Validate requests with Committee middleware

davidgisbey · davidgisbey · commit f1423de57cee · 2025-04-28T17:14:37.000+01:00
Committee provides schema validation for requests. When invalid it returns a 400 with an error message outlining the issue with the request body. Here's the example response shown in the Committee documentation: { "id":"invalid_response", "message":"Missing keys in response: archived_at, owner:email, owner:id" } There is an option to build your own validation errors https://github.com/interagent/committee?tab=readme-ov-file#validation-errors. This commit adds the Committee middleware to the API, and configures it to use the OpenAPI schema. It also adds a custom error class for request which simply strips the id from the JSON in the response body. It also adds a test to ensure that the middleware is working as expected for the POST feedback endpoint.
diff --git a/config/initializers/committee.rb b/config/initializers/committee.rb
@@ -1,4 +1,12 @@
 require "committee"
+require "api/request_validation_error"
+
+Rails.application.config.middleware.use Committee::Middleware::RequestValidation,
+                                        schema_path: "docs/api_openapi_specification.yml",
+                                        coerce_date_times: true,
+                                        prefix: "/api/v0",
+                                        strict_reference_validation: true,
+                                        error_class: Api::RequestValidationError
 
 Rails.application.config.middleware.use Committee::Middleware::ResponseValidation,
                                         schema_path: "docs/api_openapi_specification.yml",
diff --git a/lib/api/request_validation_error.rb b/lib/api/request_validation_error.rb
@@ -0,0 +1,7 @@
+module Api
+  class RequestValidationError < Committee::ValidationError
+    def error_body
+      GenericErrorBlueprint.render_as_hash(message:)
+    end
+  end
+end
diff --git a/spec/lib/api/request_validation_error_spec.rb b/spec/lib/api/request_validation_error_spec.rb
@@ -0,0 +1,12 @@
+RSpec.describe Api::RequestValidationError do
+  describe "#render" do
+    it "returns an array which uses the GenericErrorBlueprint for the error body" do
+      request = double
+      error_message = "Bad request"
+      generic_error_blueprint = GenericErrorBlueprint.render(message: error_message)
+
+      error = described_class.new(400, :bad_request, error_message, request)
+      expect(error.render).to eq([400, { "Content-Type" => "application/json" }, [generic_error_blueprint]])
+    end
+  end
+end
diff --git a/spec/requests/api/v0/conversations_spec.rb b/spec/requests/api/v0/conversations_spec.rb
@@ -50,6 +50,23 @@
         expect(JSON.parse(response.body)).to eq({ "message" => "Internal server error" })
       end
     end
+
+    context "when the request does not conform to the OpenAPI specification" do
+      it "returns a bad request status code" do
+        post api_v0_answer_feedback_path(conversation_id: conversation.id, answer_id: question.id),
+             params: { useful: "not a boolean" },
+             as: :json
+
+        expect(response).to have_http_status(:bad_request)
+      end
+
+      it "returns the correct JSON in the body" do
+        post api_v0_answer_feedback_path(conversation_id: conversation.id, answer_id: question.id),
+             params: { useful: "not a boolean" },
+             as: :json
+        expect(JSON.parse(response.body)).to match({ "message" => /useful expected boolean, but received String: "not a boolean"/ })
+      end
+    end
   end
 
   describe "GET :show" do
@@ -66,7 +83,7 @@
     end
 
     it "returns a 404 if the conversation cannot be found" do
-      get api_v0_show_conversation_path(-1)
+      get api_v0_show_conversation_path(SecureRandom.uuid)
 
       expect(response).to have_http_status(:not_found)
     end
@@ -77,12 +94,12 @@
       let!(:answer) { create(:answer, question:) }
 
       it "returns a success status" do
-        get api_v0_answer_question_path(conversation, question)
+        get api_v0_answer_question_path(conversation, question), as: :json
         expect(response).to have_http_status(:ok)
       end
 
       it "returns the expected JSON" do
-        get api_v0_answer_question_path(conversation, question)
+        get api_v0_answer_question_path(conversation, question), as: :json
 
         eager_loaded_answer = Answer.includes(:sources, :feedback).find(answer.id)
         expected_response = AnswerBlueprint.render_as_json(eager_loaded_answer)
@@ -92,7 +109,7 @@
       it "returns the correct JSON for answer sources" do
         source = create(:answer_source, answer:)
 
