faraday_middleware_safeyaml 0.12.pre.safeyaml

data/lib/faraday_middleware/request/oauth.rb

@@ -0,0 +1,87 @@
+require 'faraday'
+require 'forwardable'
+
+module FaradayMiddleware
+  # Public: Uses the simple_oauth library to sign requests according the
+  # OAuth protocol.
+  #
+  # The options for this middleware are forwarded to SimpleOAuth::Header:
+  # :consumer_key, :consumer_secret, :token, :token_secret. All these
+  # parameters are optional.
+  #
+  # The signature is added to the "Authorization" HTTP request header. If the
+  # value for this header already exists, it is not overriden.
+  #
+  # If no Content-Type header is specified, this middleware assumes that
+  # request body parameters should be included while signing the request.
+  # Otherwise, it only includes them if the Content-Type is
+  # "application/x-www-form-urlencoded", as per OAuth 1.0.
+  #
+  # For better performance while signing requests, this middleware should be
+  # positioned before UrlEncoded middleware on the stack, but after any other
+  # body-encoding middleware (such as EncodeJson).
+  class OAuth < Faraday::Middleware
+    dependency 'simple_oauth'
+
+    AUTH_HEADER = 'Authorization'.freeze
+    CONTENT_TYPE = 'Content-Type'.freeze
+    TYPE_URLENCODED = 'application/x-www-form-urlencoded'.freeze
+
+    extend Forwardable
+    parser_method = :parse_nested_query
+    parser_module = ::Faraday::Utils.respond_to?(parser_method) ? 'Faraday::Utils' : 'Rack::Utils'
+    def_delegator parser_module, parser_method
+
+    def initialize(app, options)
+      super(app)
+      @options = options
+    end
+
+    def call(env)
+      env[:request_headers][AUTH_HEADER] ||= oauth_header(env).to_s if sign_request?(env)
+      @app.call(env)
+    end
+
+    def oauth_header(env)
+      SimpleOAuth::Header.new env[:method],
+                              env[:url].to_s,
+                              signature_params(body_params(env)),
+                              oauth_options(env)
+    end
+
+    def sign_request?(env)
+      !!env[:request].fetch(:oauth, true)
+    end
+
+    def oauth_options(env)
+      if extra = env[:request][:oauth] and extra.is_a? Hash and !extra.empty?
+        @options.merge extra
+      else
+        @options
+      end
+    end
+
+    def body_params(env)
+      if include_body_params?(env)
+        if env[:body].respond_to?(:to_str)
+          parse_nested_query env[:body]
+        else
+          env[:body]
+        end
+      end || {}
+    end
+
+    def include_body_params?(env)
+      # see RFC 5849, section 3.4.1.3.1 for details
+      !(type = env[:request_headers][CONTENT_TYPE]) or type == TYPE_URLENCODED
+    end
+
+    def signature_params(params)
+      params.empty? ? params :
+        params.reject {|k,v| v.respond_to?(:content_type) }
+    end
+  end
+end
+
+# deprecated alias
+Faraday::Request::OAuth = FaradayMiddleware::OAuth

