apiphobic-middleware 1.5.0 → 1.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/LICENSE.txt +1 -1
- data/lib/apiphobic/errors/invalid_request_body.rb +1 -1
- data/lib/apiphobic/middleware/configuration.rb +2 -2
- data/lib/apiphobic/middleware/converters/request_method.rb +2 -2
- data/lib/apiphobic/middleware/validators/accept_header.rb +1 -0
- data/lib/apiphobic/middleware/version.rb +1 -1
- data/lib/apiphobic/requests/accept_header.rb +6 -3
- data/lib/apiphobic/requests/authorization_token.rb +2 -2
- data/lib/apiphobic/requests/transform_json_api.rb +13 -12
- data/lib/apiphobic/responses/invalid.rb +0 -1
- data.tar.gz.sig +0 -0
- metadata +61 -41
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ffd888d8e92f0fff36741793819ee39bced0b1bf17cb02b0e3b126e5a31790d6
|
4
|
+
data.tar.gz: c8dbc8d04954c9b1dfe8a5ef8919fcca36d8cd3f73a24cde2e88b12ef7f5a92e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 78c4f781eaf02ae48f819828bc283cba5407ce879e2b383ab37ed2fa795cbe3776f3d555c48d89feab80a61dc1b5cfe1e8db09c9d9d290bb41daba6462660d8a
|
7
|
+
data.tar.gz: 59708e4a55b4c81f5b43fbdf270543fc617517023db6aa3b72fd61c8a7de712306cf1afe4ad26e65a0d9d6380d8d022ca1984704a5a576188aec8c2d02e58e1b
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/LICENSE.txt
CHANGED
@@ -24,7 +24,7 @@ module Middleware
|
|
24
24
|
end
|
25
25
|
|
26
26
|
def allowed_subdomains
|
27
|
-
@allowed_subdomains ||
|
27
|
+
@allowed_subdomains || %w{api}
|
28
28
|
end
|
29
29
|
|
30
30
|
def allowed_method_overrides
|
@@ -32,7 +32,7 @@ module Middleware
|
|
32
32
|
end
|
33
33
|
|
34
34
|
def allowed_api_subdomains
|
35
|
-
@allowed_api_subdomains ||
|
35
|
+
@allowed_api_subdomains || %w{api}
|
36
36
|
end
|
37
37
|
|
38
38
|
def default_api_version
|
@@ -17,7 +17,7 @@ class RequestMethod
|
|
17
17
|
@app = app
|
18
18
|
end
|
19
19
|
|
20
|
-
def call(env)
|
20
|
+
def call(env) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity
|
21
21
|
self.request = Rack::Request.new(env)
|
22
22
|
allowed_overrides = configuration.allowed_method_overrides
|
23
23
|
|
@@ -25,7 +25,7 @@ class RequestMethod
|
|
25
25
|
path_pattern = path_pattern
|
26
26
|
.gsub(':uuid', '[0-9a-f]{8}\\-(?:[0-9a-f]{4}\\-){3}[0-9a-f]{12}')
|
27
27
|
|
28
|
-
next unless env['PATH_INFO']
|
28
|
+
next unless env['PATH_INFO']&.match?(Regexp.new("\\A#{path_pattern}\\z"))
|
29
29
|
|
30
30
|
method_mappings.each do |from, to|
|
31
31
|
next unless from.include?(env['REQUEST_METHOD'].downcase)
|
@@ -5,7 +5,7 @@ require 'apiphobic/accept_header'
|
|
5
5
|
module Apiphobic
|
6
6
|
module Requests
|
7
7
|
class AcceptHeader
|
8
|
-
ACCEPT_PARAM_PATTERN = /(?:\A|&)
|
8
|
+
ACCEPT_PARAM_PATTERN = /(?:\A|&)_accept=(.+?)(?=\z|&)/
|
9
9
|
|
10
10
|
attr_accessor :request
|
11
11
|
|
@@ -14,7 +14,7 @@ class AcceptHeader
|
|
14
14
|
end
|
15
15
|
|
16
16
|
def self.resolve(request)
|
17
|
-
return request if request.
|
17
|
+
return request if request.instance_of?(self)
|
18
18
|
|
19
19
|
new(request)
|
20
20
|
end
|
@@ -53,7 +53,10 @@ class AcceptHeader
|
|
53
53
|
if request.respond_to?(:params)
|
54
54
|
request.params['_accept']
|
55
55
|
else
|
56
|
-
|
56
|
+
raw_params_header = (request['QUERY_STRING'][ACCEPT_PARAM_PATTERN, 1] || '')
|
57
|
+
.gsub('+', '%2B')
|
58
|
+
|
59
|
+
CGI.unescape(raw_params_header)
|
57
60
|
end
|
58
61
|
end
|
59
62
|
end
|
@@ -9,7 +9,7 @@ require 'apiphobic/tokens/json_web_tokens/null'
|
|
9
9
|
module Apiphobic
|
10
10
|
module Requests
|
11
11
|
class AuthorizationToken
|
12
|
-
BASE64_PATTERN = %r{[A-Za-z0-9_
|
12
|
+
BASE64_PATTERN = %r{[A-Za-z0-9_/+=\-.]}
|
13
13
|
BASE64_TOKEN_HEADER_PATTERN = /\A(?:Basic|Bearer)\s+(.*)\z/
|
14
14
|
BASE64_TOKEN_PARAM_NAME = 'token_b64'
|
15
15
|
BASE64_TOKEN_PARAM_PATTERN = /(?:\A|&)#{BASE64_TOKEN_PARAM_NAME}=(.*)(?=\z|&)/
|
@@ -37,7 +37,7 @@ class AuthorizationToken
|
|
37
37
|
token_from_header
|
38
38
|
elsif !token_from_params.blank?
|
39
39
|
token_from_params
|
40
|
-
else
|
40
|
+
else # rubocop:disable Lint/DuplicateBranch
|
41
41
|
token_from_header
|
42
42
|
end
|
43
43
|
end
|
@@ -30,11 +30,11 @@ class TransformJsonApi
|
|
30
30
|
private
|
31
31
|
|
32
32
|
def has_content?
|
33
|
-
request['CONTENT_LENGTH'].to_i
|
33
|
+
request['CONTENT_LENGTH'].to_i > 0
|
34
34
|
end
|
35
35
|
|
36
36
|
def json?
|
37
|
-
request['CONTENT_TYPE']
|
37
|
+
request['CONTENT_TYPE'].include?('json')
|
38
38
|
end
|
39
39
|
|
40
40
|
def content_length
|
@@ -46,16 +46,17 @@ class TransformJsonApi
|
|
46
46
|
end
|
47
47
|
|
48
48
|
def query_string_with_underscored_parameters
|
49
|
-
@query_string_with_underscored_parameters
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
49
|
+
@query_string_with_underscored_parameters \
|
50
|
+
||= if query_string.respond_to?(:gsub)
|
51
|
+
query_string.gsub(/(?<=\A|&|\?)[^=&]+/) do |parameter_name|
|
52
|
+
unescaped_parameter_name = CGI.unescape(parameter_name)
|
53
|
+
underscored_parameter_name = unescaped_parameter_name.underscore
|
54
|
+
|
55
|
+
CGI.escape(underscored_parameter_name)
|
56
|
+
end
|
57
|
+
else
|
58
|
+
query_string
|
59
|
+
end
|
59
60
|
end
|
60
61
|
|
61
62
|
def underscored_request_json
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apiphobic-middleware
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- thegranddesign
|
@@ -10,49 +10,55 @@ bindir: bin
|
|
10
10
|
cert_chain:
|
11
11
|
- |
|
12
12
|
-----BEGIN CERTIFICATE-----
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
13
|
+
MIIEyjCCAzKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMSIwIAYDVQQDDBlsb2Nh
|
14
|
+
bGV1bmtub3duODEwX3J1YnlnZW1zMRowGAYKCZImiZPyLGQBGRYKcHJvdG9ubWFp
|
15
|
+
bDETMBEGCgmSJomT8ixkARkWA2NvbTAeFw0yMjA3MDkwNTMxMjJaFw0yMzA3MDkw
|
16
|
+
NTMxMjJaMFUxIjAgBgNVBAMMGWxvY2FsZXVua25vd244MTBfcnVieWdlbXMxGjAY
|
17
|
+
