committee_firetail 5.0.0

data/lib/committee/request_unpacker.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module Committee
+  class RequestUnpacker
+    class << self
+      # Enable string or symbol key access to the nested params hash.
+      #
+      # (Copied from Sinatra)
+      def indifferent_params(object)
+        case object
+        when Hash
+          new_hash = Committee::Utils.indifferent_hash
+          object.each { |key, value| new_hash[key] = indifferent_params(value) }
+          new_hash
+        when Array
+          object.map { |item| indifferent_params(item) }
+        else
+          object
+        end
+      end
+    end
+
+    def initialize(options={})
+      @allow_form_params  = options[:allow_form_params]
+      @allow_get_body     = options[:allow_get_body]
+      @allow_query_params = options[:allow_query_params]
+      @optimistic_json    = options[:optimistic_json]
+    end
+
+    # return params and is_form_params
+    def unpack_request_params(request)
+      # if Content-Type is empty or JSON, and there was a request body, try to
+      # interpret it as JSON
+      params = if !request.media_type || request.media_type =~ %r{application/(?:.*\+)?json}
+        parse_json(request)
+      elsif @optimistic_json
+        begin
+          parse_json(request)
+        rescue JSON::ParserError
+          nil
+        end
+      end
+
+      return [params, false] if params
+
+      if @allow_form_params && %w[application/x-www-form-urlencoded multipart/form-data].include?(request.media_type)
+        # Actually, POST means anything in the request body, could be from
+        # PUT or PATCH too. Silly Rack.
+        return [request.POST, true] if request.POST
+      end
+
+      [{}, false]
+    end
+
+    def unpack_query_params(request)
+      @allow_query_params ? self.class.indifferent_params(request.GET) : {}
+    end
+
+    def unpack_headers(request)
+      env = request.env
+      base = env.keys.grep(/HTTP_/).inject({}) do |headers, key|
+        headerized_key = key.gsub(/^HTTP_/, '').gsub(/_/, '-')
+        headers[headerized_key] = env[key]
+        headers
+      end
+
+      base['Content-Type'] = env['CONTENT_TYPE'] if env['CONTENT_TYPE']
+      base
+    end
+
+    private
+
+    def parse_json(request)
+      return nil if request.request_method == "GET" && !@allow_get_body
+
+      body = request.body.read
+      # if request body is empty, we just have empty params
+      return nil if body.length == 0
+
+      request.body.rewind
+      hash = JSON.parse(body)
+      # We want a hash specifically. '42', 42, and [42] will all be
+      # decoded properly, but we can't use them here.
+      if !hash.is_a?(Hash)
+        raise BadRequest,
+              "Invalid JSON input. Require object with parameters as keys."
+      end
+      self.class.indifferent_params(hash)
+    end
+  end
+end

data/lib/committee/schema_validator/hyper_schema/parameter_coercer.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class HyperSchema
+      class ParameterCoercer
+        def initialize(params, schema, options = {})
+          @params = params
+          @schema = schema
+
+          @coerce_date_times = options.fetch(:coerce_date_times, false)
+          @coerce_recursive = options.fetch(:coerce_recursive, false)
+        end
+
+        def call!
+          coerce_object!(@params, @schema)
+        end
+
+        private
+
+          def coerce_object!(hash, schema)
+            return false unless schema.respond_to?(:properties)
+
+            is_coerced = false
+            schema.properties.each do |k, s|
+              original_val = hash[k]
+              unless original_val.nil?
