apiphobic-middleware 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9352c3d38356493b40f17954ccfdd450ebaecdebc6dd14619fa8c5697076414d
+  data.tar.gz: dde745db2e429e6ff8d4e37504eb2a7bfc286b20d06105aac4e7ecac50183148
+SHA512:
+  metadata.gz: 1c85fb802cbcea1cc06aac643a7cf4694220087da8e20ef95e9c6377aa9f8fb00bbad83bc931f8be83f6db6bf7fdbbc643bf1fad450a34162cfbb3673f63aaae
+  data.tar.gz: f8b53e044e4d52d894494b60e0c3fc8fa12c397847ef58b09797cdb9256a92e1001a17e9ce65f5fcd471282eb9f49d5bec308a35fcc68890211091582dfd5cd4

data/LICENSE.txt

@@ -0,0 +1,19 @@
+Copyright (c) 2010-2016 The Kompanee, Ltd
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,35 @@
+# Middleware
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/middleware`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'middleware'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install middleware
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/jfelchner/middleware.

data/lib/apiphobic/accept_header.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+module  Apiphobic
+class   AcceptHeader
+  attr_accessor :raw_accept_header
+  attr_reader   :application_name
+
+  def initialize(header, application_name:)
+    self.application_name  = application_name
+    self.raw_accept_header = header || ''
+  end
+
+  def application_name=(other)
+    @accept_header_data   = nil
+    @accept_header_format = nil
+
+    @application_name     = other
+  end
+
+  def version
+    accept_header_data[2]
+  end
+
+  def content_type
+    accept_header_data[1]
+  end
+
+  def valid?
+    !invalid?
+  end
+
+  def invalid?
+    accept_header_data.nil?
+  end
+
+  def to_s
+    raw_accept_header
+  end
+
+  private
+
+  def accept_header_data
+    @accept_header_data ||= raw_accept_header.match(accept_header_format)
+  end
+
+  def accept_header_format
+    @accept_header_format ||= %r{
+      ################################################################################
+      # BEGINNING
+      ################################################################################
+
+      (?:
+        (?<=\A)                       # the beginning of the accept header
+        |                             # or
+        (?<=,)                        # the beginning of an accept value
+      )
+
+      ################################################################################
+      # APPLICATION NAME
+      ################################################################################
+
+      application/vnd\.#{application_name} # the application vendor string
+
+      ################################################################################
+      # SUBRESOURCE
+      ################################################################################
+
+      (?:
+        \+                            # a literal '+'
+        (\w+)                         # the subresource name
+      )?
+
+      ################################################################################
+      # VERSION SECTION
+      ################################################################################
+
+      (?:
+        ;                             # a literal ';'
+
+        version=                      # a literal 'version='
+        (
+                                      # VERSION DIGIT GROUPINGS SECTION
+
+          \d+                         # one or more digits
+          (?:\.\d+){0,2}              # one or two groups of digits with preceeding '.'
+
+                                      # VERSION BETA SECTION
+          (?:
+            beta                      # a literal 'beta'
+            (?:\d*)                   # a optional beta version
+          )?
+        )
+      )?
+
+      ################################################################################
+      # END
+      ################################################################################
+
+      (?:
+        (?=\z)                        # the end of the accept header
+        |                             # or
+        (?=,)                         # the end of an accept value
+      )
+    }x
+  end
+end
+end

data/lib/apiphobic/errors/invalid_accept_header.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'erratum/error'
+
+module  Apiphobic
+module  Errors
+class   InvalidAcceptHeader < RuntimeError
+  include Erratum::Error
+
+  attr_accessor :accept_header
+
+  def http_status
+    400
+  end
+
+  def title
+    'Invalid Accept Header'
+  end
+
+  def detail
+    <<~HEREDOC.chomp.tr("\n", ' ')
+      The accept header that you passed in the request cannot be parsed, please
+      refer to the documentation to verify.
+    HEREDOC
+  end
+
+  def source
+    {
+      'accept_header' => accept_header,
+    }
+  end
+end
+end
+end

data/lib/apiphobic/errors/invalid_request_body.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'erratum/error'
+
+module  Apiphobic
+module  Errors
+class   InvalidRequestBody < RuntimeError
+  include Erratum::Error
+
+  attr_accessor :request_body
+
+  def http_status
+    400
+  end
+
+  def title
+    'Invalid Request Body'
+  end
+
+  def detail
+    'The information you attempted to send in the request cannot be parsed as ' \
+    'a valid JSON document.'
+  end
+
+  def source
+    {
+      'request_body' => request_body,
+    }
+  end
+end
+end
+end

data/lib/apiphobic/errors/invalid_subdomain.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'erratum/error'
+
+module  Apiphobic
+module  Errors
+class   InvalidSubdomain < RuntimeError
+  include Erratum::Error
+
+  attr_accessor :http_host
+
+  def http_status
+    404
+  end
+
+  def title
+    'Invalid Subdomain'
+  end
+
+  def detail
+    <<~HEREDOC.chomp.tr("\n", ' ')
+      The subdomain you attempted to access is not valid. Please try again.
+    HEREDOC
+  end
+
+  def source
+    {
+      'http_host' => http_host,
+    }
+  end
+end
+end
+end

data/lib/apiphobic/matchers/accept_header.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'apiphobic/accept_header'
+
+module  Apiphobic
+module  Matchers
+class   AcceptHeader
+  attr_accessor :accept_header,
+                :application_name,
+                :request
+
+  def initialize(application_name:)
+    self.application_name = application_name
+  end
+
+  def matches?(request)
+    self.request       = request
+    self.accept_header = ::Apiphobic::AcceptHeader.new(request.accept_header,
+                                                       application_name: application_name)
+
+    accept_header.valid?
+  end
+end
+end
+end

data/lib/apiphobic/matchers/subdomain.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module  Apiphobic
+module  Matchers
+class   Subdomain
+  attr_accessor :allowed_subdomains,
+                :request
+
+  def initialize(allowed_subdomains:)
+    self.allowed_subdomains = Array(allowed_subdomains)
+  end
+
+  def matches?(request)
+    self.request = request
+
+    allowed_subdomains.include? request.subdomain
+  end
+end
+end
+end

data/lib/apiphobic/middleware/configurable.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'apiphobic/middleware/configuration'
+
+module  Apiphobic
+module  Middleware
+module  Configurable
+  module ClassMethods
+    def configure
+      yield configuration
+    end
+
+    def configuration
+      ::Apiphobic::Middleware::Configuration.instance
+    end
+  end
+
+  def self.included(base)
+    base.extend(ClassMethods)
+  end
+
+  def configuration
+    ::Apiphobic::Middleware::Configuration.instance
+  end
+end
+end
+end

data/lib/apiphobic/middleware/configuration.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'singleton'
+
+module  Apiphobic
+module  Middleware
+  class Configuration
+    include Singleton
+
+    attr_accessor :application_name
+    attr_writer   :allowed_api_subdomains,
+                  :allowed_subdomains
+
+    def to_h
+      {
+        allowed_api_subdomains: allowed_api_subdomains,
+        allowed_subdomains:     allowed_subdomains,
+        application_name:       application_name,
+      }
+    end
+
+    def allowed_subdomains
+      @allowed_subdomains || ['api']
+    end
+
+    def allowed_api_subdomains
+      @allowed_api_subdomains || ['api']
+    end
+  end
+
+  def self.configure
+    yield configuration
+  end
+
+  def self.configuration
+    @configuration ||= Configuration.instance
+  end
+end
+end

data/lib/apiphobic/middleware/converters/content_type.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module  Apiphobic
+module  Middleware
+module  Converters
+class   ContentType
+  JSON_API_MIME_TYPE_PATTERN = %r{application/vnd\.api\+json(?=\z|;)}
+
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    env['CONTENT_TYPE'] = env['CONTENT_TYPE']
+                            .to_s
+                            .gsub(JSON_API_MIME_TYPE_PATTERN, 'application/json')
+
+    @app.call(env)
+  end
+end
+end
+end
+end

data/lib/apiphobic/middleware/converters/json_api_parameters.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'apiphobic/requests/transform_json_api'
+require 'apiphobic/responses/invalid_request_body'
+
+module  Apiphobic
+module  Middleware
+module  Converters
+class   JsonApiParameters
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    request = Requests::TransformJsonApi.new(env)
+
+    json_api_request = request.transform
+
+    @app.call(json_api_request)
+  rescue JSON::ParserError
+    Responses::InvalidRequestBody.call(env)
+  end
+end
+end
+end
+end

data/lib/apiphobic/middleware/validators/accept_header.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'apiphobic/matchers/accept_header'
+require 'apiphobic/matchers/subdomain'
+require 'apiphobic/middleware/configurable'
+require 'apiphobic/requests/accept_header'
+require 'apiphobic/requests/subdomain'
+require 'apiphobic/responses/invalid_accept_header'
+
+module  Apiphobic
+module  Middleware
+module  Validators
+class   AcceptHeader
+  include Configurable
+
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    subdomain_request     = Requests::Subdomain.new(env)
+    accept_header_request = Requests::AcceptHeader.new(env)
+    accept_header         = Matchers::AcceptHeader.new(
+                              application_name: configuration.application_name,
+                            )
+    subdomain             = Matchers::Subdomain.new(
+                              allowed_subdomains: configuration.allowed_api_subdomains,
+                            )
+
+    unless subdomain.matches?(subdomain_request) &&
+           accept_header.matches?(accept_header_request)
+
+      return Responses::InvalidAcceptHeader.call(env)
+    end
+
+    @app.call(env)
+  end
+end
+end
+end
+end

data/lib/apiphobic/middleware/validators/authorization_token.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'erratum/errors/authentication/invalid_token'
+require 'apiphobic/requests/authorization_token'
+require 'apiphobic/responses/invalid_token'
+require 'apiphobic/tokens/configuration'
+
+module  Apiphobic
+module  Middleware
+module  Validators
+class   AuthorizationToken
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    token_request = Requests::AuthorizationToken.new(
+                      env,
+                      type:        Apiphobic::Tokens.configuration.type,
+                      private_key: Apiphobic::Tokens.configuration.private_key,
+                    )
+    token         = token_request.fetch
+
+    token.validate!
+
+    env['X_JSON_WEB_TOKEN'] = token.to_h
+
+    @app.call(env)
+  rescue ::Erratum::Errors::InvalidToken => error
+    Responses::InvalidToken.call(env, error: error)
+  end
+end
+end
+end
+end

data/lib/apiphobic/middleware/validators/subdomain.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'apiphobic/matchers/subdomain'
+require 'apiphobic/middleware/configurable'
+require 'apiphobic/responses/invalid_subdomain'
+
+module  Apiphobic
+module  Middleware
+module  Validators
+class   Subdomain
+  include Configurable
+
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    request   = Requests::Subdomain.new(env)
+    subdomain = Matchers::Subdomain.new(
+                  allowed_subdomains: configuration.allowed_subdomains,
+                )
+
+    return Responses::InvalidSubdomain.call(env) unless subdomain.matches?(request)
+
+    @app.call(env)
+  end
+end
+end
+end
+end

data/lib/apiphobic/middleware/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Apiphobic
+module Middleware
+  VERSION = '1.0.0'
+end
+end

data/lib/apiphobic/requests/accept_header.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'apiphobic/accept_header'
+
+module  Apiphobic
+module  Requests
+class   AcceptHeader
+  ACCEPT_PARAM_PATTERN = /(?:\A|&)accept=(.+?)(?=\z|&)/
+
+  attr_accessor :request
+
+  def initialize(request)
+    self.request = request
+  end
+
+  def accept_header
+    if accept_header_from_header.valid? || accept_header_from_params.invalid?
+      raw_accept_header_from_header
+    else
+      raw_accept_header_from_params
+    end
+  end
+
+  private
+
+  def accept_header_from_header
+    @accept_header_from_header ||= \
+      ::Apiphobic::AcceptHeader.new(raw_accept_header_from_header,
+                                    application_name: /.*?/)
+  end
+
+  def accept_header_from_params
+    @accept_header_from_params ||= \
+      ::Apiphobic::AcceptHeader.new(raw_accept_header_from_params,
+                                    application_name: /.*?/)
+  end
+
+  def raw_accept_header_from_header
+    if request.respond_to?(:headers)
+      request.headers['Accept']
+    else
+      request['HTTP_ACCEPT']
+    end
+  end
+
+  def raw_accept_header_from_params
+    if request.respond_to?(:params)
+      request.params['accept']
+    else
+      URI.unescape(request['QUERY_STRING'][ACCEPT_PARAM_PATTERN, 1] || '') # rubocop:disable Lint/UriEscapeUnescape
+    end
+  end
+end
+end
+end

data/lib/apiphobic/requests/authorization_token.rb

@@ -0,0 +1,136 @@
+# frozen_string_literal: true
+
+require 'apiphobic/tokens/invalid'
+require 'apiphobic/tokens/base64'
+require 'apiphobic/tokens/base64s/null'
+require 'apiphobic/tokens/json_web_token'
+require 'apiphobic/tokens/json_web_tokens/null'
+
+module  Apiphobic
+module  Requests
+class   AuthorizationToken
+  BASE64_PATTERN                = %r{[A-Za-z0-9_/\+\=\-\.]}
+  BASE64_TOKEN_HEADER_PATTERN   = /\A(?:Basic|Bearer)\s+(.*)\z/
+  BASE64_TOKEN_PARAM_NAME       = 'token_b64'
+  BASE64_TOKEN_PARAM_PATTERN    = /(?:\A|&)#{BASE64_TOKEN_PARAM_NAME}=(.*)(?=\z|&)/
+
+  JSON_WEB_TOKEN_PATTERN        = /(#{BASE64_PATTERN}+?\.){4}#{BASE64_PATTERN}+?/
+  JSON_WEB_TOKEN_HEADER_PATTERN = /\AToken\s+(.*)\z/
+  JSON_WEB_TOKEN_PARAM_NAME     = 'token_jwt'
+  JSON_WEB_TOKEN_PARAM_PATTERN  = /(?:\A|&)#{JSON_WEB_TOKEN_PARAM_NAME}=(.*)(?=\z|&)/
+
+  attr_accessor :request,
+                :private_key,
+                :type
+
+  def initialize(request,
+                 private_key:,
+                 type:)
+
+    self.request     = request
+    self.private_key = private_key
+    self.type        = type
+  end
+
+  def fetch
+    if (!token_from_header.blank? && token_from_header.valid?) ||
+       (token_from_params.blank? || !token_from_params.valid?)
+
+      token_from_header
+    else
+      token_from_params
+    end
+  end
+
+  private
+
+  def token_from_header
+    @token_from_header ||= if header_contains_json_web_token?
+                             retrieve_token(json_web_token_from_header)
+                           elsif header_contains_base64_token?
+                             Tokens::Base64.convert(raw_token: base64_token_from_header)
+                           else
+                             Tokens::Null.instance
+                           end
+  rescue Erratum::Errors::InvalidToken
+    Tokens::Invalid.instance
+  end
+
+  def token_from_params
+    @token_from_params ||= if params_contains_json_web_token?
+                             retrieve_token(json_web_token_from_params)
+                           elsif params_contains_base64_token?
+                             Tokens::Base64.convert(raw_token: base64_token_from_params)
+                           else
+                             Tokens::Null.instance
+                           end
+  rescue Erratum::Errors::InvalidToken
+    Tokens::Invalid.instance
+  end
+
+  def base64_token_from_header
+    raw_authorization_header[BASE64_TOKEN_HEADER_PATTERN, 1]
+  end
+
+  def base64_token_from_params
+    if request.respond_to?(:params)
+      request.params[BASE64_TOKEN_PARAM_NAME] || ''
+    else
+      request['QUERY_STRING'][BASE64_TOKEN_PARAM_PATTERN, 1] || ''
+    end
+  end
+
+  def json_web_token_from_header
+    raw_authorization_header[JSON_WEB_TOKEN_HEADER_PATTERN, 1]
+  end
+
+  def json_web_token_from_params
+    if request.respond_to?(:params)
+      request.params[JSON_WEB_TOKEN_PARAM_NAME] || ''
+    else
+      request['QUERY_STRING'][JSON_WEB_TOKEN_PARAM_PATTERN, 1] || ''
+    end
+  end
+
+  def header_contains_base64_token?
+    raw_authorization_header =~ BASE64_TOKEN_HEADER_PATTERN
+  end
+
+  def header_contains_json_web_token?
+    raw_authorization_header =~ JSON_WEB_TOKEN_HEADER_PATTERN
+  end
+
+  def params_contains_base64_token?
+    if request.respond_to?(:params)
+      request.params.has_key?(BASE64_TOKEN_PARAM_NAME)
+    else
+      request['QUERY_STRING'] =~ BASE64_TOKEN_PARAM_PATTERN
+    end
+  end
+
+  def params_contains_json_web_token?
+    if request.respond_to?(:params)
+      request.params.has_key?(JSON_WEB_TOKEN_PARAM_NAME)
+    else
+      request['QUERY_STRING'] =~ JSON_WEB_TOKEN_PARAM_PATTERN
+    end
+  end
+
+  def raw_authorization_header
+    if request.respond_to?(:headers)
+      request.headers['HTTP_AUTHORIZATION'] || ''
+    else
+      request['HTTP_AUTHORIZATION'] || ''
+    end
+  end
+
+  def retrieve_token(token)
+    Tokens::JsonWebToken.__send__(
+      "from_#{type.downcase}",
+      token,
+      private_key: private_key,
+    )
+  end
+end
+end
+end

data/lib/apiphobic/requests/subdomain.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module  Apiphobic
+module  Requests
+class   Subdomain
+  attr_accessor :request
+
+  def initialize(request)
+    self.request = request
+  end
+
+  def subdomain
+    @subdomain ||= raw_host[/\A([a-z\-]+)/i, 1]
+  end
+
+  private
+
+  def raw_host
+    request.fetch('HTTP_HOST', '')
+  end
+end
+end
+end

data/lib/apiphobic/requests/transform_json_api.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require 'stringio'
+require 'apple_core/refinements/string'
+require 'apple_core/refinements/hash'
+
+module  Apiphobic
+module  Requests
+class   TransformJsonApi
+  using ::AppleCore::Refinements::Hash
+  using ::AppleCore::Refinements::String
+
+  attr_accessor :request
+
+  def initialize(request)
+    self.request = request
+  end
+
+  def transform
+    request['QUERY_STRING'] = query_string_with_underscored_parameters
+
+    if has_content? && json?
+      request[content_parameter] = request_body_with_underscored_json_keys
+      request['CONTENT_LENGTH']  = content_length
+    end
+
+    request
+  end
+
+  private
+
+  def has_content?
+    request['CONTENT_LENGTH'].to_i.positive?
+  end
+
+  def json?
+    request['CONTENT_TYPE'] =~ /json/
+  end
+
+  def content_length
+    underscored_request_json.bytesize
+  end
+
+  def content_parameter
+    request['rack.input'] ? 'rack.input' : 'RACK_INPUT'
+  end
+
+  def request_body_with_underscored_json_keys
+    @request_body_with_underscored_json_keys ||= if content_parameter == 'rack.input'
+                                                   StringIO.new(underscored_request_json)
+                                                 else
+                                                   underscored_request_json
+                                                 end
+  end
+
+  def query_string_with_underscored_parameters
+    @query_string_with_underscored_parameters ||= begin
+      return query_string unless query_string.respond_to?(:gsub)
+
+      query_string.gsub(/(?<=\A|&|\?)[^=&]+/) do |parameter_name|
+        unescaped_parameter_name   = CGI.unescape(parameter_name)
+        underscored_parameter_name = unescaped_parameter_name.underscore
+
+        CGI.escape(underscored_parameter_name)
+      end
+    end
+  end
+
+  def underscored_request_json
+    JSON.dump(underscored_request_hash)
+  end
+
+  def underscored_request_hash
+    request_hash.deep_underscore_keys
+  end
+
+  def request_hash
+    JSON.parse(request_body)
+  end
+
+  def request_body
+    if request['rack.input']
+      request['rack.input'].read
+    else
+      request['RACK_INPUT'].to_s
+    end
+  end
+
+  def query_string
+    request['QUERY_STRING']
+  end
+end
+end
+end

