grape 2.3.0 → 3.0.0

data/lib/grape/middleware/versioner/base.rb

@@ -4,77 +4,51 @@ module Grape
   module Middleware
     module Versioner
       class Base < Grape::Middleware::Base
-        DEFAULT_PATTERN = /.*/i.freeze
-        DEFAULT_PARAMETER = 'apiver'
+        DEFAULT_OPTIONS = {
+          pattern: /.*/i,
+          prefix: nil,
+          mount_path: nil,
+          version_options: {
+            strict: false,
+            cascade: true,
+            parameter: 'apiver',
+            vendor: nil
+          }.freeze
+        }.freeze
 
-        def self.inherited(klass)
-          super
-          Versioner.register(klass)
-        end
-
-        def default_options
-          {
-            versions: nil,
-            prefix: nil,
-            mount_path: nil,
-            pattern: DEFAULT_PATTERN,
-            version_options: {
-              strict: false,
-              cascade: true,
-              parameter: DEFAULT_PARAMETER
-            }
-          }
-        end
+        CASCADE_PASS_HEADER = { 'X-Cascade' => 'pass' }.freeze
 
-        def versions
-          options[:versions]
+        DEFAULT_OPTIONS.each_key do |key|
+          define_method key do
+            options[key]
+          end
         end
 
-        def prefix
-          options[:prefix]
+        DEFAULT_OPTIONS[:version_options].each_key do |key|
+          define_method key do
+            options[:version_options][key]
+          end
         end
 
-        def mount_path
-          options[:mount_path]
-        end
-
-        def pattern
-          options[:pattern]
-        end
-
-        def version_options
-          options[:version_options]
-        end
-
-        def strict?
-          version_options[:strict]
-        end
-
-        # By default those errors contain an `X-Cascade` header set to `pass`, which allows nesting and stacking
-        # of routes (see Grape::Router) for more information). To prevent
-        # this behavior, and not add the `X-Cascade` header, one can set the `:cascade` option to `false`.
-        def cascade?
-          version_options[:cascade]
-        end
-
-        def parameter_key
-          version_options[:parameter]
+        def self.inherited(klass)
+          super
+          Versioner.register(klass)
         end
 
-        def vendor
-          version_options[:vendor]
-        end
+        attr_reader :error_headers, :versions
 
-        def error_headers
-          cascade? ? { Grape::Http::Headers::X_CASCADE => 'pass' } : {}
+        def initialize(app, **options)
+          super
+          @error_headers = cascade ? CASCADE_PASS_HEADER : {}
+          @versions = options[:versions]&.map(&:to_s) # making sure versions are strings to ease potential match
         end
 
         def potential_version_match?(potential_version)
-          versions.blank? || versions.any? { |v| v.to_s == potential_version }
+          versions.blank? || versions.include?(potential_version)
         end
 
         def version_not_found!
-          throw :error, status: 404, message: '404 API Version Not Found', headers: { Grape::Http::Headers::X_CASCADE => 'pass' }
+          throw :error, status: 404, message: '404 API Version Not Found', headers: CASCADE_PASS_HEADER
         end
       end
     end

data/lib/grape/middleware/versioner/header.rb

@@ -49,11 +49,11 @@ module Grape
         end
 
         def accept_header
-          env[Grape::Http::Headers::HTTP_ACCEPT]
+          env['HTTP_ACCEPT']
         end
 
         def strict_header_checks!
-          return unless strict?
+          return unless strict
 
           accept_header_check!
           version_and_vendor_check!

data/lib/grape/middleware/versioner/param.rb

@@ -20,12 +20,11 @@ module Grape
       #   env['api.version'] => 'v1'
       class Param < Base
         def before
-          potential_version = Rack::Utils.parse_nested_query(env[Rack::QUERY_STRING])[parameter_key]
+          potential_version = query_params[parameter]
           return if potential_version.blank?
 
           version_not_found! unless potential_version_match?(potential_version)
-          env[Grape::Env::API_VERSION] = potential_version
-          env[Rack::RACK_REQUEST_QUERY_HASH].delete(parameter_key) if env.key? Rack::RACK_REQUEST_QUERY_HASH
+          env[Grape::Env::API_VERSION] = env[Rack::RACK_REQUEST_QUERY_HASH].delete(parameter)
         end
       end
     end

data/lib/grape/middleware/versioner/path.rb

@@ -28,7 +28,7 @@ module Grape
           slash_position = path_info.index('/', 1) # omit the first one
           return unless slash_position
 
