wallarm/api-firewall

OpenAPI Base Path

kamermans opened this issue · 4 comments

kamermans commented

Hi, in OpenAPI 2 there was a top-level property called basePath which (if set) defined the base path before all API endpoints, like /api/v1. In OpenAPI 3 this was removed, but the Swagger OpenAPI 3.0 docs and the spec itself suggest putting the base path in the server URL like this:

servers:
- url: "https://api.my-service.com/api/v1"
- url: "https://staging-api.my-service.com/api/v1"

Without support for a base path, all of my API endpoints are rejected because they are missing the /api/v1 portion (my base path).

Four ways to solve this problem come to mind:

  1. Change all my endpoint paths to include the base path (this doesn't seem ideal since the docs suggest I use a base path in the server URL).
  2. Run my OpenAPI spec through a preprocessor that prepends the base path to each endpoint before you read it.
  3. You can infer the base path from the servers by capturing the path of the first server URL (if present). This is what the AWS API Gateway does.
  4. You can provide an environment variable / CLI argument to set the base path like APIFW_API_BASE_PATH.

I would be happy to contribute this enhancement but I don't see the source code anywhere. Also, you might want to clarify the license of this product.

d0znpp commented

Thanks, @kamermans
We are on it. The reply is coming soon ;)

d0znpp commented

Gotcha!

Can you please try what you want with APIFW_API_BASE_PATH with the variable called APIFW_SERVER_URL ?
It seems like the wrong name for what you are looking for ;)

  • 👍1
kamermans commented

Ah, I didn't realize I could put a common path in there, thanks, that fixed it!

kamermans commented

I've got another issue that I will try to put into a test case and create an issue for, but as a heads-up, it seems that if common path parameters are defined for the path, not on the method itself (see Common Parameters for All Methods of a Path ), the firewall knows that they are required, but doesn't realize they are present in the request (error: Apifw-Validation-Status: request-parameter:value is required but missing:request-parameter). If I move the parameters block into each method get, post, etc, everything is fine.