api_valve 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f4cba9301dc5313a548d0d0be717b8bbc0af686c5da846bac838547e08dd8e3
-  data.tar.gz: 42d48117b5969d38f5125bfa4fbbde0633fbde1214b738de1efd607007cbb978
+  metadata.gz: 975b9612ff292d9330c8ee255ec3584f83f5daa8fe2e2a65cf3af0ed7f000eed
+  data.tar.gz: c3d75f806fad96a5ca9f871973a4b458e1da812e0c8bb0e4480c887dc12c77b8
 SHA512:
-  metadata.gz: 537cfb673ad5a8eeb6ec9f0871a0a85d6b61206326e0c9f0f4731414f341f60c45b595feab392f86ab4ea00c64819f83c3b7b98c2650a40e318e22bf1e812a64
-  data.tar.gz: f7e6538270b6d444c1bdf4b1fe06f9d86864c61ca1d9738201d21f9eb06c6349888e4141756ef5db7afdc63a9c427985a64d8d7c306d783d9740ad04d8934743
+  metadata.gz: f4454093eb9d930218a252d6e05c6bcfa573172660c34c1a7bfba91ad085df92bc6ed8fc2d02714fb39a32960a493c30518609c6bb3a3d77efc8b2e44daf0d08
+  data.tar.gz: 8a7c8e8ba52346c4c65b2a6dcaa0f95592d880de6c68745b1a4259f68ab4fc2c0e16fef4f75ecb7c1f9d56dd70d0d491a8ff421622b4d7ed34e6b848e3aa5feb

data/lib/api_valve.rb

@@ -12,16 +12,16 @@ require 'multi_json'
 require 'logger'
 
 module ApiValve
-  autoload :Benchmarking,   'api_valve/benchmarking'
-  autoload :Cascade,        'api_valve/cascade'
-  autoload :Error,          'api_valve/error'
-  autoload :ErrorResponder, 'api_valve/error_responder'
-  autoload :Forwarder,      'api_valve/forwarder'
-  autoload :Middleware,     'api_valve/middleware'
-  autoload :Logger,         'api_valve/logger'
-  autoload :Proxy,          'api_valve/proxy'
-  autoload :RouteSet,       'api_valve/route_set'
-  autoload :Runner,         'api_valve/runner'
+  autoload :Benchmarking,      'api_valve/benchmarking'
+  autoload :Cascade,           'api_valve/cascade'
+  autoload :Error,             'api_valve/error'
+  autoload :ErrorResponder,    'api_valve/error_responder'
+  autoload :Forwarder,         'api_valve/forwarder'
+  autoload :Middleware,        'api_valve/middleware'
+  autoload :Logger,            'api_valve/logger'
+  autoload :PermissionHandler, 'api_valve/permission_handler'
+  autoload :Proxy,             'api_valve/proxy'
+  autoload :RouteSet,          'api_valve/route_set'
 
   include ActiveSupport::Configurable
 

data/lib/api_valve/forwarder.rb

@@ -4,9 +4,8 @@ module ApiValve
   # options, and called from the router.
 
   class Forwarder
-    autoload :PermissionHandler, 'api_valve/forwarder/permission_handler'
-    autoload :Request,           'api_valve/forwarder/request'
-    autoload :Response,          'api_valve/forwarder/response'
+    autoload :Request,  'api_valve/forwarder/request'
+    autoload :Response, 'api_valve/forwarder/response'
 
     include Benchmarking
 
@@ -25,7 +24,6 @@ module ApiValve
     # request and response.
     def call(original_request, local_options = {})
       request = build_request(original_request, request_options.deep_merge(local_options))
-      request.check_permissions!
       response = build_response(original_request, run_request(request), response_options)
       response.rack_response
     end
@@ -50,13 +48,11 @@ module ApiValve
     end
 
     def request_options
-      # integrate permission handler options as it is instantiated in the request
-      (@options[:request] || {}).merge(@options.slice(:permission_handler))
+      (@options[:request] || {})
     end
 
     def response_options
-      # integrate permission handler options as it is instantiated in the response
-      (@options[:response] || {}).merge(@options.slice(:permission_handler) || {})
+      (@options[:response] || {})
     end
 
     def run_request(request)

data/lib/api_valve/forwarder/request.rb

@@ -5,8 +5,6 @@ module ApiValve
   # request is forwarded
 
   class Forwarder::Request
-    include Forwarder::PermissionHandler::RequestIntegration
-
     attr_reader :original_request, :options
 
