Fixes in content negotation. Validations did not run when POSTing with an invalid content type. This change additionally allows extensions proposed at json-api/json-api#1437. Added test + fixes for running an endpoint that is not exposed through JsonApiDotNetCore (and we should not interfere)

Author: Bart Koelman

benchmarks/Serialization/JsonApiSerializerBenchmarks.cs

@@ -1,7 +1,6 @@
 using System;
 using BenchmarkDotNet.Attributes;
 using JsonApiDotNetCore.Configuration;
-using JsonApiDotNetCore.Graph;
 using JsonApiDotNetCore.Internal.Contracts;
 using JsonApiDotNetCore.Managers;
 using JsonApiDotNetCore.Query;

src/Examples/JsonApiDotNetCoreExample/Controllers/TestValuesController.cs

@@ -11,5 +11,25 @@ public IActionResult Get()
             var result = new[] { "value" };
             return Ok(result);
         }
+
+        [HttpPost]
+        public IActionResult Post(string name)
+        {
+            var result = "Hello, " + name;
+            return Ok(result);
+        }
+
+        [HttpPatch]
+        public IActionResult Patch(string name)
+        {
+            var result = "Hello, " + name;
+            return Ok(result);
+        }
+
+        [HttpDelete]
+        public IActionResult Delete()
+        {
+            return Ok("Deleted");
+        }
     }
 }

src/JsonApiDotNetCore/Extensions/HttpContextExtensions.cs

@@ -0,0 +1,18 @@
+using Microsoft.AspNetCore.Http;
+
+namespace JsonApiDotNetCore.Extensions
+{
+    public static class HttpContextExtensions
+    {
+        public static bool IsJsonApiRequest(this HttpContext httpContext)
+        {
+            string value = httpContext.Items["IsJsonApiRequest"] as string;
+            return value == bool.TrueString;
+        }
+
+        internal static void SetJsonApiRequest(this HttpContext httpContext)
+        {
+            httpContext.Items["IsJsonApiRequest"] = bool.TrueString;
+        }
+    }
+}

src/JsonApiDotNetCore/Formatters/JsonApiInputFormatter.cs

@@ -1,6 +1,6 @@
 using System;
 using System.Threading.Tasks;
-using JsonApiDotNetCore.Internal;
+using JsonApiDotNetCore.Extensions;
 using Microsoft.AspNetCore.Mvc.Formatters;
 using Microsoft.Extensions.DependencyInjection;
 
@@ -13,9 +13,7 @@ public bool CanRead(InputFormatterContext context)
             if (context == null)
                 throw new ArgumentNullException(nameof(context));
 
-            var contentTypeString = context.HttpContext.Request.ContentType;
-
-            return contentTypeString == HeaderConstants.ContentType;
+            return context.HttpContext.IsJsonApiRequest();
         }
 
         public async Task<InputFormatterResult> ReadAsync(InputFormatterContext context)

src/JsonApiDotNetCore/Formatters/JsonApiOutputFormatter.cs

@@ -1,6 +1,6 @@
 using System;
 using System.Threading.Tasks;
-using JsonApiDotNetCore.Internal;
+using JsonApiDotNetCore.Extensions;
 using Microsoft.AspNetCore.Mvc.Formatters;
 using Microsoft.Extensions.DependencyInjection;
 
@@ -13,10 +13,9 @@ public bool CanWriteResult(OutputFormatterCanWriteContext context)
             if (context == null)
                 throw new ArgumentNullException(nameof(context));
 
-            var contentTypeString = context.HttpContext.Request.ContentType;
-
-            return string.IsNullOrEmpty(contentTypeString) || contentTypeString == HeaderConstants.ContentType;
+            return context.HttpContext.IsJsonApiRequest();
         }
+
         public async Task WriteAsync(OutputFormatterWriteContext context)
         {
             var writer = context.HttpContext.RequestServices.GetService<IJsonApiWriter>();

src/JsonApiDotNetCore/Formatters/JsonApiWriter.cs

@@ -5,7 +5,6 @@
 using System.Text;
 using System.Threading.Tasks;
 using JsonApiDotNetCore.Exceptions;
-using JsonApiDotNetCore.Internal;
 using JsonApiDotNetCore.Middleware;
 using JsonApiDotNetCore.Models.JsonApiDocuments;
 using JsonApiDotNetCore.Serialization.Server;
@@ -50,7 +49,7 @@ public async Task WriteAsync(OutputFormatterWriteContext context)
             }
             else
             {
-                response.ContentType = HeaderConstants.ContentType;
+                response.ContentType = HeaderConstants.MediaType;
                 try
                 {
                     responseContent = SerializeResponse(context.Object, (HttpStatusCode)response.StatusCode);

src/JsonApiDotNetCore/Internal/DefaultRoutingConvention.cs

@@ -9,7 +9,6 @@
 using JsonApiDotNetCore.Models;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.ApplicationModels;
-using Microsoft.Extensions.Options;
 using Newtonsoft.Json.Serialization;
 
