haveapi 0.23.7 → 0.25.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f3a7731a5016c5b5ea0a801021cb5edb150f64543119c1c8b8bf54a4c7789a5
-  data.tar.gz: 530120c4fec361fb3581e7a9fc2b2648c3ff33eaabd07e9bfa4bf9b4fdd75656
+  metadata.gz: 3e3abf24d477cb53a7654a236f2daf3abadd8b153d3017ea159dbe1dd072fd2b
+  data.tar.gz: 406961707ce35f79c6ee6f2835697143f2b5a4e42e86f433949d08f98b546644
 SHA512:
-  metadata.gz: 1436deb0578ff83809622a9857d8e2e56bd2f52d33b69ea5718c1cf220fa78d5995baa89eb073da5b24b11631aed2edb14fac77de3fe339ef94e7cce4d6abe81
-  data.tar.gz: b4c743579d26331685d0602d37168a887d88ca01449e5ae084fe053bc8775d36d1c410c6d596e42c4c717c94d85ab810000be0c22d3e1a8553eae3faa9fda512
+  metadata.gz: bdddd4eb49bc38b54c799b2cd57668f550a38212f1b735f1aad6238bb93f4a7d3b0b1bc52ff09055d0247afd70fa6fe156b41d7c99bc20317bc470d22ae9f744
+  data.tar.gz: 0120c81aa41cbc7a32d039fb4c645b2fa1ca510d91093c813e4e3b8802e69393e2641af63c99287fbb8b75f56021461e1c2eaf67351874f7ee8865195af7cac6

data/README.md

@@ -138,7 +138,7 @@ module MyAPI
 
       # Execute action, return the list
       def exec
-        query.limit(input[:limit]).offset(input[:offset])
+        with_pagination(query)
       end
     end
 
@@ -178,9 +178,9 @@ module MyAPI
         user = ::User.new(input)
 
         if user.save
-          ok(user)
+          ok!(user)
         else
-          error('save failed', user.errors.to_hash)
+          error!('save failed', user.errors.to_hash)
         end
       end
     end

data/haveapi.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'activesupport', '>= 7.1'
   s.add_dependency 'github-markdown'
-  s.add_dependency 'haveapi-client', '~> 0.23.4'
+  s.add_dependency 'haveapi-client', '~> 0.25.0'
   s.add_dependency 'json'
   s.add_dependency 'mail'
   s.add_dependency 'nesty', '~> 1.0'
@@ -24,7 +24,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'rake'
   s.add_dependency 'redcarpet', '~> 3.6'
   s.add_dependency 'require_all', '~> 2.0.0'
-  s.add_dependency 'sinatra', '~> 3.1.0'
-  s.add_dependency 'sinatra-contrib', '~> 3.1.0'
-  s.add_dependency 'tilt', '~> 2.3.0'
+  s.add_dependency 'sinatra', '~> 4.0'
+  s.add_dependency 'sinatra-contrib', '~> 4.0'
+  s.add_dependency 'tilt', '~> 2.4'
 end

data/lib/haveapi/action.rb

@@ -323,7 +323,7 @@ module HaveAPI
     def validate!
       @params = validate
     rescue ValidationError => e
-      error(e.message, e.to_hash)
+      error!(e.message, e.to_hash)
     end
 
     def authorized?(user)
@@ -379,11 +379,11 @@ module HaveAPI
         if tmp.empty?
           p e.message
           puts e.backtrace
-          error('Server error occurred')
+          error!('Server error occurred')
         end
 
         unless tmp[:status]
-          error(tmp[:message], {}, http_status: tmp[:http_status] || 500)
+          error!(tmp[:message], {}, http_status: tmp[:http_status] || 500)
         end
       end
 
