Fork me on GitHub
#malli
<
2023-11-13
>
theequalizer7323:11:05

Hi folks, I’m using reitit.ring.coercion/coerce-request-middleware with malli, what can I do to avoid losing keys that are not defined in my schema. For example. If I send this parameters

{:parameters {:body {:username "my-username"
                     :email ""
                     :phone }}}
and my schema is something like
(def MySchema
  (malli.core/schema [:map [:username :string]
                           [:email :string]]))
map schemas are open by default, but I’m not able to get the :phone parameter in my handler once it goes through the coerce-request-middleware unless I explicitly define it. I would like to be able to get any key that is not explicitly defined in my schema. What should I do?

ambrosebs05:11:40

Are the extra keys dropped altogether, or just not being converted to keywords? Can you (get body "phone")?

ambrosebs05:11:52

Depending on the answer to that, you might want to try something like:

(def MySchema
  (malli.core/schema [:and [:map [:username :string]
                            [:email :string]]
                           [:map-of :keyword :any]]))

ikitommi05:11:21

@U055XFK8V nowadays, you can define the “extra keys” like Schema does:

(m/validate
 [:map
  [:x :int]
  [:y :int]
  [::m/default [:map-of :int :int]]]
 {:x 1, :y 2, 1 1, 2 2})
; => true

👏 1
ikitommi05:11:11

but, :map has also the :closed property: 1. [:map] - open by default (but reitit closes all maps for better web security) 2. [:map {:closed true}] - explicitly closed 3. [:map {:closed false}] - explicitly open … with reitit, I would: • if it’s just one schema, use the option 3 • if it’s all schemas, I would look for the malli coercion options, you can remove the “close by default” thing

1
theequalizer7318:11:27

@U055XFK8V the extra keys are dropped altogether.

theequalizer7318:11:18

Thanks @ikitommi will try those options.

theequalizer7322:11:31

@ikitommi Are there more details about these two options in https://github.com/metosin/reitit/blob/620d0c271175a4e11d91d922b26c8162660db3f9/doc/coercion/malli_coercion.md#configuring-coercion?

;; add/set default values
:default-values true
;; malli options
:options nil

theequalizer7322:11:48

For the record, setting :strip-extra-keys false and mu/open-schema worked like a charm! Thx

theequalizer7314:11:09

Hi @ikitommi You said “(but reitit closes all maps for better web security)“. What kind of risks are we facing if we open all schemas?

Ben Sless14:11:45

Storage, injection, denial attacks, are all risks you take on when you let any data into your system at large

gratitude-thank-you 1