api_engine_base 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 237d043d261233c9e45d4b7466dcacbfb4792636246fa2e211e765ee21b75141
-  data.tar.gz: 55d598e1abaf7a12a253fbc9ea8d010c9a11ac9ca5ea293e2a30f6cb42ffc759
+  metadata.gz: 5f2182e3fbdabb9d8dee95b45cd2308d4c9f60f1fe93b9cde7a4e1c543cbc2a8
+  data.tar.gz: e9a9063e61ff9f3815533db89a783a38da4eab6860c7511d86a4a3fcd8943c19
 SHA512:
-  metadata.gz: 53180702bea719474e8f9922858da3c1af7b6c44ce3ad1db78bb5c633c039b9b5bb7a524984a637e41dd16499478f896731f033a8c8beece0441eff76ac40fa9
-  data.tar.gz: '03397ea3efb5e7a68554ae600d4eda0d0f467d2990a14dbb4e1bf2ea2cd13a96e82abd679894e2943c51e097eab095c10434116303c1004404626d84d2805c5a'
+  metadata.gz: 36eaf340ded210a8dc26d5d10de1fbfacec838bef501618efff5c3adaad8dace49b3217e36ca614627bda213504511778dccef2c2d421c7978b238dbaca2b978
+  data.tar.gz: a849ee1f598893dc670b3f40b1984cbfbde3efa2b50c33e6c823b7a0360967c000e25583874174105466bec1f4920f76aa9247c7d0e8b05348d29ae935cc2dd4

data/README.md

@@ -1,8 +1,7 @@
 # ApiEngineBase
-Short description and motivation.
+This is an API only base engine to build on top of. This Engine takes care of all Authentication, Token Refresh, and RBAC Roles so that you do not have to! For all applications, you can get right to work on implementing the code directly related to your project rather than dealing with the administrative overhead.
 
-## Usage
-How to use my plugin.
+While this gem is heavily opinionated, everything can be configured to your liking.
 
 ## Installation
 Add this line to your application's Gemfile:
@@ -21,8 +20,40 @@ Or install it yourself as:
 $ gem install api_engine_base
 ```
 
-## Contributing
-Contribution directions go here.
+## Initializing ApiEngineBase
+Please follow all steps in [Initializing ApiEngineBase](docs/initializing.md)
+
+
+## Available Routes
+
+For more info, check out [Controllers ReadMe](docs/controllers.md)
+
+Additionally, You can check out [RSpec Integration Testing](/spec/integration_test)
+
+## Available Models
+
+ApiEngineBase provides several Models at the in the root namespace. Core Models like `User` and `UserSecret` are readily available. Don't forget! You can add additional methods to these classes by opening them back up.
+
+For more info, check out [Models ReadMe](doc/models.md)
+
+## Authentication (JWT BearerToken)
+Authentication ensures that we know which user is requesting the action. When the Engine is unable to authenticate, a `401` status code is returned.
+
+For more info, check out [Authentication ReadMe](docs/authentication.md)
+
+## Authorization (RBAC)
+Authorization is only done after authentication. This is the act of ensuring that the user can perform the action it is requesting. Put differently, I know who you are, but I need to validate you have permissions to complete the action. When the engine is unable to authorize the user, a `403` status code is returned.
+
+For more info, check out [Authentication ReadMe](docs/authorization.md)
+
+## Sensitive Changes
+
+For more info, check out [Sensitive Routes](docs/sensitive_routes.md)
+
+## ServiceBase
+ServiceBase is built on top of Interactor. The ServiceBase is the heart of all logic for ApiEngineBase. It includes Logging and enhanced ArgumentValidation that can directly return back to the API request.
+
+For more info, check out [ServiceBase ReadMe](app/services/api_engine_base/README.md)
 
 ## License
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+The engine is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/app/controllers/api_engine_base/admin_controller.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+module ApiEngineBase
+  class AdminController < ::ApiEngineBase::ApplicationController
+    include ApiEngineBase::SchemaHelper
+
+    before_action :authenticate_user!
+    before_action :authorize_user!
+    before_action :user!, only: [:modify, :modify_role]
+
+    # Pagination is needed here
+    def show
+      schemafied_users = User.all.map { ApiEngineBase::Schema::User.convert_user_object(user: _1) }
+      schema = ApiEngineBase::Schema::Admin::Users.new(users: schemafied_users)
+      schema_succesful!(status: 200, schema:)
+    end
+
+    def modify
+      result = ApiEngineBase::UserAttributes::Modify.(user:, admin_user:, **modify_params)
+      if result.success?