     WHITELISTED_HEADERS = %w(
@@ -25,9 +23,6 @@ module ApiValve
       @options = options.with_indifferent_access
     end
 
-    # Called by forwarder before actual request is executed
-    delegate :check_permissions!, to: :permission_handler
-
     # HTTP method to use when forwarding. Must return sym.
     # Returns original request method
     def method
@@ -72,6 +67,12 @@ module ApiValve
       @url_params ||= Rack::Utils.parse_nested_query(original_request.query_string)
     end
 
+    protected
+
+    def permission_handler
+      original_request.env['permission_handler']
+    end
+
     private
 
     def forwarded_headers

data/lib/api_valve/forwarder/response.rb

@@ -9,8 +9,6 @@ module ApiValve
   # to the original caller
 
   class Forwarder::Response
-    include Forwarder::PermissionHandler::RequestIntegration
-
     attr_reader :original_request, :original_response, :options
 
     WHITELISTED_HEADERS = %w(
@@ -31,6 +29,12 @@ module ApiValve
       [status, headers, [body]]
     end
 
+    protected
+
+    def permission_handler
+      original_request.env['permission_handler']
+    end
+
     private
 
     def status

data/lib/api_valve/middleware.rb

@@ -1,8 +1,9 @@
 module ApiValve
   class Middleware
-    autoload :ErrorHandling, 'api_valve/middleware/error_handling'
-    autoload :Logging,       'api_valve/middleware/logging'
-    autoload :Router,        'api_valve/middleware/router'
+    autoload :ErrorHandling,   'api_valve/middleware/error_handling'
+    autoload :Logging,         'api_valve/middleware/logging'
+    autoload :PermissionCheck, 'api_valve/middleware/permission_check'
+    autoload :Router,          'api_valve/middleware/router'
 
     Item = Struct.new(:klass, :proc)
 

data/lib/api_valve/middleware/permission_check.rb

@@ -0,0 +1,36 @@
+class ApiValve::Middleware
+  class PermissionCheck
+    def initialize(app, options = {})
+      @app = app
+      @options = options
+    end
+
+    def call(env)
+      env['permission_handler'] = @handler
+      if handler(env).allowed?
+        @app.call(env)
+      else
+        message = handler(env).message
+        ApiValve.logger.info { message }
+        render_error ApiValve::Error::Forbidden.new message
+      end
+    end
+
+    private
+
+    def handler(env)
+      env['permission_handler'] ||= handler_klass.new(
+        env,
+        @options.merge(env['api_valve.router.route'].options[:permission_handler] || {})
+      )
+    end
+
+    def handler_klass
+      @options[:klass] || ApiValve::PermissionHandler
+    end
+
+    def render_error(error)
+      self.class.const_get(ApiValve.error_responder).new(error).call
+    end
+  end
+end

data/lib/api_valve/permission_handler.rb

@@ -0,0 +1,25 @@
+module ApiValve
+  class PermissionHandler
+    def initialize(env, options = {})
+      @env = env
+      @options = options.with_indifferent_access
+    end
+
+    # Run permission checks
+    # Simple implementation is always true. Override in your implementation.
+    def allowed?
+      true
+    end
+
+    # Returns string message why access was denied
+    # Rendered on the API.
+    # Override in your implementation.
+    def message
+      'Insufficient permissions'
+    end
+
+    protected
+
+    attr_reader :env, :options
+  end
+end

data/lib/api_valve/proxy.rb

@@ -1,69 +1,17 @@
 module ApiValve
   class Proxy
-    include ActiveSupport::Callbacks
+    autoload :Builder, 'api_valve/proxy/builder'
+    autoload :Runner,  'api_valve/proxy/runner'
 
-    FORWARDER_OPTIONS = %w(endpoint request response permission_handler).freeze
+    extend Builder
+
+    FORWARDER_OPTIONS = %w(endpoint request response).freeze
 
     class_attribute :permission_handler, :request, :response
-    self.permission_handler = Forwarder::PermissionHandler
+    self.permission_handler = PermissionHandler
     self.request = Forwarder::Request
     self.response = Forwarder::Response
 
-    class << self
-      # Creates a n instance from a config hash and takes optional block
-      # which is executed in scope of the proxy
-      def build(config)
-        block = Proc.new if block_given? # capture the yield
-        from_hash(config).tap do |proxy|
-          proxy.instance_eval(&block) if block
-        end
-      end
-
-      def from_config(file_name = nil)
-        file_name ||= name.underscore
-        path = find_config(file_name)
-        raise "Config not found for #{name.underscore}(.yml|.yml.erb) in #{ApiValve.config_paths.inspect}" unless path
-
-        yaml = File.read(path)
-        yaml = ERB.new(yaml, nil, '-').result if path.fnmatch? '*.erb'
-        from_yaml yaml
-      end
-
-      def from_yaml(string)
-        from_hash YAML.load(string) # rubocop:disable Security/YAMLLoad
-      end
-
-      def from_hash(config)
-        config = config.with_indifferent_access
-        forwarder = Forwarder.new(forwarder_config(config))
-        new(forwarder).tap do |proxy|
-          Array.wrap(config[:use]).each { |mw| proxy.use mw }
-          proxy.build_routes_from_config config[:routes]
-        end
-      end
-
-      private
-
-      def find_config(file_name)
-        ApiValve.config_paths.each do |dir|
-          path = dir.join("#{file_name}.yml")
-          return path if path.exist?
-
-          path = dir.join("#{file_name}.yml.erb")
-          return path if path.exist?
-        end
-        nil
-      end
-
-      def forwarder_config(config)
-        {
-          permission_handler: {klass: permission_handler},
-          request:            {klass: request},
-          response:           {klass: response}
-        }.with_indifferent_access.deep_merge config.slice(*FORWARDER_OPTIONS)
-      end
-    end
-
     attr_reader :request, :forwarder, :middleware, :route_set
 
     alias router route_set
@@ -84,38 +32,19 @@ module ApiValve
     delegate :add_route, to: :route_set
     delegate :use, to: :middleware
 
-    def build_routes_from_config(routes_config)
-      return forward_all unless routes_config
-
-      routes_config.each do |route_config|
-        method, path_regexp, request_override = *route_config.values_at('method', 'path', 'request')
-        method ||= 'any' # no method defined means all methods
-        if route_config['raise']
-          deny method, path_regexp, with: route_config['raise']
-        else
-          forward method, path_regexp, request_override
-        end
-      end
-    end
-
-    def forward(methods, path_regexp = nil, request_override = {})
-      Array.wrap(methods).each do |method|
-        route_set.public_send(method, path_regexp, proc { |request, match_data|
-          forwarder.call request, {'match_data' => match_data}.merge(request_override || {})
-        })
-      end
+    def forward(methods, path_regexp = nil, options = {})
+      options = options.with_indifferent_access
+      route_set.append(methods, path_regexp, options.except(:request), proc { |request, match_data|
+        forwarder.call request, {'match_data' => match_data}.merge(options[:request] || {}).with_indifferent_access
+      })
     end
 
-    def forward_all
-      route_set.any do |request, match_data|
-        forwarder.call request, 'match_data' => match_data
-      end
+    def forward_all(options = {})
+      forward(RouteSet::METHODS, nil, options)
     end
 
     def deny(methods, path_regexp = nil, with: 'Error::Forbidden')
-      Array.wrap(methods).each do |method|
-        route_set.public_send(method, path_regexp, ->(*_args) { raise ApiValve.const_get(with) })
-      end
+      route_set.append(methods, path_regexp, {}, ->(*_args) { raise ApiValve.const_get(with) })
     end
 
     protected

data/lib/api_valve/proxy/builder.rb

@@ -0,0 +1,72 @@
+module ApiValve
+  class Proxy
+    module Builder
+      # Creates a n instance from a config hash and takes optional block
+      # which is executed in scope of the proxy
+      def build(config)
+        block = Proc.new if block_given? # capture the yield
+        from_hash(config).tap do |proxy|
+          proxy.instance_eval(&block) if block
+        end
+      end
+
+      def from_config(file_name = nil)
+        file_name ||= name.underscore
+        path = find_config(file_name)
+        raise "Config not found for #{name.underscore}(.yml|.yml.erb) in #{ApiValve.config_paths.inspect}" unless path
+
+        yaml = File.read(path)
+        yaml = ERB.new(yaml, nil, '-').result if path.fnmatch? '*.erb'
+        from_yaml yaml
+      end
+
+      def from_yaml(string)
+        from_hash YAML.load(string) # rubocop:disable Security/YAMLLoad
+      end
+
+      def from_hash(config)
+        config = config.with_indifferent_access
+        forwarder = Forwarder.new(forwarder_config(config))
+        new(forwarder).tap do |proxy|
+          Array.wrap(config[:use]).each { |mw| proxy.use mw }
+          add_routes_from_config proxy, config[:routes]
+          proxy.use Middleware::PermissionCheck, config[:permission_handler] if config[:permission_handler]
+        end
+      end
+
+      private
+
+      def add_routes_from_config(proxy, routes_config)
+        return proxy.forward_all unless routes_config
+
+        routes_config.each do |route_config|
+          method, path_regexp = *route_config.values_at('method', 'path')
+          method ||= 'any' # no method defined means all methods
+          if route_config['raise']
+            proxy.deny method, path_regexp, with: route_config['raise']
+          else
+            proxy.forward method, path_regexp, route_config.except('method', 'path')
+          end
+        end
+      end
+
+      def find_config(file_name)
+        ApiValve.config_paths.each do |dir|
+          path = dir.join("#{file_name}.yml")
+          return path if path.exist?
+
+          path = dir.join("#{file_name}.yml.erb")
+          return path if path.exist?
+        end
+        nil
+      end
+
+      def forwarder_config(config)
+        {
+          request:  {klass: request},
+          response: {klass: response}
+        }.with_indifferent_access.deep_merge config.slice(*FORWARDER_OPTIONS)
+      end
+    end
+  end
+end

data/lib/api_valve/{runner.rb → proxy/runner.rb}

@@ -1,5 +1,5 @@
 module ApiValve
-  class Runner
+  class Proxy::Runner
     def call(env)
       env['api_valve.router.route'].call \
         Rack::Request.new(env),

data/lib/api_valve/route_set.rb

@@ -2,7 +2,7 @@ module ApiValve
   class RouteSet
     METHODS = %i(get post put patch delete head).freeze
 
-    Route = Struct.new(:regexp, :block) do
+    Route = Struct.new(:regexp, :options, :block) do
       delegate :call, to: :block
 
       def match(path_info)
@@ -24,7 +24,7 @@ module ApiValve
       raise 'URL not supported' if request.path_info.include?('/../')
 
       match_data = nil
-      route = @routes && @routes[request.request_method.downcase.to_sym].find do |r|
+      route = @routes && @routes[request.request_method.downcase].find do |r|
         (match_data = r.match(request.path_info))
       end
       raise Error::NotRouted, 'Endpoint not found' unless route
@@ -32,50 +32,55 @@ module ApiValve
       [route, match_data]
     end
 
-    def delete(path = nil, prok = nil)
-      append :delete, path, prok || Proc.new
+    def delete(path = nil, options = {}, prok = nil)
+      push :delete, path, options, prok || Proc.new
     end
 
-    def get(path = nil, prok = nil)
-      append :get, path, prok || Proc.new
+    def get(path = nil, options = {}, prok = nil)
+      push :get, path, options, prok || Proc.new
     end
 
-    def head(path = nil, prok = nil)
-      append :head, path, prok || Proc.new
+    def head(path = nil, options = {}, prok = nil)
+      push :head, path, options, prok || Proc.new
     end
 
-    def patch(path = nil, prok = nil)
-      append :patch, path, prok || Proc.new
+    def patch(path = nil, options = {}, prok = nil)
+      push :patch, path, options, prok || Proc.new
     end
 
