committee_firetail 5.0.0

data/lib/committee/schema_validator/open_api_3/operation_wrapper.rb

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class OpenAPI3
+      class OperationWrapper
+        # # @param request_operation [OpenAPIParser::RequestOperation]
+        def initialize(request_operation)
+          @request_operation = request_operation
+        end
+
+        def path_params
+          request_operation.path_params
+        end
+
+        def original_path
+          request_operation.original_path
+        end
+
+        def http_method
+          request_operation.http_method
+        end
+
+        def coerce_path_parameter(validator_option)
+          options = build_openapi_parser_path_option(validator_option)
+          return {} unless options.coerce_value
+
+          request_operation.validate_path_params(options)
+        rescue OpenAPIParser::OpenAPIError => e
+          raise Committee::InvalidRequest.new(e.message, original_error: e)
+        end
+
+        # @param [Boolean] strict when not content_type or status code definition, raise error
+        def validate_response_params(status_code, headers, response_data, strict, check_header)
+          response_body = OpenAPIParser::RequestOperation::ValidatableResponseBody.new(status_code, response_data, headers)
+
+          return request_operation.validate_response_body(response_body, response_validate_options(strict, check_header))
+        rescue OpenAPIParser::OpenAPIError => e
+          raise Committee::InvalidResponse.new(e.message, original_error: e)
+        end
+
+        def validate_request_params(path_params, query_params, body_params, headers, validator_option)
+          ret, err = case request_operation.http_method
+                when 'get', 'delete', 'head'
+                  validate_get_request_params(path_params, query_params, headers, validator_option)
+                when 'post', 'put', 'patch', 'options'
+                  validate_post_request_params(path_params, query_params, body_params, headers, validator_option)
+                else
+                  raise "Committee OpenAPI3 not support #{request_operation.http_method} method"
+                end
+          raise err if err
+          ret
+        end
+
+        def optional_body?
+          !request_operation.operation_object&.request_body&.required
+        end
+
+        def valid_request_content_type?(content_type)
+          if (request_body = request_operation.operation_object&.request_body)
+            !request_body.select_media_type(content_type).nil?
+          else
+            # if not exist request body object, all content_type allow.
+            # because request body object required content field so when it exists there're content type definition.
+            true
+          end
+        end
+
+        def request_content_types
+          request_operation.operation_object&.request_body&.content&.keys || []
+        end
+
+        private
+
+        attr_reader :request_operation
+
+        # @!attribute [r] request_operation
+        #   @return [OpenAPIParser::RequestOperation]
+
+        # @return [OpenAPIParser::SchemaValidator::Options]
+        def build_openapi_parser_body_option(validator_option)
+          build_openapi_parser_option(validator_option, validator_option.coerce_form_params)
+        end
+
+        # @return [OpenAPIParser::SchemaValidator::Options]
+        def build_openapi_parser_path_option(validator_option)
+          build_openapi_parser_option(validator_option, validator_option.coerce_query_params)
+        end
+
+        # @return [OpenAPIParser::SchemaValidator::Options]
+        def build_openapi_parser_option(validator_option, coerce_value)
+          datetime_coerce_class = validator_option.coerce_date_times ? DateTime : nil
+          validate_header = validator_option.check_header
+          OpenAPIParser::SchemaValidator::Options.new(coerce_value: coerce_value,
+                                                      datetime_coerce_class: datetime_coerce_class,
+                                                      validate_header: validate_header)
+        end
+
+        def validate_get_request_params(path_params, query_params, headers, validator_option)
+          # bad performance because when we coerce value, same check
+          validate_path_and_query_params(path_params, query_params, headers, validator_option)
+        rescue OpenAPIParser::OpenAPIError => e
+          raise Committee::InvalidRequest.new(e.message, original_error: e)
+        end
+
+        def validate_post_request_params(path_params, query_params, body_params, headers, validator_option)
+          content_type = headers['Content-Type'].to_s.split(";").first.to_s
+
+          # bad performance because when we coerce value, same check
+          validate_path_and_query_params(path_params, query_params, headers, validator_option)
+          request_operation.validate_request_body(content_type, body_params, build_openapi_parser_body_option(validator_option))
+        rescue => e
+          raise Committee::InvalidRequest.new(e.message, original_error: e)
+        end
+
+        def validate_path_and_query_params(path_params, query_params, headers, validator_option)
+          # it's currently impossible to validate path params and query params separately
+          # so we have to resort to this workaround
+
+          path_keys = path_params.keys.to_set
