cuba-api 0.4.0 → 0.5.0

data/Gemfile

@@ -2,5 +2,5 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem  'copyright-header', '~> 1.0', :platform => :mri
+gem  'copyright-header', '~> 1.0', :platform => :mri, :group => :copyright
 

data/README.md

@@ -3,7 +3,7 @@ cuba-api
 
 * [![Build Status](https://secure.travis-ci.org/mkristian/cuba-api.png)](http://travis-ci.org/mkristian/cuba-api)
 * [![Dependency Status](https://gemnasium.com/mkristian/cuba-api.png)](https://gemnasium.com/mkristian/cuba-api)
-* [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/mkristian/cuba-api)
+* [![Code Climate](https://codeclimate.com/github/mkristian/cuba-api.png)](https://codeclimate.com/github/mkristian/cuba-api)
 
 these are just a handful for [cuba](https://github.com/soveran/cuba) to use cuba as API server.
 
@@ -12,7 +12,7 @@ security
 
 cuba-api installs the **safe_yaml** gem and will use it when you accept yaml input. installing **safe_yaml** is a bit invasiv, but better be on the safe side of things.
 
-cuba\_-api/config.rb
+cuba\_api/config.rb
 ------------------
 
 this plugin adds configuration to cuba which inherits from its superclass. this is very similar to `Cuba.settings`.
@@ -52,6 +52,53 @@ some helper methods to manage a current_user n the session. needs a session-mana
 	  def from_session( session_data ) User.find_by_id( hash_data ); end
 	end
 
+cuba\_api/cors.rb 
+--------------------------
+
+setup CORS for you cuba, i.e.
+
+    Cuba.plugin CubaApi::Config
+    Cuba.plugin CubaApi::Cors
+    # optinal
+    Cuba.cors_setup do |cors|
+      cors.max_age = 123 # default: 86400
+      cors.methods = :put # default: all methods
+      cors.headers = 'x-requested-with' # default: all headers
+      cors.origins = 'http://middleearth' # default: all origins
+      cors.expose = 'x-requested-with' # default: nil
+    end
+
+that setup works fine with composition, i.e. each component has their own config and inherits from the parent component.
+
+there a two variations of the "on" block one that takes an extra first argument for the method(s), i.e.
+
+    on_cors_method [:post, :get], 'office/:me' do |me|
+      on post do
+        res.write "#{me} posted"
+      end
+    end
+
+    on_cors_method :delete, 'something' do
+      res.write "delete something"
+    end
+
+the method symbol get 'translated' into the checks for method like ```get```, ```post```, etc. when an CORS options request comes in the it will be answered with the respective 'Access-Control-' headers. especially the 'Access-Control-Allowed-Methods' is set appropriately.
+
+the second "on" block is less fine controlled
+
+    on_cors 'path/to/:who' do |who|
+      on post do
+        res.write "post from #{who}"
+      end
+    end
+	  
+    on_cors do
+      on put do
+        res.write "put answered"
+      end
+    end
+	  
+ here the 'Access-Control-Allowed-Methods' is set with the default from the ```cors_setup```.
 
 cuba\_api/guard.rb 
 --------------------------
@@ -69,7 +116,7 @@ simple authorization which assumes a user belongs to many groups and group has a
 Pending
 -------
 
-request payload needs to parse from json, yaml or xml into a hash.
+improve guard
 
