grape 2.0.0 → 2.4.0

data/lib/grape/middleware/base.rb

@@ -1,30 +1,20 @@
 # frozen_string_literal: true
 
-require 'grape/dsl/headers'
-
 module Grape
   module Middleware
     class Base
-      include Helpers
+      include Grape::DSL::Headers
 
       attr_reader :app, :env, :options
 
-      TEXT_HTML = 'text/html'
-
-      include Grape::DSL::Headers
-
       # @param [Rack Application] app The standard argument for a Rack middleware.
       # @param [Hash] options A hash of options, simply stored for use by subclasses.
-      def initialize(app, *options)
+      def initialize(app, **options)
         @app = app
-        @options = options.any? ? default_options.merge(options.shift) : default_options
+        @options = merge_default_options(options)
         @app_response = nil
       end
 
-      def default_options
-        {}
-      end
-
       def call(env)
         dup.call!(env).to_a
       end
@@ -57,28 +47,42 @@ module Grape
       # @return [Response, nil] a Rack SPEC response or nil to call the application afterwards.
       def after; end
 
+      def rack_request
+        @rack_request ||= Rack::Request.new(env)
+      end
+
+      def context
+        env[Grape::Env::API_ENDPOINT]
+      end
+
       def response
         return @app_response if @app_response.is_a?(Rack::Response)
 
-        @app_response = Rack::Response.new(@app_response[2], @app_response[0], @app_response[1])
+        @app_response = Rack::Response[*@app_response]
       end
 
-      def content_type_for(format)
-        HashWithIndifferentAccess.new(content_types)[format]
+      def content_types
+        @content_types ||= Grape::ContentTypes.content_types_for(options[:content_types])
       end
 
-      def content_types
-        ContentTypes.content_types_for(options[:content_types])
+      def mime_types
+        @mime_types ||= Grape::ContentTypes.mime_types_for(content_types)
+      end
+
+      def content_type_for(format)
+        content_types_indifferent_access[format]
       end
 
       def content_type
-        content_type_for(env[Grape::Env::API_FORMAT] || options[:format]) || TEXT_HTML
+        content_type_for(env[Grape::Env::API_FORMAT] || options[:format]) || 'text/html'
       end
 
-      def mime_types
-        @mime_type ||= content_types.each_pair.with_object({}) do |(k, v), types_without_params|
-          types_without_params[v.split(';').first] = k
-        end
+      def query_params
+        rack_request.GET
+      rescue Rack::QueryParser::ParamsTooDeepError
+        raise Grape::Exceptions::TooDeepParameters.new(Rack::Utils.param_depth_limit)
+      rescue Rack::Utils::ParameterTypeError
+        raise Grape::Exceptions::ConflictingTypes
       end
 
       private
@@ -91,6 +95,20 @@ module Grape
         when Array          then response[1].merge!(headers)
         end
       end
+
+      def content_types_indifferent_access
+        @content_types_indifferent_access ||= content_types.with_indifferent_access
+      end
+
+      def merge_default_options(options)
+        if respond_to?(:default_options)
+          default_options.deep_merge(options)
+        elsif self.class.const_defined?(:DEFAULT_OPTIONS)
+          self.class::DEFAULT_OPTIONS.deep_merge(options)
+        else
+          options
+        end
+      end
     end
   end
 end