+        schema = ApiEngineBase::Schema::User.convert_user_object(user: user.reload)
+        status = 201
+        schema_succesful!(status:, schema:)
+      else
+        if result.invalid_arguments
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: ApiEngineBase::Schema::PlainText::LoginRequest
+          )
+        else
+          server_error!(result:)
+        end
+      end
+    end
+
+    def modify_role
+      result = ApiEngineBase::UserAttributes::Roles.(user:, admin_user:, roles: params[:roles] || [])
+      if result.success?
+        schema = ApiEngineBase::Schema::User.convert_user_object(user: user.reload)
+        status = 201
+        schema_succesful!(status:, schema:)
+      else
+        if result.invalid_arguments
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: ApiEngineBase::Schema::PlainText::LoginRequest
+          )
+        else
+          server_error!(result:)
+        end
+      end
+    end
+
+    def impersonate
+      # TODO: @matt-taylor
+    end
+
+    private
+
+    def server_error!(result:)
+      status = 500
+      schema = ApiEngineBase::Schema::Error::Base.new(status:, message: result.msg)
+      render(json: schema.to_h, status:)
+    end
+
+    def modify_params
+      {
+        email: params[:email],
+        email_validated: safe_boolean(value: params[:email_validated]),
+        first_name: params[:first_name],
+        last_name: params[:last_name],
+        username: params[:username],
+        verifier_token: safe_boolean(value: params[:verifier_token]),
+      }.compact
+    end
+
+    def admin_user
+      # current_user is defined via authenticate_user! before action
+      current_user
+    end
+
+    def user!
+      _user = User.where(id: params[:user_id]).first
+      if _user
+        @user = _user
+        return true
+      end
+
+      status = 400
+      schema = ApiEngineBase::Schema::Error::Base.new(status:, message: "Invalid user")
+      render(json: schema.to_h, status:)
+      # Must return false so callbacks know to halt propagation
+      false
+    end
+
+    def user
+      @user ||= nil
+    end
+  end
+end

data/app/controllers/api_engine_base/application_controller.rb

@@ -2,12 +2,21 @@
 
 module ApiEngineBase
   class ApplicationController < ActionController::API
-    AUTHORIZATION_HEADER = "AUTHORIZATION"
+    AUTHENTICATION_HEADER = "Authentication"
+    AUTHENTICATION_EXPIRE_HEADER = "X-Authentication-Expire"
+    AUTHENTICATION_WITH_RESET = "X-Authentication-Reset"
+
+    def safe_boolean(value:)
+      return nil unless [true, false, "true", "false", "0", "1", 0, 1].include?(value)
+
+      ActiveModel::Type::Boolean.new.cast(value)
+    end
 
     ###
-    # AUTHORIZATION_HEADER="Bearer: {token value}"
+    # Authenticate user via the passed in header
+    # AUTHENTICATION_HEADER="Bearer: {token value}"
     def authenticate_user!(bypass_email_validation: false)
-      raw_token = request.headers[AUTHORIZATION_HEADER]
+      raw_token = request.headers[AUTHENTICATION_HEADER]
       if raw_token.nil?
         status = 401
         schema = ApiEngineBase::Schema::Error::Base.new(status:, message: "Bearer token missing")
@@ -16,9 +25,14 @@ module ApiEngineBase
       end
 
       token = raw_token.split("Bearer:")[1].strip
-      result = ApiEngineBase::Jwt::AuthenticateUser.(token:, bypass_email_validation:)
+      with_reset = safe_boolean(value: request.headers[AUTHENTICATION_WITH_RESET])
+      result = ApiEngineBase::Jwt::AuthenticateUser.(token:, bypass_email_validation:, with_reset:)
       if result.success?
         @current_user = result.user
+        response.set_header(AUTHENTICATION_EXPIRE_HEADER, result.expires_at)
+        if with_reset
+          response.set_header(AUTHENTICATION_WITH_RESET, result.generated_token)
+        end
         true
       else
         status = 401
@@ -29,19 +43,39 @@ module ApiEngineBase
       end
     end
 
+    ###
+    # Authenticate user via the passed in header without validating email
     def authenticate_user_without_email_verification!
       authenticate_user!(bypass_email_validation: true)
     end
 
-    def current_user
-      @current_user ||= nil
+    ###
+    # After Authenticating user, see if the user needs authorization on the route
+    def authorize_user!