BgoJkiaJk/IsZAEZFgpwcm90b25tYWlsMRMwEQYKCZImiZPyLGQBGRYDY29tMIIB
|
18
|
+
ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0otlhSPyU7jLLW1p786Mo/pV
|
19
|
+
5cJ1Ed8D/bJK78PqGFO2h0ZUefupxT5PRMokLYNNGRPopnAAxZ0zVxJ68aOyYCBW
|
20
|
+
Wk3/XFcXCrtk/OcFwLTltgeMjyqCBd/zRRx6CCjY4uOfH0E3n1gQ6Fbmewjg83XJ
|
21
|
+
nOs7Gu/hzj5+feEQ1Exmg6z1oCM/8BTIBtK+p++HvcDK3AhJ7x3fc6P9WS+22w6j
|
22
|
+
7jpi3p9YtoAjrXIzw3lsobiX+bEt+N+T47e8gOATVgapuZ/QmJzNU6LWepehs4V1
|
23
|
+
8J+FUaIMV7nAMKmpkbYL51uHEiGV+HDx1HUdOsCFx8zD4h49KRT2t6AcumJ5P1Cj
|
24
|
+
c7NX2xl85ShHDNNFkozuC2c5cwj6F20EVaVjGwv2OFq0S2tUw9EJXHTN9RpfRUmn
|
25
|
+
IHwS9M4gcJO7IzV39a1YL6+9hrabF4+JTSYDehq8oxTdcOPLYyvH54aJWVqCrnLO
|
26
|
+
KNa/p6hMmwxTWNS5Vz0uxuEGyE9E0tHbtjIs2XX5AgMBAAGjgaQwgaEwCQYDVR0T
|
27
|
+
BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFAK3RicwO0f6+puFN6lRVMOKMJuu
|
28
|
+
MDMGA1UdEQQsMCqBKGxvY2FsZXVua25vd244MTArcnVieWdlbXNAcHJvdG9ubWFp
|
29
|
+
bC5jb20wMwYDVR0SBCwwKoEobG9jYWxldW5rbm93bjgxMCtydWJ5Z2Vtc0Bwcm90
|
30
|
+
b25tYWlsLmNvbTANBgkqhkiG9w0BAQsFAAOCAYEAQwV6pOp5gm8141pyXeQFI/5E
|
31
|
+
rZYO3MvdyZM8O3HMD51LDS8mtMURceaKZM6WTambe2RVX4A++0qUiEnn9K4Fexm/
|
32
|
+
SEGaC/Gp+Fg9D1SKfkdq9bgdIhOEUwiGqjczgzNC806AtWZ+awI940oydFYZlpo0
|
33
|
+
jMQihPPJEqF1U6JBDMZYV5tX/dJYSGRl9L3s1k2tjoN98q+beNaZQDn21Amml4eK
|
34
|
+
KEkMeTTJ2E4GVzR9eKEETLq2LygdUWWZ5NdWOYTxJMdg1GZp3b6X8hJrwfOiizqt
|
35
|
+
/ANlIEh11/pOnWa6WPUVpGIMpYdquvmJXnF2LX6zxkKK1hbrebt+vAEAGczgw1Ri
|
36
|
+
rkLM6y+BHQdkOTj3VG4MjIU8D4h1Z73Exzxds/VbVKMEz+8JrFjGJ/tYa0PZ8U5p
|
37
|
+
3yXL4G6eW3rdBW/OiLF7GgG2o26d02OMzf4+ubUVS5LQDOcd4vgNPLWzJSBt1YIh
|
38
|
+
TgBsED7Me5YdMVXxtTWYsF1VMzaL9hReD3UXGcxe
|
33
39
|
-----END CERTIFICATE-----
|
34
|
-
date:
|
40
|
+
date: 2022-07-09 00:00:00.000000000 Z
|
35
41
|
dependencies:
|
36
42
|
- !ruby/object:Gem::Dependency
|
37
43
|
name: apiphobic-tokens
|
38
44
|
requirement: !ruby/object:Gem::Requirement
|
39
45
|
requirements:
|
40
|
-
- - ">="
|
41
|
-
- !ruby/object:Gem::Version
|
42
|
-
version: 1.0.1
|
43
46
|
- - "~>"
|
44
47
|
- !ruby/object:Gem::Version
|
45
48
|
version: '1.0'
|
49
|
+
- - ">="
|
50
|
+
- !ruby/object:Gem::Version
|
51
|
+
version: 1.2.0
|
46
52
|
type: :runtime
|
47
53
|
prerelease: false
|
48
54
|
version_requirements: !ruby/object:Gem::Requirement
|
49
55
|
requirements:
|
50
|
-
- - ">="
|
51
|
-
- !ruby/object:Gem::Version
|
52
|
-
version: 1.0.1
|
53
56
|
- - "~>"
|
54
57
|
- !ruby/object:Gem::Version
|
55
58
|
version: '1.0'
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 1.2.0
|
56
62
|
- !ruby/object:Gem::Dependency
|
57
63
|
name: apple_core
|
58
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -71,22 +77,16 @@ dependencies:
|
|
71
77
|
name: erratum
|
72
78
|
requirement: !ruby/object:Gem::Requirement
|
73
79
|
requirements:
|
74
|
-
- - ">="
|
75
|
-
- !ruby/object:Gem::Version
|
76
|
-
version: 3.1.1
|
77
80
|
- - "~>"
|
78
81
|
- !ruby/object:Gem::Version
|
79
|
-
version: '
|
82
|
+
version: '4.0'
|
80
83
|