-    def post(path = nil, prok = nil)
-      append :post, path, prok || Proc.new
+    def post(path = nil, options = {}, prok = nil)
+      push :post, path, options, prok || Proc.new
     end
 
-    def put(path = nil, prok = nil)
-      append :put, path, prok || Proc.new
+    def put(path = nil, options = {}, prok = nil)
+      push :put, path, options, prok || Proc.new
     end
 
-    def any(path = nil, prok = nil)
-      append METHODS, path, prok || Proc.new
+    def any(path = nil, options = {}, prok = nil)
+      append METHODS, path, options, prok || Proc.new
     end
 
-    def append(methods, regexp, prok = nil)
-      prok ||= Proc.new
-      Array.wrap(methods).each do |method|
-        @routes[method] << Route.new(regexp, prok)
-      end
+    def push(methods, regexp, options = {}, prok = nil)
+      add_route :push, methods, regexp, options, prok || Proc.new
     end
 
-    def unshift(methods, regexp = nil, prok = nil)
-      prok ||= Proc.new
-      Array.wrap(methods).each do |method|
-        @routes[method].unshift Route.new(regexp, prok)
-      end
+    alias append push
+
+    def unshift(methods, regexp = nil, options = {}, prok = nil)
+      add_route :unshift, methods, regexp, options, prok || Proc.new
     end
 
     def reset_routes
-      @routes = Hash[METHODS.map { |v| [v, []] }].freeze
+      @routes = Hash[METHODS.map { |v| [v, []] }].with_indifferent_access.freeze
+    end
+
+    private
+
+    def add_route(how, methods, regexp, options, prok)
+      methods = METHODS if methods.to_s == 'any'
+      Array.wrap(methods).each do |method|
+        @routes[method].public_send how, Route.new(regexp, options, prok)
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: api_valve
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - mkon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-18 00:00:00.000000000 Z
+date: 2018-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -198,17 +198,19 @@ files:
 - lib/api_valve/error.rb
 - lib/api_valve/error_responder.rb
 - lib/api_valve/forwarder.rb
-- lib/api_valve/forwarder/permission_handler.rb
 - lib/api_valve/forwarder/request.rb
 - lib/api_valve/forwarder/response.rb
 - lib/api_valve/logger.rb
 - lib/api_valve/middleware.rb
 - lib/api_valve/middleware/error_handling.rb
 - lib/api_valve/middleware/logging.rb
+- lib/api_valve/middleware/permission_check.rb
 - lib/api_valve/middleware/router.rb
+- lib/api_valve/permission_handler.rb
 - lib/api_valve/proxy.rb
+- lib/api_valve/proxy/builder.rb
+- lib/api_valve/proxy/runner.rb
 - lib/api_valve/route_set.rb
-- lib/api_valve/runner.rb
 homepage: https://github.com/mkon/api_valve
 licenses:
 - MIT

data/lib/api_valve/forwarder/permission_handler.rb

@@ -1,47 +0,0 @@
-module ApiValve
-  # This class is responsible to decide if a request is allowed or not, and can
-  # be extended with more ACL related features, for example returning a list of
-  # attributes that can be read or written.
-
-  class Forwarder::PermissionHandler
-    InsufficientPermissions = Class.new(Error::Forbidden)
-
-    module RequestIntegration
-      private
-
-      def permission_handler
-        permission_handler_klass.instance(original_request, permission_handler_options)
-      end
-
-      def permission_handler_klass
-        permission_handler_options[:klass] || Forwarder::PermissionHandler
-      end
-
-      def permission_handler_options
-        options[:permission_handler] || {}
-      end
-    end
-
-    attr_reader :request, :options
-
-    delegate :env, to: :request
-
-    # Returns an instance of the PermissionHandler, cached in the request env
-    # This allows re-use of the PermissionHandler by both Request and Response instances
-    def self.instance(request, options)
-      request.env['permission_handler'] ||= new(request, options)
-    end
-
-    def initialize(request, options = {})
-      @request = request
-      @options = options
-    end
-
-    # Run permission checks
-    # Simple implementation is always true. Override in your implementation.
-    # For example raise ApiValve::Error::Forbidden in certain conditions
-    def check_permissions!
-      true
-    end
-  end
-end