create single req, res, path, query schema so errors have correct path

svozza · svozza · commit 55f2f7305820 · 2026-02-17T13:47:58.000Z
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/event-handler/src/http/middleware/validation.ts b/packages/event-handler/src/http/middleware/validation.ts
@@ -48,67 +48,133 @@ async function validateRequestData<TReq extends ReqSchema>(
   typedReqCtx: TypedRequestContext<TReq, HandlerResponse>,
   reqSchemas: NonNullable<ValidationConfig<TReq, HandlerResponse>['req']>
 ): Promise<void> {
+  const schemaEntries: [string, StandardSchemaV1][] = [];
+  const dataEntries: [string, unknown][] = [];
+
   if (reqSchemas.body) {
     const bodyData = await extractBody(typedReqCtx.req);
-    typedReqCtx.valid.req.body = await validateRequest<TReq['body']>(
-      reqSchemas.body,
-      bodyData,
-      'body'
-    );
+    schemaEntries.push(['body', reqSchemas.body]);
+    dataEntries.push(['body', bodyData]);
   }
 
   if (reqSchemas.headers) {
     const headers = Object.fromEntries(typedReqCtx.req.headers.entries());
-    typedReqCtx.valid.req.headers = await validateRequest<TReq['headers']>(
-      reqSchemas.headers,
-      headers,
-      'headers'
-    );
+    schemaEntries.push(['headers', reqSchemas.headers]);
+    dataEntries.push(['headers', headers]);
   }
 
   if (reqSchemas.path) {
-    typedReqCtx.valid.req.path = await validateRequest<TReq['path']>(
-      reqSchemas.path,
-      typedReqCtx.params,
-      'path'
-    );
+    schemaEntries.push(['path', reqSchemas.path]);
+    dataEntries.push(['path', typedReqCtx.params]);
   }
 
   if (reqSchemas.query) {
     const query = Object.fromEntries(
       new URL(typedReqCtx.req.url).searchParams.entries()
     );
-    typedReqCtx.valid.req.query = await validateRequest<TReq['query']>(
-      reqSchemas.query,
-      query,
-      'query'
+    schemaEntries.push(['query', reqSchemas.query]);
+    dataEntries.push(['query', query]);
+  }
+
+  const stitchedSchema = createObjectSchema(schemaEntries);
+  const stitchedData = Object.fromEntries(dataEntries);
+
+  const result = await stitchedSchema['~standard'].validate(stitchedData);
+
+  if ('issues' in result) {
+    throw new RequestValidationError(
+      'Validation failed for request',
+      result.issues
     );
   }
+
+  const validated = result.value as Record<string, unknown>;
+  if (reqSchemas.body)
+    typedReqCtx.valid.req.body = validated.body as TReq['body'];
+  if (reqSchemas.headers)
+    typedReqCtx.valid.req.headers = validated.headers as TReq['headers'];
+  if (reqSchemas.path)
+    typedReqCtx.valid.req.path = validated.path as TReq['path'];
+  if (reqSchemas.query)
+    typedReqCtx.valid.req.query = validated.query as TReq['query'];
 }
 
 async function validateResponseData<TResBody extends HandlerResponse>(
   typedReqCtx: TypedRequestContext<ReqSchema, TResBody>,
   resSchemas: NonNullable<ValidationConfig<ReqSchema, TResBody>['res']>
 ): Promise<void> {
   const response = typedReqCtx.res;
+  const schemaEntries: [string, StandardSchemaV1][] = [];
+  const dataEntries: [string, unknown][] = [];
 
   if (resSchemas.body && response.body) {
     const bodyData = await extractBody(response);
-    typedReqCtx.valid.res.body = await validateResponse<TResBody>(
-      resSchemas.body,
-      bodyData,
-      'body'
-    );
+    schemaEntries.push(['body', resSchemas.body]);
+    dataEntries.push(['body', bodyData]);
   }
 