+      if current_user.nil?
+        Rails.logger.error { "Current User is not defined. This means that authenticate_user! was not called" }
+        status = 401
+        schema = ApiEngineBase::Schema::Error::Base.new(status:, message: "Bearer token missing")
+        render(json: schema.to_h, status:)
+        return false
+      end
+      result = ApiEngineBase::Authorize::Validate.(user: current_user, controller: self.class, method: params[:action])
+
+      if result.success?
+        @current_user = result.user
+        true
+      else
+        # Current user is not authorized for the current Controller#action
+        status = 403
+        schema = ApiEngineBase::Schema::Error::Base.new(status:, message: result.msg)
+        render(json: schema.to_h, status:)
+        # Must return false so callbacks know to halt propagation
+        false
+      end
     end
 
-    def add_to_body
-      # {
-      #   token_valid_till:,
-      #   needs_email_verification:,
-      # }
+    def current_user
+      @current_user ||= nil
     end
   end
 end

data/app/controllers/api_engine_base/auth/plain_text_controller.rb

@@ -12,7 +12,7 @@ module ApiEngineBase
         if result.success?
           schema = ApiEngineBase::Schema::PlainText::LoginResponse.new(
             token: result.token,
-            header_name: AUTHORIZATION_HEADER,
+            header_name: AUTHENTICATION_HEADER,
             message: "Successfully logged user in"
           )
           status = 201

data/app/controllers/api_engine_base/user_controller.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module ApiEngineBase
+  class UserController < ::ApiEngineBase::ApplicationController
+    include ApiEngineBase::SchemaHelper
+
+    before_action :authenticate_user!
+
+    def show
+      schema = ApiEngineBase::Schema::User.convert_user_object(user: current_user)
+      schema_succesful!(status: 200, schema:)
+    end
+
+    def modify
+      result = ApiEngineBase::UserAttributes::Modify.(user: current_user, **modify_params)
+      if result.success?
+        schema = ApiEngineBase::Schema::User.convert_user_object(user: current_user.reload)
+        status = 201
+        schema_succesful!(status:, schema:)
+      else
+        if result.invalid_arguments
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: ApiEngineBase::Schema::PlainText::LoginRequest
+          )
+        else
+          status = 500
+          schema = ApiEngineBase::Schema::Error::Base.new(status:, message: result.msg)
+          render(json: schema.to_h, status:)
+        end
+      end
+    end
+
+    private
+
+    def modify_params
+      {
+        email: params[:email],
+        email_validated: safe_boolean(value: params[:email_validated]),
+        first_name: params[:first_name],
+        last_name: params[:last_name],
+        username: params[:username],
+        verifier_token: safe_boolean(value: params[:verifier_token]),
+      }.compact
+    end
+  end
+end

data/app/models/api_engine_base/application_record.rb

@@ -3,5 +3,43 @@
 module ApiEngineBase
   class ApplicationRecord < ActiveRecord::Base
     self.abstract_class = true
+
+    def self.attribute_to_type_mapping
+      @attribute_to_type_mapping ||= begin
+        mapping = ActiveSupport::HashWithIndifferentAccess.new
+        columns_hash.each do |attribute_name, metadata|
+          base = nil
+          ruby_type = nil
+          allowed_types = nil
+          serialized_type = nil
+          case metadata.type
+          when :string, :text
+            base = ruby_type = String
+          when :integer, :bigint
+            base = ruby_type = Integer
+          when :datetime, :time, :date
+            base = String
+            ruby_type = [DateTime, Time]
+          when :float, :decimal
+            base = ruby_type = Float
+          when :boolean
+            base = "Boolean"
+            ruby_type = [TrueClass, FalseClass]
+            allowed_types = [true, false]
+          else
+            # All else fails convert to String and continue
+            base = ruby_type = String
+          end
+
+          attribute_type = attribute_types[attribute_name]
+          if attribute_type.is_a?(ActiveRecord::Type::Serialized)
+            serialized_type = attribute_type.coder.object_class
+          end
+          mapping[attribute_name] = { serialized_type:, base:, ruby_type:, allowed_types: }.compact
+        end
+
+        mapping
+      end
+    end
   end
 end

data/app/models/user.rb

@@ -16,6 +16,7 @@
 #  password_consecutive_fail  :integer          default(0)
 #  password_digest            :string(255)      default(""), not null
 #  recovery_password_digest   :string(255)      default(""), not null
+#  roles                      :string(255)      default([])
 #  successful_login           :integer          default(0)
 #  username                   :string(255)
 #  verifier_token             :string(255)
@@ -35,16 +36,24 @@ class User < ApiEngineBase::ApplicationRecord
   validates :username, uniqueness: true
   validates :email, uniqueness: true
 
+  ###
+  # Serialize the roles column to check for inclusion easily
+  serialize :roles, coder: JSON, type: Array
+
   def full_name
     "#{first_name} #{last_name}"
   end
 
-  def retreive_verifier_token!
