[NP] Allow custom validations in HTTP Routes apart from @kbn/config-s…

…chema (#51919)

* [NP] Allow custom validations in HTTP Routes apart from @kbn/config-schema

* API docs

* Allow validate function in the route handler (run-code validation)

* Prefix RouteXXX + Params and Body Validation Aliases

* Fix test broken by lodash

* Update API docs

* Add default types for simpler manual declaration

* Add run-time validation of the RouteValidateSpec

* Expose RouteValidationError instead of SchemaTypeError

* RouteValidator as a class to match config-schema interface

* Test for not-inline handler (need to check IRouter for #47047)

* Add preValidation of the input for a safer custom validation

* Better types for RouteHandlers

* [NP] Move route validation to RouteValidator wrapper

* Use the class only internally but maintain the same API

* Fix types

* Ensure RouteValidator instance in KibanaRequest.from

* Fix validator.tests (Buffer.from instead of new Buffer)

* Default precheck should allow null values

* Also allow undefined in preChecks

* MR feedback fixes

* Provide RouteValidationResolver to the validation function

* Add functional tests

* Fix new functional tests

* Fix validator additional test

* Fix test with new resolver

* Remove unused import

* Rename ValidationResolver to ValidationResultFactory and change the interface to look more like the KibanaResponseFactory

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

docs/development/core/server/kibana-plugin-server.irouter.handlelegacyerrors.md

@@ -9,5 +9,5 @@ Wrap a router handler to catch and converts legacy boom errors to proper custom
 <b>Signature:</b>
 
 ```typescript
-handleLegacyErrors: <P extends ObjectType, Q extends ObjectType, B extends ObjectType>(handler: RequestHandler<P, Q, B>) => RequestHandler<P, Q, B>;
+handleLegacyErrors: <P, Q, B>(handler: RequestHandler<P, Q, B>) => RequestHandler<P, Q, B>;
 ```

docs/development/core/server/kibana-plugin-server.irouter.md

@@ -18,7 +18,7 @@ export interface IRouter
 |  --- | --- | --- |
 |  [delete](./kibana-plugin-server.irouter.delete.md) | <code>RouteRegistrar&lt;'delete'&gt;</code> | Register a route handler for <code>DELETE</code> request. |
 |  [get](./kibana-plugin-server.irouter.get.md) | <code>RouteRegistrar&lt;'get'&gt;</code> | Register a route handler for <code>GET</code> request. |
-|  [handleLegacyErrors](./kibana-plugin-server.irouter.handlelegacyerrors.md) | <code>&lt;P extends ObjectType, Q extends ObjectType, B extends ObjectType&gt;(handler: RequestHandler&lt;P, Q, B&gt;) =&gt; RequestHandler&lt;P, Q, B&gt;</code> | Wrap a router handler to catch and converts legacy boom errors to proper custom errors. |
+|  [handleLegacyErrors](./kibana-plugin-server.irouter.handlelegacyerrors.md) | <code>&lt;P, Q, B&gt;(handler: RequestHandler&lt;P, Q, B&gt;) =&gt; RequestHandler&lt;P, Q, B&gt;</code> | Wrap a router handler to catch and converts legacy boom errors to proper custom errors. |
 |  [patch](./kibana-plugin-server.irouter.patch.md) | <code>RouteRegistrar&lt;'patch'&gt;</code> | Register a route handler for <code>PATCH</code> request. |
 |  [post](./kibana-plugin-server.irouter.post.md) | <code>RouteRegistrar&lt;'post'&gt;</code> | Register a route handler for <code>POST</code> request. |
 |  [put](./kibana-plugin-server.irouter.put.md) | <code>RouteRegistrar&lt;'put'&gt;</code> | Register a route handler for <code>PUT</code> request. |