   if (resSchemas.headers) {
     const headers = Object.fromEntries(response.headers.entries());
-    typedReqCtx.valid.res.headers = await validateResponse(
-      resSchemas.headers,
-      headers,
-      'headers'
+    schemaEntries.push(['headers', resSchemas.headers]);
+    dataEntries.push(['headers', headers]);
+  }
+
+  const stitchedSchema = createObjectSchema(schemaEntries);
+  const stitchedData = Object.fromEntries(dataEntries);
+
+  const result = await stitchedSchema['~standard'].validate(stitchedData);
+
+  if ('issues' in result) {
+    throw new ResponseValidationError(
+      'Validation failed for response',
+      result.issues
     );
   }
+
+  const validated = result.value as Record<string, unknown>;
+  if (resSchemas.body) {
+    typedReqCtx.valid.res.body = validated.body as TResBody;
+  }
+  if (resSchemas.headers) {
+    typedReqCtx.valid.res.headers = validated.headers as Record<string, string>;
+  }
+}
+
+function createObjectSchema(
+  entries: [string, StandardSchemaV1][]
+): StandardSchemaV1 {
+  return {
+    '~standard': {
+      version: 1,
+      vendor: 'powertools',
+      validate: async (data): Promise<StandardSchemaV1.Result<unknown>> => {
+        const dataObj = data as Record<string, unknown>;
+        const validated: Record<string, unknown> = {};
+        const allIssues: StandardSchemaV1.Issue[] = [];
+
+        for (const [key, schema] of entries) {
+          const result = await schema['~standard'].validate(dataObj[key]);
+
+          for (const issue of result.issues ?? []) {
+            allIssues.push({
+              message: issue.message,
+              path: [key, ...(issue.path || [])],
+            });
+          }
+
+          if ('value' in result) {
+            validated[key] = result.value;
+          }
+        }
+
+        if (allIssues.length > 0) {
+          return { issues: allIssues };
+        }
+
+        return { value: validated };
+      },
+    },
+  };
 }
 
 async function extractBody(source: Request | Response): Promise<unknown> {
@@ -140,33 +206,3 @@ async function extractBody(source: Request | Response): Promise<unknown> {
 
