AlinsRan opened a new pull request, #13344: URL: https://github.com/apache/apisix/pull/13344
## Summary This PR introduces the oas-validator plugin, which validates inbound HTTP requests against an OpenAPI Specification (OAS) 3.x document before forwarding them to upstream services. ## Description The oas-validator plugin rejects requests that do not conform to the configured OpenAPI spec, returning a configurable HTTP error code. Validation scope (each independently configurable): - Request method and path - Query parameters - Request headers - Request body Spec delivery: - Inline: spec provided as a JSON string in the plugin config - Remote URL: spec fetched from a URL; cached for a configurable TTL (plugin metadata spec_url_ttl, default 3600 s) Use cases: - Enforce API contracts without modifying upstream services - Reject malformed requests early (shift-left validation) - Protect backends from unexpected inputs ## Dependencies This plugin depends on the lua-resty-openapi-validator LuaRocks package (>= 1.0.5-1), added to apisix-master-0.rockspec. https://luarocks.org/modules/membphis/lua-resty-openapi-validator ## Files changed - apisix/plugins/oas-validator.lua -- plugin implementation - t/plugin/oas-validator.t -- basic test cases - t/plugin/oas-validator2.t -- extended test cases (plugin metadata, remote spec) - docs/en/latest/plugins/oas-validator.md -- English documentation - docs/zh/latest/plugins/oas-validator.md -- Chinese documentation - apisix-master-0.rockspec -- add lua-resty-openapi-validator dependency - apisix/cli/config.lua -- register plugin in default list - docs/en/latest/config.json / docs/zh/latest/config.json -- add to sidebar -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