-        get api_v0_answer_question_path(conversation, question)
+        get api_v0_answer_question_path(conversation, question), as: :json
 
         expect(JSON.parse(response.body)["sources"])
           .to eq([{ url: source.url, title: "#{source.title}: #{source.heading}" }.as_json])
@@ -101,81 +118,61 @@
 
     context "when an answer has not been generated for the question" do
       it "returns an accepted status" do
-        get api_v0_answer_question_path(conversation, question)
+        get api_v0_answer_question_path(conversation, question), as: :json
         expect(response).to have_http_status(:accepted)
       end
 
       it "returns an empty JSON response" do
-        get api_v0_answer_question_path(conversation, question)
+        get api_v0_answer_question_path(conversation, question), as: :json
         expect(JSON.parse(response.body)).to eq({})
       end
     end
   end
 
   describe "POST :answer_feedback" do
-    context "when the params are valid" do
-      let!(:answer) { create(:answer, question:) }
+    let!(:answer) { create(:answer, question:) }
 
-      context "and the answer has no feedback" do
-        it "returns a created status" do
-          post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }
-          expect(response).to have_http_status(:created)
-        end
-
-        it "returns an empty JSON" do
-          post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }
-
-          expect(JSON.parse(response.body)).to eq({})
-        end
-
-        it "creates feedback for the answer" do
-          expect {
-            post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }
-          }.to change(AnswerFeedback, :count).by(1)
-
-          answer_feedback = AnswerFeedback.includes(:answer).last
-          expect(answer_feedback.answer).to eq(answer)
-          expect(answer_feedback.useful).to be true
-        end
+    context "when the answer has no feedback" do
+      it "returns a created status" do
+        post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }, as: :json
+        expect(response).to have_http_status(:created)
       end
 
-      context "and an answer already has feedback" do
-        before do
-          create(:answer_feedback, answer:)
-        end
+      it "returns an empty JSON" do
+        post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }, as: :json
 
-        it "returns an unprocessable_entity status" do
-          post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }, as: :json
-          expect(response).to have_http_status(:unprocessable_entity)
-        end
+        expect(JSON.parse(response.body)).to eq({})
+      end
 
-        it "returns the correct expected JSON" do
+      it "creates feedback for the answer" do
+        expect {
           post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }, as: :json
+        }.to change(AnswerFeedback, :count).by(1)
 
-          expect(JSON.parse(response.body))
-            .to eq({ "message" => "Unprocessable entity", "errors" => { "base" => ["Feedback already provided for this answer"] } })
-        end
+        answer_feedback = AnswerFeedback.includes(:answer).last
+        expect(answer_feedback.answer).to eq(answer)
+        expect(answer_feedback.useful).to be true
       end
     end
 
-    context "when the params are invalid" do
-      it "returns an unprocessable_entity status" do
-        answer = create(:answer, question:)
+    context "when an answer already has feedback" do
+      before do
+        create(:answer_feedback, answer:)
+      end
 
-        post api_v0_answer_feedback_path(conversation, answer)
+      it "returns an unprocessable_entity status" do
+        post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }, as: :json
         expect(response).to have_http_status(:unprocessable_entity)
       end
 
       it "returns the correct expected JSON" do
-        answer = create(:answer, question:)
-
-        post api_v0_answer_feedback_path(conversation, answer)
+        post api_v0_answer_feedback_path(conversation, answer), params: { useful: true }, as: :json
 
         expect(JSON.parse(response.body))
           .to eq(
             {
               "message" => "Unprocessable entity",
-              "errors" => { "useful" => ["Useful must be true or false"] },
+              "errors" => { "base" => ["Feedback already provided for this answer"] },
             },
           )
       end