+                new_value, is_changed = coerce_value!(original_val, s)
+                if is_changed
+                  hash[k] = new_value
+                  is_coerced = true
+                end
+              end
+            end
+
+            is_coerced
+          end
+
+          def coerce_value!(original_val, s)
+            s.type.each do |to_type|
+              if @coerce_date_times && to_type == "string" && s.format == "date-time"
+                coerced_val = parse_date_time(original_val)
+                return coerced_val, true if coerced_val
+              end
+
+              return original_val, true if @coerce_recursive && (to_type == "array") && coerce_array_data!(original_val, s)
+
+              return original_val, true if @coerce_recursive && (to_type == "object") && coerce_object!(original_val, s)
+            end
+            return nil, false
+          end
+
+          def coerce_array_data!(original_val, schema)
+            return false unless schema.respond_to?(:items)
+            return false unless original_val.is_a?(Array)
+
+            is_coerced = false
+            original_val.each_with_index do |d, index|
+              new_value, is_changed = coerce_value!(d, schema.items)
+              if is_changed
+                original_val[index] = new_value
+                is_coerced = true
+              end
+            end
+
+            is_coerced
+          end
+
+          def parse_date_time(original_val)
+            begin
+              DateTime.parse(original_val)
+            rescue ArgumentError => e
+              raise ::Committee::InvalidResponse unless e.message =~ /invalid date/
+            end
+          end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/hyper_schema/request_validator.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class HyperSchema
+      class RequestValidator
+        def initialize(link, options = {})
+          @link = link
+          @check_content_type = options.fetch(:check_content_type, true)
+          @check_header = options.fetch(:check_header, true)
+        end
+
+        def call(request, params, headers)
+          check_content_type!(request, params) if @check_content_type
+          if @link.schema
+            valid, errors = @link.schema.validate(params)
+            if !valid
+              errors = JsonSchema::SchemaError.aggregate(errors).join("\n")
+              raise InvalidRequest, "Invalid request.\n\n#{errors}"
+            end
+          end
+
+          if @check_header && @link.respond_to?(:header_schema) && @link.header_schema
+            valid, errors = @link.header_schema.validate(headers)
+            if !valid
+              errors = JsonSchema::SchemaError.aggregate(errors).join("\n")
+              raise InvalidRequest, "Invalid request.\n\n#{errors}"
+            end
+          end
+        end
+
+        private
+
+        def check_content_type!(request, data)
+          content_type = ::Committee::SchemaValidator.request_media_type(request)
+          if content_type && @link.enc_type && !empty_request?(request)
+            unless Rack::Mime.match?(content_type, @link.enc_type)
+              raise Committee::InvalidRequest,
+                %{"Content-Type" request header must be set to "#{@link.enc_type}".}
+            end
+          end
+        end
+
+        def empty_request?(request)
+          # small optimization: assume GET and DELETE don't have bodies
+          return true if request.get? || request.delete? || !request.body
+
+          data = request.body.read
+          request.body.rewind
+          data.empty?
+        end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/hyper_schema/response_generator.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class HyperSchema
+      class ResponseGenerator
+        def call(link)
+          schema = target_schema(link)
+          data = generate_properties(link, schema)
+
+          # List is a special case; wrap data in an array.
+          #
+          # This is poor form that's here so as not to introduce breaking behavior.
+          # The "instances" value of "rel" is a Heroku-ism and was originally
+          # introduced before we understood how to use "targetSchema". It's not
+          # meaningful with the context of the hyper-schema specification and
+          # should be eventually be removed.
+          if legacy_hyper_schema_rel?(link)
+            data = [data]
+          end
+
+          [data, schema]
+        end
+
+        private
+
+        # These are basic types that are part of the JSON schema for which we'll
+        # emit zero values when generating a response. For a schema that allows
+        # multiple of the types in the list, types are preferred in the order in
+        # which they're defined.
+        SCALAR_TYPES = {
+          "boolean" => false,
+          "integer" => 0,
+          "number"  => 0.0,
+          "string"  => "",
+
+          # Prefer null last.
+          "null" => nil,
+        }.freeze
+
+        def generate_properties(link, schema)
+          # special example attribute was included; use its value
+          if schema.data && !schema.data["example"].nil?
+            schema.data["example"]
+
+          elsif !schema.all_of.empty? || !schema.properties.empty?
+            data = {}
+            schema.all_of.each do |subschema|
+              data.merge!(generate_properties(link, subschema))
+            end
+            schema.properties.map do |key, value|
+              data[key] = generate_properties(link, value)
+            end
+            data
+
+          elsif schema.type.include?("array") && !schema.items.nil?
