grape 2.3.0 → 3.0.0

data/lib/grape/locale/en.yml

@@ -1,59 +1,59 @@
+---
 en:
   grape:
     errors:
-      format: ! '%{attributes} %{message}'
+      format: '%{attributes} %{message}'
       messages:
-        coerce: 'is invalid'
-        presence: 'is missing'
-        regexp: 'is invalid'
+        all_or_none: 'provide all or none of parameters'
+        at_least_one: 'are missing, at least one parameter must be provided'
         blank: 'is empty'
-        values: 'does not have a valid value'
+        coerce: 'is invalid'
+        conflicting_types: 'query params contains conflicting types'
+        empty_message_body: 'empty message body supplied with %{body_format} content-type'
+        exactly_one: 'are missing, exactly one parameter must be provided'
         except_values: 'has a value not allowed'
-        same_as: 'is not the same as %{parameter}'
+        incompatible_option_values: '%{option1}: %{value1} is incompatible with %{option2}: %{value2}'
+        invalid_accept_header:
+          problem: 'invalid accept header'
+          resolution: '%{message}'
+        invalid_formatter: 'cannot convert %{klass} to %{to_format}'
+        invalid_message_body:
+          problem: 'message body does not match declared format'
+          resolution: 'when specifying %{body_format} as content-type, you must pass valid %{body_format} in the request''s ''body'' '
+        invalid_parameters: 'query params contains invalid format or byte sequence'
+        invalid_response: 'Invalid response'
+        invalid_version_header:
+          problem: 'invalid version header'
+          resolution: '%{message}'
+        invalid_versioner_option:
+          problem: 'unknown :using for versioner: %{strategy}'
+          resolution: 'available strategy for :using is :path, :header, :accept_version_header, :param'
+        invalid_with_option_for_represent:
+          problem: 'you must specify an entity class in the :with option'
+          resolution: 'eg: represent User, :with => Entity::User'
         length: 'is expected to have length within %{min} and %{max}'
         length_is: 'is expected to have length exactly equal to %{is}'
-        length_min: 'is expected to have length greater than or equal to %{min}'
         length_max: 'is expected to have length less than or equal to %{max}'
-        missing_vendor_option:
-          problem: 'missing :vendor option'
-          summary: 'when version using header, you must specify :vendor option'
-          resolution: "eg: version 'v1', using: :header, vendor: 'twitter'"
+        length_min: 'is expected to have length greater than or equal to %{min}'
+        missing_group_type: 'group type is required'
         missing_mime_type:
           problem: 'missing mime type for %{new_format}'
-          resolution:
-            "you can choose existing mime type from Grape::ContentTypes::CONTENT_TYPES
-            or add your own with content_type :%{new_format}, 'application/%{new_format}'
-            "
-        invalid_with_option_for_represent:
-          problem: 'you must specify an entity class in the :with option'
-          resolution: 'eg: represent User, :with => Entity::User'
+          resolution: 'you can choose existing mime type from Grape::ContentTypes::CONTENT_TYPES or add your own with content_type :%{new_format}, ''application/%{new_format}'' '
         missing_option: 'you must specify :%{option} options'
-        invalid_formatter: 'cannot convert %{klass} to %{to_format}'
-        invalid_versioner_option:
-          problem: 'unknown :using for versioner: %{strategy}'
-          resolution: 'available strategy for :using is :path, :header, :accept_version_header, :param'
-        unknown_validator: 'unknown validator: %{validator_type}'
+        missing_vendor_option:
+          problem: 'missing :vendor option'
+          resolution: 'eg: version ''v1'', using: :header, vendor: ''twitter'''
+          summary: 'when version using header, you must specify :vendor option'
+        mutual_exclusion: 'are mutually exclusive'
+        presence: 'is missing'
+        regexp: 'is invalid'
+        same_as: 'is not the same as %{parameter}'
+        too_deep_parameters: 'query params are recursively nested over the specified limit (%{limit})'
+        too_many_multipart_files: 'the number of uploaded files exceeded the system''s configured limit (%{limit})'
+        unknown_auth_strategy: 'unknown auth strategy: %{strategy}'
         unknown_options: 'unknown options: %{options}'
         unknown_parameter: 'unknown parameter: %{param}'
-        incompatible_option_values: '%{option1}: %{value1} is incompatible with %{option2}: %{value2}'
-        mutual_exclusion: 'are mutually exclusive'
-        at_least_one: 'are missing, at least one parameter must be provided'
-        exactly_one: 'are missing, exactly one parameter must be provided'
-        all_or_none: 'provide all or none of parameters'
-        missing_group_type: 'group type is required'
+        unknown_params_builder: 'unknown params_builder: %{params_builder_type}'
+        unknown_validator: 'unknown validator: %{validator_type}'
         unsupported_group_type: 'group type must be Array, Hash, JSON or Array[JSON]'
-        invalid_message_body:
-          problem: "message body does not match declared format"
-          resolution:
-            "when specifying %{body_format} as content-type, you must pass valid
-            %{body_format} in the request's 'body'
-            "
-        empty_message_body: 'empty message body supplied with %{body_format} content-type'
-        too_many_multipart_files: "the number of uploaded files exceeded the system's configured limit (%{limit})"
-        invalid_accept_header:
-          problem: 'invalid accept header'
-          resolution: '%{message}'
-        invalid_version_header:
-          problem: 'invalid version header'
-          resolution: '%{message}'
-        invalid_response: 'Invalid response'
+        values: 'does not have a valid value'