data/lib/grape/middleware/error.rb

@@ -1,139 +1,140 @@
 # frozen_string_literal: true
 
-require 'grape/middleware/base'
-require 'active_support/core_ext/string/output_safety'
-
 module Grape
   module Middleware
     class Error < Base
-      def default_options
-        {
-          default_status: 500, # default status returned on error
-          default_message: '',
-          format: :txt,
-          helpers: nil,
-          formatters: {},
-          error_formatters: {},
-          rescue_all: false, # true to rescue all exceptions
-          rescue_grape_exceptions: false,
-          rescue_subclasses: true, # rescue subclasses of exceptions listed
-          rescue_options: {
-            backtrace: false, # true to display backtrace, true to let Grape handle Grape::Exceptions
-            original_exception: false # true to display exception
-          },
-          rescue_handlers: {}, # rescue handler blocks
-          base_only_rescue_handlers: {}, # rescue handler blocks rescuing only the base class
-          all_rescue_handler: nil # rescue handler block to rescue from all exceptions
-        }
-      end
-
-      def initialize(app, *options)
+      DEFAULT_OPTIONS = {
+        default_status: 500,
+        default_message: '',
+        format: :txt,
+        rescue_all: false,
+        rescue_grape_exceptions: false,
+        rescue_subclasses: true,
+        rescue_options: {
+          backtrace: false,
+          original_exception: false
+        }.freeze
+      }.freeze
+
+      def initialize(app, **options)
         super
-        self.class.send(:include, @options[:helpers]) if @options[:helpers]
+        self.class.include(options[:helpers]) if options[:helpers]
       end
 
       def call!(env)
         @env = env
-        begin
-          error_response(catch(:error) do
-            return @app.call(@env)
-          end)
-        rescue Exception => e # rubocop:disable Lint/RescueException
-          handler =
-            rescue_handler_for_base_only_class(e.class) ||
-            rescue_handler_for_class_or_its_ancestor(e.class) ||
-            rescue_handler_for_grape_exception(e.class) ||
-            rescue_handler_for_any_class(e.class) ||
-            raise
-
-          run_rescue_handler(handler, e)
-        end
+        error_response(catch(:error) { return @app.call(@env) })
+      rescue Exception => e # rubocop:disable Lint/RescueException
+        run_rescue_handler(find_handler(e.class), e, @env[Grape::Env::API_ENDPOINT])
       end
 
-      def error!(message, status = options[:default_status], headers = {}, backtrace = [], original_exception = nil)
-        headers = headers.reverse_merge(Rack::CONTENT_TYPE => content_type)
-        rack_response(format_message(message, backtrace, original_exception), status, headers)
+      private
+
+      def rack_response(status, headers, message)
+        message = Rack::Utils.escape_html(message) if headers[Rack::CONTENT_TYPE] == 'text/html'
+        Rack::Response.new(Array.wrap(message), Rack::Utils.status_code(status), Grape::Util::Header.new.merge(headers))
       end
 
-      def default_rescue_handler(e)
-        error_response(message: e.message, backtrace: e.backtrace, original_exception: e)
+      def format_message(message, backtrace, original_exception = nil)
+        format = env[Grape::Env::API_FORMAT] || options[:format]
+        formatter = Grape::ErrorFormatter.formatter_for(format, options[:error_formatters], options[:default_error_formatter])
+        return formatter.call(message, backtrace, options, env, original_exception) if formatter
+
+        throw :error,
+              status: 406,
+              message: "The requested format '#{format}' is not supported.",
+              backtrace: backtrace,
+              original_exception: original_exception
+      end
+
+      def find_handler(klass)
+        rescue_handler_for_base_only_class(klass) ||
+          rescue_handler_for_class_or_its_ancestor(klass) ||
+          rescue_handler_for_grape_exception(klass) ||
+          rescue_handler_for_any_class(klass) ||
+          raise
       end
 
-      # TODO: This method is deprecated. Refactor out.
       def error_response(error = {})
         status = error[:status] || options[:default_status]
+        env[Grape::Env::API_ENDPOINT].status(status) # error! may not have been called
         message = error[:message] || options[:default_message]
-        headers = { Rack::CONTENT_TYPE => content_type }
-        headers.merge!(error[:headers]) if error[:headers].is_a?(Hash)
+        headers = { Rack::CONTENT_TYPE => content_type }.tap do |h|
+          h.merge!(error[:headers]) if error[:headers].is_a?(Hash)
+        end
         backtrace = error[:backtrace] || error[:original_exception]&.backtrace || []
         original_exception = error.is_a?(Exception) ? error : error[:original_exception] || nil
-        rack_response(format_message(message, backtrace, original_exception), status, headers)
+        rack_response(status, headers, format_message(message, backtrace, original_exception))
       end
 
-      def rack_response(message, status = options[:default_status], headers = { Rack::CONTENT_TYPE => content_type })
-        message = ERB::Util.html_escape(message) if headers[Rack::CONTENT_TYPE] == TEXT_HTML
-        Rack::Response.new([message], Rack::Utils.status_code(status), headers)
+      def default_rescue_handler(exception)
+        error_response(message: exception.message, backtrace: exception.backtrace, original_exception: exception)
       end
 
-      def format_message(message, backtrace, original_exception = nil)
-        format = env[Grape::Env::API_FORMAT] || options[:format]
-        formatter = Grape::ErrorFormatter.formatter_for(format, **options)
-        throw :error,
-              status: 406,
-              message: "The requested format '#{format}' is not supported.",
-              backtrace: backtrace,
-              original_exception: original_exception unless formatter
-        formatter.call(message, backtrace, options, env, original_exception)
-      end
-
-      private
-
       def rescue_handler_for_base_only_class(klass)
-        error, handler = options[:base_only_rescue_handlers].find { |err, _handler| klass == err }
+        error, handler = options[:base_only_rescue_handlers]&.find { |err, _handler| klass == err }
 
         return unless error
 
-        handler || :default_rescue_handler
+        handler || method(:default_rescue_handler)
       end
 
       def rescue_handler_for_class_or_its_ancestor(klass)
-        error, handler = options[:rescue_handlers].find { |err, _handler| klass <= err }
+        error, handler = options[:rescue_handlers]&.find { |err, _handler| klass <= err }
 
         return unless error
 
-        handler || :default_rescue_handler
+        handler || method(:default_rescue_handler)
       end
 
       def rescue_handler_for_grape_exception(klass)
         return unless klass <= Grape::Exceptions::Base
-        return :error_response if klass == Grape::Exceptions::InvalidVersionHeader
+        return method(:error_response) if klass == Grape::Exceptions::InvalidVersionHeader
         return unless options[:rescue_grape_exceptions] || !options[:rescue_all]
 
-        options[:grape_exceptions_rescue_handler] || :error_response
+        options[:grape_exceptions_rescue_handler] || method(:error_response)
       end
 
       def rescue_handler_for_any_class(klass)
         return unless klass <= StandardError
         return unless options[:rescue_all] || options[:rescue_grape_exceptions]
 
-        options[:all_rescue_handler] || :default_rescue_handler
+        options[:all_rescue_handler] || method(:default_rescue_handler)
       end
 
-      def run_rescue_handler(handler, error)
+      def run_rescue_handler(handler, error, endpoint)
         if handler.instance_of?(Symbol)
           raise NoMethodError, "undefined method '#{handler}'" unless respond_to?(handler)
 
           handler = public_method(handler)
         end
 
-        response = handler.arity.zero? ? instance_exec(&handler) : instance_exec(error, &handler)
+        response = catch(:error) do
+          handler.arity.zero? ? endpoint.instance_exec(&handler) : endpoint.instance_exec(error, &handler)
+        end
 
-        if response.is_a?(Rack::Response)
+        if error?(response)
+          error_response(response)
+        elsif response.is_a?(Rack::Response)
           response
         else
-          run_rescue_handler(:default_rescue_handler, Grape::Exceptions::InvalidResponse.new)
+          run_rescue_handler(method(:default_rescue_handler), Grape::Exceptions::InvalidResponse.new, endpoint)
         end
       end
+
+      def error!(message, status = options[:default_status], headers = {}, backtrace = [], original_exception = nil)
+        env[Grape::Env::API_ENDPOINT].status(status) # not error! inside route
+        rack_response(
+          status, headers.reverse_merge(Rack::CONTENT_TYPE => content_type),
+          format_message(message, backtrace, original_exception)
+        )
+      end
+
+      def error?(response)
+        return false unless response.is_a?(Hash)
+
+        response.key?(:message) && response.key?(:status) && response.key?(:headers)
+      end
     end
   end
 end

data/lib/grape/middleware/formatter.rb

@@ -1,19 +1,11 @@
 # frozen_string_literal: true
 
-require 'grape/middleware/base'
-
 module Grape
   module Middleware
     class Formatter < Base
-      CHUNKED = 'chunked'
-
-      def default_options
-        {
-          default_format: :txt,
-          formatters: {},
-          parsers: {}
-        }
-      end
+      DEFAULT_OPTIONS = {
+        default_format: :txt
+      }.freeze
 
       def before
         negotiate_content_type
@@ -26,7 +18,7 @@ module Grape
         status, headers, bodies = *@app_response
 
         if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include?(status)
-          @app_response
+          [status, headers, []]
         else
           build_formatted_response(status, headers, bodies)
         end
@@ -54,8 +46,8 @@ module Grape
       end
 
       def fetch_formatter(headers, options)
-        api_format = mime_types[headers[Rack::CONTENT_TYPE]] || env[Grape::Env::API_FORMAT]
-        Grape::Formatter.formatter_for(api_format, **options)
+        api_format = env.fetch(Grape::Env::API_FORMAT) { mime_types[headers[Rack::CONTENT_TYPE]] }
+        Grape::Formatter.formatter_for(api_format, options[:formatters])
       end
 
       # Set the content type header for the API format if it is not already present.
@@ -70,45 +62,38 @@ module Grape
         end
       end
 
-      def request
-        @request ||= Rack::Request.new(env)
-      end
-
-      # store read input in env['api.request.input']
       def read_body_input
-        return unless
-          (request.post? || request.put? || request.patch? || request.delete?) &&
-          (!request.form_data? || !request.media_type) &&
-          !request.parseable_data? &&
-          (request.content_length.to_i.positive? || request.env[Grape::Http::Headers::HTTP_TRANSFER_ENCODING] == CHUNKED)
-
-        return unless (input = env[Grape::Env::RACK_INPUT])
+        input = rack_request.body # reads RACK_INPUT
+        return if input.nil?
+        return unless read_body_input?
 
-        input.rewind
+        input.try(:rewind)
         body = env[Grape::Env::API_REQUEST_INPUT] = input.read
         begin
-          read_rack_input(body) if body && !body.empty?
+          read_rack_input(body)
         ensure
-          input.rewind
+          input.try(:rewind)
         end
       end
 
-      # store parsed input in env['api.request.body']
       def read_rack_input(body)
-        fmt = request.media_type ? mime_types[request.media_type] : options[:default_format]
+        return if body.empty?
 
-        throw :error, status: 415, message: "The provided content-type '#{request.media_type}' is not supported." unless content_type_for(fmt)
-        parser = Grape::Parser.parser_for fmt, **options
+        media_type = rack_request.media_type
+        fmt = media_type ? mime_types[media_type] : options[:default_format]
+
+        throw :error, status: 415, message: "The provided content-type '#{media_type}' is not supported." unless content_type_for(fmt)
+        parser = Grape::Parser.parser_for fmt, options[:parsers]
         if parser
           begin
             body = (env[Grape::Env::API_REQUEST_BODY] = parser.call(body, env))
             if body.is_a?(Hash)
-              env[Grape::Env::RACK_REQUEST_FORM_HASH] = if env.key?(Grape::Env::RACK_REQUEST_FORM_HASH)
-                                                          env[Grape::Env::RACK_REQUEST_FORM_HASH].merge(body)
-                                                        else
-                                                          body
-                                                        end
-              env[Grape::Env::RACK_REQUEST_FORM_INPUT] = env[Grape::Env::RACK_INPUT]
+              env[Rack::RACK_REQUEST_FORM_HASH] = if env.key?(Rack::RACK_REQUEST_FORM_HASH)
+                                                    env[Rack::RACK_REQUEST_FORM_HASH].merge(body)
+                                                  else
+                                                    body
+                                                  end
+              env[Rack::RACK_REQUEST_FORM_INPUT] = env[Rack::RACK_INPUT]
             end
           rescue Grape::Exceptions::Base => e
             raise e
@@ -120,59 +105,43 @@ module Grape
         end
       end
 