+          query_keys = query_params.keys.to_set
+
+          merged_params = query_params.merge(path_params)
+
+          request_operation.validate_request_parameter(merged_params, headers, build_openapi_parser_path_option(validator_option))
+
+          merged_params.each do |k, v|
+            path_params[k] = v if path_keys.include?(k)
+            query_params[k] = v if query_keys.include?(k)
+          end
+        end
+
+        def response_validate_options(strict, check_header)
+          ::OpenAPIParser::SchemaValidator::ResponseValidateOptions.new(strict: strict, validate_header: check_header)
+        end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/open_api_3/request_validator.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class OpenAPI3
+      class RequestValidator
+        # @param [SchemaValidator::OpenAPI3::OperationWrapper] operation_object
+        # @param [Committee::SchemaValidator::Option] validator_option
+        def initialize(operation_object, validator_option:)
+          @operation_object = operation_object
+          @validator_option = validator_option
+        end
+
+        def call(request, path_params, query_params, body_params, headers)
+          content_type = ::Committee::SchemaValidator.request_media_type(request)
+          check_content_type(request, content_type) if @validator_option.check_content_type
+
+          @operation_object.validate_request_params(path_params, query_params, body_params, headers, @validator_option)
+        end
+
+        private
+
+        def check_content_type(request, content_type)
+          # support post, put, patch only
+          return true unless request.post? || request.put? || request.patch?
+          return true if @operation_object.valid_request_content_type?(content_type)
+          return true if @operation_object.optional_body? && empty_request?(request)
+
+          message = if valid_content_types.size > 1
+                      types = valid_content_types.map {|x| %{"#{x}"} }.join(', ')
+                      %{"Content-Type" request header must be set to any of the following: [#{types}].}
+                    else
+                      %{"Content-Type" request header must be set to "#{valid_content_types.first}".}
+                    end
+          raise Committee::InvalidRequest, message
+        end
+
+        def valid_content_types
+          @operation_object&.request_content_types
+        end
+
+        def empty_request?(request)
+          return true if !request.body
+
+          data = request.body.read
+          request.body.rewind
+          data.empty?
+        end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/open_api_3/response_validator.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class OpenAPI3
+      class ResponseValidator
+        attr_reader :validate_success_only
+
+        # @param [Committee::SchemaValidator::Options] validator_option
+        # @param [Committee::SchemaValidator::OpenAPI3::OperationWrapper] operation_wrapper
+        def initialize(operation_wrapper, validator_option)
+          @operation_wrapper = operation_wrapper
+          @validate_success_only = validator_option.validate_success_only
+          @check_header = validator_option.check_header
+        end
+
+        def call(status, headers, response_data, strict)
+          return unless Committee::Middleware::ResponseValidation.validate?(status, validate_success_only)
+
+          operation_wrapper.validate_response_params(status, headers, response_data, strict, check_header)
+        end
+
+        private
+
+        attr_reader :operation_wrapper, :check_header
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/open_api_3/router.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class OpenAPI3
+      class Router
+        # @param [Committee::SchemaValidator::Option] validator_option
+        def initialize(schema, validator_option)
+          @schema = schema
+          @prefix_regexp = ::Committee::SchemaValidator.build_prefix_regexp(validator_option.prefix)
+          @validator_option = validator_option
+        end
+
+        def includes_request?(request)
+          return true unless @prefix_regexp
+
+          prefix_request?(request)
+        end
+
+        def build_schema_validator(request)
+          Committee::SchemaValidator::OpenAPI3.new(self, request, @validator_option)
+        end
+
+        def operation_object(request)
+          return nil unless includes_request?(request)
+
+          path = request.path
+          path = path.gsub(@prefix_regexp, '') if @prefix_regexp
+
+          request_method = request.request_method.downcase
+
+          @schema.operation_object(path, request_method)
+        end
+
+        private
+
+        def prefix_request?(request)
+          return false unless @prefix_regexp
+
+          request.path =~ @prefix_regexp
+        end
+      end
+    end
+  end
+end

data/lib/committee/schema_validator/open_api_3.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class OpenAPI3
+      # @param [Committee::SchemaValidator::Option] validator_option
+      def initialize(router, request, validator_option)
+        @router = router
+        @request = request
+        @operation_object = router.operation_object(request)
+        @validator_option = validator_option
+      end
+
+      def request_validate(request)
+        return unless link_exist?
+
+        request_unpack(request)
+        request_schema_validation(request)
+
+        copy_coerced_data_to_params(request)
+      end
+
+      def response_validate(status, headers, response, test_method = false)
+        full_body = +""
+        response.each do |chunk|
+          full_body << chunk
+        end
+
+        parse_to_json = !validator_option.parse_response_by_content_type || 
+                        headers.fetch('Content-Type', nil)&.start_with?('application/json')
+        data = if parse_to_json
+          full_body.empty? ? {} : JSON.parse(full_body)
+        else
+          full_body
+        end
+
+        # TODO: refactoring name
+        strict = test_method
+        Committee::SchemaValidator::OpenAPI3::ResponseValidator.
+            new(@operation_object, validator_option).
+            call(status, headers, data, strict)
+      end
+
+      def link_exist?
+        !@operation_object.nil?
+      end
+
+      private
+
+      attr_reader :validator_option
+
+      def coerce_path_params
+        return Committee::Utils.indifferent_hash unless validator_option.coerce_path_params
+        Committee::RequestUnpacker.indifferent_params(@operation_object.coerce_path_parameter(@validator_option))
+      end
+
+      def request_schema_validation(request)
+        return unless @operation_object
+
+        validator = Committee::SchemaValidator::OpenAPI3::RequestValidator.new(@operation_object, validator_option: validator_option)
+        validator.call(request, path_params(request), query_params(request), body_params(request), header(request))
+      end
+
+      def path_params(request)
+        request.env[validator_option.path_hash_key]
+      end
+
+      def query_params(request)
+        request.env[validator_option.query_hash_key]
+      end
+
+      def body_params(request)
+        request.env[validator_option.request_body_hash_key]
+      end
+
+      def header(request)
+        request.env[validator_option.headers_key]
+      end
+
+      def request_unpack(request)
+        unpacker = Committee::RequestUnpacker.new(
+          allow_form_params:  validator_option.allow_form_params,
+          allow_get_body:     validator_option.allow_get_body,
+          allow_query_params: validator_option.allow_query_params,
+          optimistic_json:    validator_option.optimistic_json,
+        )
+
+        request.env[validator_option.headers_key] = unpacker.unpack_headers(request)
+
+        request_param, is_form_params = unpacker.unpack_request_params(request)
+        request.env[validator_option.request_body_hash_key] = request_param
+        request.env[validator_option.path_hash_key] = coerce_path_params
+
+        query_param = unpacker.unpack_query_params(request)
+        query_param.merge!(request_param) if request.get? && validator_option.allow_get_body
+        request.env[validator_option.query_hash_key] = query_param
+      end
+
+      def copy_coerced_data_to_params(request)
+        order = if validator_option.parameter_overwite_by_rails_rule
+          # (high priority) path_hash_key -> query_param -> request_body_hash          
+          [validator_option.request_body_hash_key, validator_option.query_hash_key, validator_option.path_hash_key]
+        else
+          # (high priority) path_hash_key -> request_body_hash -> query_param
+          [validator_option.query_hash_key, validator_option.request_body_hash_key, validator_option.path_hash_key]
+        end
+
+        request.env[validator_option.params_key] = Committee::Utils.indifferent_hash
+        order.each do |key|
+          request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(request.env[key]))
+        end
+      end
+    end
+  end
+end
+
+require_relative "open_api_3/router"
+require_relative "open_api_3/operation_wrapper"
+require_relative "open_api_3/request_validator"
+require_relative "open_api_3/response_validator"

data/lib/committee/schema_validator/option.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class Option
+      # Boolean Options
+      attr_reader :allow_form_params,
+                  :allow_get_body,
+                  :allow_query_params,
+                  :check_content_type,
+                  :check_header,
+                  :coerce_date_times,
+                  :coerce_form_params,
+                  :coerce_path_params,
+                  :coerce_query_params,
