Add validate decorator and ability to delegated validation to that

[puittenbroek]

Checklist:

• Run pytest tests and no failed.
• Run ruff check flask_openapi3 tests examples and no failed.
• Run mypy flask_openapi3 and no failed.
• Run mkdocs serve and no failed.

@luolingchun This is based on your Delay-throwing-validation-error branch. But adds a decorator that can be used.

Some explanation. We use flask-pydantic which has @validate decorator, I copied and adjusted that to your code base.

This change is backward compatible, so existing users are not effected. But as seen in adjusted tests, you can pass a delegated_validation=True and then use the @validate decorator for full control.

The change in your branch won't resolve the situation, it now calls the function with missing arguments causing various other issues.

[puittenbroek]

My IDE has ruff/ruff formatting which it automatically applies, so few changes are unrelated. I would suggest adding black or ruff format to your project. Makes the code styling consistent.

[puittenbroek]

@luolingchun Discussed this with a colleague. We feel the current implementation poses a security risk since you cannot prevent unauthorized access. You check the headers, query, body using pydantic BEFORE anything else. We prefer doing auth first, then payload and other validation checks. Which I believe is a good best practise :)

I would propose removing the 'backward compatible' part ('delegate_validation' variable) and just use the decorator. That will allow implementers to decide when they want to do authorization checks. Which will usually be a decorator I think.

What are your thoughts on this?

[luolingchun]

@puittenbroek Could you paste a minimal example code to demonstrate the unsafe reason in #223 ?