-    return verifier_token if verifier_token
-
+  def reset_verifier_token!
     value = SecureRandom.alphanumeric(32)
-    update!(verifier_token: value)
+    update!(verifier_token: value, verifier_token_last_reset: Time.now)
 
     value
   end
+
+  def retreive_verifier_token!
+    return verifier_token if verifier_token
+
+    reset_verifier_token!
+  end
 end

data/app/services/api_engine_base/README.md

@@ -0,0 +1,49 @@
+# ApiEngineBase Service
+
+`ApiEngineBase::ServiceBase` an abstraction around the Ruby Gem Interactor. It dds custom functionality to the base Service and is intended to be an inherited Class to create Application logic code. All Services in `ApiEngineBase` utilize this base Service class for convenience and DRYness.
+
+## What does ServiceBase offer
+
+### Logging
+`ServiceBase` offers a convenient way to tag logs. It keeps track of:
+- The start of the the Logic call
+- The time it took to complete the logic
+- The status of the logic
+
+Additionally, it provides some convenience methods for logging
+- `log_debug`
+- `log_info`
+- `log_warn`
+- `log_error`
+
+### Argument Validation
+Argument Validation is the powerhouse behind ServiceBase
+
+Customized argument validation can be created by adding the method `validate!`
+```ruby
+class MyServiceClass < ApiEngineBase::ServiceBase
+
+  def call
+  end
+
+  def validate!
+    # run custom validations before executing call
+  end
+end
+```
+
+Other more complex Argument validation includes:
+- Validating Presence of Argument
+- Validating Type of argument
+- Validating a composition of argument values (At least, At Most, Exactly)
+- Delegate context variable to the class for simplicity
+- Validating Argument length or size is `<` `≤` `==` `>` `≥`
+
+For More information, Check out the [ArgumentValidation ReadMe](argument_validation/README.md)
+
+
+## Basic Examples:
+Check out the examples used in this directory!
+
+
+

data/app/services/api_engine_base/argument_validation/README.md

@@ -0,0 +1,192 @@
+# Argument Validation
+
+Argument validation provides a robust framework to ensure correctness of arguments before executing any application logic code. This was created because when in use with an API, this can help provide reusable messaging directly back to the API when the parameters are incorrect.
+
+## Argument Validation
+Argument Validation provides service object code assurances on what to expect for inputted arguments.
+
+Available arguments:
+- `default`: Default value to set the argument when not provided by user
+- `is_a`: The allowed types of the passed in argument. Will also check if the type is in the ancestral tree
+- `is_one`: Checks a direct comparison if the input is one of these values. Note: while not disallowed, `is_a` and `is_one` should not be used together
+- `length`: (used with operators exclusively) When set to true, the operators will use the length of value rather than the exact value
+- `lt`: When provided, argument must be less than this value
+- `lte`: When provided, argument must be less than or equal to this value
+- `eq`: When provided, argument must be equal to this value
+- `gte`: When provided, argument must be greater than or equal to this value
+- `gt`: When provided, argument must be greater than this value
+- `delegation`: (Default set to true) - Sets the delegation on the object. This allows you to reference the argument name rather than the context.{argument_name}
+- `sensitive`: This marks the argument as sensitive. It will scrub the value of the argument when returning the context to the caller
+- `required`: When set, this marks the argument as required. If not provided, validations are not run. When provided, validations must pass
+
+## Argument Composition
+Argument Compositions are made up of 1 or more Argument Validations. The intention of compositions are to ensure `at_most`, `at_least`, or `exactly` X argument validations are provided by the user.
+
+### Composition: At Most
+At most composition expects at most X arguments to get passed into the instance.
