JSON Schema Validation
Introduction
RESTHeart supports MongoDB schema validation to enforce a format to documents: rules-based validation from MongoDB 3.2 and Json Schema validation from MongoDB 3.6, more in the MongoDB documentation.
On top of this, RESTHeart provides a more general approach for validation based on Interceptors that can verify write requests based on any condition.
RESTHeart provides “out of the box” the jsonSchema Interceptor that validates the body of write requests against a JSON schema.
Compared to the internal MongoDB Json Schema validation, the jsonSchema Interceptor of RESTHeart provides additional advantages:
- schemas are stored in a special collection, the schema store
/_schemas
and are validated - schemas can and can be reused on multiple collections
- complex schemas can be defined using sub-schemas, i.e. using the $ref keyword
- documents can be validated using schemas that available online
- schemas are cached
JSON Schema
JSON Schema specifies a JSON-based format to define the structure of JSON data for validation, documentation, and interaction control. A JSON Schema provides a contract for the JSON data required by a given application, and how that data can be modified.
For more information about JSON Schema refer to json-schema.org; a very good resource is understanding json schema web site too.
The Schema Store and Schema resources
Schema Store resources allow store JSON schemas used for document validation; they are specialized collection resources whose documents must conform to the JSON schema format (specifically to the latest version draft-04)
Schema Store are first class citizens in RESTHeart and the format of
their URIs is /_schemas
Create the db schema store
PUT /_schemas HTTP/1.1
Schema resources are documents of the Schema Store. The following request creates a valid JSON Schema.
PUT /_schemas/address HTTP/1.1
{
"$schema": "https://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"address": { "type": "string" },
"city": { "type": "string" },
"postal-code": { "type": "string" },
"country": { "type": "string"}
},
"required": ["address", "city", "country"]
}
HTTP/1.1 201 Created
...
In JSON Schema, the id
property (not to be confused with the _id
key) has a special role. This property is auto-generated by RESTHeart as
can be noted in the response of the following GET request.
GET /_schemas/address HTTP/1.1
HTTP/1.1 200 OK
{
"$schema": "https://json-schema.org/draft-04/schema#",
"id": "https://schema-store/restheart/address#",
"_id": "address",
....
}
Document validation
To apply the jsonSchema simply define the collection
metadata property jsonSchema
as follows:
{
"jsonSchema": {
"schemaId": <schema_id>,
"schemaStoreDb": <schema_store_db>
}
}
Property
|
Description
|
Mandatory
|
---|---|---|
schemaId |
the _id of the JSON schema to enforce |
Yes |
schemaStoreDb |
the db | No, if omitted the current db is used. |
Example
Create a collection enforcing the address JSON Schema
PUT /addresses HTTP/1.1
{
"jsonSchema": { "schemaId": "address" }
}
Now let’s try to create an invalid document.
Try to create an invalid address
POST /addresses HTTP/1.1
{ "address": "Via D'Annunzio 28" }
HTTP/1.1 400 Bad Request
...
{
"http status code": 400,
"http status description": "Bad Request",
"message": "Request content violates schema 'address': 2 schema violations found, required key [city] not found, required key [country] not found"
}
Passing valid data results in the document creation:
Create a valid documents
POST /addresses HTTP/1.1
{
"address": "Via D'Annunzio, 28",
"city": "L'Aquila",
"country": "Italy"
}
HTTP/1.1 201 Created
Limitations
jsonChecker does not support bulk PATCH requests:
To handle this requests, set the metadata property skipNotSupported
to true
, and add specialized interceptors to validate these requests if required.
PATCH /addresses/*?filter={"country":"Italy"} HTTP/1.1
{ "updated": true }
HTTP 1.1 501 Not Implemented
{
"http status code": 501,
"http status description": "Not Implemented",
"message": "'jsonSchema' checker does not support bulk PATCH requests. Set 'skipNotSupported:true' to allow them."
}