Validation middleware consumes request body without restoring for downstream handlers

## Problem

The OpenAPI validation middleware in `go/pkg/zen/middleware_openapi_validation.go` calls `validator.Validate()` which consumes the request body (`r.Body`) without buffering or restoring it. This leaves downstream handlers with an exhausted stream (EOF) when they attempt to read the request body.

## Impact

- Downstream handlers cannot access request body content
- API endpoints that need to parse request bodies will fail after validation
- Silent failures where handlers receive empty/EOF body streams

## Context

This issue was identified during review of PR #3841 in comment: https://github.com/unkeyed/unkey/pull/3841#discussion_r2303817677

The validation logic needs to be updated to:
1. Buffer the request body before validation
2. Restore the body for downstream handlers on both success and error paths
3. Ensure proper cleanup and memory management

## References

- PR: https://github.com/unkeyed/unkey/pull/3841
- Comment: https://github.com/unkeyed/unkey/pull/3841#discussion_r2303817677
- Requested by: @Flo4604

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Validation middleware consumes request body without restoring for downstream handlers #3864

Problem

Impact

Context

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Validation middleware consumes request body without restoring for downstream handlers #3864

Description

Problem

Impact

Context

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions