grape 2.3.0 → 2.4.0

data/lib/grape/dsl/parameters.rb

@@ -23,14 +23,14 @@ module Grape
       #     class API < Grape::API
       #       desc "Get collection"
       #       params do
-      #         build_with Grape::Extensions::Hashie::Mash::ParamBuilder
+      #         build_with :hashie_mash
       #         requires :user_id, type: Integer
       #       end
       #       get do
       #         params['user_id']
       #       end
       #     end
-      def build_with(build_with = nil)
+      def build_with(build_with)
         @api.namespace_inheritable(:build_params_with, build_with)
       end
 
@@ -251,7 +251,7 @@ module Grape
       # @return hash of parameters relevant for the current scope
       # @api private
       def params(params)
-        params = @parent.params(params) if instance_variable_defined?(:@parent) && @parent
+        params = @parent.params_meeting_dependency.presence || @parent.params(params) if instance_variable_defined?(:@parent) && @parent
         params = map_params(params, @element) if instance_variable_defined?(:@element) && @element
         params
       end

data/lib/grape/dsl/routing.rb

@@ -67,6 +67,10 @@ module Grape
           end
         end
 
+        def build_with(build_with)
+          namespace_inheritable(:build_params_with, build_with)
+        end
+
         # Do not route HEAD requests to GET requests automatically.
         def do_not_route_head!
           namespace_inheritable(:do_not_route_head, true)
@@ -77,6 +81,10 @@ module Grape
           namespace_inheritable(:do_not_route_options, true)
         end
 
+        def lint!
+          namespace_inheritable(:lint, true)
+        end
+
         def do_not_document!
           namespace_inheritable(:do_not_document, true)
         end
@@ -154,7 +162,7 @@ module Grape
           reset_validations!
         end
 
-        Grape::Http::Headers::SUPPORTED_METHODS.each do |supported_method|
+        Grape::HTTP_SUPPORTED_METHODS.each do |supported_method|
           define_method supported_method.downcase do |*args, &block|
             options = args.extract_options!
             paths = args.first || ['/']

data/lib/grape/endpoint.rb

@@ -6,11 +6,15 @@ module Grape
   # on the instance level of this class may be called
   # from inside a `get`, `post`, etc.
   class Endpoint
+    extend Forwardable
     include Grape::DSL::Settings
     include Grape::DSL::InsideRoute
 
     attr_accessor :block, :source, :options
-    attr_reader :env, :request, :headers, :params
+    attr_reader :env, :request
+
+    def_delegators :request, :params, :headers, :cookies
+    def_delegator :cookies, :response_cookies
 
     class << self
       def new(...)
@@ -30,7 +34,7 @@ module Grape
 
       def run_before_each(endpoint)
         superclass.run_before_each(endpoint) unless self == Endpoint
-        before_each.each { |blk| blk.call(endpoint) if blk.respond_to?(:call) }
+        before_each.each { |blk| blk.try(:call, endpoint) }
       end
 
       # @api private
@@ -135,7 +139,7 @@ module Grape
     end
 
     def routes
-      @routes ||= endpoints ? endpoints.collect(&:routes).flatten : to_routes
+      @routes ||= endpoints&.collect(&:routes)&.flatten || to_routes
     end
 
     def reset_routes!
@@ -161,10 +165,9 @@ module Grape
 
     def to_routes
       default_route_options = prepare_default_route_attributes
-      default_path_settings = prepare_default_path_settings
 
       map_routes do |method, raw_path|
-        prepared_path = Path.new(raw_path, namespace, default_path_settings)
+        prepared_path = Path.new(raw_path, namespace, prepare_default_path_settings)
         params = options[:route_options].present? ? options[:route_options].merge(default_route_options) : default_route_options
         route = Grape::Router::Route.new(method, prepared_path.origin, prepared_path.suffix, params)
         route.apply(self)
@@ -225,7 +228,7 @@ module Grape
     # Return the collection of endpoints within this endpoint.
     # This is the case when an Grape::API mounts another Grape::API.
     def endpoints
-      options[:app].endpoints if options[:app].respond_to?(:endpoints)
+      @endpoints ||= options[:app].try(:endpoints)
     end
 
     def equals?(endpoint)
@@ -245,20 +248,16 @@ module Grape
 
     def run
       ActiveSupport::Notifications.instrument('endpoint_run.grape', endpoint: self, env: env) do
-        @header = Grape::Util::Header.new
         @request = Grape::Request.new(env, build_params_with: namespace_inheritable(:build_params_with))
-        @params = @request.params
-        @headers = @request.headers
         begin
-          cookies.read(@request)
           self.class.run_before_each(self)
           run_filters befores, :before
 
-          if (allowed_methods = env[Grape::Env::GRAPE_ALLOWED_METHODS])
-            allow_header_value = allowed_methods.join(', ')
-            raise Grape::Exceptions::MethodNotAllowed.new(header.merge('Allow' => allow_header_value)) unless options?
+          if env.key?(Grape::Env::GRAPE_ALLOWED_METHODS)
+            header['Allow'] = env[Grape::Env::GRAPE_ALLOWED_METHODS].join(', ')
+            raise Grape::Exceptions::MethodNotAllowed.new(header) unless options?
 
-            header Grape::Http::Headers::ALLOW, allow_header_value
+            header 'Allow', header['Allow']
             response_object = ''
             status 204
           else
@@ -269,7 +268,7 @@ module Grape
           end
 
           run_filters afters, :after
-          cookies.write(header)
+          build_response_cookies
 
           # status verifies body presence when DELETE
           @body ||= response_object
@@ -331,24 +330,10 @@ module Grape
       extend post_extension if post_extension
     end
 
-    def befores
-      namespace_stackable(:befores)
-    end
-
-    def before_validations
-      namespace_stackable(:before_validations)
-    end
-
-    def after_validations
-      namespace_stackable(:after_validations)
-    end
-
-    def afters
-      namespace_stackable(:afters)
-    end
-
-    def finallies
-      namespace_stackable(:finallies)
+    %i[befores before_validations after_validations afters finallies].each do |method|
+      define_method method do
+        namespace_stackable(method)
+      end
     end
 
     def validations
@@ -373,6 +358,7 @@ module Grape
       format = namespace_inheritable(:format)
 
       stack.use Rack::Head
+      stack.use Rack::Lint if lint?
       stack.use Class.new(Grape::Middleware::Error),
                 helpers: helpers,
                 format: format,
@@ -416,5 +402,16 @@ module Grape
 
       Module.new { helpers.each { |mod_to_include| include mod_to_include } }
     end
+
+    def build_response_cookies
+      response_cookies do |name, value|
+        cookie_value = value.is_a?(Hash) ? value : { value: value }
+        Rack::Utils.set_cookie_header! header, name, cookie_value
+      end
+    end
+
+    def lint?
+      namespace_inheritable(:lint) || Grape.config.lint
+    end
   end
 end

data/lib/grape/exceptions/conflicting_types.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Grape
+  module Exceptions
+    class ConflictingTypes < Base
+      def initialize
+        super(message: compose_message(:conflicting_types), status: 400)
+      end
+    end
+  end
+end

data/lib/grape/exceptions/invalid_parameters.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Grape
+  module Exceptions
+    class InvalidParameters < Base
+      def initialize
+        super(message: compose_message(:invalid_parameters), status: 400)
+      end
+    end
+  end
+end

data/lib/grape/exceptions/too_deep_parameters.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Grape
+  module Exceptions
+    class TooDeepParameters < Base
+      def initialize(limit)
+        super(message: compose_message(:too_deep_parameters, limit: limit), status: 400)
+      end
+    end
+  end
+end

data/lib/grape/exceptions/unknown_auth_strategy.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Grape
+  module Exceptions
+    class UnknownAuthStrategy < Base
+      def initialize(strategy:)
+        super(message: compose_message(:unknown_auth_strategy, strategy: strategy))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/unknown_params_builder.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Grape
+  module Exceptions
+    class UnknownParamsBuilder < Base
+      def initialize(params_builder_type)
+        super(message: compose_message(:unknown_params_builder, params_builder_type: params_builder_type))
+      end
+    end
+  end
+end

data/lib/grape/extensions/active_support/hash_with_indifferent_access.rb

@@ -8,11 +8,8 @@ module Grape
           extend ::ActiveSupport::Concern
 
           included do
-            namespace_inheritable(:build_params_with, Grape::Extensions::ActiveSupport::HashWithIndifferentAccess::ParamBuilder)
-          end
-
-          def params_builder
-            Grape::Extensions::ActiveSupport::HashWithIndifferentAccess::ParamBuilder
+            Grape.deprecator.warn 'This concern has been deprecated. Use `build_with` with one of the following short_name (:hash, :hash_with_indifferent_access, :hashie_mash) instead.'
+            namespace_inheritable(:build_params_with, :hash_with_indifferent_access)
           end
 
           def build_params

data/lib/grape/extensions/hash.rb

@@ -7,7 +7,8 @@ module Grape
         extend ::ActiveSupport::Concern
 
         included do
-          namespace_inheritable(:build_params_with, Grape::Extensions::Hash::ParamBuilder)
+          Grape.deprecator.warn 'This concern has been deprecated. Use `build_with` with one of the following short_name (:hash, :hash_with_indifferent_access, :hashie_mash) instead.'
+          namespace_inheritable(:build_params_with, :hash)
         end
 
         def build_params

data/lib/grape/extensions/hashie/mash.rb

@@ -6,12 +6,10 @@ module Grape
       module Mash
         module ParamBuilder
           extend ::ActiveSupport::Concern
-          included do
-            namespace_inheritable(:build_params_with, Grape::Extensions::Hashie::Mash::ParamBuilder)
-          end
 
-          def params_builder
-            Grape::Extensions::Hashie::Mash::ParamBuilder
+          included do
+            Grape.deprecator.warn 'This concern has been deprecated. Use `build_with` with one of the following short_name (:hash, :hash_with_indifferent_access, :hashie_mash) instead.'
+            namespace_inheritable(:build_params_with, :hashie_mash)
           end
 
           def build_params

data/lib/grape/locale/en.yml

@@ -1,59 +1,59 @@
+---
 en:
   grape:
     errors:
-      format: ! '%{attributes} %{message}'
+      format: '%{attributes} %{message}'
       messages:
-        coerce: 'is invalid'
-        presence: 'is missing'
-        regexp: 'is invalid'
+        all_or_none: 'provide all or none of parameters'
+        at_least_one: 'are missing, at least one parameter must be provided'
         blank: 'is empty'
-        values: 'does not have a valid value'
+        coerce: 'is invalid'
+        conflicting_types: 'query params contains conflicting types'
+        empty_message_body: 'empty message body supplied with %{body_format} content-type'
+        exactly_one: 'are missing, exactly one parameter must be provided'
         except_values: 'has a value not allowed'
-        same_as: 'is not the same as %{parameter}'
+        incompatible_option_values: '%{option1}: %{value1} is incompatible with %{option2}: %{value2}'
+        invalid_accept_header:
+          problem: 'invalid accept header'
+          resolution: '%{message}'
+        invalid_formatter: 'cannot convert %{klass} to %{to_format}'
+        invalid_message_body:
+          problem: 'message body does not match declared format'
+          resolution: 'when specifying %{body_format} as content-type, you must pass valid %{body_format} in the request''s ''body'' '
+        invalid_parameters: 'query params contains invalid format or byte sequence'
+        invalid_response: 'Invalid response'
+        invalid_version_header:
+          problem: 'invalid version header'
+          resolution: '%{message}'
+        invalid_versioner_option:
+          problem: 'unknown :using for versioner: %{strategy}'
+          resolution: 'available strategy for :using is :path, :header, :accept_version_header, :param'
+        invalid_with_option_for_represent:
+          problem: 'you must specify an entity class in the :with option'
+          resolution: 'eg: represent User, :with => Entity::User'
         length: 'is expected to have length within %{min} and %{max}'
         length_is: 'is expected to have length exactly equal to %{is}'
-        length_min: 'is expected to have length greater than or equal to %{min}'
         length_max: 'is expected to have length less than or equal to %{max}'
-        missing_vendor_option:
-          problem: 'missing :vendor option'
-          summary: 'when version using header, you must specify :vendor option'
-          resolution: "eg: version 'v1', using: :header, vendor: 'twitter'"
+        length_min: 'is expected to have length greater than or equal to %{min}'
+        missing_group_type: 'group type is required'
         missing_mime_type:
           problem: 'missing mime type for %{new_format}'
-          resolution:
-            "you can choose existing mime type from Grape::ContentTypes::CONTENT_TYPES
-            or add your own with content_type :%{new_format}, 'application/%{new_format}'
-            "
-        invalid_with_option_for_represent:
-          problem: 'you must specify an entity class in the :with option'
-          resolution: 'eg: represent User, :with => Entity::User'
+          resolution: 'you can choose existing mime type from Grape::ContentTypes::CONTENT_TYPES or add your own with content_type :%{new_format}, ''application/%{new_format}'' '
         missing_option: 'you must specify :%{option} options'
-        invalid_formatter: 'cannot convert %{klass} to %{to_format}'
-        invalid_versioner_option:
-          problem: 'unknown :using for versioner: %{strategy}'
-          resolution: 'available strategy for :using is :path, :header, :accept_version_header, :param'
-        unknown_validator: 'unknown validator: %{validator_type}'
+        missing_vendor_option:
+          problem: 'missing :vendor option'
+          resolution: 'eg: version ''v1'', using: :header, vendor: ''twitter'''
+          summary: 'when version using header, you must specify :vendor option'
+        mutual_exclusion: 'are mutually exclusive'
+        presence: 'is missing'
+        regexp: 'is invalid'
+        same_as: 'is not the same as %{parameter}'
+        too_deep_parameters: 'query params are recursively nested over the specified limit (%{limit})'
+        too_many_multipart_files: 'the number of uploaded files exceeded the system''s configured limit (%{limit})'
+        unknown_auth_strategy: 'unknown auth strategy: %{strategy}'
         unknown_options: 'unknown options: %{options}'
         unknown_parameter: 'unknown parameter: %{param}'
-        incompatible_option_values: '%{option1}: %{value1} is incompatible with %{option2}: %{value2}'
-        mutual_exclusion: 'are mutually exclusive'
-        at_least_one: 'are missing, at least one parameter must be provided'
-        exactly_one: 'are missing, exactly one parameter must be provided'
-        all_or_none: 'provide all or none of parameters'
-        missing_group_type: 'group type is required'
+        unknown_params_builder: 'unknown params_builder: %{params_builder_type}'
+        unknown_validator: 'unknown validator: %{validator_type}'
         unsupported_group_type: 'group type must be Array, Hash, JSON or Array[JSON]'
-        invalid_message_body:
-          problem: "message body does not match declared format"
-          resolution:
-            "when specifying %{body_format} as content-type, you must pass valid
-            %{body_format} in the request's 'body'
-            "
-        empty_message_body: 'empty message body supplied with %{body_format} content-type'
-        too_many_multipart_files: "the number of uploaded files exceeded the system's configured limit (%{limit})"
-        invalid_accept_header:
-          problem: 'invalid accept header'
-          resolution: '%{message}'
-        invalid_version_header:
-          problem: 'invalid version header'
-          resolution: '%{message}'
-        invalid_response: 'Invalid response'
+        values: 'does not have a valid value'

data/lib/grape/middleware/auth/base.rb

@@ -3,40 +3,19 @@
 module Grape
   module Middleware
     module Auth
-      class Base
-        include Helpers
-
-        attr_accessor :options, :app, :env
-
-        def initialize(app, *options)
-          @app = app
-          @options = options.shift
-        end
-
-        def call(env)
-          dup._call(env)
+      class Base < Grape::Middleware::Base
+        def initialize(app, **options)
+          super
+          @auth_strategy = Grape::Middleware::Auth::Strategies[options[:type]].tap do |auth_strategy|
+            raise Grape::Exceptions::UnknownAuthStrategy.new(strategy: options[:type]) unless auth_strategy
+          end
         end
 