data/lib/apiphobic/responses/invalid.rb

@@ -0,0 +1,16 @@
+
+# frozen_string_literal: true
+
+module  Apiphobic
+module  Responses
+class   Invalid
+  def self.call(_env, error:)
+    [
+      error.http_status,
+      {},
+      ["{\"errors\": [#{error.to_json}]}"],
+    ]
+  end
+end
+end
+end

data/lib/apiphobic/responses/invalid_accept_header.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'apiphobic/errors/invalid_accept_header'
+require 'apiphobic/responses/invalid'
+
+module  Apiphobic
+module  Responses
+class   InvalidAcceptHeader < Responses::Invalid
+  def self.call(env)
+    error ||= Errors::InvalidAcceptHeader.new(
+                accept_header: env['HTTP_ACCEPT'],
+              )
+
+    super(env, error: error)
+  end
+end
+end
+end

data/lib/apiphobic/responses/invalid_request_body.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'apiphobic/errors/invalid_request_body'
+require 'apiphobic/responses/invalid'
+
+module  Apiphobic
+module  Responses
+class   InvalidRequestBody < Responses::Invalid
+  def self.call(env)
+    error ||= Errors::InvalidRequestBody.new(
+                request_body: (env['rack.input'] || env['RACK_INPUT']).to_s,
+              )
+
+    super(env, error: error)
+  end
+end
+end
+end

data/lib/apiphobic/responses/invalid_subdomain.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'apiphobic/errors/invalid_subdomain'
+require 'apiphobic/responses/invalid'
+
+module  Apiphobic
+module  Responses
+class   InvalidSubdomain < Responses::Invalid
+  def self.call(env)
+    error ||= Errors::InvalidSubdomain.new(
+                http_host: env['HTTP_HOST'],
+              )
+
+    super(env, error: error)
+  end
+end
+end
+end

data/lib/apiphobic/responses/invalid_token.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'apiphobic/responses/invalid'
+
+module  Apiphobic
+module  Responses
+class   InvalidToken < Responses::Invalid
+end
+end
+end

data/lib/middleware.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'apiphobic/middleware/version'