data/lib/grape/middleware/auth/base.rb

@@ -3,40 +3,19 @@
 module Grape
   module Middleware
     module Auth
-      class Base
-        include Helpers
-
-        attr_accessor :options, :app, :env
-
-        def initialize(app, *options)
-          @app = app
-          @options = options.shift
-        end
-
-        def call(env)
-          dup._call(env)
+      class Base < Grape::Middleware::Base
+        def initialize(app, **options)
+          super
+          @auth_strategy = Grape::Middleware::Auth::Strategies[options[:type]].tap do |auth_strategy|
+            raise Grape::Exceptions::UnknownAuthStrategy.new(strategy: options[:type]) unless auth_strategy
+          end
         end
 
-        def _call(env)
-          self.env = env
-
-          if options.key?(:type)
-            auth_proc = options[:proc]
-            auth_proc_context = context
-
-            strategy_info = Grape::Middleware::Auth::Strategies[options[:type]]
-
-            throw(:error, status: 401, message: 'API Authorization Failed.') if strategy_info.blank?
-
-            strategy = strategy_info.create(@app, options) do |*args|
-              auth_proc_context.instance_exec(*args, &auth_proc)
-            end
-
-            strategy.call(env)
-
-          else
-            app.call(env)
-          end
+        def call!(env)
+          @env = env
+          @auth_strategy.create(app, options) do |*args|
+            context.instance_exec(*args, &options[:proc])
+          end.call(env)
         end
       end
     end

data/lib/grape/middleware/auth/dsl.rb

@@ -4,40 +4,33 @@ module Grape
   module Middleware
     module Auth
       module DSL
-        extend ActiveSupport::Concern
+        def auth(type = nil, options = {}, &block)
+          namespace_inheritable = inheritable_setting.namespace_inheritable
+          return namespace_inheritable[:auth] unless type
 
-        module ClassMethods
-          # Add an authentication type to the API. Currently
-          # only `:http_basic`, `:http_digest` are supported.
-          def auth(type = nil, options = {}, &block)
-            if type
-              namespace_inheritable(:auth, options.reverse_merge(type: type.to_sym, proc: block))
-              use Grape::Middleware::Auth::Base, namespace_inheritable(:auth)
-            else
-              namespace_inheritable(:auth)
-            end
-          end
-
-          # Add HTTP Basic authorization to the API.
-          #
-          # @param [Hash] options A hash of options.
-          # @option options [String] :realm "API Authorization" The HTTP Basic realm.
-          def http_basic(options = {}, &block)
-            options[:realm] ||= 'API Authorization'
-            auth :http_basic, options, &block
-          end
+          namespace_inheritable[:auth] = options.reverse_merge(type: type.to_sym, proc: block)
+          use Grape::Middleware::Auth::Base, namespace_inheritable[:auth]
+        end
 