-        def _call(env)
-          self.env = env
-
-          if options.key?(:type)
-            auth_proc = options[:proc]
-            auth_proc_context = context
-
-            strategy_info = Grape::Middleware::Auth::Strategies[options[:type]]
-
-            throw(:error, status: 401, message: 'API Authorization Failed.') if strategy_info.blank?
-
-            strategy = strategy_info.create(@app, options) do |*args|
-              auth_proc_context.instance_exec(*args, &auth_proc)
-            end
-
-            strategy.call(env)
-
-          else
-            app.call(env)
-          end
+        def call!(env)
+          @env = env
+          @auth_strategy.create(app, options) do |*args|
+            context.instance_exec(*args, &options[:proc])
+          end.call(env)
         end
       end
     end

data/lib/grape/middleware/auth/dsl.rb

@@ -4,40 +4,34 @@ module Grape
   module Middleware
     module Auth
       module DSL
-        extend ActiveSupport::Concern
-
-        module ClassMethods
-          # Add an authentication type to the API. Currently
-          # only `:http_basic`, `:http_digest` are supported.
-          def auth(type = nil, options = {}, &block)
-            if type
-              namespace_inheritable(:auth, options.reverse_merge(type: type.to_sym, proc: block))
-              use Grape::Middleware::Auth::Base, namespace_inheritable(:auth)
-            else
-              namespace_inheritable(:auth)
-            end
-          end
-
-          # Add HTTP Basic authorization to the API.
-          #
-          # @param [Hash] options A hash of options.
-          # @option options [String] :realm "API Authorization" The HTTP Basic realm.
-          def http_basic(options = {}, &block)
-            options[:realm] ||= 'API Authorization'
-            auth :http_basic, options, &block
+        def auth(type = nil, options = {}, &block)
+          if type
+            namespace_inheritable(:auth, options.reverse_merge(type: type.to_sym, proc: block))
+            use Grape::Middleware::Auth::Base, namespace_inheritable(:auth)
+          else
+            namespace_inheritable(:auth)
           end
+        end
 
-          def http_digest(options = {}, &block)
-            options[:realm] ||= 'API Authorization'
+        # Add HTTP Basic authorization to the API.
+        #
+        # @param [Hash] options A hash of options.
+        # @option options [String] :realm "API Authorization" The HTTP Basic realm.
+        def http_basic(options = {}, &block)
+          options[:realm] ||= 'API Authorization'
+          auth :http_basic, options, &block
+        end
 
-            if options[:realm].respond_to?(:values_at)
-              options[:realm][:opaque] ||= 'secret'
-            else
-              options[:opaque] ||= 'secret'
-            end
+        def http_digest(options = {}, &block)
+          options[:realm] ||= 'API Authorization'
 
-            auth :http_digest, options, &block
+          if options[:realm].respond_to?(:values_at)
+            options[:realm][:opaque] ||= 'secret'
+          else
+            options[:opaque] ||= 'secret'
           end
+
+          auth :http_digest, options, &block
         end
       end
     end

data/lib/grape/middleware/base.rb

@@ -3,25 +3,18 @@
 module Grape
   module Middleware
     class Base
-      include Helpers
       include Grape::DSL::Headers
 
       attr_reader :app, :env, :options
 
-      TEXT_HTML = 'text/html'
-
       # @param [Rack Application] app The standard argument for a Rack middleware.
       # @param [Hash] options A hash of options, simply stored for use by subclasses.
-      def initialize(app, *options)
+      def initialize(app, **options)
         @app = app
-        @options = options.any? ? default_options.deep_merge(options.shift) : default_options
+        @options = merge_default_options(options)
         @app_response = nil
       end
 
