hephaestus 0.6.3 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44ea48d1eb2074031506e9029eb3650657c2af45a4a0dc69d64297bcb3d1ce46
-  data.tar.gz: 83098f6cc522540642f8607ddfc98816d47a1f68981a5414572800a3151ecaff
+  metadata.gz: 3f7de19c3d9ce15fc3a7851c0ca74e88202a62c8fcbf46cffb13131df112f384
+  data.tar.gz: bdd11f809c9c38d8c8b193a00c99ffce4a0dce847da1766a9f0ec371e932e359
 SHA512:
-  metadata.gz: 7ff481188d3525a3b232099cd902db74cf2fa29bb368dc4e62fc6b4525bdbe9b978e08666a490fca443bbc76e7cbe73af65894e50d85e51f3ef9d4d3c144c66d
-  data.tar.gz: 4fdc8e71109d913965923239ff10b00b185ee1289b34f503c196f25308b7aef8a5bf385b064c6931403b7bbcb1144057a297c0f4573c184fe7dcd200118bef34
+  metadata.gz: 19f8a930236eefd1fc9b6b6c0c612e314c103f5e2482aadf331543b8750b5b21df2de2b43c0b1dc02425eaaeba6cdd6f8f76e525626b94226e9eb85ac6cd6b16
+  data.tar.gz: 0cab0d8f9ae2fdeff83f5a85af55b65917d375c1937cdea374276c9005d6b471f3ae8b6c08e4e1c45181095722c51f13895d079628a77cc8061eb7e685fa358f

data/CHANGELOG.md

@@ -1,83 +1,129 @@
+# [v0.7.0] - 15-11-2024
+## What's Changed
+* Run as an engine by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/25
+
+
+**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.6.4...v0.7.0
+# [v0.6.4] - 09-07-2024
+
+## What's Changed
+
+- Updates for OpenAPI dependency by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/23
+
+**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.6.3...v0.6.4
+
 # [v0.6.3] - 05-07-2024
+
 ## What's Changed
-* Changes to support Rack 3 param parsing by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/21
 
+- Changes to support Rack 3 param parsing by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/21
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.6.2...v0.6.3
+
 # [v0.6.2] - 19-06-2024
+
 ## What's Changed
-* Use Ruby test suite by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/18
-* Catch up with plug updates by @balevine in https://github.com/yettoapp/hephaestus/pull/17
 
+- Use Ruby test suite by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/18
+- Catch up with plug updates by @balevine in https://github.com/yettoapp/hephaestus/pull/17
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.6.1...v0.6.2
+
 ## [v0.6.1] - 12-02-2024
+
 ## What's Changed
-* Port recent Ruby, TOML, and OpenAPI changes by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/16
 
+- Port recent Ruby, TOML, and OpenAPI changes by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/16
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.6.0...v0.6.1
+
 ## [v0.6.0] - 19-12-2023
+
 ## What's Changed
-* Remove switch logic from plugs by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/15
 
+- Remove switch logic from plugs by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/15
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.5.2...v0.6.0
+
 ## [v0.5.2] - 13-11-2023
+
 ## What's Changed
-* Fix RAILS_ENV in fly-staging.toml by @balevine in https://github.com/yettoapp/hephaestus/pull/13
-* Change dependabot checking to  by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/14
 
+- Fix RAILS_ENV in fly-staging.toml by @balevine in https://github.com/yettoapp/hephaestus/pull/13
+- Change dependabot checking to by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/14
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.5.1...v0.5.2
+
 ## [v0.5.1] - 31-10-2023
+
 ## What's Changed
-* Remove excess :// characters from PROTOCOL by @balevine in https://github.com/yettoapp/hephaestus/pull/12
+
+- Remove excess :// characters from PROTOCOL by @balevine in https://github.com/yettoapp/hephaestus/pull/12
 
 ## New Contributors
-* @balevine made their first contribution in https://github.com/yettoapp/hephaestus/pull/12
+
+- @balevine made their first contribution in https://github.com/yettoapp/hephaestus/pull/12
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.5.0...v0.5.1
+
 ## [v0.5.0] - 13-10-2023
+
 ## What's Changed
-* More edits by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/11
 
+- More edits by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/11
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.4.0...v0.5.0
+
 ## [v0.4.0] - 29-09-2023
+
 ## What's Changed
-* Yet more changes by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/10
 