-          def http_digest(options = {}, &block)
-            options[:realm] ||= 'API Authorization'
+        # Add HTTP Basic authorization to the API.
+        #
+        # @param [Hash] options A hash of options.
+        # @option options [String] :realm "API Authorization" The HTTP Basic realm.
+        def http_basic(options = {}, &block)
+          options[:realm] ||= 'API Authorization'
+          auth :http_basic, options, &block
+        end
 
-            if options[:realm].respond_to?(:values_at)
-              options[:realm][:opaque] ||= 'secret'
-            else
-              options[:opaque] ||= 'secret'
-            end
+        def http_digest(options = {}, &block)
+          options[:realm] ||= 'API Authorization'
 
-            auth :http_digest, options, &block
+          if options[:realm].respond_to?(:values_at)
+            options[:realm][:opaque] ||= 'secret'
+          else
+            options[:opaque] ||= 'secret'
           end
+
+          auth :http_digest, options, &block
         end
       end
     end

data/lib/grape/middleware/base.rb

@@ -3,25 +3,18 @@
 module Grape
   module Middleware
     class Base
-      include Helpers
       include Grape::DSL::Headers
 
       attr_reader :app, :env, :options
 
-      TEXT_HTML = 'text/html'
-
       # @param [Rack Application] app The standard argument for a Rack middleware.
       # @param [Hash] options A hash of options, simply stored for use by subclasses.
-      def initialize(app, *options)
+      def initialize(app, **options)
         @app = app
-        @options = options.any? ? default_options.deep_merge(options.shift) : default_options
+        @options = merge_default_options(options)
         @app_response = nil
       end
 
-      def default_options
-        {}
-      end
-
       def call(env)
         dup.call!(env).to_a
       end
@@ -54,10 +47,18 @@ module Grape
       # @return [Response, nil] a Rack SPEC response or nil to call the application afterwards.
       def after; end
 
+      def rack_request
+        @rack_request ||= Rack::Request.new(env)
+      end
+
+      def context
+        env[Grape::Env::API_ENDPOINT]
+      end
+
       def response
         return @app_response if @app_response.is_a?(Rack::Response)
 
-        @app_response = Rack::Response.new(@app_response[2], @app_response[0], @app_response[1])
+        @app_response = Rack::Response[*@app_response]
       end
 
       def content_types
@@ -73,7 +74,15 @@ module Grape
       end
 
       def content_type
-        content_type_for(env[Grape::Env::API_FORMAT] || options[:format]) || TEXT_HTML
+        content_type_for(env[Grape::Env::API_FORMAT] || options[:format]) || 'text/html'
+      end
+
+      def query_params
+        rack_request.GET
+      rescue Rack::QueryParser::ParamsTooDeepError
+        raise Grape::Exceptions::TooDeepParameters.new(Rack::Utils.param_depth_limit)
+      rescue Rack::Utils::ParameterTypeError
+        raise Grape::Exceptions::ConflictingTypes
       end
 
       private
@@ -90,6 +99,16 @@ module Grape
       def content_types_indifferent_access
         @content_types_indifferent_access ||= content_types.with_indifferent_access
       end
+
+      def merge_default_options(options)
+        if respond_to?(:default_options)
+          default_options.deep_merge(options)
+        elsif self.class.const_defined?(:DEFAULT_OPTIONS)
+          self.class::DEFAULT_OPTIONS.deep_merge(options)
+        else
+          options
+        end
+      end
     end
   end
 end