+
+```ruby
+class ServiceExample < ApiEngineBase::ServiceBase
+  at_most 2, :name_of_composition, required: true do
+    validate :email, is_a: String
+    validate :phone, is_a: String
+    validate :username, is_a: String
+  end
+
+  def call; end
+end
+```
+
+```ruby
+rails-app(dev)> ServiceExample.(email: "email", phone: "phone", username: "username")
+=> # Composite Key failure for name_of_composition [name_of_composition]. Expected at most 2 keys assigned. Provided values for the following keys: [:email, :phone, :username]. Available keys [:email, :phone, :username] (ApiEngineBase::ServiceBase::CompositionValidationError)
+```
+
+### Composition: At Least
+At least composition expects at least X arguments to get passed into the instance.
+
+```ruby
+class ServiceExample < ApiEngineBase::ServiceBase
+  at_least 2, :name_of_composition, required: true do
+    validate :email, is_a: String
+    validate :phone, is_a: String
+    validate :username, is_a: String
+  end
+
+  def call; end
+end
+```
+
+```ruby
+rails-app(dev)> ServiceExample.(email: "email")
+=> # Composite Key failure for name_of_composition [name_of_composition]. Expected at least 2 keys assigned. Available keys. Provided values for the following keys: [:email]. Available keys [:email, :phone, :username] (ApiEngineBase::ServiceBase::CompositionValidationError)
+```
+
+**Noteworthy**: `at_least` can take in any integer for its `count`. However, we found that most people just need one. For that reason, the convenience method of `at_least_one` was created. It can be used without the `count` argument in `at_least`
+
+### Composition: Compose Exact
+Compose Exact composition expects exactly X arguments to get passed into the instance. For this composition to be valid, there must be X or more validations.
+
+```ruby
+class ServiceExample < ApiEngineBase::ServiceBase
+  compose_exact 2, :name_of_composition, required: true do
+    validate :email, is_a: String
+    validate :phone, is_a: String
+    validate :username, is_a: String
+  end
+
+  def call; end
+end
+```
+```ruby
+rails-app(dev)> ServiceExample.(email: "email")
+=> # Composite Key failure for name_of_composition [name_of_composition]. Expected [2] of the keys to have a value assigned. But 1 keys were assigned. Provided values for the following keys: [:email]. Available keys [:email, :phone, :username] (ApiEngineBase::ServiceBase::CompositionValidationError)
+```
+
+**Noteworthy**: `compose_exact` can take any `count` value to dynamically provision the exact component. However, we found that we almost only just needed count == 1. We have provided a convenience method of `one_of` without the `count` variable to simplify. There are quite a few examples of this already created
+
+### Custom Compositions
+All compositions are built on top of the same underlying function. This allows you to build additional compositions to add custom logic for validations and what not.
+Check out the [ClassMethods Source Code](class_methods.rb) on what method arguments are required.
+
+
+## Argument validation Failures
+When an argument validation fails (whether that is a single `validate` or a composition), there are 3 options on what to do:
+
+### Raise an error (Default)
+As you can see in the examples above, the default for argument validation failures is to raise the following error
+```ruby
+ApiEngineBase::ServiceBase::CompositionValidationError
+```
+
+The expected behavior is:
+- Downstream code catches the failure and handles it correctly
+- Service Logic code is not executed
+
+This failure mode can get explicitly set via:
+```ruby
+class ServiceExample < ApiEngineBase::ServiceBase
+  on_argument_validation :raise
+
+  one_of :name_of_composition, required: true do
+    validate :email, is_a: String
+    validate :phone, is_a: String
+    validate :username, is_a: String
+  end
+
+  def call; end
+end
+```
+
+### Fail the context Early (Recommended)
+Failing the context early is we recommend to do for your service objects. This mode provides an exceptionally amount of context into **HOW** the validation failed and what needs to get corrected.
+
+
+The expected behavior is:
+- Downstream code checks for `result.failure?` and continues accordingly
+- Service Logic code is not executed
+- Nothing is raised
+
+```ruby
+class ServiceExample < ApiEngineBase::ServiceBase
+  on_argument_validation :fail_early
+
+  one_of :name_of_composition, required: true do
+    validate :email, is_a: String
+    validate :phone, is_a: String
+    validate :username, is_a: String
+  end
+
+  def call; end
+end
+```
+```ruby
+result = ServiceExample.(email: :not_a_string)
+if result.success?