+                  :coerce_recursive,
+                  :optimistic_json,
+                  :validate_success_only,
+                  :parse_response_by_content_type,
+                  :parameter_overwite_by_rails_rule
+
+      # Non-boolean options:
+      attr_reader :headers_key,
+                  :params_key,
+                  :query_hash_key,
+                  :request_body_hash_key,
+                  :path_hash_key,
+                  :prefix
+
+      def initialize(options, schema, schema_type)
+        # Non-boolean options
+        @headers_key         = options[:headers_key]    || "committee.headers"
+        @params_key          = options[:params_key]     || "committee.params"
+        @query_hash_key      = options[:query_hash_key] || "committee.query_hash"
+        @path_hash_key      = options[:path_hash_key] || "committee.path_hash"
+        @request_body_hash_key = options[:request_body_hash_key] || "committee.request_body_hash"
+
+        @prefix              = options[:prefix]
+
+        # Boolean options and have a common value by default
+        @allow_form_params   = options.fetch(:allow_form_params, true)
+        @allow_query_params  = options.fetch(:allow_query_params, true)
+        @check_content_type  = options.fetch(:check_content_type, true)
+        @check_header        = options.fetch(:check_header, true)
+        @coerce_recursive    = options.fetch(:coerce_recursive, true)
+        @optimistic_json     = options.fetch(:optimistic_json, false)
+        @parse_response_by_content_type = options.fetch(:parse_response_by_content_type, true)
+        @parameter_overwite_by_rails_rule = options.fetch(:parameter_overwite_by_rails_rule, true)
+
+        # Boolean options and have a different value by default
+        @allow_get_body      = options.fetch(:allow_get_body, schema.driver.default_allow_get_body)
+        @coerce_date_times   = options.fetch(:coerce_date_times, schema.driver.default_coerce_date_times)
+        @coerce_form_params  = options.fetch(:coerce_form_params, schema.driver.default_coerce_form_params)
+        @coerce_path_params  = options.fetch(:coerce_path_params, schema.driver.default_path_params)
+        @coerce_query_params = options.fetch(:coerce_query_params, schema.driver.default_query_params)
+        @validate_success_only = options.fetch(:validate_success_only, schema.driver.default_validate_success_only)
+      end
+    end
+  end
+end

data/lib/committee/schema_validator.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Committee
+  module SchemaValidator
+    class << self
+      def request_media_type(request)
+        request.media_type.to_s
+      end
+
+      # @param [String] prefix
+      # @return [Regexp]
+      def build_prefix_regexp(prefix)
+        return nil unless prefix
+
+        /\A#{Regexp.escape(prefix)}/.freeze
+      end
+    end
+  end
+end
+
+require_relative "schema_validator/hyper_schema"
+require_relative "schema_validator/open_api_3"
+require_relative "schema_validator/option"

data/lib/committee/test/methods.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module Committee
+  module Test
+    module Methods
+      def assert_schema_conform(expected_status = nil)
+        assert_request_schema_confirm unless old_behavior
+        assert_response_schema_confirm(expected_status)
+      end
+
+      def assert_request_schema_confirm
+        unless schema_validator.link_exist?
+          request = "`#{request_object.request_method} #{request_object.path_info}` undefined in schema (prefix: #{committee_options[:prefix].inspect})."
+          raise Committee::InvalidRequest.new(request)
+        end
+
+        schema_validator.request_validate(request_object)
+      end
+
+      def assert_response_schema_confirm(expected_status = nil)
+        unless schema_validator.link_exist?
+          response = "`#{request_object.request_method} #{request_object.path_info}` undefined in schema (prefix: #{committee_options[:prefix].inspect})."
+          raise Committee::InvalidResponse.new(response)
+        end
+
+        status, headers, body = response_data
+
+        if expected_status.nil?
+          Committee.need_good_option('Pass expected response status code to check it against the corresponding schema explicitly.')
+        elsif expected_status != status
+          response = "Expected `#{expected_status}` status code, but it was `#{status}`."