data/lib/grape/middleware/error.rb

@@ -3,31 +3,18 @@
 module Grape
   module Middleware
     class Error < Base
-      def default_options
-        {
-          default_status: 500, # default status returned on error
-          default_message: '',
-          format: :txt,
-          helpers: nil,
-          formatters: {},
-          error_formatters: {},
-          rescue_all: false, # true to rescue all exceptions
-          rescue_grape_exceptions: false,
-          rescue_subclasses: true, # rescue subclasses of exceptions listed
-          rescue_options: {
-            backtrace: false, # true to display backtrace, true to let Grape handle Grape::Exceptions
-            original_exception: false # true to display exception
-          },
-          rescue_handlers: {}, # rescue handler blocks
-          base_only_rescue_handlers: {}, # rescue handler blocks rescuing only the base class
-          all_rescue_handler: nil # rescue handler block to rescue from all exceptions
-        }
-      end
-
-      def initialize(app, *options)
-        super
-        self.class.include(@options[:helpers]) if @options[:helpers]
-      end
+      DEFAULT_OPTIONS = {
+        default_status: 500,
+        default_message: '',
+        format: :txt,
+        rescue_all: false,
+        rescue_grape_exceptions: false,
+        rescue_subclasses: true,
+        rescue_options: {
+          backtrace: false,
+          original_exception: false
+        }.freeze
+      }.freeze
 
       def call!(env)
         @env = env
@@ -39,7 +26,7 @@ module Grape
       private
 
       def rack_response(status, headers, message)
-        message = Rack::Utils.escape_html(message) if headers[Rack::CONTENT_TYPE] == TEXT_HTML
+        message = Rack::Utils.escape_html(message) if headers[Rack::CONTENT_TYPE] == 'text/html'
         Rack::Response.new(Array.wrap(message), Rack::Utils.status_code(status), Grape::Util::Header.new.merge(headers))
       end
 
@@ -111,12 +98,7 @@ module Grape
       end
 
       def run_rescue_handler(handler, error, endpoint)
-        if handler.instance_of?(Symbol)
-          raise NoMethodError, "undefined method '#{handler}'" unless respond_to?(handler)
-
-          handler = public_method(handler)
-        end
-
+        handler = endpoint.public_method(handler) if handler.instance_of?(Symbol)
         response = catch(:error) do
           handler.arity.zero? ? endpoint.instance_exec(&handler) : endpoint.instance_exec(error, &handler)
         end

data/lib/grape/middleware/formatter.rb

@@ -3,16 +3,11 @@
 module Grape
   module Middleware
     class Formatter < Base
-      CHUNKED = 'chunked'
-      FORMAT = 'format'
-
-      def default_options
-        {
-          default_format: :txt,
-          formatters: {},
-          parsers: {}
-        }
-      end
+      DEFAULT_OPTIONS = {
+        default_format: :txt
+      }.freeze
+
+      ALL_MEDIA_TYPES = '*/*'
 
       def before
         negotiate_content_type
@@ -69,34 +64,27 @@ module Grape
         end
       end
 
-      def request
-        @request ||= Rack::Request.new(env)
-      end
-
-      # store read input in env['api.request.input']
       def read_body_input
-        return unless
-          (request.post? || request.put? || request.patch? || request.delete?) &&
-          (!request.form_data? || !request.media_type) &&
-          !request.parseable_data? &&
-          (request.content_length.to_i.positive? || request.env[Grape::Http::Headers::HTTP_TRANSFER_ENCODING] == CHUNKED)
-
-        return unless (input = env[Rack::RACK_INPUT])
+        input = rack_request.body # reads RACK_INPUT
+        return if input.nil?
+        return unless read_body_input?
 
-        rewind_input input
+        input.try(:rewind)
         body = env[Grape::Env::API_REQUEST_INPUT] = input.read
         begin
-          read_rack_input(body) if body && !body.empty?
+          read_rack_input(body)
         ensure
-          rewind_input input
+          input.try(:rewind)
         end
       end
 
-      # store parsed input in env['api.request.body']
       def read_rack_input(body)
-        fmt = request.media_type ? mime_types[request.media_type] : options[:default_format]
+        return if body.empty?
 