@@ -555,7 +555,7 @@ module HaveAPI
     # @param ret [Hash] response
     # @param opts [Hash] options
     # @option opts [Integer] http_status HTTP status code sent to the client
-    def ok(ret = {}, opts = {})
+    def ok!(ret = {}, opts = {})
       @http_status = opts[:http_status]
       throw(:return, ret)
     end
@@ -564,7 +564,7 @@ module HaveAPI
     # @param errs [Hash<Array>] parameter errors sent to the client
     # @param opts [Hash] options
     # @option opts [Integer] http_status HTTP status code sent to the client
-    def error(msg, errs = {}, opts = {})
+    def error!(msg, errs = {}, opts = {})
       @message = msg
       @errors = errs
       @http_status = opts[:http_status]

data/lib/haveapi/action_state.rb

@@ -11,11 +11,11 @@ module HaveAPI
   class ActionState
     # Return an array of objects representing actions that are pending completion.
     # @param [Object] user
-    # @param [Integer] offset
+    # @param [Integer] from_id
     # @param [Integer] limit
     # @param [Symbol] order (:newest or :oldest)
     # @return [Array<ActionState>]
-    def self.list_pending(user, offset, limit, order)
+    def self.list_pending(user, from_id, limit, order)
       raise NotImplementedError
     end
 

data/lib/haveapi/actions/paginable.rb

@@ -2,9 +2,9 @@ module HaveAPI::Actions
   module Paginable
     def self.included(action)
       action.input do
-        integer :offset, label: 'Offset', desc: 'The offset of the first object',
-                         number: { min: 0 }
-        integer :limit, label: 'Limit', desc: 'The number of objects to retrieve',
+        integer :from_id, label: 'From ID', desc: 'List objects with greater/lesser ID',
+                          number: { min: 0 }
+        integer :limit, label: 'Limit', desc: 'Number of objects to retrieve',
                         number: { min: 0 }
       end
     end

data/lib/haveapi/authentication/oauth2/provider.rb

@@ -114,7 +114,7 @@ module HaveAPI::Authentication
 
       def authenticate(request)
         tokens = [
-          request['access_token'],
+          request.params['access_token'],
           token_from_authorization_header(request),
           token_from_haveapi_header(request)
         ].compact

data/lib/haveapi/authentication/token/provider.rb

@@ -159,7 +159,7 @@ module HaveAPI::Authentication
       # @param request [Sinatra::Request]
       # @return [String]
       def token(request)
-        request[config.class.query_parameter] || request.env[header_to_env]
+        request.params[config.class.query_parameter] || request.env[header_to_env]
       end
 
       def describe
@@ -227,11 +227,11 @@ module HaveAPI::Authentication
                                                             input:
                                                           ), ActionResult.new)
               rescue HaveAPI::AuthenticationError => e
-                error(e.message)
+                error!(e.message)
               end
 
               unless result.ok?
-                error(result.error || 'invalid authentication credentials')
+                error!(result.error || 'invalid authentication credentials')
               end
 
               {
@@ -260,9 +260,9 @@ module HaveAPI::Authentication
                                                                 ), ActionResult.new)
 
               if result.ok?
-                ok
+                ok!
               else
-                error(result.error || 'revoke failed')
+                error!(result.error || 'revoke failed')
               end
             end
           end
@@ -290,7 +290,7 @@ module HaveAPI::Authentication
               if result.ok?
                 { valid_to: result.valid_to }
               else
-                error(result.error || 'renew failed')
+                error!(result.error || 'renew failed')
               end
             end
           end
@@ -324,11 +324,11 @@ module HaveAPI::Authentication
                                                 token: input[:token]
                                               ), ActionResult.new)
                 rescue HaveAPI::AuthenticationError => e
-                  error(e.message)
+                  error!(e.message)
                 end
 
                 unless result.ok?
-                  error(result.error || 'authentication failed')
+                  error!(result.error || 'authentication failed')
                 end
 
                 {

data/lib/haveapi/model_adapters/active_record.rb

@@ -41,6 +41,47 @@ module HaveAPI::ModelAdapters
           end
         end
 
+        # Apply pagination on query in ascending order
+        # @param q [ActiveRecord::Relation] query to apply pagination on
+        def with_asc_pagination(q = nil)
+          ar_with_pagination(q, check: true) do |query, from_id|
+            query.where("`#{self.class.model.table_name}`.`#{self.class.model.primary_key}` > ?", from_id)
+          end
+        end
+
+        # Apply pagination on query in descending order
+        # @param q [ActiveRecord::Relation] query to apply pagination on
+        def with_desc_pagination(q = nil)
+          ar_with_pagination(q, check: true) do |query, from_id|
+            query.where("`#{self.class.model.table_name}`.`#{self.class.model.primary_key}` < ?", from_id)
+          end
+        end
+
+        alias with_pagination with_asc_pagination
+
+        # @param q [ActiveRecord::Relation] query to apply pagination on
+        # @param parameter [Symbol] input parameter used for pagination
+        # @param check [Boolean] raise if the model does not have a simple primary key
+        # @yieldparam q [ActiveRecord::Relation] query to apply pagination on
+        # @yieldparam parameter [any] value of the input parameter
+        def ar_with_pagination(q, parameter: :from_id, check: false)
+          pk = self.class.model.primary_key
+
+          if check && !pk.is_a?(String)
+            raise 'only simple primary key is supported, ' \
+                  "#{self.class.model} has a composite primary key (#{pk.join(', ')})"
+          end
+
+          q ||= self.class.model.all
+
+          paginable = input[parameter]
+          limit = input[:limit]
+
+          q = yield(q, paginable) if paginable
+          q = q.limit(limit) if limit
+          q
+        end
+
         # Parse includes sent by the user and return them
         # in an array of symbols and hashes.
         def ar_parse_includes(raw)