+else
+  if result.invalid_arguments
+    # context.fail! was called by argument validation
+    puts result.invalid_arguments
+    puts result.invalid_argument_hash
+    puts result.invalid_argument_keys
+  else
+    # context.fail! was called by user
+  end
+end
+=> true
+=> {:email=>{:msg=>"Parameter [email] must be of type String. Given Symbol [not_a_string]", :required=>nil, :is_a=>String}}
+=> [:email]
+
+result = ServiceExample.()
+result.invalid_arguments
+=> true
+result.invalid_argument_hash
+=> {:name_of_composition=>{:msg=>"Composite Key failure for name_of_composition [name_of_composition]. Expected [1] of the keys to have a value assigned. But no key was assigned. Provided values for the following keys: []. Available keys [:email, :phone, :username]", :required=>nil, :is_a=>nil}}
+result.invalid_argument_keys
+=> [:name_of_composition]
+
+result = ServiceExample.(email: 7, username: 8)
+result.invalid_arguments
+=> true
+result.invalid_argument_hash
+=> {:email=>{:msg=>"Parameter [email] must be of type String. Given Integer [7]", :required=>nil, :is_a=>String}, :username=>{:msg=>"Parameter [username] must be of type String. Given Integer [8]", :required=>nil, :is_a=>String}, :name_of_composition=>{:msg=>"Composite Key failure for name_of_composition [name_of_composition]. Expected [1] of the keys to have a value assigned. But 2 keys were assigned. Provided values for the following keys: [:email, :username]. Available keys [:email, :phone, :username]", :required=>nil, :is_a=>nil}}
+=> [:email, :username, :name_of_composition]
+```
+
+### Log and Continue (Not Recommended)
+This mode will allow you to log the validation failure and continue. We do not recommend this
+
+
+```ruby
+class ServiceExample < ApiEngineBase::ServiceBase
+  on_argument_validation :log
+
+  one_of :name_of_composition, required: true do
+    validate :email, is_a: String
+    validate :phone, is_a: String
+    validate :username, is_a: String
+  end
+
+  def call; end
+end
+```

data/app/services/api_engine_base/argument_validation/class_methods.rb

@@ -22,8 +22,7 @@ module ApiEngineBase::ArgumentValidation
       raise ApiEngineBase::ServiceBase::CompositionValidationError, "Count must be greater than 0" if count < 1
 
       validation_proc = Proc.new do |input_count, keys|
-
-        language = (input_count > 1) ? "But more than #{count} did" : "But no key had a value"
+        language = (input_count > 0) ? "But #{input_count} keys were assigned" : "But no key was assigned"
         {
           message: "Expected [#{count}] of the keys to have a value assigned. #{language}",
           is_valid: (input_count == count),
@@ -111,7 +110,7 @@ module ApiEngineBase::ArgumentValidation
       end
     end
 
-    def validate(name, default: nil, length: false, matches: nil, is_a: nil, is_one: nil, lt: nil, lte: nil, eq: nil, gt: nil, gte: nil, delegation: true, sensitive: false, required: false)
+    def validate(name, default: nil, length: false, is_a: nil, is_one: nil, lt: nil, lte: nil, eq: nil, gt: nil, gte: nil, delegation: true, sensitive: false, required: false)
       if __existing_names.include?(name)
         raise ApiEngineBase::ServiceBase::NameConflictError, "Duplicate key name found. [#{name}] can only be defined once"
       end

data/app/services/api_engine_base/argument_validation/instance_methods.rb

@@ -50,7 +50,19 @@ module ApiEngineBase::ArgumentValidation
         end
 
         if is_a = metadata[:is_a]
-          if Array(is_a).none? { _1 === value }
+          direct_type = false
+          ancestor_type = false
+
+          # Check if direct type of `is_a` Integer === 5 => true
+          direct_type = Array(is_a).none? { _1 === value }
+
+          # If it is a direct type, we dont need to do any other type of checking
+          if direct_type == true
+            lineage = value.ancestors rescue []
+            # Check inclusion in ancestor list
+            ancestor_type = Array(is_a).none? { lineage.include?(_1) }
+          end
+          if direct_type && ancestor_type
             __failed_argument_validation(msg: "Parameter [#{metadata[:name]}] must be of type #{is_a}. Given #{value.class} [#{value}]", argument: metadata[:name], metadata:)
           end
         end