Required HTTP headers set via huma.Param
are neither enforced nor validated
#495
Labels
question
Further information is requested
Summary
My goal is to version an API by setting a mandatory
API-Version
HTTP header which is required for each path the API offers. In order to do that, I set the header globally inconfig.Components
and reference it in a specific path. However, when doing that I'm still able to call the path without the header - and if it's set, it's not being validated.When setting the header during
huma.Register
in the input struct, the required HTTP header is enforced and validated.Is there a way to fix this behavior, i.e. specify a header globally, then reference it in a path and when calling the path without the header (or with a value which doesn't adhere to the defined schema) it results in
HTTP 422
?Details
I created a Go Playground which reproduces the problem I described above: https://go.dev/play/p/UbjH1SPPn_2
Notable steps in the repro case
Globally define a required header with schema information (for validation) which can be referenced in individual paths:
Reference the header in a path definition:
This step doesn't work. The referenced header is correctly documented in
![image](https://private-user-images.githubusercontent.com/7999058/345029789-5d01fb13-0cde-4d23-9aba-9a8e2e55c7ca.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE4MDE4NjgsIm5iZiI6MTcyMTgwMTU2OCwicGF0aCI6Ii83OTk5MDU4LzM0NTAyOTc4OS01ZDAxZmIxMy0wY2RlLTRkMjMtOWFiYS05YThlMmU1NWM3Y2EucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyNCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjRUMDYxMjQ4WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ZGM1MjlhNTYyY2ExMjFlZTZhYmJhZmIzYjU0YTUwZjYwMWU5MWQ0M2Y3MGUwY2FjYmY2NzBlNzE3YjUzYTc3MSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.2AwtE6mZSsKbkUQsuEPwk4dkMi3M5efmxKwqzaeBjNk)
/openapi
, however, it is not enforced, nor validated - as specified in the global definition of the header:Setting the header in the input struct during
huma.Register
works:OpenAPI 3.1 document
The text was updated successfully, but these errors were encountered: