apia 3.3.1 → 3.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b329db4c1e00be2afbb4160dff2feb3e3be2dfb0feab05b2b6f591045fe953b4
-  data.tar.gz: 3eff127300b99d73b3a15d86c0edba9bdb30f404500e35890aec1498a5f73337
+  metadata.gz: 360c2cb98ee125b41392e2005987b1736a452d02307bc234f074ba74e6dda86a
+  data.tar.gz: d82e4a00e799fbac207669f8ba011e57212d5f0e2afb513932aabd0b2cc31d9d
 SHA512:
-  metadata.gz: 1d2af39e3de24f4ee4f3dbefa8206dde25648274793bcecfdca183faedfd7d6622bb60552ae7134b9abda3ccb667f285884957cc542f045ecc71b6f2da4b6138
-  data.tar.gz: ad96bf7677bf7d8c1d8b438f79f9c3d743f4184c9351c82eceeea5e5bc7d7dd97d039cba51eca4e0c8bd013bc6be96c8558aa61de41d87de2faacb008d3fe31e
+  metadata.gz: a0ecfdfa99d462409158ea2545215839567b2728ff0e8e91d1e4b6a2391fe517efb2976f038a73b04d320b1968532620acd38f728553a5682116ff06a336109a
+  data.tar.gz: 406100fb8a0afdb2fda77bd9a3a8c3bcab5abc0d0db54232d0e1480b7a2a7e3930102e93a2d4784ee958d5a338db75def9efe66bf6c587945295f71250706956

data/lib/apia/cors.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Apia
+  class CORS
+
+    attr_accessor :methods
+    attr_accessor :headers
+    attr_accessor :origin
+
+    def initialize
+      @origin = '*'
+      @methods = '*'
+      @headers = []
+    end
+
+    def to_headers
+      return {} if @origin.nil?
+
+      headers = {}
+      headers['Access-Control-Allow-Origin'] = @origin
+
+      if @methods.is_a?(String)
+        headers['Access-Control-Allow-Methods'] = @methods
+      elsif @methods.is_a?(Array) && @methods.any?
+        headers['Access-Control-Allow-Methods'] = @methods.map(&:upcase).join(', ')
+      end
+
+      if @headers.is_a?(String)
+        headers['Access-Control-Allow-Headers'] = @headers
+      elsif @headers.is_a?(Array) && @headers.any?
+        headers['Access-Control-Allow-Headers'] = @headers.join(', ')
+      end
+
+      headers
+    end
+
+  end
+end

data/lib/apia/endpoint.rb

@@ -48,10 +48,23 @@ module Apia
         environment = RequestEnvironment.new(request, response)
 
         catch_errors(response) do
-          # Determine an authenticator and execute it before the request happens
+          # Determine an authenticator for this endpoint
           request.authenticator = definition.authenticator || request.controller&.definition&.authenticator || request.api&.definition&.authenticator
+
+          # Execute the authentication before the request happens
           request.authenticator&.execute(environment)
 
+          # Add the CORS headers to the response before the endpoint is called. The endpoint
+          # cannot influence the CORS headers.
+          response.headers.merge!(environment.cors.to_headers)
+
+          # OPTIONS requests always return 200 OK and no body.
+          if request.options?
+            response.status = 200
+            response.body = ''
+            return response
+          end
+
           # Determine if we're permitted to run the action based on the endpoint's scopes
           if request.authenticator && !request.authenticator.authorized_scope?(environment, definition.scopes)
             environment.raise_error Apia::ScopeNotGrantedError, scopes: definition.scopes

data/lib/apia/field_set.rb

@@ -5,6 +5,7 @@ require 'apia/scalar'
 require 'apia/object'
 require 'apia/enum'
 require 'apia/field_spec'
+require 'apia/generated_hash'
 
 module Apia
   class FieldSet < Hash
@@ -35,10 +36,12 @@ module Apia
     #
     # @param source [Object, Hash]
     # @param request [Apia::Request]
+    # @param object [Apia::Object] the object that this fieldset belongs to
     # @param only [Array]
     # @return [Hash]
-    def generate_hash(source, request: nil, path: [])
-      each_with_object({}) do |(_, field), hash|
+    def generate_hash(source, request: nil, path: [], object: nil)
+      new_hash = GeneratedHash.enabled? ? GeneratedHash.new(object, source, path: path) : {}
+      each_with_object(new_hash) do |(_, field), hash|
         next unless field.include?(source, request)
 
         field_path = path + [field]

data/lib/apia/generated_hash.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Apia
+  class GeneratedHash < Hash
+
+    attr_reader :object
+    attr_reader :source
+    attr_reader :path
+
+    def initialize(object, source, path: nil)
+      super()
+      @object = object
+      @source = source
+      @path = path
+    end
+
+    class << self
+
+      def enabled?
+        @enabled == true
+      end
+
+      def enable
+        @enabled = true
+      end
+
+    end
+
+  end
+end

data/lib/apia/object.rb

@@ -49,7 +49,7 @@ module Apia
     # @param request [Apia::Request] the associated request
     # @return [Hash]
     def hash(request: nil, path: [])
-      self.class.definition.fields.generate_hash(@value, request: request, path: path)
+      self.class.definition.fields.generate_hash(@value, object: self, request: request, path: path)
     end
 
     # Should this type be included in any output?

data/lib/apia/rack.rb

@@ -65,9 +65,7 @@ module Apia
 
       api_path = Regexp.last_match(1)
 
-      triplet = handle_request(env, api_path)
-      add_cors_headers(env, triplet)
-      triplet
+      handle_request(env, api_path)
     end
 
     private
@@ -77,10 +75,6 @@ module Apia
       request_method = env['REQUEST_METHOD'].upcase
       notify_hash = { api: api, env: env, path: api_path, method: request_method }
 
-      if request_method.upcase == 'OPTIONS'
-        return [204, {}, ['']]
-      end
-
       Apia::Notifications.notify(:request_start, notify_hash)
 
       validate_api if development?
@@ -155,21 +149,6 @@ module Apia
       )
     end
 
-    # Add cross origin headers to the response triplet
-    #
-    # @param env [Hash]
-    # @param triplet [Array]
-    # @return [void]
-    def add_cors_headers(env, triplet)
-      triplet[1]['Access-Control-Allow-Origin'] = '*'
-      triplet[1]['Access-Control-Allow-Methods'] = '*'
-      if env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']
-        triplet[1]['Access-Control-Allow-Headers'] = env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']
-      end
-
-      true
-    end
-
     class << self
 
       # Return a JSON-ready triplet for the given body.

data/lib/apia/request_environment.rb

@@ -2,6 +2,7 @@
 
 require 'apia/environment_error_handling'
 require 'apia/errors/invalid_helper_error'
+require 'apia/cors'
 
 module Apia
   class RequestEnvironment
@@ -74,6 +75,10 @@ module Apia
       @response.add_field :pagination, pagination_info
     end
 
+    def cors
+      @cors ||= CORS.new
+    end
+
     private
 
     def potential_error_sources

data/lib/apia/version.rb

@@ -2,11 +2,6 @@
 
 module Apia
 
-  VERSION_FILE_ROOT = File.expand_path('../../VERSION', __dir__)
-  if File.file?(VERSION_FILE_ROOT)
-    VERSION = File.read(VERSION_FILE_ROOT).strip.sub(/\Av/, '')
-  else
-    VERSION = '0.0.0.dev'
-  end
+  VERSION = '3.5.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apia
 version: !ruby/object:Gem::Version
-  version: 3.3.1
+  version: 3.5.0
 platform: ruby
 authors:
 - Adam Cooke
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-14 00:00:00.000000000 Z
+date: 2023-08-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -45,13 +45,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- VERSION
 - lib/apia.rb
 - lib/apia/api.rb
 - lib/apia/argument_set.rb
 - lib/apia/authenticator.rb
 - lib/apia/callable_with_environment.rb
 - lib/apia/controller.rb
+- lib/apia/cors.rb
 - lib/apia/deep_merge.rb
 - lib/apia/defineable.rb
 - lib/apia/definition.rb
@@ -110,6 +110,7 @@ files:
 - lib/apia/errors/standard_error.rb
 - lib/apia/field_set.rb
 - lib/apia/field_spec.rb
+- lib/apia/generated_hash.rb
 - lib/apia/helpers.rb
 - lib/apia/hook_set.rb
 - lib/apia/lookup_argument_set.rb

data/VERSION

@@ -1 +0,0 @@
-3.3.1