feat(validation): proxy-side OpenAPI request validation#11
Open
spiohq wants to merge 13 commits into
Open
Conversation
added 13 commits
May 5, 2026 09:58
Adds a standalone AUP compliance reference structured like DPP_COMPLIANCE.md, covering all AUP §§1-5 with Smart Proxy enforcement details, operator obligations, audit checklist, and code verification table. Adds cross-links from DPP_COMPLIANCE.md §7 and the README documentation table.
ThrottleFactor > 1.0 is already enforced by Validate() at startup, so the checklist entry no longer implies it is operator-verifiable config. Verification table: TestDefaults_ThrottleFactor -> TestLoad_Defaults.
Adds NewMiddleware and AtomicRouter to the validation package, plus a fix to humanMessage in errors.go so parameter names are preserved in error output (use reqErr.Error() instead of reqErr.Err.Error()).
Add VALIDATION.md reference doc, update README with feature section, configuration table, header tables, architecture diagram, and docs index. Update SECURITY.md with bypass-header trust guidance and scope update.
- Add TestMiddleware_SkipHeader_NonTrueValues_StillValidates to verify
that only the exact string "true" bypasses validation; case variants
("True", "TRUE", "1", "yes", "on") still go through the validator
- Add test/e2e/validation_test.go with 7 E2E tests covering the full
proxy stack: invalid request, valid request, skip-header bypass,
skip-header non-true-values, unknown path passthrough, error envelope
shape, and nil-router (disabled) passthrough
- Wire WithValidationRouter option into e2e NewTestEnv so validation
middleware can be enabled without a real spec download in tests
- Add SP_PROXY_VALIDATION_*, SP_PROXY_PROMETHEUS_*, and
SP_PROXY_RDT_AUTO_MINT sections to deploy/example.env with
documentation; these vars were implemented but undocumented
ValidateRequest from kin-openapi reads r.Body to completion, leaving it empty for the reverse proxy. This caused `unexpected end of stream` errors on the upstream side for any request with a body (POST/PUT/PATCH). Fix: read body into a buffer before validation and replace r.Body with a fresh reader both before and after the call so downstream handlers always see the original bytes. Also fix setupValidation in main.go to auto-create a temp dir when SP_PROXY_VALIDATION_SPECS_DIR is unset instead of refusing to start; matches the documented behaviour in example.env. Add TestMiddleware_BodyRestoredAfterValidation (unit) and TestE2E_Validation_RequestBodyForwardedToUpstream (e2e) as regression tests for the body-drain bug.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds request validation against the official SP-API OpenAPI specs before forwarding to upstream. Invalid requests (missing required parameters, wrong types, malformed bodies) are rejected at the proxy with a precise 400 error instead of wasting a round-trip and a rate-limit token.
How it works
amzn/selling-partner-api-models(nogitbinary required, pure Go stdlib)X-SP-Proxy-Validation: rejectedresponse headerSP_PROXY_VALIDATION_ENABLED=falseby default) and can be bypassed per-request withX-SP-Proxy-Skip-Validation: trueNew config
SP_PROXY_VALIDATION_ENABLEDfalseSP_PROXY_VALIDATION_SPECS_URLSP_PROXY_VALIDATION_SPECS_DIRSP_PROXY_VALIDATION_REFRESH_INTERVAL24hError format
Errors are returned in the standard SP-API envelope so clients see no structural difference, just a more useful message:
{ "errors": [ { "code": "InvalidInput", "message": "missing required query parameter: marketplaceIds", "details": "validated by proxy against SP-API OpenAPI spec" } ] }New dependency
github.com/getkin/kin-openapi for OpenAPI 3.0 spec parsing and request validation.