Principled code generation from OpenAPI specifications. https://guardrail.dev/
it's really not a difference in ser/deser, it's "only inject defaults on the server"
yeah. I guess a zipper that's just an object tree populated with only defaults would work, but not performant at all without mutation
plus constructing those default trees would be unpleasant. This is one of the advantages of using abstract lenses to inspect values in structures
not sure what you're getting at with zippers & default trees. but i gotta run take one of the cats for a vaccination, so will chat more about this later
thinking more about the defaults thing in clients vs. servers, i think it's actually kinda sorta vaguely ok to not care about the difference. because:
1) on the server side, if there are response fields with a default, the server should always send those defaults rather than sending missing values, so the client's default-fallback machinery won't ever trigger.
2) on the client side, if there are request fields with a default, they'll be documented as such in the docs for the version of the client that the user is using, so they should be like "ok, i'm satisfied with default X, so i don't need to pass a different value". if the default value on the server side changes, sure, the "old" default will still get passed by old clients, but presumably the people using those clients know that and are ok with it.
3) on a somewhat higher level, if customers are using guardrail-generated clients and servers, defaults will never come into play on deserialization anyway, because guardrail-generated clients will always send default values in requests, and guardrail-generated servers will always send default values in responses (that is, they'll never be null or missing). the only time default values come into play on deserialization will be when someone is using a hand-rolled client, or is using curl or something to test things
1) on the server side, if there are response fields with a default, the server should always send those defaults rather than sending missing values, so the client's default-fallback machinery won't ever trigger.
2) on the client side, if there are request fields with a default, they'll be documented as such in the docs for the version of the client that the user is using, so they should be like "ok, i'm satisfied with default X, so i don't need to pass a different value". if the default value on the server side changes, sure, the "old" default will still get passed by old clients, but presumably the people using those clients know that and are ok with it.
3) on a somewhat higher level, if customers are using guardrail-generated clients and servers, defaults will never come into play on deserialization anyway, because guardrail-generated clients will always send default values in requests, and guardrail-generated servers will always send default values in responses (that is, they'll never be null or missing). the only time default values come into play on deserialization will be when someone is using a hand-rolled client, or is using curl or something to test things
(i do agree that it'd probably be better if clients never sent fields with defaults when they're unset, and just relied on the server to fill them in, but i don't think it's critical that things behave that way.)
that's true. The ideal client behaviour is to not include the field at all if it's not customized, letting the missing key be filled in by the server
but then that once again gets into a sticky situation regarding encoders and decoders
for your purposes, if there's a way in the code to explicitly test for presence or absence of the key and set the default explicitly in both cases, that will make it easier to solve the more general case of presence/absence without having to revisit this from first principles, especially with the javaparser AST being as tricky as it is to read
there isn't, at least not without generating manual ser/deser classes, rather than just using the annotations like i am now. i do plan to do this eventually, though, since supporting
required=false,nullable=true requires it
hmm, I meant at the point where facts have been gathered and you start to do codegen for those encoders/decoders
I think having a codec settings implicit which influences the manual encoders and decoders, as you mention, is going to be the ticket. What will be nice is memoizing those at the edge, since they only need to get resolved once. Previously I had written that off because it would be too much churn, but caching them in the clients and servers will fix that
java of course doesn't have implicits, so might be more challenging to implement that there
That might not make sense, but just an idea
on the client it might be workable; client could somehow pass the deserializer to use at deser time to jackson
but on the server side, there's really no way to do that, as DW hides all that
I find that very strange if true
the user can do that if they want, though, but that's another thing that we'd have to require they register on their own
right
which isn't unprecendented. until recently i required a guardrail module for datetime types
(no longer required, but it used to be)
but the difference there is that if you didn't register that, you got very clear runtime failures
with this type of thing you would get no failures, just silently subtly incorrect deser
otoh we could barf at mount time if we recognize we don't have a module registered
again not a great idea
but technically possible.
not really; we don't have access to the
ObjectMapper from the route class
(tho i wonder if DW lets you
@Inject one into the class...)
i kinda do like the idea of setting up the POJOs with annotations that specify the "server (de)serializer", and that will just work, but in the client i can just pass a custom (de)serializer when calling the objectmapper
i think you can do that. not 100% sure. but i think so.
I don't super like the idea of "default client unless known server", since any break in the chain switches semantics
(also, I read your comment backwards -- my objection still stands, but I at least better understand what you mean)
there's also perhaps a question around behavior of
required=true,nullable=false properties when a default is present. like, i could see the argument that a client could actually leave that property out entirely, because the server should know about the default, and automatically fall back (so these sorts of properties automatically get 'demoted' to required=false,nullable=false). but maybe you want to think of it as more of a "UX default": the server will barf if you don't include it, and the default there is mainly to make it so the user of the client doesn't have to explicitly fill in the property (because the client can do it for them).
(my preference is for the latter behavior, to be clear)
At the risk of making the wrong gut decision here, but required=true,nullable=false with a default should have the default injected by the server before the user sees it, regardless of presence in the actual wire encoding. If that means translating that into required=false,nullable=false then so be it.
The expectation would then be that removing the default from the spec would cause the generated code to change and a compiler error to be emitted.
oh agreed. but i'm talking about client requests there, not server responses
I think this would give the best experience for consumers -- smaller wire encoding, server-enforced defaults, and no trickery about secret defaults smuggled around in builders