forbid invalid fields in sqlpage.fetch http request definitions

Author: lovasoa

CHANGELOG.md

@@ -16,7 +16,7 @@
 - New `options_source` parameter in the form component. This allows to dynamically load options for dropdowns from a different SQL file.
  - This allows easily implementing autocomplete for form fields with a large number of possible options.
  - In the map component, add support for map pins with a description but no title.
-- Improved error messages when a parameter of a sqlpage function is invalid. Error traces used to be truncated, and made it hard to understand the exact cause of the error in some cases. In particular, calls to `sqlpage.fetch` would display an unhelpful error message when the HTTP request definition was invalid.
+- Improved error messages when a parameter of a sqlpage function is invalid. Error traces used to be truncated, and made it hard to understand the exact cause of the error in some cases. In particular, calls to `sqlpage.fetch` would display an unhelpful error message when the HTTP request definition was invalid. `sqlpage.fetch` now also throws an error if the HTTP request definition contains unknown fields.
 - Make the `headers` field of the `sqlpage.fetch` function parameter optional. It defaults to sending a User-Agent header containing the SQLPage version.
 
 ## 0.32.1 (2025-01-03)

src/webserver/database/sqlpage_functions/http_fetch_request.rs

@@ -21,6 +21,7 @@ fn default_headers<'a>() -> HeaderVec<'a> {
 
 #[derive(serde::Deserialize, Debug)]
 #[serde(expecting = "an http request object, e.g. '{\"url\":\"http://example.com\"}'")]
+#[serde(deny_unknown_fields)]
 pub(super) struct HttpFetchRequest<'b> {
     #[serde(borrow)]
     pub url: Cow<'b, str>,

tests/sql_test_files/error_unknown_field.sql

@@ -0,0 +1,4 @@
+select sqlpage.fetch('{
+    "url": "https://example.com",
+    "invalid_field": "should fail"
+}')