docs/development/core/server/kibana-plugin-server.md

@@ -21,6 +21,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [CspConfig](./kibana-plugin-server.cspconfig.md) | CSP configuration for use in Kibana. |
 |  [ElasticsearchErrorHelpers](./kibana-plugin-server.elasticsearcherrorhelpers.md) | Helpers for working with errors returned from the Elasticsearch service.Since the internal data of errors are subject to change, consumers of the Elasticsearch service should always use these helpers to classify errors instead of checking error internals such as <code>body.error.header[WWW-Authenticate]</code> |
 |  [KibanaRequest](./kibana-plugin-server.kibanarequest.md) | Kibana specific abstraction for an incoming request. |
+|  [RouteValidationError](./kibana-plugin-server.routevalidationerror.md) | Error to return when the validation is not successful. |
 |  [SavedObjectsClient](./kibana-plugin-server.savedobjectsclient.md) |  |
 |  [SavedObjectsErrorHelpers](./kibana-plugin-server.savedobjectserrorhelpers.md) |  |
 |  [SavedObjectsRepository](./kibana-plugin-server.savedobjectsrepository.md) |  |
@@ -94,7 +95,9 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [RouteConfig](./kibana-plugin-server.routeconfig.md) | Route specific configuration. |
 |  [RouteConfigOptions](./kibana-plugin-server.routeconfigoptions.md) | Additional route options. |
 |  [RouteConfigOptionsBody](./kibana-plugin-server.routeconfigoptionsbody.md) | Additional body options for a route |
-|  [RouteSchemas](./kibana-plugin-server.routeschemas.md) | RouteSchemas contains the schemas for validating the different parts of a request. |
+|  [RouteValidationResultFactory](./kibana-plugin-server.routevalidationresultfactory.md) | Validation result factory to be used in the custom validation function to return the valid data or validation errors<!-- -->See [RouteValidationFunction](./kibana-plugin-server.routevalidationfunction.md)<!-- -->. |
+|  [RouteValidatorConfig](./kibana-plugin-server.routevalidatorconfig.md) | The configuration object to the RouteValidator class. Set <code>params</code>, <code>query</code> and/or <code>body</code> to specify the validation logic to follow for that property. |
+|  [RouteValidatorOptions](./kibana-plugin-server.routevalidatoroptions.md) | Additional options for the RouteValidator class to modify its default behaviour. |
 |  [SavedObject](./kibana-plugin-server.savedobject.md) |  |
 |  [SavedObjectAttributes](./kibana-plugin-server.savedobjectattributes.md) | The data for a Saved Object is stored as an object in the <code>attributes</code> property. |
 |  [SavedObjectReference](./kibana-plugin-server.savedobjectreference.md) | A reference to another saved object. |
@@ -200,6 +203,9 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [RouteContentType](./kibana-plugin-server.routecontenttype.md) | The set of supported parseable Content-Types |
 |  [RouteMethod](./kibana-plugin-server.routemethod.md) | The set of common HTTP methods supported by Kibana routing. |
 |  [RouteRegistrar](./kibana-plugin-server.routeregistrar.md) | Route handler common definition |
+|  [RouteValidationFunction](./kibana-plugin-server.routevalidationfunction.md) | The custom validation function if @<!-- -->kbn/config-schema is not a valid solution for your specific plugin requirements. |
+|  [RouteValidationSpec](./kibana-plugin-server.routevalidationspec.md) | Allowed property validation options: either @<!-- -->kbn/config-schema validations or custom validation functions<!-- -->See [RouteValidationFunction](./kibana-plugin-server.routevalidationfunction.md) for custom validation. |