 Contributing
 ------------

data/lib/cuba_api/cors.rb

@@ -0,0 +1,189 @@
+class CORS
+
+  DEFAULT_METHODS = [ 'GET',  'HEAD', 'POST', 'PUT', 'DELETE' ]
+
+  def initialize( options, &block )
+    @options = options
+    # only for inspect
+    @config = options.config
+    # set default max_ago
+    self.max_age = 60 * 60 * 24 # one day
+    block.call self if block
+  end
+
+  def config
+    @config
+  end
+
+  def method_missing( method, *args )
+    m = method.to_s
+    if m.match /^_/
+      if m =~ /=$/
+        @options[ "cors_#{m[1..-2]}".to_sym ] = args.flatten
+      else
+        @options[ "cors_#{m[1..-1]}".to_sym ]
+      end
+    else
+      super
+    end
+  end
+
+  def max_age=( max )
+    @options[ :cors_max_age ] = max
+  end
+  
+  def expose=( expose )
+    self._expose = expose
+  end
+
+  def origins=( *origins )
+    self._origins = [ origins ].flatten
+  end
+  
+  def origins( domain )
+    origins = self._origins
+    if origins == [ '*' ] || origins.nil? || origins.member?( domain )
+      domain
+    end
+  end
+
+  def methods=( *methods )
+    self._methods = [ methods ].flatten.collect{ |h| h.to_s.upcase } 
+  end
+  
+  def methods( method, methods = nil )
+    methods = methods.collect { |m| m.to_s.upcase } if methods
+    if (methods || self._methods || DEFAULT_METHODS).member?( method.to_s.upcase )
+      methods || self._methods || DEFAULT_METHODS
+    end
+  end
+
+  def allowed?( methods )
+    if methods
+      methods = methods.collect { |m| m.to_s.upcase }
+      ( ( self._methods || DEFAULT_METHODS ) & methods ).size > 0
+    else
+      true
+    end
+  end
+
+  def headers=( *headers )
+    self._headers = [ headers ].flatten.collect{ |h| h.to_s.upcase }
+  end
+
+  def headers( headers )
+    # return headers as they come in when not configured
+    headers = headers.split( /,\s+/ ) if headers
+    if self._headers && headers
+      given = headers.collect{ |h| h.to_s.upcase }
+      # give back the allowed subset of the given headers
+      result = given & self._headers
+      result = nil if result.empty?
+      result
+    else
+      headers
+    end
+  end
+
+  def allow_origin( req, res )
+    if orig = origins( req[ 'HTTP_ORIGIN' ] )
+      res[ 'Access-Control-Allow-Origin' ] = orig
+    end
+  end
+
+  def process( req, res, methods )
+    allow_origin( req, res )
+    res[ 'Access-Control-Max-Age' ] = _max_age.to_s if _max_age
+    if m = methods( req[ 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' ], methods )
+      res[ 'Access-Control-Allow-Methods' ] = m.join( ', ' )
+    end
+    if h = headers( req[ 'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' ] )
+      res[ 'Access-Control-Allow-Headers' ] = h.join( ', ' )
+    end
+    unless _expose.nil? || _expose.empty?
+      res[ 'Access-Control-Expose-Headers' ] = _expose.join( ', ' )
+    end
+    res.status = 200
+  end
+end
+
+module CubaApi
+  module Cors
+    module ClassMethods
+
+      def cors_setup( &block )
+        self[ :cors ] = CORS.new( self, &block )
+      end
+      
+    end
+
+    # # setup cors for in request coming here
+    # on_cors do
+    #   on ...
+    #     ...
+    #   end
+    # end
+
+    # # all methods
+    # on_cors( 'my_path' ) do 
+    #   on get, 'something' do
+    #     ...
+    #   end
+    # end
+
+    # # only put method allowed
+    # on_cors_method( :put, 'my_path/change_something' ) do 
+    #   on ...
+    #     ...
+    #   end
+    # end
+
+    # # only put method allowed
+    # on_cors_method( [:post, :put], 'my_path/new' ) do 
+    #   on ...
+    #     ...
+    #   end
+    # end
+
+    def on_cors( *args )
+      _on_cors( nil, *args ) do |*vars|
+        yield( *vars )
+      end
+    end
+
+    def on_cors_method( methods, *args )
+      methods = [ methods ] unless methods.is_a? Array
+      _on_cors( methods, *args ) do |*vars|
+        yield( *vars )
+      end
+    end
+
+    private
+
+    def _on_cors( methods = nil, *args )
+      cors = ( self.class[ :cors ] ||= CORS.new( self.class ) )
+
+      if req.options? && cors.allowed?( methods )
+        #  send the response on option headers
+        on *args do
+          cors.process( env, res, methods )
+        end
+      else
+        unless methods.nil?
+          allowed = methods.detect do |m|
+            send m.to_sym
+          end
+          args.insert( 0, allowed != nil )
+        end
+        if env[ 'HTTP_ORIGIN' ]
+          args.insert( 0, cors.origins( env[ 'HTTP_ORIGIN' ] ) != nil )
+        end
+        on *args do |*vars|
+          cors.allow_origin( env, res )
+          yield( *vars )
+        end
+      end
+    end
+  end
+end
+

data/lib/cuba_api/cors.rb~

@@ -0,0 +1,162 @@
+class CORS
+
+  DEFAULT_METHODS = [ 'GET',  'HEAD', 'POST', 'PUT', 'DELETE' ]
+
+  def initialize( options, &block )
+    @options = options
+    # only for inspect
+    @config = options.config
+    # set default max_ago
+    self.max_age = 60 * 60 * 24 # one day
+    block.call self if block
+  end
+
+  def config
+    @config
+  end
+
+  def method_missing( method, *args )
+    m = method.to_s
+    if m.match /^_/
+      if m =~ /=$/
+        @options[ "cors_#{m[1..-2]}".to_sym ] = args.flatten
+      else
+        @options[ "cors_#{m[1..-1]}".to_sym ]
+      end
+    else
+      super
+    end
+  end
+
+  def max_age=( max )
+    @options[ :cors_max_age ] = max
+  end
+  
+  def exposed=( exposed )
+    self._exposed = exposed
+  end
+
+  def origins( domain )
+    origins = self._origins
+    if origins == [ '*' ] || origins.nil? || origins.member?( domain )
+      domain
+    end
+  end
+
+  def methods=( *methods )
+    self._methods = [ methods ].flatten.collect{ |h| h.to_s.upcase } 
+  end
+  
+  def methods( method, methods = nil )
+    if (methods || self._methods || DEFAULT_METHODS).member?( method.to_s.upcase )
+      methods || self._methods || DEFAULT_METHODS
+    end
+  end
+
+  def allowed?( methods )
+    methods = methods.nil? ? [] : methods.collect { |m| m.to_s.upcase }
+    ( ( self._methods || DEFAULT_METHODS ) & ( methods || [] ) ).size > 0
+  end
+
+  def headers=( *headers )
+    self._headers = [ headers ].flatten.collect{ |h| h.to_s.upcase }
+  end
+
+  def headers( headers )
+    # return headers as they come in when not configured
+    headers = headers.split( /,\s+/ ) if headers
+    if self._headers
+      given = [ headers ].flatten.collect{ |h| h.to_s.upcase }
+      # give back the allowed subset of the given headers
+      given & self._headers
+    else
+      headers
+    end
+  end
+
+  def allow_origin( req, res )
+    if orig = origins( req[ 'HTTP_ORIGIN' ] )
+      res[ 'Access-Control-Allow-Origin' ] = orig
+    end
+  end
+
+  def process( req, res, methods )
+    allow_origin( req, res )
+    res[ 'Access-Control-Max-Age' ] = _max_age.to_s if _max_age
+    if m = methods( req[ 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' ], methods )
+      res[ 'Access-Control-Allow-Methods' ] = m.join( ', ' )
+    end
+    if h = headers( req[ 'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' ] )
+      res[ 'Access-Control-Allow-Headers' ] = h.join( ', ' )
+    end
+    unless _expose.nil? || _expose.empty?
+      res[ 'Access-Control-Expose-Headers' ] = _expose.join( ', ' )
+    end
+    res.status = 200
+  end
+end
+
+module CubaApi
+  module Cors
+    module ClassMethods
+
+      def cors_setup( &block )
+        self[ :cors ] = CORS.new( self, &block )
+      end
+      
+    end
+
+    # # setup cors for in request coming here
+    # on_cors do
+    #   on ...
+    #     ...
+    #   end
+    # end
+
+    # # all methods
+    # on_cors( true, 'my_path' ) do 
+    #   on get, 'something' do
+    #     ...
+    #   end
+    # end
+
+    # # only put method allowed
+    # on_cors( :put, 'my_path/change_something' ) do 
+    #   on ...
+    #     ...
+    #   end
+    # end
+
+    def on_cors( methods = nil, *args )
+      cors = ( self.class[ :cors ] ||= CORS.new( self.class ) )
+      if methods == true || methods.nil?
+        methods = nil
+      else
+        methods = [ methods ] unless methods.is_a? Array
+      end
+
+      if req.options? && ( methods.nil? || cors.allowed?( methods ) )
+        #  send the response on option headers
+        on *args do
+          cors.process( env, res, methods )
+        end
+      else
+        if methods.nil?
+          # allow all methods
+        elsif methods.size == 1
+          # restrict to given method
+          args.insert( 0, methods.first.to_sym )
+        else
+          # restrict to given methods
+          args.insert( 0, cors.allowed?( methods ) )
+        end
+        
+        on *args do |*vars|
+          cors.allow_origin( env, res )
+          yield( *vars )
+        end
+      end
+    end
+  end
+end
+

data/lib/cuba_api/no_session_rack.rb

@@ -0,0 +1,16 @@
+module CubaApi
+  class NoSessionRack
+    def initialize( app, *not_pattern )
+      @app = app
+      @reg_exp = /^\/#{not_pattern.join( ',^\/' )}/
+    end
+    
+    def call( env )
+      status, headers, resp = @app.call( env )
+      if not( env[ 'PATH_INFO' ] =~ @regexp )
+        headers.delete( 'Set-Cookie' )
+      end
+      [ status, headers, resp ]
+    end
+  end
+end

data/lib/cuba_api/no_session_rack.rb~

@@ -0,0 +1,16 @@
+module CubaApi
+  class NoSessionRack
+    def initialize( app, regexp )
+      @app = app
+      @regexp = regexp
+    end
+    
+    def call( env )
+      status, headers, resp = @app.call( env )
+      if env[ 'PATH_INFO' ] =~ @regexp
+        headers.delete( 'Set-Cookie' )
+      end
+      [ status, headers, resp ]
+    end
+  end
+end

data/lib/cuba_api/response_status.rb

@@ -5,6 +5,11 @@ module CubaApi
         if obj.respond_to?( :errors ) && obj.errors.size > 0
           res.status = 412 # Precondition Failed
           obj = obj.errors
+          if obj.respond_to? :to_hash
+            warn "[CubaApi::ResponseStatus] #{obj.to_hash.values.join( "\n" )}"
+          else
+            warn "[CubaApi::ResponseStatus] #{obj.inspect}"
+          end
         elsif req.post?
           res.status = 201 # Created
           if obj.respond_to?( :id ) && ! res[ 'Location' ]

data/lib/cuba_api/serializer.rb

@@ -34,7 +34,7 @@ module CubaApi
       if options[:serializer] == false || obj.is_a?( String )
         obj
       else
-        s = self.class.serializer_factory.new_serializer( obj )
+        s = options[:serializer] ? options[:serializer].new( obj ) : self.class.serializer_factory.new_serializer( obj )
         s.use( options[ :use ] ) if options[ :use ]
         s
       end

data/lib/cuba_api/utils.rb

@@ -6,6 +6,16 @@ module CubaApi
       Proc.new { env[ 'PATH_INFO' ].empty? }
     end
 
+    # matcher
+    def head
+      req.head?
+    end
+
+    def option
+      req.options?
+    end
+
+    # params
     def to_float( name, default = nil )
      v = req[ name ]
      if v

data/spec/cors_spec.rb

@@ -0,0 +1,118 @@
+require File.expand_path( File.join( File.dirname( __FILE__ ),
+                                     'spec_helper.rb' ) )
+require 'cuba_api/config'
+require 'cuba_api/cors'
+
+describe CubaApi::Cors do
+
+  before do
+    Cuba.reset!
+    Cuba.plugin CubaApi::Config
+    Cuba.plugin CubaApi::Cors
+    Cuba.define do
+
+      on_cors 'path/to/:who' do |who|
+        on post do
+          res.write "post from #{who}"
+        end
+      end
+
+      on_cors_method [:post, :get], 'office/:me' do |me|
+        on post do
+          res.write "#{me} posted"
+        end
+      end
+
+      on_cors_method :delete, 'something' do
+        res.write "delete something"
+      end
+
+      on_cors_method :delete, 'home/:me' do |me|
+        res.write "delete #{me}"
+      end
+
+      on_cors do
+        on put do
+          res.write "put answered"
+        end
+      end
+
+    end
+  end
+
+  let( :env ) do
+    { 'REQUEST_METHOD' => 'OPTIONS',
+      'PATH_INFO' => '/account',
+      'HTTP_ORIGIN' => 'http://middleearth',
+      'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'PUT',
+      'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' => 'x-requested-with'
+    }
+  end
+
+  it 'should response with catch section' do
+    _, headers, _ = Cuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "86400"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "GET, HEAD, POST, PUT, DELETE"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'x-requested-with'
+    headers[ "Access-Control-Allow-Expose-Headers" ].must.eq nil
+
+    env[ 'REQUEST_METHOD' ] = 'PUT'
+    _, _, resp = Cuba.call( env )
+    resp.join.must.eq 'put answered'
+  end
+
+  it 'should with path/to/:me section' do
+    env[ 'PATH_INFO' ] = '/path/to/alf'
+    env[ 'SCRIPT_NAME' ] = '/path/to/alf'
+
+    _, headers, _ = Cuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "86400"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "GET, HEAD, POST, PUT, DELETE"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'x-requested-with'
+    headers[ "Access-Control-Allow-Expose-Headers" ].must.eq nil
+
+    env[ 'REQUEST_METHOD' ] = 'POST'
+    _, _, resp = Cuba.call( env )
+    resp.join.must.eq 'post from alf'
+  end
+
+  it 'should with home/:me section' do
+    env[ 'PATH_INFO' ] = '/home/gandalf'
+    env[ 'SCRIPT_NAME' ] = '/home/gandalf'
+    env[ 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' ] = 'DELETE'
+
+    _, headers, _ = Cuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "86400"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "DELETE"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'x-requested-with'
+    headers[ "Access-Control-Allow-Expose-Headers" ].must.eq nil
+
+    env[ 'REQUEST_METHOD' ] = 'DELETE'
+    _, _, resp = Cuba.call( env )
+    resp.join.must.eq 'delete gandalf'
+  end
+
+  it 'should with office/:me section' do
+    env[ 'PATH_INFO' ] = '/office/frodo'
+    env[ 'SCRIPT_NAME' ] = '/home/frodo'
+    env[ 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' ] = 'POST'
+
+    _, headers, _ = Cuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "86400"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "POST, GET"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'x-requested-with'
+    headers[ "Access-Control-Allow-Expose-Headers" ].must.eq nil
+
+    env[ 'REQUEST_METHOD' ] = 'POST'
+    _, _, resp = Cuba.call( env )
+    resp.join.must.eq 'frodo posted'
+  end
+end

data/spec/cors_spec.rb~

@@ -0,0 +1,119 @@
+require File.expand_path( File.join( File.dirname( __FILE__ ),
+                                     'spec_helper.rb' ) )
+require 'cuba_api/config'
+require 'cuba_api/cors'
+
+describe CubaApi::Cors do
+
+  before do
+    Cuba.reset!
+    Cuba.plugin CubaApi::Config
+    Cuba.plugin CubaApi::Cors
+    Cuba.define do
+
+      on_cors 'path/to/:who' do |who|
+        on post do
+          res.write "post from #{who}"
+        end
+      end
+
+      on_cors_method [:post, :get], 'office/:me' do |me|
+        on post do
+          res.write "#{me} posted"
+        end
+      end
+
+      on_cors_method :delete, 'something' do
+        res.write "delete something"
+      end
+
+      on_cors_method :delete, 'home/:me' do |me|
+        res.write "delete #{me}"
+      end
+
+      on_cors do
+        on put do
+          res.write "put answered"
+        end
+      end
+
+    end
+  end
+
+  let( :env ) do
+{ 'REQUEST_METHOD' => 'OPTIONS',
+#      'SCRIPT_NAME' => '/account',
+      'PATH_INFO' => '/account',
+      'HTTP_ORIGIN' => 'http://middleearth',
+      'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'PUT',
+      'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' => 'x-requested-with'
+    }
+  end
+
+  it 'should response with catch section' do
+    _, headers, _ = Cuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "86400"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "GET, HEAD, POST, PUT, DELETE"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'x-requested-with'
+    headers[ "Access-Control-Allow-Expose-Headers" ].must.eq nil
+
+    env[ 'REQUEST_METHOD' ] = 'PUT'
+    _, _, resp = Cuba.call( env )
+    resp.join.must.eq 'put answered'
+  end
+
+  it 'should with path/to/:me section' do
+    env[ 'PATH_INFO' ] = '/path/to/alf'
+    env[ 'SCRIPT_NAME' ] = '/path/to/alf'
+
+    _, headers, _ = Cuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "86400"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "GET, HEAD, POST, PUT, DELETE"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'x-requested-with'
+    headers[ "Access-Control-Allow-Expose-Headers" ].must.eq nil
+
+    env[ 'REQUEST_METHOD' ] = 'POST'
+    _, _, resp = Cuba.call( env )
+    resp.join.must.eq 'post from alf'
+  end
+
+  it 'should with home/:me section' do
+    env[ 'PATH_INFO' ] = '/home/gandalf'
+    env[ 'SCRIPT_NAME' ] = '/home/gandalf'
+    env[ 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' ] = 'DELETE'
+
+    _, headers, _ = Cuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "86400"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "DELETE"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'x-requested-with'
+    headers[ "Access-Control-Allow-Expose-Headers" ].must.eq nil
+
+    env[ 'REQUEST_METHOD' ] = 'DELETE'
+    _, _, resp = Cuba.call( env )
+    resp.join.must.eq 'delete gandalf'
+  end
+
+  it 'should with office/:me section' do
+    env[ 'PATH_INFO' ] = '/office/frodo'
+    env[ 'SCRIPT_NAME' ] = '/home/frodo'
+    env[ 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' ] = 'POST'
+
+    _, headers, _ = Cuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "86400"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "POST, GET"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'x-requested-with'
+    headers[ "Access-Control-Allow-Expose-Headers" ].must.eq nil
+
+    env[ 'REQUEST_METHOD' ] = 'POST'
+    _, _, resp = Cuba.call( env )
+    resp.join.must.eq 'frodo posted'
+  end
+end

data/spec/cors_with_config_spec.rb

@@ -0,0 +1,77 @@
+require File.expand_path( File.join( File.dirname( __FILE__ ),
+                                     'spec_helper.rb' ) )
+require 'cuba_api/config'
+require 'cuba_api/cors'
+
+describe CubaApi::Cors do
+
+  before do
+    Cuba.reset!
+    class ACuba < Cuba
+      plugin CubaApi::Config
+      plugin CubaApi::Cors
+      cors_setup do |cors|
+        cors.max_age = 123
+        cors.methods = :put
+        cors.headers = 'x-requested-with'
+        cors.origins = 'http://middleearth'
+        cors.expose = 'x-requested-with'
+      end
+      define do
+
+        on_cors do
+          on put do
+            res.write "put answered"
+          end
+          
+          on do
+            res.status = 404
+          end
+        end
+        
+      end
+    end
+  end
+
+  let( :env ) do
+    { 'REQUEST_METHOD' => 'OPTIONS',
+      'PATH_INFO' => '/account',
+      'HTTP_ORIGIN' => 'http://middleearth',
+      'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'PUT',
+      'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' => 'x-requested-with'
+    }
+  end
+
+  it 'should response OK' do
+    _, headers, _ = ACuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "123"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "PUT"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'X-REQUESTED-WITH'
+    headers[ "Access-Control-Expose-Headers" ].must.eq 'x-requested-with'
+
+    env[ 'REQUEST_METHOD' ] = 'PUT'
+    _, _, resp = ACuba.call( env )
+    resp.join.must.eq 'put answered'
+  end
+
+  it 'should response FAILED' do
+    env[ 'HTTP_ORIGIN' ] = 'http://localhost'
+    env[ 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' ] = 'POST'
+    env[ 'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' ] = 'x-timeout'
+
+    _, headers, _ = ACuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "123"
+    headers[ "Access-Control-Allow-Origin" ].must.eq nil
+    headers[ "Access-Control-Allow-Methods" ].must.eq nil
+    headers[ "Access-Control-Allow-Headers" ].must.eq nil
+    headers[ "Access-Control-Expose-Headers" ].must.eq 'x-requested-with'
+
+    env[ 'REQUEST_METHOD' ] = 'PUT'
+    status, _, _ = ACuba.call( env )
+    status.must.eq 404
+  end
+
+end