data/lib/haveapi/params.rb

@@ -154,6 +154,13 @@ module HaveAPI
       @params.detect { |p| p.name == name }.patch(changes)
     end
 
+    def remove(name)
+      i = @params.index { |p| p.name == name }
+      raise "Parameter #{name.inspect} not found" if i.nil?
+
+      @params.delete_at(i)
+    end
+
     # Action returns custom data.
     def custom(name, **kwargs, &block)
       add_param(name, apply(kwargs, type: Custom, clean: block))

data/lib/haveapi/resources/action_state.rb

@@ -63,7 +63,7 @@ module HaveAPI::Resources
       def exec
         actions = @context.server.action_state.list_pending(
           current_user,
-          input[:offset],
+          input[:from_id],
           input[:limit],
           input[:order].to_sym
         )
@@ -106,7 +106,7 @@ module HaveAPI::Resources
             id: params[:action_state_id]
           )
 
-          error('action state not found') unless state.valid?
+          error!('action state not found') unless state.valid?
 
           if state.finished? || (Time.now - t) >= input[:timeout]
             return state_to_hash(state)
@@ -145,7 +145,7 @@ module HaveAPI::Resources
 
         return state_to_hash(state) if state.valid?
 
-        error('action state not found')
+        error!('action state not found')
       end
     end
 
@@ -164,7 +164,7 @@ module HaveAPI::Resources
           id: params[:action_state_id]
         )
 
-        error('action state not found') unless state.valid?
+        error!('action state not found') unless state.valid?
 
         ret = state.cancel
 
@@ -172,13 +172,13 @@ module HaveAPI::Resources
           @state_id = ret
 
         elsif ret
-          ok
+          ok!
 
         else
-          error('cancellation failed')
+          error!('cancellation failed')
         end
       rescue RuntimeError, NotImplementedError => e
-        error(e.message)
+        error!(e.message)
       end
 
       attr_reader :state_id

data/lib/haveapi/server.rb

@@ -74,11 +74,11 @@ module HaveAPI
         return unless request.env['HTTP_ORIGIN'] && request.env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']
 
         halt 200, {
-          'Access-Control-Allow-Origin' => '*',
-          'Access-Control-Allow-Methods' => 'GET,POST,OPTIONS,PATCH,PUT,DELETE',
-          'Access-Control-Allow-Credentials' => 'false',
-          'Access-Control-Allow-Headers' => settings.api_server.allowed_headers,
-          'Access-Control-Max-Age' => (60 * 60).to_s
+          'access-control-allow-origin' => '*',
+          'access-control-allow-methods' => 'GET,POST,OPTIONS,PATCH,PUT,DELETE',
+          'access-control-allow-credentials' => 'false',
+          'access-control-allow-headers' => settings.api_server.allowed_headers,
+          'access-control-max-age' => (60 * 60).to_s
         }, ''
       end
 