+|  [RouteValidatorFullConfig](./kibana-plugin-server.routevalidatorfullconfig.md) | Route validations config and options merged into one object |
 |  [SavedObjectAttribute](./kibana-plugin-server.savedobjectattribute.md) | Type definition for a Saved Object attribute value |
 |  [SavedObjectAttributeSingle](./kibana-plugin-server.savedobjectattributesingle.md) | Don't use this type, it's simply a helper type for [SavedObjectAttribute](./kibana-plugin-server.savedobjectattribute.md) |
 |  [SavedObjectsClientContract](./kibana-plugin-server.savedobjectsclientcontract.md) | Saved Objects is Kibana's data persisentence mechanism allowing plugins to use Elasticsearch for storing plugin state.<!-- -->\#\# SavedObjectsClient errors<!-- -->Since the SavedObjectsClient has its hands in everything we are a little paranoid about the way we present errors back to to application code. Ideally, all errors will be either:<!-- -->1. Caused by bad implementation (ie. undefined is not a function) and as such unpredictable 2. An error that has been classified and decorated appropriately by the decorators in [SavedObjectsErrorHelpers](./kibana-plugin-server.savedobjectserrorhelpers.md)<!-- -->Type 1 errors are inevitable, but since all expected/handle-able errors should be Type 2 the <code>isXYZError()</code> helpers exposed at <code>SavedObjectsErrorHelpers</code> should be used to understand and manage error responses from the <code>SavedObjectsClient</code>.<!-- -->Type 2 errors are decorated versions of the source error, so if the elasticsearch client threw an error it will be decorated based on its type. That means that rather than looking for <code>error.body.error.type</code> or doing substring checks on <code>error.body.error.reason</code>, just use the helpers to understand the meaning of the error:<!-- -->\`\`\`<!-- -->js if (SavedObjectsErrorHelpers.isNotFoundError(error)) { // handle 404 }<!-- -->if (SavedObjectsErrorHelpers.isNotAuthorizedError(error)) { // 401 handling should be automatic, but in case you wanted to know }<!-- -->// always rethrow the error unless you handle it throw error; \`\`\`<!-- -->\#\#\# 404s from missing index<!-- -->From the perspective of application code and APIs the SavedObjectsClient is a black box that persists objects. One of the internal details that users have no control over is that we use an elasticsearch index for persistance and that index might be missing.<!-- -->At the time of writing we are in the process of transitioning away from the operating assumption that the SavedObjects index is always available. Part of this transition is handling errors resulting from an index missing. These used to trigger a 500 error in most cases, and in others cause 404s with different error messages.<!-- -->From my (Spencer) perspective, a 404 from the SavedObjectsApi is a 404; The object the request/call was targeting could not be found. This is why \#14141 takes special care to ensure that 404 errors are generic and don't distinguish between index missing or document missing.<!-- -->\#\#\# 503s from missing index<!-- -->Unlike all other methods, create requests are supposed to succeed even when the Kibana index does not exist because it will be automatically created by elasticsearch. When that is not the case it is because Elasticsearch's <code>action.auto_create_index</code> setting prevents it from being created automatically so we throw a special 503 with the intention of informing the user that their Elasticsearch settings need to be updated.<!-- -->See [SavedObjectsClient](./kibana-plugin-server.savedobjectsclient.md) See [SavedObjectsErrorHelpers](./kibana-plugin-server.savedobjectserrorhelpers.md) |

