apia 3.4.0 → 3.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/apia/cors.rb +38 -0
- data/lib/apia/endpoint.rb +14 -1
- data/lib/apia/rack.rb +1 -22
- data/lib/apia/request_environment.rb +5 -0
- data/lib/apia/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 360c2cb98ee125b41392e2005987b1736a452d02307bc234f074ba74e6dda86a
|
4
|
+
data.tar.gz: d82e4a00e799fbac207669f8ba011e57212d5f0e2afb513932aabd0b2cc31d9d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a0ecfdfa99d462409158ea2545215839567b2728ff0e8e91d1e4b6a2391fe517efb2976f038a73b04d320b1968532620acd38f728553a5682116ff06a336109a
|
7
|
+
data.tar.gz: 406100fb8a0afdb2fda77bd9a3a8c3bcab5abc0d0db54232d0e1480b7a2a7e3930102e93a2d4784ee958d5a338db75def9efe66bf6c587945295f71250706956
|
data/lib/apia/cors.rb
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Apia
|
4
|
+
class CORS
|
5
|
+
|
6
|
+
attr_accessor :methods
|
7
|
+
attr_accessor :headers
|
8
|
+
attr_accessor :origin
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
@origin = '*'
|
12
|
+
@methods = '*'
|
13
|
+
@headers = []
|
14
|
+
end
|
15
|
+
|
16
|
+
def to_headers
|
17
|
+
return {} if @origin.nil?
|
18
|
+
|
19
|
+
headers = {}
|
20
|
+
headers['Access-Control-Allow-Origin'] = @origin
|
21
|
+
|
22
|
+
if @methods.is_a?(String)
|
23
|
+
headers['Access-Control-Allow-Methods'] = @methods
|
24
|
+
elsif @methods.is_a?(Array) && @methods.any?
|
25
|
+
headers['Access-Control-Allow-Methods'] = @methods.map(&:upcase).join(', ')
|
26
|
+
end
|
27
|
+
|
28
|
+
if @headers.is_a?(String)
|
29
|
+
headers['Access-Control-Allow-Headers'] = @headers
|
30
|
+
elsif @headers.is_a?(Array) && @headers.any?
|
31
|
+
headers['Access-Control-Allow-Headers'] = @headers.join(', ')
|
32
|
+
end
|
33
|
+
|
34
|
+
headers
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
38
|
+
end
|
data/lib/apia/endpoint.rb
CHANGED
@@ -48,10 +48,23 @@ module Apia
|
|
48
48
|
environment = RequestEnvironment.new(request, response)
|
49
49
|
|
50
50
|
catch_errors(response) do
|
51
|
-
# Determine an authenticator
|
51
|
+
# Determine an authenticator for this endpoint
|
52
52
|
request.authenticator = definition.authenticator || request.controller&.definition&.authenticator || request.api&.definition&.authenticator
|
53
|
+
|
54
|
+
# Execute the authentication before the request happens
|
53
55
|
request.authenticator&.execute(environment)
|
54
56
|
|
57
|
+
# Add the CORS headers to the response before the endpoint is called. The endpoint
|
58
|
+
# cannot influence the CORS headers.
|
59
|
+
response.headers.merge!(environment.cors.to_headers)
|
60
|
+
|
61
|
+
# OPTIONS requests always return 200 OK and no body.
|
62
|
+
if request.options?
|
63
|
+
response.status = 200
|
64
|
+
response.body = ''
|
65
|
+
return response
|
66
|
+
end
|
67
|
+
|
55
68
|
# Determine if we're permitted to run the action based on the endpoint's scopes
|
56
69
|
if request.authenticator && !request.authenticator.authorized_scope?(environment, definition.scopes)
|
57
70
|
environment.raise_error Apia::ScopeNotGrantedError, scopes: definition.scopes
|
data/lib/apia/rack.rb
CHANGED
@@ -65,9 +65,7 @@ module Apia
|
|
65
65
|
|
66
66
|
api_path = Regexp.last_match(1)
|
67
67
|
|
68
|
-
|
69
|
-
add_cors_headers(env, triplet)
|
70
|
-
triplet
|
68
|
+
handle_request(env, api_path)
|
71
69
|
end
|
72
70
|
|
73
71
|
private
|
@@ -77,10 +75,6 @@ module Apia
|
|
77
75
|
request_method = env['REQUEST_METHOD'].upcase
|
78
76
|
notify_hash = { api: api, env: env, path: api_path, method: request_method }
|
79
77
|
|
80
|
-
if request_method.upcase == 'OPTIONS'
|
81
|
-
return [204, {}, ['']]
|
82
|
-
end
|
83
|
-
|
84
78
|
Apia::Notifications.notify(:request_start, notify_hash)
|
85
79
|
|
86
80
|
validate_api if development?
|
@@ -155,21 +149,6 @@ module Apia
|
|
155
149
|
)
|
156
150
|
end
|
157
151
|
|
158
|
-
# Add cross origin headers to the response triplet
|
159
|
-
#
|
160
|
-
# @param env [Hash]
|
161
|
-
# @param triplet [Array]
|
162
|
-
# @return [void]
|
163
|
-
def add_cors_headers(env, triplet)
|
164
|
-
triplet[1]['Access-Control-Allow-Origin'] = '*'
|
165
|
-
triplet[1]['Access-Control-Allow-Methods'] = '*'
|
166
|
-
if env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']
|
167
|
-
triplet[1]['Access-Control-Allow-Headers'] = env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']
|
168
|
-
end
|
169
|
-
|
170
|
-
true
|
171
|
-
end
|
172
|
-
|
173
152
|
class << self
|
174
153
|
|
175
154
|
# Return a JSON-ready triplet for the given body.
|
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require 'apia/environment_error_handling'
|
4
4
|
require 'apia/errors/invalid_helper_error'
|
5
|
+
require 'apia/cors'
|
5
6
|
|
6
7
|
module Apia
|
7
8
|
class RequestEnvironment
|
@@ -74,6 +75,10 @@ module Apia
|
|
74
75
|
@response.add_field :pagination, pagination_info
|
75
76
|
end
|
76
77
|
|
78
|
+
def cors
|
79
|
+
@cors ||= CORS.new
|
80
|
+
end
|
81
|
+
|
77
82
|
private
|
78
83
|
|
79
84
|
def potential_error_sources
|
data/lib/apia/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apia
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Cooke
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-08-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|
@@ -51,6 +51,7 @@ files:
|
|
51
51
|
- lib/apia/authenticator.rb
|
52
52
|
- lib/apia/callable_with_environment.rb
|
53
53
|
- lib/apia/controller.rb
|
54
|
+
- lib/apia/cors.rb
|
54
55
|
- lib/apia/deep_merge.rb
|
55
56
|
- lib/apia/defineable.rb
|
56
57
|
- lib/apia/definition.rb
|