-      def default_options
-        {}
-      end
-
       def call(env)
         dup.call!(env).to_a
       end
@@ -54,10 +47,18 @@ module Grape
       # @return [Response, nil] a Rack SPEC response or nil to call the application afterwards.
       def after; end
 
+      def rack_request
+        @rack_request ||= Rack::Request.new(env)
+      end
+
+      def context
+        env[Grape::Env::API_ENDPOINT]
+      end
+
       def response
         return @app_response if @app_response.is_a?(Rack::Response)
 
-        @app_response = Rack::Response.new(@app_response[2], @app_response[0], @app_response[1])
+        @app_response = Rack::Response[*@app_response]
       end
 
       def content_types
@@ -73,7 +74,15 @@ module Grape
       end
 
       def content_type
-        content_type_for(env[Grape::Env::API_FORMAT] || options[:format]) || TEXT_HTML
+        content_type_for(env[Grape::Env::API_FORMAT] || options[:format]) || 'text/html'
+      end
+
+      def query_params
+        rack_request.GET
+      rescue Rack::QueryParser::ParamsTooDeepError
+        raise Grape::Exceptions::TooDeepParameters.new(Rack::Utils.param_depth_limit)
+      rescue Rack::Utils::ParameterTypeError
+        raise Grape::Exceptions::ConflictingTypes
       end
 
       private
@@ -90,6 +99,16 @@ module Grape
       def content_types_indifferent_access
         @content_types_indifferent_access ||= content_types.with_indifferent_access
       end
+
+      def merge_default_options(options)
+        if respond_to?(:default_options)
+          default_options.deep_merge(options)
+        elsif self.class.const_defined?(:DEFAULT_OPTIONS)
+          self.class::DEFAULT_OPTIONS.deep_merge(options)
+        else
+          options
+        end
+      end
     end
   end
 end

data/lib/grape/middleware/error.rb

@@ -3,30 +3,22 @@
 module Grape
   module Middleware
     class Error < Base
-      def default_options
-        {
-          default_status: 500, # default status returned on error
-          default_message: '',
-          format: :txt,
-          helpers: nil,
-          formatters: {},
-          error_formatters: {},
-          rescue_all: false, # true to rescue all exceptions
-          rescue_grape_exceptions: false,
-          rescue_subclasses: true, # rescue subclasses of exceptions listed
-          rescue_options: {
-            backtrace: false, # true to display backtrace, true to let Grape handle Grape::Exceptions
-            original_exception: false # true to display exception
-          },
-          rescue_handlers: {}, # rescue handler blocks
-          base_only_rescue_handlers: {}, # rescue handler blocks rescuing only the base class
-          all_rescue_handler: nil # rescue handler block to rescue from all exceptions
-        }
-      end
-
-      def initialize(app, *options)
+      DEFAULT_OPTIONS = {
+        default_status: 500,
+        default_message: '',
+        format: :txt,
+        rescue_all: false,
+        rescue_grape_exceptions: false,
+        rescue_subclasses: true,
+        rescue_options: {
+          backtrace: false,
+          original_exception: false
+        }.freeze
+      }.freeze
+
+      def initialize(app, **options)
         super
-        self.class.include(@options[:helpers]) if @options[:helpers]
+        self.class.include(options[:helpers]) if options[:helpers]
       end
 
       def call!(env)
@@ -39,7 +31,7 @@ module Grape
       private
 
       def rack_response(status, headers, message)
-        message = Rack::Utils.escape_html(message) if headers[Rack::CONTENT_TYPE] == TEXT_HTML
+        message = Rack::Utils.escape_html(message) if headers[Rack::CONTENT_TYPE] == 'text/html'
         Rack::Response.new(Array.wrap(message), Rack::Utils.status_code(status), Grape::Util::Header.new.merge(headers))
       end