-        throw :error, status: 415, message: "The provided content-type '#{request.media_type}' is not supported." unless content_type_for(fmt)
+        media_type = rack_request.media_type
+        fmt = media_type ? mime_types[media_type] : options[:default_format]
+
+        throw :error, status: 415, message: "The provided content-type '#{media_type}' is not supported." unless content_type_for(fmt)
         parser = Grape::Parser.parser_for fmt, options[:parsers]
         if parser
           begin
@@ -119,63 +107,43 @@ module Grape
         end
       end
 
+      # this middleware will not try to format the following content-types since Rack already handles them
+      # when calling Rack's `params` function
+      # - application/x-www-form-urlencoded
+      # - multipart/form-data
+      # - multipart/related
+      # - multipart/mixed
+      def read_body_input?
+        (rack_request.post? || rack_request.put? || rack_request.patch? || rack_request.delete?) &&
+          !(rack_request.form_data? && rack_request.content_type) &&
+          !rack_request.parseable_data? &&
+          (rack_request.content_length.to_i.positive? || rack_request.env['HTTP_TRANSFER_ENCODING'] == 'chunked')
+      end
+
       def negotiate_content_type
-        fmt = format_from_extension || format_from_params || options[:format] || format_from_header || options[:default_format]
+        fmt = format_from_extension || query_params['format'] || options[:format] || format_from_header || options[:default_format]
         if content_type_for(fmt)
-          env[Grape::Env::API_FORMAT] = fmt
+          env[Grape::Env::API_FORMAT] = fmt.to_sym
         else
           throw :error, status: 406, message: "The requested format '#{fmt}' is not supported."
         end
       end
 
       def format_from_extension
-        parts = request.path.split('.')
+        request_path = rack_request.path.try(:scrub)
+        dot_pos = request_path.rindex('.')
+        return unless dot_pos
 
-        if parts.size > 1
-          extension = parts.last
-          # avoid symbol memory leak on an unknown format
-          return extension.to_sym if content_type_for(extension)
-        end
-        nil
-      end
-
-      def format_from_params
-        fmt = Rack::Utils.parse_nested_query(env[Rack::QUERY_STRING])[FORMAT]
-        # avoid symbol memory leak on an unknown format
-        return fmt.to_sym if content_type_for(fmt)
-
-        fmt
+        extension = request_path[(dot_pos + 1)..]
+        extension if content_type_for(extension)
       end
 
       def format_from_header
-        mime_array.each do |t|
-          return mime_types[t] if mime_types.key?(t)
-        end
-        nil
-      end
-
-      def mime_array
-        accept = env[Grape::Http::Headers::HTTP_ACCEPT]
-        return [] unless accept
-
-        accept_into_mime_and_quality = %r{
-          (
-            \w+/[\w+.-]+)     # eg application/vnd.example.myformat+xml
-          (?:
-           (?:;[^,]*?)?       # optionally multiple formats in a row
-           ;\s*q=([\w.]+)     # optional "quality" preference (eg q=0.5)
-          )?
-        }x
-
-        vendor_prefix_pattern = /vnd\.[^+]+\+/
-
-        accept.scan(accept_into_mime_and_quality)
-              .sort_by { |_, quality_preference| -(quality_preference ? quality_preference.to_f : 1.0) }
-              .flat_map { |mime, _| [mime, mime.sub(vendor_prefix_pattern, '')] }
-      end
+        accept_header = env['HTTP_ACCEPT'].try(:scrub)
+        return if accept_header.blank? || accept_header == ALL_MEDIA_TYPES
 
-      def rewind_input(input)
-        input.rewind if input.respond_to?(:rewind)
+        media_type = Rack::Utils.best_q_match(accept_header, mime_types.keys)
+        mime_types[media_type] if media_type
       end
     end
   end

data/lib/grape/middleware/stack.rb

@@ -5,10 +5,11 @@ module Grape
     # Class to handle the stack of middlewares based on ActionDispatch::MiddlewareStack
     # It allows to insert and insert after
     class Stack
+      extend Forwardable
       class Middleware
         attr_reader :args, :block, :klass
 
-        def initialize(klass, *args, &block)
+        def initialize(klass, args, block)
           @klass = klass
           @args = args
           @block = block
@@ -31,8 +32,12 @@ module Grape
           klass.to_s
         end
 