data/lib/faraday_middleware/request/oauth2.rb

@@ -0,0 +1,85 @@
+require 'faraday'
+require 'forwardable'
+
+module FaradayMiddleware
+  # Public: A simple middleware that adds an access token to each request.
+  #
+  # By default, the token is added as both "access_token" query parameter and the
+  # "Authorization" HTTP request header. It can alternatively be added exclusively
+  # as a bearer token "Authorization" header by specifying a "token_type" option
+  # of "bearer". However, an explicit "access_token" parameter or "Authorization"
+  # header for the current request are not overriden.
+  #
+  # Examples
+  #
+  #   # configure default token:
+  #   OAuth2.new(app, 'abc123')
+  #
+  #   # configure query parameter name:
+  #   OAuth2.new(app, 'abc123', :param_name => 'my_oauth_token')
+  #
+  #   # use bearer token authorization header only
+  #   OAuth2.new(app, 'abc123', :token_type => 'bearer')
+  #
+  #   # default token value is optional:
+  #   OAuth2.new(app, :param_name => 'my_oauth_token')
+  class OAuth2 < Faraday::Middleware
+
+    PARAM_NAME  = 'access_token'.freeze
+    TOKEN_TYPE  = 'param'.freeze
+    AUTH_HEADER = 'Authorization'.freeze
+
+    attr_reader :param_name, :token_type
+
+    extend Forwardable
+    def_delegators :'Faraday::Utils', :parse_query, :build_query
+
+    def call(env)
+      params = { param_name => @token }.update query_params(env[:url])
+      token = params[param_name]
+
+      if token.respond_to?(:empty?) && !token.empty?
+        case @token_type.downcase
+        when 'param'
+          env[:url].query = build_query params
+          env[:request_headers][AUTH_HEADER] ||= %(Token token="#{token}")
+        when 'bearer'
+          env[:request_headers][AUTH_HEADER] ||= %(Bearer #{token})
+        end
+      end
+
+      @app.call env
+    end
+
+    def initialize(app, token = nil, options = {})
+      super(app)
+      options, token = token, nil if token.is_a? Hash
+      @token = token && token.to_s
+      @param_name = options.fetch(:param_name, PARAM_NAME).to_s
+      @token_type = options.fetch(:token_type, TOKEN_TYPE).to_s
+
+      if @token_type == 'param' && @param_name.empty?
+        raise ArgumentError, ":param_name can't be blank"
+      end
+
+      if options[:token_type].nil?
+        warn "\nWarning: FaradayMiddleware::OAuth2 initialized with default "\
+             "token_type - token will be added as both a query string parameter "\
+             "and an Authorization header. In the next major release, tokens will "\
+             "be added exclusively as an Authorization header by default. Please "\
+             "visit https://github.com/lostisland/faraday_middleware/wiki for more information."
+      end
+    end
+
+    def query_params(url)
+      if url.query.nil? or url.query.empty?
+        {}
+      else
+        parse_query url.query
+      end
+    end
+  end
+end
+
+# deprecated alias
+Faraday::Request::OAuth2 = FaradayMiddleware::OAuth2

data/lib/faraday_middleware/response/caching.rb

@@ -0,0 +1,102 @@
+require 'faraday'
+require 'forwardable'
+# fixes normalizing query strings:
+require 'faraday_middleware/addressable_patch' if defined? ::Addressable::URI
+
+module FaradayMiddleware
+  # Public: Caches GET responses and pulls subsequent ones from the cache.
+  class Caching < Faraday::Middleware
+    attr_reader :cache
+    # Internal: List of status codes that can be cached:
+    # * 200 - 'OK'
+    # * 203 - 'Non-Authoritative Information'
+    # * 300 - 'Multiple Choices'
+    # * 301 - 'Moved Permanently'
+    # * 302 - 'Found'
+    # * 404 - 'Not Found'
+    # * 410 - 'Gone'
+    CACHEABLE_STATUS_CODES = [200, 203, 300, 301, 302, 404, 410]
+
+    extend Forwardable
+    def_delegators :'Faraday::Utils', :parse_query, :build_query
+
+    # Public: initialize the middleware.
+    #
+    # cache   - An object that responds to read, write and fetch (default: nil).
+    # options - An options Hash (default: {}):
+    #           :ignore_params - String name or Array names of query params
+    #                            that should be ignored when forming the cache
+    #                            key (default: []).
+    #
+    # Yields if no cache is given. The block should return a cache object.
+    def initialize(app, cache = nil, options = {})
+      super(app)
+      options, cache = cache, nil if cache.is_a? Hash and block_given?
+      @cache = cache || yield
+      @options = options
+    end
+
+    def call(env)
+      if :get == env[:method]
+        if env[:parallel_manager]
+          # callback mode
+          cache_on_complete(env)
+        else
+          # synchronous mode
+          key = cache_key(env)
+          unless response = cache.read(key) and response
+            response = @app.call(env)
+
+            if CACHEABLE_STATUS_CODES.include?(response.status)
+              cache.write(key, response)
+            end
+          end
+          finalize_response(response, env)
+        end
+      else
+        @app.call(env)
+      end
+    end
+
+    def cache_key(env)
+      url = env[:url].dup
+      if url.query && params_to_ignore.any?
+        params = parse_query url.query
+        params.reject! {|k,| params_to_ignore.include? k }
+        url.query = params.any? ? build_query(params) : nil
+      end
+      url.normalize!
+      url.request_uri
+    end
+
+    def params_to_ignore
+      @params_to_ignore ||= Array(@options[:ignore_params]).map { |p| p.to_s }
+    end
+
+    def cache_on_complete(env)
+      key = cache_key(env)
+      if cached_response = cache.read(key)
+        finalize_response(cached_response, env)
+      else
+        # response.status is nil at this point, any checks need to be done inside on_complete block
+        @app.call(env).on_complete do |response_env|
+          if CACHEABLE_STATUS_CODES.include?(response_env.status)
+            cache.write(key, response_env.response)
+          end
+          response_env
+        end
+      end
+    end
+
+    def finalize_response(response, env)
+      response = response.dup if response.frozen?
+      env[:response] = response
+      unless env[:response_headers]
+        env.update response.env
+        # FIXME: omg hax
+        response.instance_variable_set('@env', env)
+      end
+      response
+    end
+  end
+end

