Reorder upload and security middlewares (#1)

- Move multipart middleware after security middleware so that security handlers can abort request pipeline before uploads are processed. Fixes cdimascio#865 Co-authored-by: Matt Mower <[email protected]>
CSNW · Oct 20, 2023 · fecc989 · fecc989
1 parent bb8d6b8
commit fecc989
Showing 1 changed file with 13 additions and 13 deletions.
diff --git a/src/openapi.validator.ts b/src/openapi.validator.ts
@@ -149,19 +149,6 @@ export class OpenApiValidator {
         .catch(next);
     });
 
-    if (this.options.fileUploader) {
-      // multipart middleware
-      let fumw;
-      middlewares.push(function multipartMiddleware(req, res, next) {
-        return pContext
-          .then(({ context: { apiDoc } }) => {
-            fumw = fumw || self.multipartMiddleware(apiDoc);
-            return fumw(req, res, next);
-          })
-          .catch(next);
-      });
-    }
-
     // security middlware
     let scmw;
     middlewares.push(function securityMiddleware(req, res, next) {
@@ -178,6 +165,19 @@ export class OpenApiValidator {
         .catch(next);
     });
 
+    if (this.options.fileUploader) {
+      // multipart middleware
+      let fumw;
+      middlewares.push(function multipartMiddleware(req, res, next) {
+        return pContext
+          .then(({ context: { apiDoc } }) => {
+            fumw = fumw || self.multipartMiddleware(apiDoc);
+            return fumw(req, res, next);
+          })
+          .catch(next);
+      });
+    }
+
     // request middlweare
     if (this.options.validateRequests) {
       let reqmw;