API网关允许无效日期。

huangapple go评论82阅读模式
英文:

Why API Gateway allows invalid dates

问题

在AWS API Gateway中,我有一个模型如下:

{
  "required": ["validUntil"],
  "type": "object",
  "properties": {
    "validUntil": {
      "$ref": "https://apigateway.amazonaws.com/restapis/xxxyyyzzz/models/Timestamp"
    },
    "deadline": {
      "$ref": "https://apigateway.amazonaws.com/restapis/xxxyyyzzz/models/Date"
    }
  }
}

当我发送一个包含无效时间戳的请求,例如 2023-12-32T00:00:00+00:00,即12月32日时,我会得到以下错误:

Gateway response body: {"errorCode":"BAD_REQUEST_BODY","message":"Invalid request body","description":"[format attribute \"date\" not supported, string \"2023-12-32T00:00:00+00:00\" is invalid against requested date format(s) [yyyy-MM-dd'T'HH:mm:ssZ, yyyy-MM-dd'T'HH:mm:ss.SSSZ]]"}

这正常运行。但是...当我将 2023-12-32 作为使用 Date 模型的 deadline 传递时,请求是有效的:

Request validation succeeded for content type application/json

为什么会这样?为什么API Gateway不触发错误?

以下是我的模型:

Date:

{
  "type": "string",
  "description": "Date in ISO 8601 format.",
  "format": "date"
}

Timestamp

{
  "type": "string",
  "description": "Timestamp as defined by ISO 8601 with time offset.",
  "format": "date-time"
}

JSON Schema 规范:https://json-schema.org/understanding-json-schema/reference/string.html#dates-and-times

英文:

In AWS API Gateway, I have a model like this:

{
  "required" : [ "validUntil" ],
  "type" : "object",
  "properties" : {
    "validUntil" : {
      "$ref":"https://apigateway.amazonaws.com/restapis/xxxyyyzzz/models/Timestamp"
    },
    "deadline" : {
      "$ref":"https://apigateway.amazonaws.com/restapis/xxxyyyzzz/models/Date"
    }
  }
}

When I pass a request with invalid timestamp, e.g. 2023-12-32T00:00:00+00:00, i.e. December the 32nd, I get error as expected:

Gateway response body: {"errorCode":"BAD_REQUEST_BODY","message":"Invalid request body","description":"[format attribute \"date\" not supported, string \"2023-12-32T00:00:00+00:00\" is invalid against requested date format(s) [yyyy-MM-dd'T'HH:mm:ssZ, yyyy-MM-dd'T'HH:mm:ss.SSSZ]]"}

That works fine.

Yet... when I pass 2023-12-32 as deadline which uses Date model then the request is valid:

Request validation succeeded for content type application/json

Why is that? Why API Gateway doesn't trigger error?

Here are my models:

Date:

{
  "type" : "string",
  "description" : "Date in ISO 8601 format.",
  "format" : "date"
}

Timestamp

{
  "type" : "string",
  "description" : "Timestamp as defined by ISO 8601 with time offset.",
  "format" : "date-time"
}

JSON Schema specification: https://json-schema.org/understanding-json-schema/reference/string.html#dates-and-times

答案1

得分: 1

JSON Schema规范中您提供的部分指出date类型是在草案7中新增的,而date-time类型已经存在较长时间。

API网关允许无效日期。

AWS API网关使用旧版本的JSON Schema规范,因此无法理解date类型。

英文:

The section of the JSON Schema spec which you linked to states that the date type is new in draft 7, whereas the date-time type has been around for a longer time.

API网关允许无效日期。

The AWS API gateway uses an old version of the JSON Schema spec, so it does not understand the date type.

答案2

得分: 0

从API Gateway文档(截止到2023年6月)中:

> 在API Gateway中,模型是使用JSON模式 draft 4 定义的。

链接到带有 date 格式的JSON模式规范来自 draft 7

因此,由于API Gateway使用较旧的规范,它不会验证 date 格式如预期那样。

英文:

From API Gateway documentation (in June 2023):
https://docs.aws.amazon.com/apigateway/latest/developerguide/models-mappings-models.html

> In API Gateway, models are defined using the JSON schema draft 4

Linked JSON Schema spec with date format is from draft 7

API网关允许无效日期。

Thus, as API Gateway is using older specification, it doesn't validate date format as assumed.

huangapple
  • 本文由 发表于 2023年6月26日 15:38:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/76554503.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定