@@ -94,7 +94,7 @@ module HaveAPI
       def require_auth!
         report_error(
           401,
-          { 'WWW-Authenticate' => 'Basic realm="Restricted Area"' },
+          { 'www-authenticate' => 'Basic realm="Restricted Area"' },
           'Action requires user to authenticate'
         )
       end
@@ -166,13 +166,19 @@ module HaveAPI
           ret += "<h5>#{name.to_s.capitalize}</h5>"
           ret += '<dl>'
           opts.each do |k, v|
-            ret += "<dt>#{k}</dt><dd>#{v}</dd>"
+            ret += "<dt>#{k}</dt><dd>#{escape_html(v.to_s)}</dd>"
           end
           ret += '</dl>'
         end
 
         ret
       end
+
+      def escape_html(v)
+        return '' if v.nil?
+
+        CGI.escapeHTML(v.to_s)
+      end
     end
 
     def initialize(module_name = HaveAPI.module_name)
@@ -231,8 +237,8 @@ module HaveAPI
 
         before do
           if request.env['HTTP_ORIGIN']
-            headers 'Access-Control-Allow-Origin' => '*',
-                    'Access-Control-Allow-Credentials' => 'false'
+            headers 'access-control-allow-origin' => '*',
+                    'access-control-allow-credentials' => 'false'
           end
         end
 
@@ -468,8 +474,6 @@ module HaveAPI
           authenticated?(v)
         end
 
-        request.body.rewind
-
         begin
           body = request.body.read
 

data/lib/haveapi/spec/spec_methods.rb

@@ -42,7 +42,7 @@ module HaveAPI::Spec
         method(action.http_method).call(
           path,
           params && params.to_json,
-          { 'Content-Type' => 'application/json' }
+          { 'content-type' => 'application/json' }
         )
 
       else
@@ -51,7 +51,7 @@ module HaveAPI::Spec
         method(http_method).call(
           path,
           params && params.to_json,
-          { 'Content-Type' => 'application/json' }
+          { 'content-type' => 'application/json' }
         )
       end
     end

data/lib/haveapi/version.rb

@@ -1,4 +1,4 @@
 module HaveAPI
   PROTOCOL_VERSION = '2.0'.freeze
-  VERSION = '0.23.7'.freeze
+  VERSION = '0.25.0'.freeze
 end

data/lib/haveapi/views/version_page/resource_body.erb

@@ -54,8 +54,8 @@
                   <td><%= info[:required] ? 'yes' : 'no' %></td>
                   <td><%= format_param_type(info) %></td>
                   <td><%= format_validators(info[:validators]) %></td>
-                  <td><%= info[:default] == :_nil ? '' : info[:default] %></td>
-                  <td><%= info[:description] %></td>
+                  <td><%= info[:default] == :_nil ? '' : escape_html(info[:default]) %></td>
+                  <td><%= escape_html(info[:description]) %></td>
                 </tr>
               <% end %>
             </table>
@@ -86,18 +86,13 @@
                   <td><%= info[:label] %></td>
                   <td><%= param %></td>
                   <td><%= format_param_type(info) %></td>
-                  <td><%= info[:description] %></td>
+                  <td><%= escape_html(info[:description]) %></td>
                 </tr>
               <% end %>
             </table>
           <% end %>
         </div>
 
-        <div class="action-self-description">
-          <h4>Self-description</h4>
-          <pre><code><%= JSON.pretty_generate(info) %></code></pre>
-        </div>
-
         <% unless info[:examples].empty? %>
           <h4>Examples</h4>
           <% info[:examples].each_with_index do |example, i| %>

data/lib/haveapi/views/version_page.erb

@@ -111,33 +111,5 @@ nojsTabs({
 
       event.preventDefault();
     });
-
-    // Show/hide button for help messages
-    $('.action .action-self-description').each(function(i, el){
-      // replace text by show/hide button
-      var div = $(el);
-      var pre = div.find('pre');
-      var h4 = div.find('h4');
-      h4.text('');
-
-      h4.append(
-        $('<button>')
-          .attr('type', 'button')
-          .addClass('btn btn-primary btn-sm')
-          .text('Show self-description')
-          .click(function(event) {
-            var button = $(this);
-            button.toggleClass('active');
-            pre.toggle('fast');
-
-            if(button.hasClass('active'))
-              button.text('Hide self-description');
-            else
-              button.text('Show self-description');
-          })
-      );
-
-      $(el).find('pre').hide();
-    });
   });
 </script>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: haveapi
 version: !ruby/object:Gem::Version
-  version: 0.23.7
+  version: 0.25.0
 platform: ruby
 authors:
 - Jakub Skokan
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.23.4
+        version: 0.25.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.23.4
+        version: 0.25.0
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
@@ -156,42 +156,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: sinatra-contrib
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.0
+        version: '2.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.0
+        version: '2.4'
 description: Framework for creating self-describing APIs
 email: jakub.skokan@vpsfree.cz
 executables: []