Update event-type schemas to be stricter #677
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates the /event-type endpoints "schemas" parsing to match our API more closely.
Motivation
In our API, we specifically parse event-type schemas as a map of version numbers to Json Schemas. While we don't enforce the version numbers, we do enforce that the Json schemas are, well, valid JSON schemas!
The open-source repo was allowing arbitrary JSON objects, which is too lax.
Solution
We use the
jsonschemas
library to parse Json Schemas. This library has a compatible license (MIT), no known vulnerabilities, is actively maintained, with modest popularity (283 stars in Github, a little over half a million downloads).We still need to (de)serialize the
event_type::Schema
, andjsonschema::JSONSchema
doesn't implement any of the (de)serialization traits. Consequently, the type definition is still a wrapper over a Hash of strings to Json, and we manually implement deserialize to enforce that that the json schema is always correct.