+            [generate_properties(link, schema.items)]
+
+          elsif schema.enum
+            schema.enum.first
+
+          elsif schema.type.any? { |t| SCALAR_TYPES.include?(t) }
+            SCALAR_TYPES.each do |k, v|
+              break(v) if schema.type.include?(k)
+            end
+
+          # Generate an empty array for arrays.
+          elsif schema.type == ["array"]
+            []
+
+          # Schema is an object with no properties: just generate an empty object.
+          elsif schema.type == ["object"]
+            {}
+
+          else
+            raise(%{At "#{link.method} #{link.href}" "#{schema.pointer}": no } +
+              %{"example" attribute and "null" } +
+              %{is not allowed; don't know how to generate property.})
+          end
+        end
+
+        def legacy_hyper_schema_rel?(link)
+          link.is_a?(Committee::Drivers::HyperSchema::Link) &&
+            link.rel == "instances" &&
+            !link.target_schema
+        end
+
+        # Gets the target schema of a link. This is normally just the standard
+        # response schema, but we allow some legacy behavior for hyper-schema links
+        # tagged with rel=instances to instead use the schema of their parent
+        # resource.
+        def target_schema(link)
+          if link.target_schema
+            link.target_schema
+          elsif legacy_hyper_schema_rel?(link)
+            link.parent
+          end
+        end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/hyper_schema/response_validator.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class HyperSchema
+      class ResponseValidator
+        attr_reader :validate_success_only
+
+        def initialize(link, options = {})
+          @link = link
+          @validate_success_only = options[:validate_success_only]
+
+          @validator = JsonSchema::Validator.new(target_schema(link))
+        end
+
+        def call(status, headers, data)
+          unless [204, 304].include?(status) # 204 No Content or 304 Not Modified
+            response = Rack::Response.new(data, status, headers)
+            check_content_type!(response)
+          end
+
+          # List is a special case; expect data in an array.
+          #
+          # This is poor form that's here so as not to introduce breaking behavior.
+          # The "instances" value of "rel" is a Heroku-ism and was originally
+          # introduced before we understood how to use "targetSchema". It's not
+          # meaningful with the context of the hyper-schema specification and
+          # should be eventually be removed.
+          if legacy_hyper_schema_rel?(@link)
+            if !data.is_a?(Array)
+              raise InvalidResponse, "List endpoints must return an array of objects."
+            end
+
+            # only consider the first object during the validation from here on
+            # (but only in cases where `targetSchema` is not set)
+            data = data[0]
+
+            # if the array was empty, allow it through
+            return if data == nil
+          end
+
+          if Committee::Middleware::ResponseValidation.validate?(status, validate_success_only) && !@validator.validate(data)
+            errors = JsonSchema::SchemaError.aggregate(@validator.errors).join("\n")
+            raise InvalidResponse, "Invalid response.\n\n#{errors}"
+          end
+        end
+
+        private
+
+        def response_media_type(response)
+          if response.respond_to?(:media_type)
+            response.media_type.to_s
+          else
+            # for rack compatibility. In rack v 1.5.0, Rack::Response doesn't have media_type
+            response.content_type.to_s.split(";").first.to_s
+          end
+        end
+
+
+        def check_content_type!(response)
+          if @link.media_type
+            unless Rack::Mime.match?(response_media_type(response), @link.media_type)
+              raise Committee::InvalidResponse,
+                %{"Content-Type" response header must be set to "#{@link.media_type}".}
+            end
+          end
+        end
+
+        def legacy_hyper_schema_rel?(link)
+          link.is_a?(Committee::Drivers::HyperSchema::Link) &&
+            link.rel == "instances" &&
+            !link.target_schema
+        end
+
+        # Gets the target schema of a link. This is normally just the standard
+        # response schema, but we allow some legacy behavior for hyper-schema links
+        # tagged with rel=instances to instead use the schema of their parent
+        # resource.