data/lib/faraday_middleware/response/chunked.rb

@@ -0,0 +1,29 @@
+require 'faraday_middleware/response_middleware'
+
+module FaradayMiddleware
+  # Public: Parse a Transfer-Encoding: Chunked response to just the original data
+  class Chunked < FaradayMiddleware::ResponseMiddleware
+    TRANSFER_ENCODING = 'transfer-encoding'.freeze
+
+    define_parser do |raw_body|
+      decoded_body = []
+      until raw_body.empty?
+        chunk_len, raw_body = raw_body.split("\r\n", 2)
+        chunk_len = chunk_len.split(';',2).first.hex
+        break if chunk_len == 0
+        decoded_body << raw_body[0, chunk_len]
+        # The 2 is to strip the extra CRLF at the end of the chunk
+        raw_body = raw_body[chunk_len + 2, raw_body.length - chunk_len - 2]
+      end
+      decoded_body.join('')
+    end
+
+    def parse_response?(env)
+      super and chunked_encoding?(env[:response_headers])
+    end
+
+    def chunked_encoding?(headers)
+      encoding = headers[TRANSFER_ENCODING] and encoding.split(',').include?('chunked')
+    end
+  end
+end

data/lib/faraday_middleware/response/follow_redirects.rb

@@ -0,0 +1,134 @@
+require 'faraday'
+require 'set'
+
+module FaradayMiddleware
+  # Public: Exception thrown when the maximum amount of requests is exceeded.
+  class RedirectLimitReached < Faraday::Error::ClientError
+    attr_reader :response
+
+    def initialize(response)
+      super "too many redirects; last one to: #{response['location']}"
+      @response = response
+    end
+  end
+
+  # Public: Follow HTTP 301, 302, 303, 307, and 308 redirects.
+  #
+  # For HTTP 301, 302, and 303, the original GET, POST, PUT, DELETE, or PATCH
+  # request gets converted into a GET. With `:standards_compliant => true`,
+  # however, the HTTP method after 301/302 remains unchanged. This allows you
+  # to opt into HTTP/1.1 compliance and act unlike the major web browsers.
+  #
+  # This middleware currently only works with synchronous requests; i.e. it
+  # doesn't support parallelism.
+  #
+  # If you wish to persist cookies across redirects, you could use
+  # the faraday-cookie_jar gem:
+  #
+  #   Faraday.new(:url => url) do |faraday|
+  #     faraday.use FaradayMiddleware::FollowRedirects
+  #     faraday.use :cookie_jar
+  #     faraday.adapter Faraday.default_adapter
+  #   end
+  class FollowRedirects < Faraday::Middleware
+    # HTTP methods for which 30x redirects can be followed
+    ALLOWED_METHODS = Set.new [:head, :options, :get, :post, :put, :patch, :delete]
+    # HTTP redirect status codes that this middleware implements
+    REDIRECT_CODES  = Set.new [301, 302, 303, 307, 308]
+    # Keys in env hash which will get cleared between requests
+    ENV_TO_CLEAR    = Set.new [:status, :response, :response_headers]
+
+    # Default value for max redirects followed
+    FOLLOW_LIMIT = 3
+
+    # Regex that matches characters that need to be escaped in URLs, sans
+    # the "%" character which we assume already represents an escaped sequence.
+    URI_UNSAFE = /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]%]/
+
+    # Public: Initialize the middleware.
+    #
+    # options - An options Hash (default: {}):
+    #           :limit               - A Numeric redirect limit (default: 3)
+    #           :standards_compliant - A Boolean indicating whether to respect