+- Yet more changes by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/10
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.3.1...v0.4.0
+
 ## [v0.3.1] - 18-09-2023
+
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.3.0...v0.3.1
+
 ## [v0.3.0] - 12-09-2023
+
 ## What's Changed
-* Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/yettoapp/hephaestus/pull/8
-* Use centralized workflows for testing by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/9
+
+- Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/yettoapp/hephaestus/pull/8
+- Use centralized workflows for testing by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/9
 
 ## New Contributors
-* @dependabot made their first contribution in https://github.com/yettoapp/hephaestus/pull/8
+
+- @dependabot made their first contribution in https://github.com/yettoapp/hephaestus/pull/8
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.2.3...v0.3.0
+
 ## [v0.2.3] - 21-08-2023
+
 ## What's Changed
-* Updates from staging by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/7
 
+- Updates from staging by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/7
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.2.2...v0.2.3
+
 ## [v0.2.2] - 21-08-2023
+
 ## What's Changed
-* 404/500 error handling by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/5
-* Parse OpenAPI schema *once* by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/6
 
+- 404/500 error handling by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/5
+- Parse OpenAPI schema _once_ by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/6
 
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.2.1...v0.2.2
+
 ## [v0.2.1] - 11-07-2023
+
 null
+
 ## [v0.2.0] - 11-07-2023
+
 null
+
 # Changelog
 
 ## [v0.1.3](https://github.com/yettoapp/hephaestus/tree/v0.1.3) (2023-03-15)
@@ -111,7 +157,3 @@ null
 **Merged pull requests:**
 
 - Add a Rails application template for plugs [\#1](https://github.com/yettoapp/hephaestus/pull/1) ([gjtorikian](https://github.com/gjtorikian))
-
-
-
-\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

data/README.md

@@ -1,18 +1,29 @@
 # Hephaestus
 
-A plug template for Yetto. Use this to quickly spin up new plugs with a set of defaults.
+A plug template for Yetto. It serves two purposes:
+
+1. Use this to quickly spin up new plugs with a set of defaults.
+2. Hephaestus also exists as an engine, and is responsible for the majority of a plug's Yetto communication logic.
 
 ## Usage
 
+First, install Hephaestus _globally_, on your system:
+
 ```
 gem install hephaestus
+```
 
+Then, in the parent directory where you want your plug to be created, run:
+
+```
 hephaestus plug-app
 ```
 
-Where `app` represents the name of the platform you'd like to interact with `jira`, `notion`, `slack`, etc.
+Where `app` represents the name of the platform you'd like to interact with, like `jira`, `notion`, `slack`, etc.
 