data/spec/cors_with_config_spec.rb~

@@ -0,0 +1,77 @@
+require File.expand_path( File.join( File.dirname( __FILE__ ),
+                                     'spec_helper.rb' ) )
+require 'cuba_api/config'
+require 'cuba_api/cors'
+
+describe CubaApi::Cors do
+
+  before do
+    Cuba.reset!
+    class ACuba < Cuba
+      plugin CubaApi::Config
+      plugin CubaApi::Cors
+      cors_setup do |cors|
+        cors.max_age = 123
+        cors.methods = :put
+        cors.headers = 'x-requested-with'
+        cors.origins = 'http://middleearth'
+        cors.expose = 'x-requested-with'
+      end
+      define do
+
+        on_cors do
+          on put do
+            res.write "put answered"
+          end
+          
+          on do
+            res.status = 404
+        end
+        end
+        
+      end
+    end
+  end
+
+  let( :env ) do
+    { 'REQUEST_METHOD' => 'OPTIONS',
+      'PATH_INFO' => '/account',
+      'HTTP_ORIGIN' => 'http://middleearth',
+      'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'PUT',
+      'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' => 'x-requested-with'
+    }
+  end
+
+  it 'should response OK' do
+    _, headers, _ = ACuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "123"
+    headers[ "Access-Control-Allow-Origin" ].must.eq "http://middleearth"
+    headers[ "Access-Control-Allow-Methods" ].must.eq "PUT"
+    headers[ "Access-Control-Allow-Headers" ].must.eq 'X-REQUESTED-WITH'
+    headers[ "Access-Control-Expose-Headers" ].must.eq 'x-requested-with'
+
+    env[ 'REQUEST_METHOD' ] = 'PUT'
+    _, _, resp = ACuba.call( env )
+    resp.join.must.eq 'put answered'
+  end
+
+  it 'should response FAILED' do
+    env[ 'HTTP_ORIGIN' ] = 'http://localhost'
+    env[ 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' ] = 'POST'
+    env[ 'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' ] = 'x-timeout'
+
+    _, headers, _ = ACuba.call( env )
+
+    headers[ "Access-Control-Max-Age" ].must.eq "123"
+    headers[ "Access-Control-Allow-Origin" ].must.eq nil
+    headers[ "Access-Control-Allow-Methods" ].must.eq nil
+    headers[ "Access-Control-Allow-Headers" ].must.eq nil
+    headers[ "Access-Control-Expose-Headers" ].must.eq 'x-requested-with'
+
+    env[ 'REQUEST_METHOD' ] = 'PUT'
+    status, _, _ = ACuba.call( env )
+    status.must.eq 404
+  end
+
+end