+        def target_schema(link)
+          if link.target_schema
+            link.target_schema
+          elsif legacy_hyper_schema_rel?(link)
+            link.parent
+          end
+        end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/hyper_schema/router.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class HyperSchema
+      class Router
+        def initialize(schema, validator_option)
+          @prefix = validator_option.prefix
+          @prefix_regexp = /\A#{Regexp.escape(@prefix)}/.freeze if @prefix
+          @schema = schema
+
+          @validator_option = validator_option
+        end
+
+        def includes?(path)
+          !@prefix || path =~ @prefix_regexp
+        end
+
+        def includes_request?(request)
+          includes?(request.path)
+        end
+
+        def find_link(method, path)
+          path = path.gsub(@prefix_regexp, "") if @prefix
+          link_with_matches = (@schema.routes[method] || []).map do |pattern, link|
+            if matches = pattern.match(path)
+              # prefer path which has fewer matches (eg. `/pets/dog` than `/pets/{uuid}` for path `/pets/dog` )
+              [matches.captures.size, link, Hash[matches.names.zip(matches.captures)]]
+            else
+              nil
+            end
+          end.compact.sort_by(&:first).first
+          link_with_matches.nil? ? nil : link_with_matches.slice(1, 2)
+        end
+
+        def find_request_link(request)
+          find_link(request.request_method, request.path_info)
+        end
+
+        def build_schema_validator(request)
+          Committee::SchemaValidator::HyperSchema.new(self, request, @validator_option)
+        end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/hyper_schema/string_params_coercer.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class HyperSchema
+      # StringParamsCoercer takes parameters that are specified over a medium that
+      # can only accept strings (for example in a URL path or in query parameters)
+      # and attempts to coerce them into known types based of a link's schema
+      # definition.
+      #
+      # Currently supported types: null, integer, number and boolean.
+      #
+      # +call+ returns a hash of all params which could be coerced - coercion
+      # errors are simply ignored and expected to be handled later by schema
+      # validation.
+      class StringParamsCoercer
+        def initialize(query_hash, schema, options = {})
+          @query_hash = query_hash
+          @schema = schema
+
+          @coerce_recursive = options.fetch(:coerce_recursive, false)
+        end
+
+        def call!
+          coerce_object!(@query_hash, @schema)
+        end
+
+        private
+
+          def coerce_object!(hash, schema)
+            return false unless schema.respond_to?(:properties)
+
+            is_coerced = false
+            schema.properties.each do |k, s|
+              original_val = hash[k]
+              unless original_val.nil?
+                new_value, is_changed = coerce_value!(original_val, s)
+                if is_changed
+                  hash[k] = new_value
+                  is_coerced = true
+                end
+              end
+            end
+
+            is_coerced
+          end
+
+          def coerce_value!(original_val, s)
+            unless original_val.nil?
+              s.type.each do |to_type|
+                case to_type
+                  when "null"
+                    return nil, true if original_val.empty?
+                  when "integer"
+                    begin
+                      return Integer(original_val), true
+                    rescue ArgumentError => e
+                      raise e unless e.message =~ /invalid value for Integer/
+                    end
+                  when "number"
+                    begin
+                      return Float(original_val), true
+                    rescue ArgumentError => e
+                      raise e unless e.message =~ /invalid value for Float/
+                    end
+                  when "boolean"
+                    if original_val == "true" || original_val == "1"
+                      return true, true
+                    end
+                    if original_val == "false" || original_val == "0"
+                      return false, true
+                    end
+                  when "array"
+                    if @coerce_recursive && coerce_array_data!(original_val, s)
+                      return original_val, true # change original value
+                    end
+                  when "object"
+                    if @coerce_recursive && coerce_object!(original_val, s)
+                      return original_val, true # change original value
+                    end
+                end
+              end
+            end
+            return nil, false
+          end
+
+          def coerce_array_data!(original_val, schema)
+            return false unless schema.respond_to?(:items)
+            return false unless original_val.is_a?(Array)
+
+            is_coerced = false
+            original_val.each_with_index do |d, index|
+              new_value, is_changed = coerce_value!(d, schema.items)
+              if is_changed
+                original_val[index] = new_value
+                is_coerced = true
+              end
+            end
+
+            is_coerced
+          end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/hyper_schema.rb

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class HyperSchema
+      attr_reader :link, :param_matches, :validator_option
+
+      def initialize(router, request, validator_option)
+        @link, @param_matches = router.find_request_link(request)
+        @validator_option = validator_option
+      end
+
+      def request_validate(request)
+        request_unpack(request)
+
+        request_schema_validation(request)
+        parameter_coerce!(request, link, validator_option.params_key)
+        parameter_coerce!(request, link, "rack.request.query_hash") if link_exist? && !request.GET.nil? && !link.schema.nil?
