Expand description
v1.4.93 P0-2 (BUG-002): REST unknown-field validation for strict POST routes.
§Problem
REST endpoint typo fields (e.g. xyzzy_bogus / begin_timme) historically
could be silently accepted by generated proto JSON structs.
Root cause (CLAUDE.md pitfall #30): proto-build attached #[serde(default)]
globally to all messages without deny_unknown_fields, so serde dropped
unknown fields. Typos did not 400, daemon executed with default zero values,
and could return ret_type=0 + empty data (silent-success anti-pattern,
pitfall #45).
§Fix
Axum middleware that intercepts request body for strict validator registry paths, deserializes to typed Request struct, re-serializes to canonical JSON, and recursively walks both Values to detect any keys in user input not in the re-serialized typed shape. Unknown -> 400 BAD_REQUEST with explanatory hint.
The contract source is the strict validator registry below. Regression tests
require all EndpointSpec-declared POST routes registered by REST server code
to appear in this registry. Generated prost structs now also use
deny_unknown_fields, but REST keeps this adapter-layer validator to produce
stable user-facing 400 envelopes and to run after field alias normalization.
§Limitations
- Vec/repeated fields cannot be schema-validated for inner keys when default instantiated (default Vec is empty). Top-level + first-level nested object typos (the BUG-002 case) ARE caught.
- Validation runs AFTER
normalize_json_keys_snake_case/apply_known_field_aliases(replicated here to mimic adapter pre-processing) so camelCase/aliased names don’t false-trigger.
Functions§
- is_
strict_ path - Public test helper: returns true iff
pathis in the strict-validation list. - strict_
field_ validation_ middleware - Axum middleware: validate POST body against the typed Request schema for strict paths. Non-strict paths and non-POST methods pass through unmodified.
- validate_
admin_ empty_ body - v1.4.106 codex 0554 F2 [P2]: admin control-plane POST endpoints
(
/api/admin/shutdown+/api/admin/reload) 不带 proto request struct — handler 完全无视 body. 但 strict middleware 必须 reject 任何 user-supplied 字段, 避免{"force": true}/{"reason": "..."}之类 silent-accept (用户 以为生效, 实际 server 完全无视). - validate_
flow_ summary_ strict - validate_
ticker_ statistic_ detail_ strict - v1.4.106 codex 0500 ζ23-redo: 同
validate_ticker_statistic_strict—/api/ticker-statistic-detail走 security shorthand 路径 (adapterexpand_symbol_shorthand在 validator 之前展开), 同样需: - validate_
ticker_ statistic_ strict - Same as
validate_for_pathbut tolerates a list of dot-separated paths (e.g.["c2s.owner"]) — these will not be flagged as unknown even if they appear innormalizedpost-adapter-expansion but are absent from the typedReqshape.