JSON Patch | slacker news

1. amenod ◴[18 Oct 24 17:15 UTC] No.41881449[source]▶

So how do you validate the data? You can apply all the changes to existing record and validate the result, but then you need to put everything in memory. Verifying the operations however sounds dangerous... Any pointers?

Also, if someone is using this in production: any gotchas?

replies(2): >>41881609 #>>41881740 #

2. numbsafari ◴[18 Oct 24 17:30 UTC] No.41881609[source]▶

>>41881449 (TP) #

The approach I've generally seen used is that you have a set of validation that you apply to the JSON and apply that to the results of the patch operation.

You probably want to have some constraints on the kinds of patch objects you apply to avoid simple attacks (e.g. a really large patch, or overly complex patches). But you can probably come up with a set of rules to apply generally to the patch without trying to validate that the patch value for the address meets some business logic. Just do that at the end.

3. deepakarora3 ◴[18 Oct 24 17:43 UTC] No.41881740[source]▶

>>41881449 (TP) #

If you are using Java, you may want to check out the library I created for American Express and open sourced, unify-jdocs - it provides for working with JSON documents outside of POJOLand. For validations, it also has the concept of "typed" document using which you can create a document structure against which all read / writes will be validated. Far simpler and in my opinion as powerful as JSONSchema. https://github.com/americanexpress/unify-jdocs.