type: :runtime
|
81
84
|
prerelease: false
|
82
85
|
version_requirements: !ruby/object:Gem::Requirement
|
83
86
|
requirements:
|
84
|
-
- - ">="
|
85
|
-
- !ruby/object:Gem::Version
|
86
|
-
version: 3.1.1
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: '
|
89
|
+
version: '4.0'
|
90
90
|
- !ruby/object:Gem::Dependency
|
91
91
|
name: rack
|
92
92
|
requirement: !ruby/object:Gem::Requirement
|
@@ -101,20 +101,34 @@ dependencies:
|
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
103
|
version: '2.0'
|
104
|
+
- !ruby/object:Gem::Dependency
|
105
|
+
name: byebug
|
106
|
+
requirement: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '11.0'
|
111
|
+
type: :development
|
112
|
+
prerelease: false
|
113
|
+
version_requirements: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '11.0'
|
104
118
|
- !ruby/object:Gem::Dependency
|
105
119
|
name: rspec
|
106
120
|
requirement: !ruby/object:Gem::Requirement
|
107
121
|
requirements:
|
108
122
|
- - "~>"
|
109
123
|
- !ruby/object:Gem::Version
|
110
|
-
version: '3.
|
124
|
+
version: '3.11'
|
111
125
|
type: :development
|
112
126
|
prerelease: false
|
113
127
|
version_requirements: !ruby/object:Gem::Requirement
|
114
128
|
requirements:
|
115
129
|
- - "~>"
|
116
130
|
- !ruby/object:Gem::Version
|
117
|
-
version: '3.
|
131
|
+
version: '3.11'
|
118
132
|
- !ruby/object:Gem::Dependency
|
119
133
|
name: rspeckled
|
120
134
|
requirement: !ruby/object:Gem::Requirement
|
@@ -179,11 +193,18 @@ files:
|
|
179
193
|
- lib/apiphobic/responses/invalid_subdomain.rb
|
180
194
|
- lib/apiphobic/responses/invalid_token.rb
|
181
195
|
- lib/apiphobic/responses/transform_json_api.rb
|
182
|
-
homepage:
|
196
|
+
homepage: https://github.com/thekompanee/apiphobic-middleware
|
183
197
|
licenses:
|
184
198
|
- MIT
|
185
199
|
metadata:
|
186
200
|
allowed_push_host: https://rubygems.org
|
201
|
+
bug_tracker_uri: https://github.com/thekompanee/apiphobic-middleware/issues
|
202
|
+
changelog_uri: https://github.com/thekompanee/apiphobic-middleware/blob/master/CHANGELOG.md
|
203
|
+
documentation_uri: https://github.com/thekompanee/apiphobic-middleware/tree/releases/v1.6.0
|
204
|
+
homepage_uri: https://github.com/thekompanee/apiphobic-middleware
|
205
|
+
source_code_uri: https://github.com/thekompanee/apiphobic-middleware
|
206
|
+
wiki_uri: https://github.com/thekompanee/apiphobic-middleware/wiki
|
207
|
+
rubygems_mfa_required: 'true'
|
187
208
|
post_install_message:
|
188
209
|
rdoc_options: []
|
189
210
|
require_paths:
|
@@ -199,8 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
199
220
|
- !ruby/object:Gem::Version
|
200
221
|
version: '0'
|
201
222
|
requirements: []
|
202
|
-
|
203
|
-
rubygems_version: 2.7.6
|
223
|
+
rubygems_version: 3.3.7
|
204
224
|
signing_key:
|
205
225
|
specification_version: 4
|
206
226
|
summary: Middleware to Validate API Requests
|
metadata.gz.sig
CHANGED
Binary file
|