+          raise Committee::InvalidResponse.new(response)
+        end
+
+        if schema_coverage
+          operation_object = router.operation_object(request_object)
+          schema_coverage&.update_response_coverage!(operation_object.original_path, operation_object.http_method, status)
+        end
+
+        schema_validator.response_validate(status, headers, [body], true) if validate_response?(status)
+      end
+
+      def committee_options
+        raise "please set options"
+      end
+
+      def request_object
+        raise "please set object like 'last_request'"
+      end
+
+      def response_data
+        raise "please set response data like 'last_response.status, last_response.headers, last_response.body'"
+      end
+
+      def validate_response?(status)
+        Committee::Middleware::ResponseValidation.validate?(status, committee_options.fetch(:validate_success_only, false))
+      end
+
+      def schema
+        @schema ||= Committee::Middleware::Base.get_schema(committee_options)
+      end
+
+      def router
+        @router ||= schema.build_router(committee_options)
+      end
+
+      def schema_validator
+        @schema_validator ||= router.build_schema_validator(request_object)
+      end
+
+      def schema_coverage
+        return nil unless schema.is_a?(Committee::Drivers::OpenAPI3::Schema)
+
+        coverage = committee_options.fetch(:schema_coverage, nil)
+
+        coverage.is_a?(SchemaCoverage) ? coverage : nil
+      end
+
+      def old_behavior
+        committee_options.fetch(:old_assert_behavior, false)
+      end
+    end
+  end
+end

data/lib/committee/test/schema_coverage.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+module Committee
+  module Test
+    class SchemaCoverage
+      attr_reader :schema
+
+      class << self
+        def merge_report(first, second)
+          report = first.dup
+          second.each do |k, v|
+            if v.is_a?(Hash)
+              if report[k].nil?
+                report[k] = v
+              else
+                report[k] = merge_report(report[k], v)
+              end
+            else
+              report[k] ||= v
+            end
+          end
+          report
+        end
+
+        def flatten_report(report)
+          responses = []
+          report.each do |path_name, path_coverage|
+            path_coverage.each do |method, method_coverage|
+              responses_coverage = method_coverage['responses']
+              responses_coverage.each do |response_status, is_covered|
+                responses << {
+                  path: path_name,
+                  method: method,
+                  status: response_status,
+                  is_covered: is_covered,
+                }
+              end
+            end
+          end
+          {
+            responses: responses,
+          }
+        end
+      end
+
+      def initialize(schema)
+        raise 'Unsupported schema' unless schema.is_a?(Committee::Drivers::OpenAPI3::Schema)
+
+        @schema = schema
+        @covered = {}
+      end
+
+      def update_response_coverage!(path, method, response_status)
+        method = method.to_s.downcase
+        response_status = response_status.to_s
+
+        @covered[path] ||= {}
+        @covered[path][method] ||= {}
+        @covered[path][method]['responses'] ||= {}
+        @covered[path][method]['responses'][response_status] = true
+      end
+
+      def report
+        report = {}
+
+        schema.open_api.paths.path.each do |path_name, path_item|
+          report[path_name] = {}
+          path_item._openapi_all_child_objects.each do |object_name, object|
+            next unless object.is_a?(OpenAPIParser::Schemas::Operation)
+
+            method = object_name.split('/').last&.downcase
+            next unless method
+
+            report[path_name][method] ||= {}
+
+            # TODO: check coverage on request params/body as well?
+
+            report[path_name][method]['responses'] ||= {}
+            object.responses.response.each do |response_status, _|
+              is_covered = @covered.dig(path_name, method, 'responses', response_status) || false
+              report[path_name][method]['responses'][response_status] = is_covered
+            end
+            if object.responses.default
+              is_default_covered = (@covered.dig(path_name, method, 'responses') || {}).any? do |status, is_covered|
+                is_covered && !object.responses.response.key?(status)
+              end
+              report[path_name][method]['responses']['default'] = is_default_covered
+            end
+          end
+        end
+
+        report
+      end
+
+      def report_flatten
+        self.class.flatten_report(report)
+      end
+    end
+  end
+end
+

data/lib/committee/utils.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Committee
+    module Utils
+        # Creates a Hash with indifferent access.
+        #
+        # (Copied from Sinatra)
+        def self.indifferent_hash
+            Hash.new { |hash,key| hash[key.to_s] if Symbol === key }
+        end
+
+        def self.deep_copy(from)
+            if from.is_a?(Hash)
+                h = Committee::Utils.indifferent_hash
+                from.each_pair do |k, v|
+                h[k] = deep_copy(v)
+                end
+                return h
+            end
+
+            if from.is_a?(Array)
+                return from.map{ |v| deep_copy(v) }
+            end
+
+            return from
+        end
+    end
+end