metadata

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: apiphobic-middleware
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- thegranddesign
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMREwDwYDVQQDDAhydWJ5
+  Z2VtczEjMCEGCgmSJomT8ixkARkWE2xpdmluZ2hpZ2hvbnRoZWJsb2cxEzARBgoJ
+  kiaJk/IsZAEZFgNjb20wHhcNMTcwODAyMjI1OTM1WhcNMTgwODAyMjI1OTM1WjBN
+  MREwDwYDVQQDDAhydWJ5Z2VtczEjMCEGCgmSJomT8ixkARkWE2xpdmluZ2hpZ2hv
+  bnRoZWJsb2cxEzARBgoJkiaJk/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQDtLa7+7p49gW15OgOyRZad/F92iZcMdDjZ2kAxZlviXgVe
+  PCtjfdURobH+YMdt++6eRkE25utIFqHyN51Shxfdc21T3fPQe/ZEoMyiJK4tYzbh
+  7VjNJG4ldvKKpS1p7iVz9imnyTxNwb0JaIOsOFCA04T0u6aCQi2acNvAPLviXk0q
+  xJ/CKjI4QUTZKVrBt8Q1Egrp2yzmEnSNftDuTbBb8m4vDR+w325CwbKCgycHJ1/g
+  YZ3FO76TzJuRVbsYS/bU5XKHVEpkeFmWBqEXsk4DuUIWLa6WZEJcoZf+YP+1pycG
+  7YqSbydpINtEdopD+EEI+g+zNJ4nSI8/eQcQyEjBAgMBAAGjgZQwgZEwCQYDVR0T
+  BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFDWuVrg4ve0vLu71kqiGdyBnzJGV
+  MCsGA1UdEQQkMCKBIHJ1YnlnZW1zQGxpdmluZ2hpZ2hvbnRoZWJsb2cuY29tMCsG
+  A1UdEgQkMCKBIHJ1YnlnZW1zQGxpdmluZ2hpZ2hvbnRoZWJsb2cuY29tMA0GCSqG
+  SIb3DQEBBQUAA4IBAQDJIpHjbBPGiaY4wOHcXlltQ+BMmhWQNh+1fZtyajQd+7Ay
+  fv23mO7Mf25Q38gopQlpaODkfxq54Jt8FvQbr5RYRS4j+JEKb75NgrAtehd8USUd
+  CiJJGH+yvGNWug9IGZCGX91HIbTsLQ5IUUWQasC5jGP8nxXufUr9xgAJZZenewny
+  B2qKu8q1A/kj6cw62RCY7yBmUXxlcJBj8g+JKYAFbYYKUdQSzf50k9IiWLWunJM+
+  Y2GAoHKstmfIVhc4XHOPpmTd2o/C29O9oaRgjrkfQEhF/KvJ/PhoV5hvokzsCyI5
+  iUeXPfvrGD/itYIBCgk+fnzyQQ4QtE5hTQaWQ3o2
+  -----END CERTIFICATE-----
+date: 2018-05-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: apple_core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: apiphobic-tokens
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: erratum
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rspeckled
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+description: ''
+email:
+- rubygems@livinghighontheblog.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/apiphobic/accept_header.rb
+- lib/apiphobic/errors/invalid_accept_header.rb
+- lib/apiphobic/errors/invalid_request_body.rb
+- lib/apiphobic/errors/invalid_subdomain.rb
+- lib/apiphobic/matchers/accept_header.rb
+- lib/apiphobic/matchers/subdomain.rb
+- lib/apiphobic/middleware/configurable.rb
+- lib/apiphobic/middleware/configuration.rb
+- lib/apiphobic/middleware/converters/content_type.rb
+- lib/apiphobic/middleware/converters/json_api_parameters.rb
+- lib/apiphobic/middleware/validators/accept_header.rb
+- lib/apiphobic/middleware/validators/authorization_token.rb
+- lib/apiphobic/middleware/validators/subdomain.rb
+- lib/apiphobic/middleware/version.rb
+- lib/apiphobic/requests/accept_header.rb
+- lib/apiphobic/requests/authorization_token.rb
+- lib/apiphobic/requests/subdomain.rb
+- lib/apiphobic/requests/transform_json_api.rb
+- lib/apiphobic/responses/invalid.rb
+- lib/apiphobic/responses/invalid_accept_header.rb
+- lib/apiphobic/responses/invalid_request_body.rb
+- lib/apiphobic/responses/invalid_subdomain.rb
+- lib/apiphobic/responses/invalid_token.rb
+- lib/middleware.rb
+homepage: ''
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Middleware to Validate API Requests
+test_files: []

metadata.gz.sig

@@ -0,0 +1,2 @@
+{r�+��A"@�F/��yM�n8q+��g�[��6U����FbŬ��r0$�[���.v���F%'�D��0�FغJ~3cϗr��Wt�Y�tu������t��'�F��Dcy�Ϩ�kd`��h���Y�C=K�m)����1�l�^J�O����/m_�z.бI�+<卡��*�����B��t%��t�ֹ�յ����Ԁ�.��ٳ%Ÿ
+����~���Ewն�Y͑BDHd��7���'����7