 namespace JsonApiDotNetCore.Internal

src/JsonApiDotNetCore/Internal/HeaderConstants.cs

@@ -1,3 +1,4 @@
+using JsonApiDotNetCore.Extensions;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Microsoft.AspNetCore.Mvc.Infrastructure;
@@ -12,6 +13,11 @@ public void OnResultExecuted(ResultExecutedContext context)
 
         public void OnResultExecuting(ResultExecutingContext context)
         {
+            if (!context.HttpContext.IsJsonApiRequest())
+            {
+                return;
+            }
+
             if (context.Result is ObjectResult objectResult && objectResult.Value != null)
             {
                 return;

src/JsonApiDotNetCore/Middleware/ConvertEmptyActionResultFilter.cs

@@ -1,7 +1,7 @@
-using System;
 using System.IO;
 using System.Linq;
 using System.Net;
+using System.Net.Http.Headers;
 using System.Threading.Tasks;
 using JsonApiDotNetCore.Configuration;
 using JsonApiDotNetCore.Extensions;
@@ -54,12 +54,17 @@ public async Task Invoke(HttpContext httpContext,
                 _currentRequest.BasePath = GetBasePath(requestResource.ResourceName);
                 _currentRequest.BaseId = GetBaseId();
                 _currentRequest.RelationshipId = GetRelationshipId();
-            }
 
-            if (await IsValidAsync())
-            {
-                await _next(httpContext);
+                if (await IsValidAsync())
+                {
+                    _httpContext.SetJsonApiRequest();
+                    await _next(httpContext);
+                }
+
+                return;
             }
+
+            await _next(httpContext);
         }
 
         private string GetBaseId()
@@ -139,60 +144,50 @@ private async Task<bool> IsValidAsync()
         private async Task<bool> IsValidContentTypeHeaderAsync(HttpContext context)
         {
             var contentType = context.Request.ContentType;
-            if (contentType != null && ContainsMediaTypeParameters(contentType))
+            if (contentType != null)
             {
-                await FlushResponseAsync(context, new Error(HttpStatusCode.UnsupportedMediaType)
+                if (!MediaTypeHeaderValue.TryParse(contentType, out var headerValue) ||
+                    headerValue.MediaType != HeaderConstants.MediaType || headerValue.CharSet != null ||
+                    headerValue.Parameters.Any(p => p.Name != "ext"))
                 {
-                    Title = "The specified Content-Type header value is not supported.",
-                    Detail = $"Please specify '{HeaderConstants.ContentType}' for the Content-Type header value."
-                });
+                    await FlushResponseAsync(context, new Error(HttpStatusCode.UnsupportedMediaType)
+                    {
+                        Title = "The specified Content-Type header value is not supported.",
+                        Detail = $"Please specify '{HeaderConstants.MediaType}' instead of '{contentType}' for the Content-Type header value."
+                    });
 
-                return false;
+                    return false;
+                }
             }
+
             return true;
         }
 
         private async Task<bool> IsValidAcceptHeaderAsync(HttpContext context)
         {
-            if (context.Request.Headers.TryGetValue(HeaderConstants.AcceptHeader, out StringValues acceptHeaders) == false)
-                return true;
-
-            foreach (var acceptHeader in acceptHeaders)
+            if (context.Request.Headers.TryGetValue("Accept", out StringValues acceptHeaders))
             {
-                if (ContainsMediaTypeParameters(acceptHeader) == false)
+                foreach (var acceptHeader in acceptHeaders)
                 {
-                    continue;
+                    if (MediaTypeHeaderValue.TryParse(acceptHeader, out var headerValue))
+                    {
+                        if (headerValue.MediaType == HeaderConstants.MediaType &&
+                            headerValue.Parameters.All(p => p.Name == "ext"))
+                        {
+                            return true;
+                        }
+                    }
                 }
 
                 await FlushResponseAsync(context, new Error(HttpStatusCode.NotAcceptable)
                 {
                     Title = "The specified Accept header value is not supported.",
-                    Detail = $"Please specify '{HeaderConstants.ContentType}' for the Accept header value."
+                    Detail = $"Please include '{HeaderConstants.MediaType}' in the Accept header values."
                 });
                 return false;
             }
-            return true;
-        }
-
-        private static bool ContainsMediaTypeParameters(string mediaType)
-        {
-            var incomingMediaTypeSpan = mediaType.AsSpan();
 
-            // if the content type is not application/vnd.api+json then continue on
-            if (incomingMediaTypeSpan.Length < HeaderConstants.ContentType.Length)
-            {
-                return false;
-            }
-
-            var incomingContentType = incomingMediaTypeSpan.Slice(0, HeaderConstants.ContentType.Length);
-            if (incomingContentType.SequenceEqual(HeaderConstants.ContentType.AsSpan()) == false)
-                return false;
-
-            // anything appended to "application/vnd.api+json;" will be considered a media type param
-            return (
-                incomingMediaTypeSpan.Length >= HeaderConstants.ContentType.Length + 2
-                && incomingMediaTypeSpan[HeaderConstants.ContentType.Length] == ';'
-            );
+            return true;
         }
 
         private async Task FlushResponseAsync(HttpContext context, Error error)