+    #                                  the HTTP spec when following 301/302
+    #                                  (default: false)
+    #           :callback            - A callable that will be called on redirects
+    #                                  with the old and new envs
+    def initialize(app, options = {})
+      super(app)
+      @options = options
+
+      @convert_to_get = Set.new [303]
+      @convert_to_get << 301 << 302 unless standards_compliant?
+    end
+
+    def call(env)
+      perform_with_redirection(env, follow_limit)
+    end
+
+    private
+
+    def convert_to_get?(response)
+      ![:head, :options].include?(response.env[:method]) &&
+        @convert_to_get.include?(response.status)
+    end
+
+    def perform_with_redirection(env, follows)
+      request_body = env[:body]
+      response = @app.call(env)
+
+      response.on_complete do |response_env|
+        if follow_redirect?(response_env, response)
+          raise RedirectLimitReached, response if follows.zero?
+          new_request_env = update_env(response_env.dup, request_body, response)
+          callback.call(response_env, new_request_env) if callback
+          response = perform_with_redirection(new_request_env, follows - 1)
+        end
+      end
+      response
+    end
+
+    def update_env(env, request_body, response)
+      env[:url] += safe_escape(response['location'] || '')
+
+      if convert_to_get?(response)
+        env[:method] = :get
+        env[:body] = nil
+      else
+        env[:body] = request_body
+      end
+
+      ENV_TO_CLEAR.each {|key| env.delete key }
+
+      env
+    end
+
+    def follow_redirect?(env, response)
+      ALLOWED_METHODS.include? env[:method] and
+        REDIRECT_CODES.include? response.status
+    end
+
+    def follow_limit
+      @options.fetch(:limit, FOLLOW_LIMIT)
+    end
+
+    def standards_compliant?
+      @options.fetch(:standards_compliant, false)
+    end
+
+    def callback
+      @options[:callback]
+    end
+
+    # Internal: escapes unsafe characters from an URL which might be a path
+    # component only or a fully qualified URI so that it can be joined onto an
+    # URI:HTTP using the `+` operator. Doesn't escape "%" characters so to not
+    # risk double-escaping.
+    def safe_escape(uri)
+      uri = uri.split('#')[0] # we want to remove the fragment if present
+      uri.to_s.gsub(URI_UNSAFE) { |match|
+        '%' + match.unpack('H2' * match.bytesize).join('%').upcase
+      }
+    end
+  end
+end

data/lib/faraday_middleware/response/mashify.rb

@@ -0,0 +1,37 @@
+require 'faraday'
+
+module FaradayMiddleware
+  # Public: Converts parsed response bodies to a Hashie::Mash if they were of
+  # Hash or Array type.
+  class Mashify < Faraday::Response::Middleware
+    attr_accessor :mash_class
+
+    class << self
+      attr_accessor :mash_class
+    end
+
+    dependency do
+      require 'hashie/mash'
+      self.mash_class = ::Hashie::Mash
+    end
+
+    def initialize(app = nil, options = {})
+      super(app)
+      self.mash_class = options[:mash_class] || self.class.mash_class
+    end
+
+    def parse(body)
+      case body
+      when Hash
+        mash_class.new(body)
+      when Array
+        body.map { |item| parse(item) }
+      else
+        body
+      end
+    end
+  end
+end
+
+# deprecated alias
+Faraday::Response::Mashify = FaradayMiddleware::Mashify