data/spec/spec_helper.rb

@@ -1,3 +1,8 @@
+# single spec setup
+$LOAD_PATH.unshift File.join( File.dirname( File.expand_path( File.dirname( __FILE__ ) ) ),
+                              'lib' )
+require 'minitest/autorun'
+
 require 'cuba'
 ENV["MT_NO_EXPECTATIONS"] = "true"
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cuba-api
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
   prerelease:
 platform: ruby
 authors:
@@ -9,19 +9,19 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-07-08 00:00:00.000000000 Z
+date: 2013-09-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cuba
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
     none: false
@@ -31,13 +31,13 @@ dependencies:
   name: ixtlan-babel
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.4'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.4'
     none: false
@@ -47,13 +47,13 @@ dependencies:
   name: safe_yaml
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.8'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.8'
     none: false
@@ -63,13 +63,13 @@ dependencies:
   name: multi_json
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.6'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.6'
     none: false
@@ -79,13 +79,13 @@ dependencies:
   name: json
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.6'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.6'
     none: false
@@ -95,13 +95,13 @@ dependencies:
   name: rake
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '10.0'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '10.0'
     none: false
@@ -111,13 +111,13 @@ dependencies:
   name: minitest
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.0'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.0'
     none: false
@@ -127,13 +127,13 @@ dependencies:
   name: mustard
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.1'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.1'
     none: false
@@ -143,13 +143,13 @@ dependencies:
   name: backports
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '2.6'
     none: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '2.6'
     none: false
@@ -164,48 +164,56 @@ extra_rdoc_files: []
 files:
 - MIT-LICENSE
 - README.md
-- lib/cuba_api.rb~
 - lib/cuba_api.rb
-- lib/cuba_api/ext2mime_rack.rb~
-- lib/cuba_api/guard.rb
-- lib/cuba_api/accept_content.rb
-- lib/cuba_api/ext2mime_rack.rb
-- lib/cuba_api/response_status.rb~
-- lib/cuba_api/accept_content.rb~
+- lib/cuba_api.rb~
+- lib/cuba_api/write_aspect.rb~
+- lib/cuba_api/config.rb~
 - lib/cuba_api/reloader_rack.rb
+- lib/cuba_api/utils.rb
+- lib/cuba_api/cors.rb~
+- lib/cuba_api/input_filter.rb~
+- lib/cuba_api/response_status.rb~
+- lib/cuba_api/reponse_status.rb~
+- lib/cuba_api/write_aspect.rb
 - lib/cuba_api/write_aspects.rb~
-- lib/cuba_api/write_aspect.rb~
 - lib/cuba_api/serializer.rb~
+- lib/cuba_api/ext2mime_rack.rb~
 - lib/cuba_api/response_status.rb
-- lib/cuba_api/serializer.rb
-- lib/cuba_api/write_aspect.rb
+- lib/cuba_api/cors.rb
+- lib/cuba_api/utils.rb~
+- lib/cuba_api/guard.rb
 - lib/cuba_api/current_user.rb~
-- lib/cuba_api/input_filter.rb~
+- lib/cuba_api/config.rb
+- lib/cuba_api/accept_content.rb
+- lib/cuba_api/ext2mime_rack.rb
 - lib/cuba_api/input_filter.rb
-- lib/cuba_api/reponse_status.rb~
-- lib/cuba_api/config.rb~
-- lib/cuba_api/guard.rb~
+- lib/cuba_api/accept_content.rb~
 - lib/cuba_api/reloader_rack.rb~
-- lib/cuba_api/utils.rb
+- lib/cuba_api/no_session_rack.rb~
+- lib/cuba_api/serializer.rb
+- lib/cuba_api/no_session_rack.rb
+- lib/cuba_api/guard.rb~
 - lib/cuba_api/current_user.rb
-- lib/cuba_api/utils.rb~
-- lib/cuba_api/config.rb
-- spec/response_status_spec.rb~
+- spec/serializer_spec.rb
+- spec/cors_with_config_spec.rb~
+- spec/accept_spec.rb
 - spec/current_user_spec.rb
-- spec/spec_helper.rb
-- spec/response_status_spec.rb
 - spec/config_spec.rb
 - spec/input_filter_spec.rb
-- spec/current_user_spec.rb~
-- spec/aspects_spec.rb~
-- spec/aspects_spec.rb
-- spec/serializer_spec.rb
-- spec/spec_helper.rb~
-- spec/input_filter_spec.rb~
 - spec/serializer_spec.rb~
+- spec/aspects_spec.rb~
 - spec/accept_spec.rb~
+- spec/cors_with_config_spec.rb
+- spec/spec_helper.rb~
+- spec/response_status_spec.rb
+- spec/spec_helper.rb
+- spec/response_status_spec.rb~
+- spec/cors_spec.rb
+- spec/current_user_spec.rb~
+- spec/aspects_spec.rb
 - spec/config_spec.rb~
-- spec/accept_spec.rb
+- spec/input_filter_spec.rb~
+- spec/cors_spec.rb~
 - Gemfile
 homepage: http://github.com/mkristian/cuba-api
 licenses:
@@ -216,17 +224,15 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
-      version: !binary |-
-        MA==
+      version: '0'
   none: false
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
-      version: !binary |-
-        MA==
+      version: '0'
   none: false
 requirements: []
 rubyforge_project:
@@ -235,10 +241,12 @@ signing_key:
 specification_version: 3
 summary: set of plugins for using cuba as API server
 test_files:
+- spec/serializer_spec.rb
+- spec/accept_spec.rb
 - spec/current_user_spec.rb
-- spec/response_status_spec.rb
 - spec/config_spec.rb
 - spec/input_filter_spec.rb
+- spec/cors_with_config_spec.rb
+- spec/response_status_spec.rb
+- spec/cors_spec.rb
 - spec/aspects_spec.rb
-- spec/serializer_spec.rb
-- spec/accept_spec.rb