   return await cloned.text();
 }
-
-async function validateRequest<T>(
-  schema: StandardSchemaV1,
-  data: unknown,
-  component: 'body' | 'headers' | 'path' | 'query'
-): Promise<T> {
-  const result = await schema['~standard'].validate(data);
-
-  if ('issues' in result) {
-    const message = `Validation failed for request ${component}`;
-    throw new RequestValidationError(message, result.issues);
-  }
-
-  return result.value as T;
-}
-
-async function validateResponse<T>(
-  schema: StandardSchemaV1,
-  data: unknown,
-  component: 'body' | 'headers'
-): Promise<T> {
-  const result = await schema['~standard'].validate(data);
-
-  if ('issues' in result) {
-    const message = `Validation failed for response ${component}`;
-    throw new ResponseValidationError(message, result.issues);
-  }
-
-  return result.value as T;
-}
diff --git a/packages/event-handler/tests/unit/http/middleware/validation.test.ts b/packages/event-handler/tests/unit/http/middleware/validation.test.ts
@@ -1,3 +1,4 @@
+import { setTimeout } from 'node:timers/promises';
 import context from '@aws-lambda-powertools/testing-utils/context';
 import { beforeEach, describe, expect, it } from 'vitest';
 import { z } from 'zod';
@@ -469,4 +470,131 @@ describe('Router Validation Integration', () => {
     expect(validatedResult.statusCode).toBe(422);
     expect(unvalidatedResult.statusCode).toBe(200);
   });
+
+  it('validates with async schema refinement', async () => {
+    // Prepare
+    const requestBodySchema = z.object({ email: z.string().email() }).refine(
+      async (data) => {
+        // Simulate async validation (e.g., checking if email exists)
+        await setTimeout(10);
+        return !data.email.includes('blocked');
+      },
+      { message: 'Email is blocked' }
+    );
+
+    app.post(
+      '/register',
+      (reqCtx) => {
+        const { email } = reqCtx.valid.req.body;
+        return { statusCode: 201, body: `Registered ${email}` };
+      },
+      {
+        validation: { req: { body: requestBodySchema } },
+      }
+    );
+
+    const validEvent = createTestEvent('/register', 'POST', {
+      'content-type': 'application/json',
+    });
+    validEvent.body = JSON.stringify({ email: 'user@example.com' });
+
+    const blockedEvent = createTestEvent('/register', 'POST', {
+      'content-type': 'application/json',
+    });
+    blockedEvent.body = JSON.stringify({ email: 'blocked@example.com' });
+
+    // Act
+    const validResult = await app.resolve(validEvent, context);
+    const blockedResult = await app.resolve(blockedEvent, context);
+
+    // Assess
+    expect(validResult.statusCode).toBe(201);
+    expect(validResult.body).toBe('Registered user@example.com');
+    expect(blockedResult.statusCode).toBe(422);
+  });
+
+  it('includes correct path in validation errors', async () => {
+    // Prepare
+    const bodySchema = z.object({ name: z.string() });
+    const querySchema = z.object({ page: z.string() });
+    const pathSchema = z.object({ id: z.string().uuid() });
+
+    app.post('/users/:id', () => ({ statusCode: 200 }), {
+      validation: {
+        req: { body: bodySchema, query: querySchema, path: pathSchema },
+      },
+    });
+
+    const event = createTestEvent('/users/invalid-id', 'POST', {
+      'content-type': 'application/json',
+    });
+    event.body = JSON.stringify({ invalid: 'field' });
+    event.queryStringParameters = { wrong: 'param' };
+    event.pathParameters = { id: 'invalid-id' };
+
+    // Act
+    const result = await app.resolve(event, context);
+
+    // Assess
+    expect(result.statusCode).toBe(422);
+    const body = JSON.parse(result.body);
+    expect(body.details?.issues).toBeDefined();
+
+    const paths = body.details.issues.map(
+      (issue: { path: unknown[] }) => issue.path
+    );
+    expect(paths.some((p: unknown[]) => p[0] === 'body')).toBe(true);
+    expect(paths.some((p: unknown[]) => p[0] === 'query')).toBe(true);
+    expect(paths.some((p: unknown[]) => p[0] === 'path')).toBe(true);
+  });
+
+  it('returns 422 when request body is null with object schema', async () => {
+    // Prepare
+    const requestBodySchema = z.object({ name: z.string() });
+
+    app.post('/users', () => ({ statusCode: 201 }), {
+      validation: { req: { body: requestBodySchema } },
+    });
+
+    const event = createTestEvent('/users', 'POST', {
+      'content-type': 'application/json',
+    });
+    event.body = 'null';
+
+    // Act
+    const result = await app.resolve(event, context);
+
+    // Assess
+    expect(result.statusCode).toBe(422);
+    const body = JSON.parse(result.body);
+    expect(body.error).toBe('RequestValidationError');
+  });
+
+  it('handles validation error with missing path in issue', async () => {
+    // Prepare
+    const customSchema = {
+      '~standard': {
+        version: 1,
+        vendor: 'custom',
+        validate: async () => ({
+          issues: [{ message: 'Error without path' }],
+        }),
+      },
+    } as const;
+
+    app.post('/test', () => ({ statusCode: 200 }), {
+      validation: { req: { body: customSchema } },
+    });
+
+    const event = createTestEvent('/test', 'POST', {
+      'content-type': 'application/json',
+    });
+    event.body = '{}';
+
+    // Act
+    const result = await app.resolve(event, context);
+
+    // Assess
+    expect(result.statusCode).toBe(422);
+  });
 });