docs/development/core/server/kibana-plugin-server.requesthandler.md

@@ -9,7 +9,7 @@ A function executed when route path matched requested resource path. Request han
 <b>Signature:</b>
 
 ```typescript
-export declare type RequestHandler<P extends ObjectType, Q extends ObjectType, B extends ObjectType | Type<Buffer> | Type<Stream>, Method extends RouteMethod = any> = (context: RequestHandlerContext, request: KibanaRequest<TypeOf<P>, TypeOf<Q>, TypeOf<B>, Method>, response: KibanaResponseFactory) => IKibanaResponse<any> | Promise<IKibanaResponse<any>>;
+export declare type RequestHandler<P = unknown, Q = unknown, B = unknown, Method extends RouteMethod = any> = (context: RequestHandlerContext, request: KibanaRequest<P, Q, B, Method>, response: KibanaResponseFactory) => IKibanaResponse<any> | Promise<IKibanaResponse<any>>;
 ```
 
 ## Example

docs/development/core/server/kibana-plugin-server.routeconfig.md

@@ -9,7 +9,7 @@ Route specific configuration.
 <b>Signature:</b>
 
 ```typescript
-export interface RouteConfig<P extends ObjectType, Q extends ObjectType, B extends ObjectType | Type<Buffer> | Type<Stream>, Method extends RouteMethod> 
+export interface RouteConfig<P, Q, B, Method extends RouteMethod> 
 ```
 
 ## Properties
@@ -18,5 +18,5 @@ export interface RouteConfig<P extends ObjectType, Q extends ObjectType, B exten
 |  --- | --- | --- |
 |  [options](./kibana-plugin-server.routeconfig.options.md) | <code>RouteConfigOptions&lt;Method&gt;</code> | Additional route options [RouteConfigOptions](./kibana-plugin-server.routeconfigoptions.md)<!-- -->. |
 |  [path](./kibana-plugin-server.routeconfig.path.md) | <code>string</code> | The endpoint \_within\_ the router path to register the route. |
-|  [validate](./kibana-plugin-server.routeconfig.validate.md) | <code>RouteSchemas&lt;P, Q, B&gt; &#124; false</code> | A schema created with <code>@kbn/config-schema</code> that every request will be validated against. |
+|  [validate](./kibana-plugin-server.routeconfig.validate.md) | <code>RouteValidatorFullConfig&lt;P, Q, B&gt; &#124; false</code> | A schema created with <code>@kbn/config-schema</code> that every request will be validated against. |
 

docs/development/core/server/kibana-plugin-server.routeconfig.validate.md

@@ -9,7 +9,7 @@ A schema created with `@kbn/config-schema` that every request will be validated
 <b>Signature:</b>
 
 ```typescript
-validate: RouteSchemas<P, Q, B> | false;
+validate: RouteValidatorFullConfig<P, Q, B> | false;
 ```
 
 ## Remarks

docs/development/core/server/kibana-plugin-server.routeregistrar.md

@@ -9,5 +9,5 @@ Route handler common definition
 <b>Signature:</b>
 
 ```typescript
-export declare type RouteRegistrar<Method extends RouteMethod> = <P extends ObjectType, Q extends ObjectType, B extends ObjectType | Type<Buffer> | Type<Stream>>(route: RouteConfig<P, Q, B, Method>, handler: RequestHandler<P, Q, B, Method>) => void;
+export declare type RouteRegistrar<Method extends RouteMethod> = <P, Q, B>(route: RouteConfig<P, Q, B, Method>, handler: RequestHandler<P, Q, B, Method>) => void;
 ```

docs/development/core/server/kibana-plugin-server.routevalidationerror._constructor_.md

@@ -0,0 +1,21 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteValidationError](./kibana-plugin-server.routevalidationerror.md) &gt; [(constructor)](./kibana-plugin-server.routevalidationerror._constructor_.md)
+
+## RouteValidationError.(constructor)
+
+Constructs a new instance of the `RouteValidationError` class
+
+<b>Signature:</b>
+
+```typescript
+constructor(error: Error | string, path?: string[]);
+```
+
+## Parameters
+
+|  Parameter | Type | Description |
+|  --- | --- | --- |
+|  error | <code>Error &#124; string</code> |  |
+|  path | <code>string[]</code> |  |
+

docs/development/core/server/kibana-plugin-server.routevalidationerror.md

@@ -0,0 +1,20 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteValidationError](./kibana-plugin-server.routevalidationerror.md)
+
+## RouteValidationError class
+
+Error to return when the validation is not successful.
+
+<b>Signature:</b>
+
+```typescript
+export declare class RouteValidationError extends SchemaTypeError 
+```
+
+## Constructors
+
+|  Constructor | Modifiers | Description |
+|  --- | --- | --- |
+|  [(constructor)(error, path)](./kibana-plugin-server.routevalidationerror._constructor_.md) |  | Constructs a new instance of the <code>RouteValidationError</code> class |
+