-If you're working on updating/testing this gem locally, you may also want:
+### Testing locally
+
+If you're working on updating/testing this gem locally, you may also try:
 
 ```
 rm -rf plug-app && DEBUG=1 hephaestus/bin/hephaestus plug-app
@@ -20,11 +31,145 @@ rm -rf plug-app && DEBUG=1 hephaestus/bin/hephaestus plug-app
 
 This way you can wipe the dir and quickly iterate on new changes.
 
-## Building upon it
+## Building upon the base
+
+Most of the files which Hephaestus creates for you shouldn't need much modification. The information below is part-informative, part-guidelines on how to extend the generated code for your specific plug.
+
+### Controllers
+
+#### `ApplicationController`
+
+Your application controller inherits from `Hephaestus::ApplicationController`, and handles the basics of request/response cycles. Two common callbacks to add here are:
+
+- `before_action :set_request_span_context`, which lets you add data to the `OpenTelemetry` trace before a request occurs
+- `after_action :set_response_span_context`, similarly, lets you add to the trace after the response is sent
+
+For examples on how to integrate with these, check out `plug-email`.
+
+#### `SettingsController`
+
+Typically, your settings inherit directly from Hephaestus. We'll discuss more about how this works in `routes.rb`. Either way, you'll define two files:
+
+- `app/views/settings/new.json.jbuilder`
+- `app/views/settings/edit.json.jbuilder`
+
+Define the settings UI in these files. See `plug-email` for an example of a settings page with no customizations.
+
+However, for multi-step plugs, it's common to expect customized steps. If you'd like to extend the settings controller, create a file with one of two methods:
+
+- `new`
+- `edit`
+
+You only need to define these methods if you're actually overriding the action—often, this only means `edit`. If you do define methods in this controller, remember to add `before_action :ensure_json_request` at the top. For examples on settings pages which have _some_ customization, see `plug-github` and `plug-linear`. For an example of a totally custom settings page, see `plug-zendesk`.
+
+#### `AppController`
+
+The logic to communicate with your platform sits in `AppController`. Every plug is unique, so the requirements for your platform varies!
+
+At a minimum, though, you should place all the logic which authenticates requests in the `Authable` concern. See `plug-github` and `plug-linear` for practical examples.
+
+#### `YettoController`
+
+Place the logic which receives webhooks from Yetto in the `YettoController`. This controller must `include Hephaestus::ValidatesFromYetto`, and must define `before_action :from_yetto?`. Beyond that, you can respond to events as they come in, and fire jobs to perform the actions your platform needs to integrate with Yetto.
+
+### Jobs
+
+Jobs are at the heart of plugs, because they perform time-sensitive work asynchronously. Since Hephaestus already creates an `ApplicationJob` which inherits from `Hephaestus::ApplicationJob`, there isn't much else you need to do, other than define your jobs.
+
+Whenever you need to integrate with Yetto, just pass the appropriate arguments to `Hephaestus::UpdateYettoJob`.
+
+The bulk of your plug logic should exist within these jobs. Keep the controllers as place to authenticate incoming requests and respond with appropriate status codes.
+
+### Constants
+
+Place any and all constants in the file called `lib/constants.rb`.
+
+Note that Hepheastus provides several convenience methods and constants for you. These are:
+
+- `plug_shortname`: the downcased version of the plug (e.g., `Slack => slack`, `GitHub => github`)
+- `plug_name`: The proper name of the plug (e.g., `Slack`, `GitHub`)
+- `plug_url`: The plug's URL (e.g., `email{.plugs.yetto.app,.plugs.yetto.dev,.ngrok.io}`)
+
+### Application Configuration
+
+The typical Rails' environment configs (`config/environments/{development.rb,test.rb,production.rb}`) are managed by Hephaestus. However, any plug can define their own environment files as well. These are added after Hephaestus' default configuration.
+
+The `test.rb` file in `plug-email` provides an example of this.
+
+#### Upgrading Rails
+
+Upgrading Rails always introduces breaking changes, even between minor releases. To ensure that a plug still works after a Rails upgrade, first, add
+
+```ruby
+rails "x"
+```
+
+to your plug's Gemfile (where `"x"` is the new Rails version.) Note that this means plugs can run Rails versions independently of what Hephaestus provides (although variance is not recommended, it can help during the upgrade process).
+
+Next, call `rails app:update:configs`. You can pretty much ignore every changed file, except the one that starts with `new_framework_defaults_`. Use these values to slowly reintroduce the new configuration changes, as described in [the Rails documentation](https://guides.rubyonrails.org/v8.0/upgrading_ruby_on_rails.html#configure-framework-defaults).
+
+### Integrating the Plug with the Engine
+
+There are certain times where the child application needs to "inject" data into Hephaestus. These are typically customizations that are unique to the plug. Place these customizations in `config/application.rb`, inside of an `initializer :engines_blank_point do` block.
+
+At a minimum, you'll need to define your plug's API version, and the version of the Yetto API it's communicating with:
+
+```ruby
+initializer :engines_blank_point do
+  config.yetto_api_version = "2023-03-06"
+  config.plug_api_version = "2023-03-06"
+end
+```
+
+You can also define several other customizations:
+