-          potential_version = path_info[1..slash_position - 1]
+          potential_version = path_info[1..(slash_position - 1)]
           return unless potential_version.match?(pattern)
 
           version_not_found! unless potential_version_match?(potential_version)

data/lib/grape/namespace.rb

@@ -28,6 +28,17 @@ module Grape
       settings&.map(&:space)
     end
 
+    def eql?(other)
+      other.class == self.class &&
+        other.space == space &&
+        other.options == options
+    end
+    alias == eql?
+
+    def hash
+      [self.class, space, options].hash
+    end
+
     # Join the namespaces from a list of settings to create a path prefix.
     # @param settings [Array] list of Grape::Util::InheritableSettings.
     def self.joined_space_path(settings)

data/lib/grape/params_builder/base.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Grape
+  module ParamsBuilder
+    class Base
+      class << self
+        def call(_params)
+          raise NotImplementedError
+        end
+
+        private
+
+        def inherited(klass)
+          super
+          ParamsBuilder.register(klass)
+        end
+      end
+    end
+  end
+end

data/lib/grape/params_builder/hash.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Grape
+  module ParamsBuilder
+    class Hash < Base
+      def self.call(params)
+        params.deep_symbolize_keys
+      end
+    end
+  end
+end

data/lib/grape/params_builder/hash_with_indifferent_access.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Grape
+  module ParamsBuilder
+    class HashWithIndifferentAccess < Base
+      def self.call(params)
+        params.with_indifferent_access
+      end
+    end
+  end
+end

data/lib/grape/params_builder/hashie_mash.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Grape
+  module ParamsBuilder
+    class HashieMash < Base
+      def self.call(params)
+        ::Hashie::Mash.new(params)
+      end
+    end
+  end
+end

data/lib/grape/params_builder.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Grape
+  module ParamsBuilder
+    extend Grape::Util::Registry
+
+    SHORT_NAME_LOOKUP = {
+      'Grape::Extensions::Hash::ParamBuilder' => :hash,
+      'Grape::Extensions::ActiveSupport::HashWithIndifferentAccess::ParamBuilder' => :hash_with_indifferent_access,
+      'Grape::Extensions::Hashie::Mash::ParamBuilder' => :hashie_mash
+    }.freeze
+
+    module_function
+
+    def params_builder_for(short_name)
+      verified_short_name = verify_short_name!(short_name)
+
+      raise Grape::Exceptions::UnknownParamsBuilder, verified_short_name unless registry.key?(verified_short_name)
+
+      registry[verified_short_name]
+    end
+
+    def verify_short_name!(short_name)
+      return short_name if short_name.is_a?(Symbol)
+
+      class_name = short_name.name
+      SHORT_NAME_LOOKUP[class_name].tap do |real_short_name|
+        Grape.deprecator.warn "#{class_name} has been deprecated. Use short name :#{real_short_name} instead."
+      end
+    end
+  end
+end

data/lib/grape/request.rb

@@ -2,50 +2,189 @@
 
 module Grape
   class Request < Rack::Request
-    HTTP_PREFIX = 'HTTP_'
+    # Based on rack 3 KNOWN_HEADERS
+    # https://github.com/rack/rack/blob/4f15e7b814922af79605be4b02c5b7c3044ba206/lib/rack/headers.rb#L10
+
+    KNOWN_HEADERS = %w[
+      Accept
+      Accept-CH
+      Accept-Encoding
+      Accept-Language
+      Accept-Patch
+      Accept-Ranges
+      Accept-Version
+      Access-Control-Allow-Credentials
+      Access-Control-Allow-Headers
+      Access-Control-Allow-Methods
+      Access-Control-Allow-Origin
+      Access-Control-Expose-Headers
+      Access-Control-Max-Age
+      Age
+      Allow
+      Alt-Svc
+      Authorization
+      Cache-Control
+      Client-Ip
+      Connection
+      Content-Disposition
+      Content-Encoding
+      Content-Language
+      Content-Length
+      Content-Location
+      Content-MD5
+      Content-Range
+      Content-Security-Policy
+      Content-Security-Policy-Report-Only
+      Content-Type
+      Cookie
+      Date
+      Delta-Base
+      Dnt
+      ETag
+      Expect-CT
+      Expires
+      Feature-Policy
+      Forwarded
+      Host
+      If-Modified-Since
+      If-None-Match
+      IM
+      Last-Modified
+      Link
+      Location
+      NEL
+      P3P
+      Permissions-Policy
+      Pragma
+      Preference-Applied
+      Proxy-Authenticate
+      Public-Key-Pins
+      Range
+      Referer
+      Referrer-Policy
+      Refresh
+      Report-To
+      Retry-After
+      Sec-Fetch-Dest
+      Sec-Fetch-Mode
+      Sec-Fetch-Site
+      Sec-Fetch-User
+      Server
+      Set-Cookie
+      Status
+      Strict-Transport-Security
+      Timing-Allow-Origin
+      Tk
+      Trailer
+      Transfer-Encoding
+      Upgrade
+      Upgrade-Insecure-Requests
+      User-Agent
+      Vary
+      Version
+      Via
+      Warning
+      WWW-Authenticate
+      X-Accel-Buffering
+      X-Accel-Charset
+      X-Accel-Expires
+      X-Accel-Limit-Rate
+      X-Accel-Mapping
+      X-Accel-Redirect
+      X-Access-Token
+      X-Auth-Request-Access-Token
+      X-Auth-Request-Email
+      X-Auth-Request-Groups
+      X-Auth-Request-Preferred-Username
+      X-Auth-Request-Redirect
+      X-Auth-Request-Token
+      X-Auth-Request-User
+      X-Cascade
+      X-Client-Ip
+      X-Content-Duration
+      X-Content-Security-Policy
+      X-Content-Type-Options
+      X-Correlation-Id
+      X-Download-Options
+      X-Forwarded-Access-Token
+      X-Forwarded-Email
+      X-Forwarded-For
+      X-Forwarded-Groups
+      X-Forwarded-Host
+      X-Forwarded-Port
+      X-Forwarded-Preferred-Username
+      X-Forwarded-Proto
+      X-Forwarded-Scheme
+      X-Forwarded-Ssl
+      X-Forwarded-Uri
+      X-Forwarded-User
+      X-Frame-Options
+      X-HTTP-Method-Override
+      X-Permitted-Cross-Domain-Policies
+      X-Powered-By
+      X-Real-IP
+      X-Redirect-By
+      X-Request-Id
+      X-Requested-With
+      X-Runtime
+      X-Sendfile
+      X-Sendfile-Type
+      X-UA-Compatible
+      X-WebKit-CS
+      X-XSS-Protection
+    ].each_with_object({}) do |header, response|
+      response["HTTP_#{header.upcase.tr('-', '_')}"] = header
+    end.freeze
 
     alias rack_params params
+    alias rack_cookies cookies
 
     def initialize(env, build_params_with: nil)
-      extend build_params_with || Grape.config.param_builder
       super(env)
+      @params_builder = Grape::ParamsBuilder.params_builder_for(build_params_with || Grape.config.param_builder)
     end
 
     def params
-      @params ||= build_params
-    rescue EOFError
-      raise Grape::Exceptions::EmptyMessageBody.new(content_type)
-    rescue Rack::Multipart::MultipartPartLimitError
-      raise Grape::Exceptions::TooManyMultipartFiles.new(Rack::Utils.multipart_part_limit)
+      @params ||= make_params
     end
 
     def headers
       @headers ||= build_headers
     end
 
-    private
+    def cookies
+      @cookies ||= Grape::Cookies.new(-> { rack_cookies })
+    end
 
+    # needs to be public until extensions param_builder are removed
     def grape_routing_args
-      args = env[Grape::Env::GRAPE_ROUTING_ARGS].dup
       # preserve version from query string parameters
-      args.delete(:version)
-      args.delete(:route_info)
-      args
+      env[Grape::Env::GRAPE_ROUTING_ARGS]&.except(:version, :route_info) || {}
     end
 