docs/development/core/server/kibana-plugin-server.routevalidationfunction.md

@@ -0,0 +1,42 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteValidationFunction](./kibana-plugin-server.routevalidationfunction.md)
+
+## RouteValidationFunction type
+
+The custom validation function if @<!-- -->kbn/config-schema is not a valid solution for your specific plugin requirements.
+
+<b>Signature:</b>
+
+```typescript
+export declare type RouteValidationFunction<T> = (data: any, validationResult: RouteValidationResultFactory) => {
+    value: T;
+    error?: never;
+} | {
+    value?: never;
+    error: RouteValidationError;
+};
+```
+
+## Example
+
+The validation should look something like:
+
+```typescript
+interface MyExpectedBody {
+  bar: string;
+  baz: number;
+}
+
+const myBodyValidation: RouteValidationFunction<MyExpectedBody> = (data, validationResult) => {
+  const { ok, badRequest } = validationResult;
+  const { bar, baz } = data || {};
+  if (typeof bar === 'string' && typeof baz === 'number') {
+    return ok({ bar, baz });
+  } else {
+    return badRequest('Wrong payload', ['body']);
+  }
+}
+
+```
+

docs/development/core/server/kibana-plugin-server.routevalidationresultfactory.badrequest.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteValidationResultFactory](./kibana-plugin-server.routevalidationresultfactory.md) &gt; [badRequest](./kibana-plugin-server.routevalidationresultfactory.badrequest.md)
+
+## RouteValidationResultFactory.badRequest property
+
+<b>Signature:</b>
+
+```typescript
+badRequest: (error: Error | string, path?: string[]) => {
+        error: RouteValidationError;
+    };
+```

docs/development/core/server/kibana-plugin-server.routevalidationresultfactory.md

@@ -0,0 +1,23 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteValidationResultFactory](./kibana-plugin-server.routevalidationresultfactory.md)
+
+## RouteValidationResultFactory interface
+
+Validation result factory to be used in the custom validation function to return the valid data or validation errors
+
+See [RouteValidationFunction](./kibana-plugin-server.routevalidationfunction.md)<!-- -->.
+
+<b>Signature:</b>
+
+```typescript
+export interface RouteValidationResultFactory 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [badRequest](./kibana-plugin-server.routevalidationresultfactory.badrequest.md) | <code>(error: Error &#124; string, path?: string[]) =&gt; {</code><br/><code>        error: RouteValidationError;</code><br/><code>    }</code> |  |
+|  [ok](./kibana-plugin-server.routevalidationresultfactory.ok.md) | <code>&lt;T&gt;(value: T) =&gt; {</code><br/><code>        value: T;</code><br/><code>    }</code> |  |
+

docs/development/core/server/kibana-plugin-server.routevalidationresultfactory.ok.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteValidationResultFactory](./kibana-plugin-server.routevalidationresultfactory.md) &gt; [ok](./kibana-plugin-server.routevalidationresultfactory.ok.md)
+
+## RouteValidationResultFactory.ok property
+
+<b>Signature:</b>
+
+```typescript
+ok: <T>(value: T) => {
+        value: T;
+    };
+```

docs/development/core/server/kibana-plugin-server.routevalidationspec.md

@@ -0,0 +1,15 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteValidationSpec](./kibana-plugin-server.routevalidationspec.md)
+
+## RouteValidationSpec type
+
+Allowed property validation options: either @<!-- -->kbn/config-schema validations or custom validation functions
+
+See [RouteValidationFunction](./kibana-plugin-server.routevalidationfunction.md) for custom validation.
+
+<b>Signature:</b>
+
+```typescript
+export declare type RouteValidationSpec<T> = ObjectType | Type<T> | RouteValidationFunction<T>;
+```

docs/development/core/server/kibana-plugin-server.routevalidatorconfig.body.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteValidatorConfig](./kibana-plugin-server.routevalidatorconfig.md) &gt; [body](./kibana-plugin-server.routevalidatorconfig.body.md)
+
+## RouteValidatorConfig.body property
+
+Validation logic for the body payload
+
+<b>Signature:</b>
+
+```typescript
+body?: RouteValidationSpec<B>;
+```