+      end
+
+      def response_validate(status, headers, response, _test_method = false)
+        return unless link_exist?
+
+        full_body = +""
+        response.each do |chunk|
+          full_body << chunk
+        end
+
+        data = {}
+        unless full_body.empty?
+          parse_to_json = !validator_option.parse_response_by_content_type ||
+                          headers.fetch('Content-Type', nil)&.start_with?('application/json')
+          data = JSON.parse(full_body) if parse_to_json
+        end
+
+        Committee::SchemaValidator::HyperSchema::ResponseValidator.new(link, validate_success_only: validator_option.validate_success_only).call(status, headers, data)
+      end
+
+      def link_exist?
+        !link.nil?
+      end
+
+      private
+
+        def coerce_path_params
+          return {} unless link_exist?
+
+          Committee::SchemaValidator::HyperSchema::StringParamsCoercer.new(param_matches, link.schema, coerce_recursive: validator_option.coerce_recursive).call!
+          param_matches
+        end
+
+        def coerce_query_params(request)
+          return unless link_exist?
+          return if request.GET.nil? || link.schema.nil?
+
+          Committee::SchemaValidator::HyperSchema::StringParamsCoercer.new(request.GET, link.schema, coerce_recursive: validator_option.coerce_recursive).call!
+        end
+
+        def request_unpack(request)
+          unpacker = Committee::RequestUnpacker.new(
+            allow_form_params:  validator_option.allow_form_params,
+            allow_get_body:     validator_option.allow_get_body,
+            allow_query_params: validator_option.allow_query_params,
+            optimistic_json:    validator_option.optimistic_json,
+          )
+
+          request.env[validator_option.headers_key] = unpacker.unpack_headers(request)
+
+          # Attempts to coerce parameters that appear in a link's URL to Ruby
+          # types that can be validated with a schema.
+          param_matches_hash = validator_option.coerce_path_params ? coerce_path_params : {}
+
+          # Attempts to coerce parameters that appear in a query string to Ruby
+          # types that can be validated with a schema.
+          coerce_query_params(request) if validator_option.coerce_query_params
+
+          query_param = unpacker.unpack_query_params(request)
+          request_param, is_form_params = unpacker.unpack_request_params(request)
+          coerce_form_params(request_param) if validator_option.coerce_form_params && is_form_params
+          request.env[validator_option.request_body_hash_key] = request_param
+
+          request.env[validator_option.params_key] = Committee::Utils.indifferent_hash
+          request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(query_param))
+          request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(request_param))
+          request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(param_matches_hash))
+        end
+
+        def coerce_form_params(parameter)
+          return unless link_exist?
+          return unless link.schema
+          Committee::SchemaValidator::HyperSchema::StringParamsCoercer.new(parameter, link.schema).call!
+        end
+
+        def request_schema_validation(request)
+          return unless link_exist?
+          validator = Committee::SchemaValidator::HyperSchema::RequestValidator.new(link, check_content_type: validator_option.check_content_type, check_header: validator_option.check_header)
+          validator.call(request, request.env[validator_option.params_key], request.env[validator_option.headers_key])
+        end
+
+        def parameter_coerce!(request, link, coerce_key)
+          return unless link_exist?
+
+          Committee::SchemaValidator::HyperSchema::ParameterCoercer.
+              new(request.env[coerce_key],
+                  link.schema,
+                  coerce_date_times: validator_option.coerce_date_times,
+                  coerce_recursive: validator_option.coerce_recursive).
+              call!
+        end
+    end
+  end
+end
+
+require_relative "hyper_schema/request_validator"
+require_relative "hyper_schema/response_generator"
+require_relative "hyper_schema/response_validator"
+require_relative "hyper_schema/router"
+require_relative "hyper_schema/string_params_coercer"
+require_relative "hyper_schema/parameter_coercer"