Expand description
v1.4.93 P0-2 (BUG-002): REST unknown-field validation for strict POST routes.
§Problem
REST endpoint typo fields (e.g. xyzzy_bogus / begin_timme) can otherwise
be silently accepted by generated proto JSON structs.
Root cause (CLAUDE.md pitfall #30): proto-build attaches #[serde(default)]
globally to all messages -> serde silently drops unknown fields. typo doesn’t
400, daemon executes with default zero values, returns ret_type=0 + empty data
(silent-success anti-pattern, pitfall #45).
§Fix
Axum middleware that intercepts request body for strict validator registry paths, deserializes to typed Request struct, re-serializes to canonical JSON, and recursively walks both Values to detect any keys in user input not in the re-serialized typed shape. Unknown -> 400 BAD_REQUEST with explanatory hint.
The contract source is the strict validator registry below. Regression tests
require all EndpointSpec-declared POST routes registered by REST server code
to appear in this registry. We intentionally keep validation in the adapter
layer instead of changing generated prost structs globally, because that would
alter every generated message’s JSON acceptance semantics at once.
§Limitations
- Vec/repeated fields cannot be schema-validated for inner keys when default instantiated (default Vec is empty). Top-level + first-level nested object typos (the BUG-002 case) ARE caught.
- Validation runs AFTER
normalize_json_keys_snake_case/apply_known_field_aliases(replicated here to mimic adapter pre-processing) so camelCase/aliased names don’t false-trigger.
Functions§
- is_
strict_ path - Public test helper: returns true iff
pathis in the strict-validation list. - strict_
field_ validation_ middleware - Axum middleware: validate POST body against the typed Request schema for strict paths. Non-strict paths and non-POST methods pass through unmodified.
- validate_
admin_ empty_ body - v1.4.106 codex 0554 F2 [P2]: admin control-plane POST endpoints
(
/api/admin/shutdown+/api/admin/reload) 不带 proto request struct — handler 完全无视 body. 但 strict middleware 必须 reject 任何 user-supplied 字段, 避免{"force": true}/{"reason": "..."}之类 silent-accept (用户 以为生效, 实际 server 完全无视). - validate_
flow_ summary_ strict - validate_
ticker_ statistic_ detail_ strict - v1.4.106 codex 0500 ζ23-redo: 同
validate_ticker_statistic_strict—/api/ticker-statistic-detail走 security shorthand 路径 (adapterexpand_symbol_shorthand在 validator 之前展开), 同样需: - validate_
ticker_ statistic_ strict - Same as
validate_for_pathbut tolerates a list of dot-separated paths (e.g.["c2s.owner"]) — these will not be flagged as unknown even if they appear innormalizedpost-adapter-expansion but are absent from the typedReqshape.