+      # this middleware will not try to format the following content-types since Rack already handles them
+      # when calling Rack's `params` function
+      # - application/x-www-form-urlencoded
+      # - multipart/form-data
+      # - multipart/related
+      # - multipart/mixed
+      def read_body_input?
+        (rack_request.post? || rack_request.put? || rack_request.patch? || rack_request.delete?) &&
+          !(rack_request.form_data? && rack_request.content_type) &&
+          !rack_request.parseable_data? &&
+          (rack_request.content_length.to_i.positive? || rack_request.env['HTTP_TRANSFER_ENCODING'] == 'chunked')
+      end
+
       def negotiate_content_type
-        fmt = format_from_extension || format_from_params || options[:format] || format_from_header || options[:default_format]
+        fmt = format_from_extension || query_params['format'] || options[:format] || format_from_header || options[:default_format]
         if content_type_for(fmt)
-          env[Grape::Env::API_FORMAT] = fmt
+          env[Grape::Env::API_FORMAT] = fmt.to_sym
         else
           throw :error, status: 406, message: "The requested format '#{fmt}' is not supported."
         end
       end
 
       def format_from_extension
-        parts = request.path.split('.')
+        request_path = rack_request.path.try(:scrub)
+        dot_pos = request_path.rindex('.')
+        return unless dot_pos
 
-        if parts.size > 1
-          extension = parts.last
-          # avoid symbol memory leak on an unknown format
-          return extension.to_sym if content_type_for(extension)
-        end
-        nil
-      end
-
-      def format_from_params
-        fmt = Rack::Utils.parse_nested_query(env[Grape::Http::Headers::QUERY_STRING])[Grape::Http::Headers::FORMAT]
-        # avoid symbol memory leak on an unknown format
-        return fmt.to_sym if content_type_for(fmt)
-
-        fmt
+        extension = request_path[dot_pos + 1..]
+        extension if content_type_for(extension)
       end
 
       def format_from_header
-        mime_array.each do |t|
-          return mime_types[t] if mime_types.key?(t)
-        end
-        nil
-      end
-
-      def mime_array
-        accept = env[Grape::Http::Headers::HTTP_ACCEPT]
-        return [] unless accept
-
-        accept_into_mime_and_quality = %r{
-          (
-            \w+/[\w+.-]+)     # eg application/vnd.example.myformat+xml
-          (?:
-           (?:;[^,]*?)?       # optionally multiple formats in a row
-           ;\s*q=([\w.]+)     # optional "quality" preference (eg q=0.5)
-          )?
-        }x
-
-        vendor_prefix_pattern = /vnd\.[^+]+\+/
+        accept_header = env['HTTP_ACCEPT'].try(:scrub)
+        return if accept_header.blank?
 
-        accept.scan(accept_into_mime_and_quality)
-              .sort_by { |_, quality_preference| -(quality_preference ? quality_preference.to_f : 1.0) }
-              .flat_map { |mime, _| [mime, mime.sub(vendor_prefix_pattern, '')] }
+        media_type = Rack::Utils.best_q_match(accept_header, mime_types.keys)
+        mime_types[media_type] if media_type
       end
     end
   end

data/lib/grape/middleware/globals.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'grape/middleware/base'
-
 module Grape
   module Middleware
     class Globals < Base
@@ -9,7 +7,7 @@ module Grape
         request = Grape::Request.new(@env, build_params_with: @options[:build_params_with])
         @env[Grape::Env::GRAPE_REQUEST] = request
         @env[Grape::Env::GRAPE_REQUEST_HEADERS] = request.headers
-        @env[Grape::Env::GRAPE_REQUEST_PARAMS] = request.params if @env[Grape::Env::RACK_INPUT]
+        @env[Grape::Env::GRAPE_REQUEST_PARAMS] = request.params if @env[Rack::RACK_INPUT]
       end
     end
   end

data/lib/grape/middleware/stack.rb

@@ -5,10 +5,11 @@ module Grape
     # Class to handle the stack of middlewares based on ActionDispatch::MiddlewareStack
     # It allows to insert and insert after
     class Stack
+      extend Forwardable
       class Middleware
         attr_reader :args, :block, :klass
 