-    def build_headers
-      Grape::Util::Lazy::Object.new do
-        env.each_pair.with_object(Grape::Util::Header.new) do |(k, v), headers|
-          next unless k.to_s.start_with? HTTP_PREFIX
+    private
 
-          transformed_header = Grape::Http::Headers::HTTP_HEADERS[k] || transform_header(k)
-          headers[transformed_header] = v
-        end
-      end
+    def make_params
+      @params_builder.call(rack_params).deep_merge!(grape_routing_args)
+    rescue EOFError
+      raise Grape::Exceptions::EmptyMessageBody.new(content_type)
+    rescue Rack::Multipart::MultipartPartLimitError, Rack::Multipart::MultipartTotalPartLimitError
+      raise Grape::Exceptions::TooManyMultipartFiles.new(Rack::Utils.multipart_part_limit)
+    rescue Rack::QueryParser::ParamsTooDeepError
+      raise Grape::Exceptions::TooDeepParameters.new(Rack::Utils.param_depth_limit)
+    rescue Rack::Utils::ParameterTypeError
+      raise Grape::Exceptions::ConflictingTypes
+    rescue Rack::Utils::InvalidParameterError
+      raise Grape::Exceptions::InvalidParameters
     end
 
-    def transform_header(header)
-      -header[5..].tr('_', '-').downcase
+    def build_headers
+      each_header.with_object(Grape::Util::Header.new) do |(k, v), headers|
+        next unless k.start_with? 'HTTP_'
+
+        transformed_header = KNOWN_HEADERS.fetch(k) { -k[5..].tr('_', '-').downcase }
+        headers[transformed_header] = v
+      end
     end
   end
 end

data/lib/grape/router/route.rb

@@ -55,7 +55,7 @@ module Grape
 
       def upcase_method(method)
         method_s = method.to_s
-        Grape::Http::Headers::SUPPORTED_METHODS.detect { |m| m.casecmp(method_s).zero? } || method_s.upcase
+        Grape::HTTP_SUPPORTED_METHODS.detect { |m| m.casecmp(method_s).zero? } || method_s.upcase
       end
     end
   end

data/lib/grape/router.rb

@@ -4,12 +4,31 @@ module Grape
   class Router
     attr_reader :map, :compiled
 
+    # Taken from Rails
+    #     normalize_path("/foo")  # => "/foo"
+    #     normalize_path("/foo/") # => "/foo"
+    #     normalize_path("foo")   # => "/foo"
+    #     normalize_path("")      # => "/"
+    #     normalize_path("/%ab")  # => "/%AB"
+    # https://github.com/rails/rails/blob/00cc4ff0259c0185fe08baadaa40e63ea2534f6e/actionpack/lib/action_dispatch/journey/router/utils.rb#L19
     def self.normalize_path(path)
-      path = +"/#{path}"
+      return '/' unless path
+      return path if path == '/'
+
+      # Fast path for the overwhelming majority of paths that don't need to be normalized
+      return path.dup if path.start_with?('/') && !(path.end_with?('/') || path.match?(%r{%|//}))
+
+      # Slow path
+      encoding = path.encoding
+      path = "/#{path}"
       path.squeeze!('/')
-      path.sub!(%r{/+\Z}, '')
-      path = '/' if path == ''
-      path
+
+      unless path == '/'
+        path.delete_suffix!('/')
+        path.gsub!(/(%[a-f0-9]{2})/) { ::Regexp.last_match(1).upcase }
+      end
+
+      path.force_encoding(encoding)
     end
 
     def initialize
@@ -24,7 +43,7 @@ module Grape
 
       @union = Regexp.union(@neutral_regexes)
       @neutral_regexes = nil
-      (Grape::Http::Headers::SUPPORTED_METHODS + ['*']).each do |method|
+      (Grape::HTTP_SUPPORTED_METHODS + ['*']).each do |method|
         next unless map.key?(method)
 
         routes = map[method]
@@ -93,7 +112,7 @@ module Grape
             return response unless cascade
 
