msg = validators:ValidateHeaders("GET", "/api/v1/resource", headers)
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringin case of a validation error.
Validates the entire HTTP request including method, route, path params, and/or query params according to the OpenAPI specification. An optional second return value provides details if validation fails.
- HTTP method
- Route
- Path parameters (if specified in specs, in the sequence provided in OpenAPI spec)
- Query parameters (if specified in specs, in the sequence provided in OpenAPI spec)
local result, error_msg = validators:ValidateRequest(method, http_path)method: The HTTP method (e.g., "POST", "PUT") as a Luastring.http_path: The HTTP path (e.g., "/api/v1/resource") as a Luastring.
result: An integer indicating the outcome of the validation. A return value of0signifies successful validation, whereas other values indicate different types of validation failures.error_msg: Optional second return value, a JSON-formattedstringcontaining details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2INVALID_PATH_PARAM = -3INVALID_QUERY_PARAM = -4
local result, error_msg = validators:ValidateRequest("POST", "/api/v1/resource")
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringin case of a validation error.
Validates the entire HTTP request including method, route, JSON body, path parameters, and query parameters (if specified in specs) according to the OpenAPI specification. An optional second return value provides details if validation fails.
- HTTP method
- Route
- JSON body schema
- Path parameters (if specified in specs, in the sequence provided in OpenAPI spec)
- Query parameters (if specified in specs, in the sequence provided in OpenAPI spec)
local result, error_msg = validators:ValidateRequest(method, http_path, json_body)method: The HTTP method (e.g., "POST", "PUT") as a Luastring.http_path: The HTTP path (e.g., "/api/v1/resource") as a Luastring.json_body: The JSON body of the HTTP request as a Luastring.
result: An integer indicating the outcome of the validation. A return value of0signifies successful validation, whereas other values indicate different types of validation failures.error_msg: Optional second return value, a JSON-formattedstringcontaining details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2INVALID_BODY = -3INVALID_PATH_PARAM = -4INVALID_QUERY_PARAM = -5
local result, error_msg = validators:ValidateRequest("POST", "/api/v1/resource", "{\"key\": \"value\"}")
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringin case of a validation error.
Validates the entire HTTP request including method, route, path parameters, query parameters, and headers according to the OpenAPI specification. An optional second return value provides details if validation fails.
- HTTP method
- Route
- Path parameters (if specified in specs, in the sequence provided in OpenAPI spec)
- Query parameters (if specified in specs, in the sequence provided in OpenAPI spec)
- Header parameters
local result, error_msg = validators:ValidateRequestWithHeaders(method, http_path, headers)method: The HTTP method (e.g., "GET", "DELETE") as a Luastring.http_path: The HTTP path (e.g., "/api/v1/resource") as a Luastring.headers: The HTTP headers as a Lua table where each key-value pair represents a header.
result: An integer indicating the outcome of the validation. A return value of0signifies successful validation, whereas other values indicate different types of validation failures.error_msg: Optional second return value, a JSON-formattedstringcontaining details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2INVALID_PATH_PARAM = -3INVALID_QUERY_PARAM = -4INVALID_HEADER_PARAM = -5
local headers = {["Authorization"] = "Bearer token"}
local result, error_msg = validators:ValidateRequestWithHeaders("GET", "/api/v1/resource", headers)
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringin case of a validation error.
Validates the entire HTTP request including method, route, JSON body, path parameters, query parameters, and headers against the OpenAPI specification. Sets error_msg with a descriptive error message if validation fails.
- HTTP method
- Route
- Body schema
- Path parameters (if specified in specs, in the sequence of provided in OpenAPI spec)
- Query parameters (if specified in specs, in the sequence of provided in OpenAPI spec)
- Header parameters
local result, error_msg = validators:ValidateRequest(method, http_path, json_body, headers)method: The HTTP method (e.g., "POST", "PUT") as a Luastring.http_path: The HTTP path (e.g., "/api/v1/resource") as a Luastring.json_body: The JSON body of the HTTP request as a Luastring.headers: The HTTP headers as a table of key-value pairs ({["Header-Name"] = "Header-Value", ...}).
result: An integer indicating the outcome of the validation. A return value of0signifies successful validation, whereas other values indicate different types of validation failures.error_msg: Optional second return value, a JSON-formattedstringcontaining details of the validation error.
NONE = 0INVALID_METHOD = -1INVALID_ROUTE = -2INVALID_BODY = -3INVALID_PATH_PARAM = -4INVALID_QUERY_PARAM = -5INVALID_HEADER_PARAM = -6
local headers = {["Authorization"] = "Bearer token"}
local result, error_msg = validators:ValidateRequest("POST", "/api/v1/resource", "{\"key\": \"value\"}", headers)
if result ~= 0 then
print("Validation failed: " .. error_msg)
end- The
error_msgwill be a JSON-formattedstringin case of a validation error.