Reorder upload and security middlewares (#866)

- Move multipart middleware after security middleware so that security handlers can abort request pipeline before uploads are processed. Fixes #865
cdimascio · Nov 12, 2023 · 95543d6 · 95543d6
1 parent f732379
commit 95543d6
Showing 1 changed file with 13 additions and 13 deletions.
diff --git a/src/openapi.validator.ts b/src/openapi.validator.ts
@@ -155,19 +155,6 @@ export class OpenApiValidator {
         .catch(next);
     });
 
-    if (this.options.fileUploader) {
-      // multipart middleware
-      let fumw;
-      middlewares.push(function multipartMiddleware(req, res, next) {
-        return pContext
-          .then(({ context: { apiDoc } }) => {
-            fumw = fumw || self.multipartMiddleware(apiDoc);
-            return fumw(req, res, next);
-          })
-          .catch(next);
-      });
-    }
-
     // security middlware
     let scmw;
     middlewares.push(function securityMiddleware(req, res, next) {
@@ -184,6 +171,19 @@ export class OpenApiValidator {
         .catch(next);
     });
 
+    if (this.options.fileUploader) {
+      // multipart middleware
+      let fumw;
+      middlewares.push(function multipartMiddleware(req, res, next) {
+        return pContext
+          .then(({ context: { apiDoc } }) => {
+            fumw = fumw || self.multipartMiddleware(apiDoc);
+            return fumw(req, res, next);
+          })
+          .catch(next);
+      });
+    }
+
     // request middlweare
     if (this.options.validateRequests) {
       let reqmw;