-        def initialize(klass, *args, &block)
+        def initialize(klass, args, block)
           @klass = klass
           @args = args
           @block = block
@@ -31,8 +32,12 @@ module Grape
           klass.to_s
         end
 
-        def use_in(builder)
-          builder.use(@klass, *@args, &@block)
+        def build(builder)
+          # we need to force the ruby2_keywords_hash for middlewares that initialize contains keywords
+          # like ActionDispatch::RequestId since middleware arguments are serialized
+          # https://rubyapi.org/3.4/o/hash#method-c-ruby2_keywords_hash
+          args[-1] = Hash.ruby2_keywords_hash(args[-1]) if args.last.is_a?(Hash) && Hash.respond_to?(:ruby2_keywords_hash)
+          builder.use(klass, *args, &block)
         end
       end
 
@@ -40,33 +45,17 @@ module Grape
 
       attr_accessor :middlewares, :others
 
+      def_delegators :middlewares, :each, :size, :last, :[]
+
       def initialize
         @middlewares = []
         @others = []
       end
 
-      def each(&block)
-        @middlewares.each(&block)
-      end
-
-      def size
-        middlewares.size
-      end
-
-      def last
-        middlewares.last
-      end
-
-      def [](i)
-        middlewares[i]
-      end
-
-      def insert(index, *args, &block)
+      def insert(index, klass, *args, &block)
         index = assert_index(index, :before)
-        middleware = self.class::Middleware.new(*args, &block)
-        middlewares.insert(index, middleware)
+        middlewares.insert(index, self.class::Middleware.new(klass, args, block))
       end
-      ruby2_keywords :insert if respond_to?(:ruby2_keywords, true)
 
       alias insert_before insert
 
@@ -74,39 +63,39 @@ module Grape
         index = assert_index(index, :after)
         insert(index + 1, *args, &block)
       end
-      ruby2_keywords :insert_after if respond_to?(:ruby2_keywords, true)
 
-      def use(*args, &block)
-        middleware = self.class::Middleware.new(*args, &block)
+      def use(klass, *args, &block)
+        middleware = self.class::Middleware.new(klass, args, block)
         middlewares.push(middleware)
       end
-      ruby2_keywords :use if respond_to?(:ruby2_keywords, true)
 
       def merge_with(middleware_specs)
-        middleware_specs.each do |operation, *args|
+        middleware_specs.each do |operation, klass, *args|
           if args.last.is_a?(Proc)
             last_proc = args.pop
-            public_send(operation, *args, &last_proc)
+            public_send(operation, klass, *args, &last_proc)
           else
-            public_send(operation, *args)
+            public_send(operation, klass, *args)
           end
         end
       end
 
       # @return [Rack::Builder] the builder object with our middlewares applied
-      def build(builder = Rack::Builder.new)
-        others.shift(others.size).each { |m| merge_with(m) }
-        middlewares.each do |m|
-          m.use_in(builder)
+      def build
+        Rack::Builder.new.tap do |builder|
+          others.shift(others.size).each { |m| merge_with(m) }
+          middlewares.each do |m|
+            m.build(builder)
+          end
         end
-        builder
       end
 
       # @description Add middlewares with :use operation to the stack. Store others with :insert_* operation for later
       # @param [Array] other_specs An array of middleware specifications (e.g. [[:use, klass], [:insert_before, *args]])
       def concat(other_specs)
-        @others << Array(other_specs).reject { |o| o.first == :use }
-        merge_with(Array(other_specs).select { |o| o.first == :use })
+        use, not_use = other_specs.partition { |o| o.first == :use }
+        others << not_use
+        merge_with(use)
       end
 
       protected