fix: Validate JSON request body for multipart/form-data and application/x-www-form-urlencoded

Related to the following issues:
openapistack#94
openapistack#229

Author: lagios-desquared

src/validation.test.ts

@@ -473,6 +473,20 @@ describe.each([{}, { lazyCompileValidators: true }])('OpenAPIValidator with opts
         },
         required: ['name'],
       };
+      const petScheduleSchema: OpenAPIV3_1.SchemaObject = {
+        type: 'object',
+        additionalProperties: false,
+        properties: {
+          title: {
+            type: 'string',
+          },
+          file: {
+            type: 'string',
+            format: 'binary',
+          },
+        },
+        required: ['title', 'file'],
+      };
       beforeAll(() => {
         validator = new OpenAPIValidator({
           definition: {
@@ -505,6 +519,19 @@ describe.each([{}, { lazyCompileValidators: true }])('OpenAPIValidator with opts
                   },
                 },
               },
+              '/pets/schedule': {
+                post: {
+                  operationId: 'createPetSchedule',
+                  responses: { 200: { description: 'ok' } },
+                  requestBody: {
+                    content: {
+                      'multipart/form-data': {
+                        schema: petScheduleSchema,
+                      },
+                    },
+                  },
+                },
+              },
               ...circularRefDefinition.paths,
             },
             ...constructorOpts,
@@ -625,6 +652,37 @@ describe.each([{}, { lazyCompileValidators: true }])('OpenAPIValidator with opts
         expect(valid.errors).toBeFalsy();
       });
 
+      test('passes validation for PUT /pets with multipart/form-data', async () => {
+        const valid = validator.validateRequest({
+          path: '/pets/schedule',
+          method: 'post',
+          body: {
+            title: 'Garfield Schedule',
+          },
+          headers: {
+            'Content-Type': 'multipart/form-data',
+          },
+        });
+
+        expect(valid.errors).toBeFalsy();
+      });
+
+      test('fails validation for PUT /pets with multipart/form-data and missing required field', async () => {
+        const valid = validator.validateRequest({
+          path: '/pets/schedule',
+          method: 'post',
+          body: {
+            ages: [1, 2, 3],
+          },
+          headers: {
+            'Content-Type': 'multipart/form-data',
+          },
+        });
+
+        expect(valid.errors).toHaveLength(1);
+        expect(valid.errors?.[0]?.params?.missingProperty).toBe('title');
+      });
+
       test.each([
         ['something'], // string
         [123], // number

src/validation.ts

@@ -564,7 +564,10 @@ export class OpenAPIValidator<D extends Document = Document> {
         OpenAPIV3.RequestBodyObject,
         OpenAPIV3_1.RequestBodyObject
       >;
-      const jsonbody = requestBody.content['application/json'];
+      const jsonbody =
+        requestBody.content['application/json'] ||
+        requestBody.content['multipart/form-data'] ||
+        requestBody.content['application/x-www-form-urlencoded'];
       if (jsonbody && jsonbody.schema) {
         const requestBodySchema: InputValidationSchema = {
           title: 'Request',
@@ -582,6 +585,7 @@ export class OpenAPIValidator<D extends Document = Document> {
 
         // add compiled params schema to schemas for this operation id
         const requestBodyValidator = this.getAjv(ValidationContext.RequestBody);
+        this.removeBinaryPropertiesFromRequired(requestBodySchema);
         validators.push(OpenAPIValidator.compileSchema(requestBodyValidator, requestBodySchema));
       }
     }
@@ -669,6 +673,49 @@ export class OpenAPIValidator<D extends Document = Document> {
     return validators;
   }
 
+  /**
+   * Removes binary properties from the required array in JSON schema, since they cannot be validated.
+   *
+   * @param {any} schema
+   * @memberof OpenAPIValidator
+   */
+  private removeBinaryPropertiesFromRequired(schema: any): void {
+    if (typeof schema !== 'object' || !schema?.required) {
+      return;
+    }
+
+    // If this is a schema with properties
+    if (schema.properties && schema.required && Array.isArray(schema.required)) {
+      // Find properties with binary format to exclude from required
+      const binaryProperties = Object.keys(schema.properties).filter((propName) => {
+        const prop = schema.properties[propName];
+        return prop && prop.type === 'string' && prop.format === 'binary';
+      });
+
+      // Remove binary properties from required array
+      if (binaryProperties.length > 0) {
+        schema.required = schema.required.filter((prop: string) => !binaryProperties.includes(prop));
+      }
+    }
+
+    // Recursively process nested objects and arrays
+    if (schema.properties) {
+      Object.values(schema.properties).forEach((prop) => this.removeBinaryPropertiesFromRequired(prop));
+    }
+
+    // Handle array items
+    if (schema.items) {
+      this.removeBinaryPropertiesFromRequired(schema.items);
+    }
+
+    // Handle allOf, anyOf, oneOf
+    ['allOf', 'anyOf', 'oneOf'].forEach((key) => {
+      if (Array.isArray(schema[key])) {
+        schema[key].forEach((subSchema: any) => this.removeBinaryPropertiesFromRequired(subSchema));
+      }
+    });
+  }
+
   /**
    * Get response validator function for an operation by operationId
    *