             # we need to close the body if possible before dismissing
-            response[2].close if response[2].respond_to?(:close)
+            response[2].try(:close)
           end
         end
       end
@@ -138,7 +157,7 @@ module Grape
     end
 
     def default_response
-      headers = Grape::Util::Header.new.merge(Grape::Http::Headers::X_CASCADE => 'pass')
+      headers = Grape::Util::Header.new.merge('X-Cascade' => 'pass')
       [404, headers, ['404 Not Found']]
     end
 
@@ -162,7 +181,7 @@ module Grape
     end
 
     def cascade?(response)
-      response && response[1][Grape::Http::Headers::X_CASCADE] == 'pass'
+      response && response[1]['X-Cascade'] == 'pass'
     end
 
     def string_for(input)

data/lib/grape/util/api_description.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Grape
+  module Util
+    class ApiDescription
+      def initialize(description, endpoint_configuration, &block)
+        @endpoint_configuration = endpoint_configuration
+        @attributes = { description: description }
+        instance_eval(&block)
+      end
+
+      %i[
+        body_name
+        consumes
+        default
+        deprecated
+        detail
+        entity
+        headers
+        hidden
+        http_codes
+        is_array
+        named
+        nickname
+        params
+        produces
+        security
+        summary
+        tags
+      ].each do |attribute|
+        define_method attribute do |value|
+          @attributes[attribute] = value
+        end
+      end
+
+      alias success entity
+      alias failure http_codes
+
+      def configuration
+        @configuration ||= eval_endpoint_config(@endpoint_configuration)
+      end
+
+      def settings
+        @attributes
+      end
+
+      private
+
+      def eval_endpoint_config(configuration)
+        return configuration if configuration.is_a?(Hash)
+
+        configuration.evaluate
+      end
+    end
+  end
+end

data/lib/grape/util/base_inheritable.rb

@@ -14,8 +14,11 @@ module Grape
         @new_values = {}
       end
 
-      def delete(key)
-        new_values.delete key
+      def delete(*keys)
+        keys.map do |key|
+          # since delete returns the deleted value, seems natural to `map` the result
+          new_values.delete key
+        end
       end
 
       def initialize_copy(other)

data/lib/grape/util/inheritable_setting.rb

@@ -95,6 +95,13 @@ module Grape
           namespace_reverse_stackable: namespace_reverse_stackable.to_hash
         }
       end
+
+      def namespace_stackable_with_hash(key)
+        data = namespace_stackable[key]
+        return if data.blank?
+
+        data.each_with_object({}) { |value, result| result.deep_merge!(value) }
+      end
     end
   end
 end

data/lib/grape/util/media_type.rb

@@ -7,7 +7,7 @@ module Grape
 
       # based on the HTTP Accept header with the pattern:
       # application/vnd.:vendor-:version+:format
-      VENDOR_VERSION_HEADER_REGEX = /\Avnd\.(?<vendor>[a-z0-9.\-_!^]+?)(?:-(?<version>[a-z0-9*.]+))?(?:\+(?<format>[a-z0-9*\-.]+))?\z/.freeze
+      VENDOR_VERSION_HEADER_REGEX = /\Avnd\.(?<vendor>[a-z0-9.\-_!^]+?)(?:-(?<version>[a-z0-9*.]+))?(?:\+(?<format>[a-z0-9*\-.]+))?\z/
 
       def initialize(type:, subtype:)
         @type = type

data/lib/grape/util/registry.rb

@@ -7,7 +7,7 @@ module Grape
         short_name = build_short_name(klass)
         return if short_name.nil?
 
-        warn "#{short_name} is already registered with class #{klass}" if registry.key?(short_name)
+        warn "#{short_name} is already registered with class #{registry[short_name]}. It will be overridden globally with the following: #{klass.name}" if registry.key?(short_name)
         registry[short_name] = klass
       end
 

data/lib/grape/validations/contract_scope.rb

@@ -20,14 +20,14 @@ module Grape
           key_map = contract.key_map
         end
 
-        api.namespace_stackable(:contract_key_map, key_map)
+        api.inheritable_setting.namespace_stackable[:contract_key_map] = key_map
 
         validator_options = {
           validator_class: Grape::Validations.require_validator(:contract_scope),
           opts: { schema: contract, fail_fast: false }
         }
 
-        api.namespace_stackable(:validations, validator_options)
+        api.inheritable_setting.namespace_stackable[:validations] = validator_options
       end
     end
   end