-        def use_in(builder)
-          builder.use(@klass, *@args, &@block)
+        def build(builder)
+          # we need to force the ruby2_keywords_hash for middlewares that initialize contains keywords
+          # like ActionDispatch::RequestId since middleware arguments are serialized
+          # https://rubyapi.org/3.4/o/hash#method-c-ruby2_keywords_hash
+          args[-1] = Hash.ruby2_keywords_hash(args[-1]) if args.last.is_a?(Hash) && Hash.respond_to?(:ruby2_keywords_hash)
+          builder.use(klass, *args, &block)
         end
       end
 
@@ -40,72 +45,57 @@ module Grape
 
       attr_accessor :middlewares, :others
 
+      def_delegators :middlewares, :each, :size, :last, :[]
+
       def initialize
         @middlewares = []
         @others = []
       end
 
-      def each(&block)
-        @middlewares.each(&block)
-      end
-
-      def size
-        middlewares.size
-      end
-
-      def last
-        middlewares.last
-      end
-
-      def [](index)
-        middlewares[index]
-      end
-
-      def insert(index, *args, &block)
+      def insert(index, klass, *args, &block)
         index = assert_index(index, :before)
-        middleware = self.class::Middleware.new(*args, &block)
-        middlewares.insert(index, middleware)
+        middlewares.insert(index, self.class::Middleware.new(klass, args, block))
       end
-      ruby2_keywords :insert if respond_to?(:ruby2_keywords, true)
 
       alias insert_before insert
 
-      def insert_after(index, *args, &block)
+      def insert_after(index, ...)
         index = assert_index(index, :after)
-        insert(index + 1, *args, &block)
+        insert(index + 1, ...)
       end
-      ruby2_keywords :insert_after if respond_to?(:ruby2_keywords, true)
 
-      def use(...)
-        middleware = self.class::Middleware.new(...)
+      def use(klass, *args, &block)
+        middleware = self.class::Middleware.new(klass, args, block)
         middlewares.push(middleware)
       end
 
       def merge_with(middleware_specs)
-        middleware_specs.each do |operation, *args|
+        middleware_specs.each do |operation, klass, *args|
           if args.last.is_a?(Proc)
             last_proc = args.pop
-            public_send(operation, *args, &last_proc)
+            public_send(operation, klass, *args, &last_proc)
           else
-            public_send(operation, *args)
+            public_send(operation, klass, *args)
           end
         end
       end
 
       # @return [Rack::Builder] the builder object with our middlewares applied
-      def build(builder = Rack::Builder.new)
-        others.shift(others.size).each { |m| merge_with(m) }
-        middlewares.each do |m|
-          m.use_in(builder)
+      def build
+        Rack::Builder.new.tap do |builder|
+          others.shift(others.size).each { |m| merge_with(m) }
+          middlewares.each do |m|
+            m.build(builder)
+          end
         end
-        builder
       end
 
       # @description Add middlewares with :use operation to the stack. Store others with :insert_* operation for later
       # @param [Array] other_specs An array of middleware specifications (e.g. [[:use, klass], [:insert_before, *args]])
       def concat(other_specs)
-        @others << Array(other_specs).reject { |o| o.first == :use }
-        merge_with(Array(other_specs).select { |o| o.first == :use })
+        use, not_use = other_specs.partition { |o| o.first == :use }
+        others << not_use
+        merge_with(use)
       end
 
       protected

data/lib/grape/middleware/versioner/accept_version_header.rb

@@ -18,10 +18,8 @@ module Grape
       # route.
       class AcceptVersionHeader < Base
         def before
-          potential_version = env[Grape::Http::Headers::HTTP_ACCEPT_VERSION]
-          potential_version = potential_version.scrub unless potential_version.nil?
-
-          not_acceptable!('Accept-Version header must be set.') if strict? && potential_version.blank?
+          potential_version = env['HTTP_ACCEPT_VERSION'].try(:scrub)
+          not_acceptable!('Accept-Version header must be set.') if strict && potential_version.blank?
 
           return if potential_version.blank?