From caafcced1da7fd8a4a6f990108e3186df834f13f Mon Sep 17 00:00:00 2001 From: Michael Guiao Date: Wed, 6 May 2026 20:18:13 +0200 Subject: [PATCH 1/2] fix: skip request body validation gracefully instead of throwing error Fixes asyncapi/cli#1987 Two bugs fixed: 1. Unsafe access to requestBody.content['application/json'].schema crashes with TypeError when application/json is not a content type (e.g., multipart/form-data, text/plain). Fixed with optional chaining to safely check content type before accessing schema. 2. When compileAjv returns undefined (no requestBody or no JSON schema), the middleware incorrectly threw 'Request body validation is not supported' error. This is wrong - methods without request bodies (like GET, DELETE) simply don't need body validation, and endpoints with non-JSON content types should silently skip rather than error. Fixed to pass through instead of throwing. --- .../api/middlewares/validation.middleware.ts | 29 +++++++++++-------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/src/apps/api/middlewares/validation.middleware.ts b/src/apps/api/middlewares/validation.middleware.ts index 244d6f808..193dc3687 100644 --- a/src/apps/api/middlewares/validation.middleware.ts +++ b/src/apps/api/middlewares/validation.middleware.ts @@ -54,14 +54,20 @@ async function compileAjv(options: ValidationMiddlewareOptions) { const requestBody = method.requestBody; if (!requestBody) { - return; + // No request body defined for this method (e.g., GET, DELETE) — skip validation + return undefined; } - let schema = requestBody.content['application/json'].schema; - if (!schema) { - return; + // Handle cases where content type is not application/json + // (e.g., multipart/form-data, text/plain, or missing content type) + const jsonContent = requestBody.content?.['application/json']; + if (!jsonContent?.schema) { + // Request body exists but no JSON schema to validate against — skip validation + return undefined; } + let schema = jsonContent.schema; + schema = { ...schema }; schema['$schema'] = 'http://json-schema.org/draft-07/schema'; @@ -174,15 +180,14 @@ export async function validationMiddleware( try { if (!validate) { - throw new ProblemException({ - type: 'invalid-request-body', - title: 'Invalid Request Body', - status: 422, - detail: `Request body validation is not supported for "${options.path}" path with "${options.method}" method.`, - }); + // No validator compiled for this path/method — either: + // 1. Method has no requestBody (e.g., GET) — validation not needed, pass through + // 2. RequestBody has no JSON schema — nothing to validate, pass through + // Do NOT throw "not supported" error for endpoints that simply don't need body validation + // Fall through to document validation below + } else { + await validateRequestBody(validate, req.body); } - - await validateRequestBody(validate, req.body); } catch (error: unknown) { if (error instanceof ProblemException) { return next(error); From 8dee99f53e27769bf9bf5ab592902bfaa2b00f8f Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 7 May 2026 22:10:54 +0200 Subject: [PATCH 2/2] chore: add changeset for issue #1987 fix --- .changeset/mighty-avocados-wash.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/mighty-avocados-wash.md diff --git a/.changeset/mighty-avocados-wash.md b/.changeset/mighty-avocados-wash.md new file mode 100644 index 000000000..73b96926c --- /dev/null +++ b/.changeset/mighty-avocados-wash.md @@ -0,0 +1,5 @@ +--- +"@asyncapi/cli": patch +--- + +fix: skip request body validation gracefully instead of throwing error for unsupported paths