+- `config.tracing_body_filters`: use this to scrub out any sensitive data coming in from your platform, to prevent it from leaking in our metrics aggregator. See the override in `plug-email` for an example. The default is to simply log everything (after running it through [Rails' `ParameterFilter`](https://api.rubyonrails.org/v7.1/classes/ActiveSupport/ParameterFilter.html), of course), which may not be a good idea!
+- `config.enhance_update_yetto_job`: use this to include any plug-specific logic which needs to occur as part of issuing calls to the Yetto API
+
+For an example of both these customizations, see `plug-email`.
+
+There's also middleware you can use to protect any endpoint with an OpenAPI schema. To do so, add:
+
+```ruby
+require "hephaestus/middleware/openapi_validation"
+config.middleware.use(Hephaestus::Middleware::OpenapiValidation, match_path: "/app/2023-03-06/path/", limit_methods_to: ["POST"], spec: Rails.root.join("lib/schemas/path/2023-03-06/openapi.json"))
+```
+
+In this example, any `POST` to `match_path` is protected by the OpenAPI `spec` provided.
+
+### Services
+
+Place any HTTP communication necessary to communicate with your platform in this directory. All other code should which communicates to your plug should rely on methods defined in this file.
+
+See any of the plugs for an example of how to define this interaction, particularly with `httpsensible`.
+
+### Routes
+
+If you do not have any custom actions to perform in the settings controller, define your settings pages as:
+
+```ruby
+# you must always include this line when referring to `hephaestus_settings`
+HephaestusSettingsController = Hephaestus::SettingsController
+
+get "/api/#{Rails.application.config.plug_api_version}/settings", to: "hephaestus_settings#new"
+get "/api/#{Rails.application.config.plug_api_version}/settings/:organization_id/:inbox_id/:plug_installation_id/edit", to: "hephaestus_settings#edit"
+```
+
+Otherwise, be sure to refer to `hephaestus_settings` only for any default settings related actions:
+
+```ruby
+# you must always include this line when referring to `hephaestus_settings`
+HephaestusSettingsController = Hephaestus::SettingsController
+
+get "/api/#{Rails.application.config.plug_api_version}/settings", to: "hephaestus_settings#new"
+get "/api/#{Rails.application.config.plug_api_version}/settings/:organization_id/:inbox_id/:plug_installation_id/edit", to: "settings#edit"
+```
+
+Otherwise, you can add any other routes your plug needs to `config/routes.rb`.
 
 ### Launching the server
 
-First, you'll note that you have a `script/ngrok` file, which launches an ngrok server at `https://plug-app.ngrok.io`, which maps locally to `http://localhost:6661`. This can be essential when testing the platform locally for the first time. (Keep in mind that you still need to run `script/server` to actually start the local server—this is just to help facilitate communication with the platform.)
+First, you'll note that you have a `script/ngrok` file, which launches an ngrok server at `https://${hostname}-plug-app.ngrok.io`, which maps locally to `http://localhost:6661`. Setting up ngrok can be essential when testing the platform locally for the first time. (Keep in mind that you still need to run `script/server` to actually start the local server—this is just to help facilitate communication with the platform.)
 
 ### Setting up routes
 
@@ -42,6 +187,24 @@ After a user submits a plug installation on the Yetto side, it'll send a POST pa
 
 Any code which communicates with the third party should be placed in the `app/services` directory. A generic HTTP service is included.
 
+### Writing tests
+
+In addition to writing tests for your plug interacting with its platform, many of your tests will also need to cover your plug's interaction with Yetto.
+
+Writing these tests well comes with time; it's not an easy thing to cover in a pithy paragraph. Regardless, here's a bit of hopefully helpful advice.
+
+Be sure to tests requests before _and_ after they occur. Typically, this takes the form of a `stub_request` and `assert_requested`. Similarly, be sure to:
+
+- `include Hephaestus::Webmocks::SlackWebmock` whenever a plug action is expected to error out to Slack
+- `include Hephaestus::Webmocks::YettoWebmock` whenever a plug needs to issue a request to Yetto
+
+Use `include Hephaestus::API::TestHelpers` whenever you need to write a test which either
+
+- match `"/#{plug_shortname}` routes (by issuing calls to `plug`). These are routes which your external server is calling into.
+- match `/api` routes (by issuing calls to `api`). These are routes which Yetto is calling into.
+
+For examples on when and how to use these methods, see `plug-github`.
+
 ## Acknowledgements
 
-This project was heavily based on [thoughtbot/suspenders](https://github.com/thoughtbot/suspenders).
+The template generation for this project was heavily based on [thoughtbot/suspenders](https://github.com/thoughtbot/suspenders).

data/bin/hephaestus

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 require "pathname"
-require 'rainbow'
+require "rainbow"
 
 source_path = (Pathname.new(__FILE__).dirname + "../lib").expand_path
 $LOAD_PATH << source_path
@@ -34,7 +34,24 @@ if (str = ARGV.first)
   end
 end
 
-require "hephaestus"
+puts Rainbow("Checking to see if Hephaestus is the latest and greatest...").green
+require "net/http"
+begin
+  Net::HTTP.get(URI("https://www.yetto.app"))
+rescue Socket::ResolutionError
+  puts Rainbow("Unable to check for updates. Are you connected to the internet?").red
+  exit(1)
+end
+
+%x(gem outdated).split("\n").each do |line|
+  if line.include?("hephaestus")
+    puts Rainbow("There is a new version of Hephaestus available (`#{line}`). Please run 'gem update hephaestus' to update.").red
+    exit(1)
+  end
+end
+
+require "rails"
+require "hephaestus/engine"
 
 if ARGV.empty?
   puts "Please provide a path for the new application"
@@ -57,7 +74,7 @@ unless path.start_with?("plug-")
   exit 1
 end
 
-unless path.length > "plug-".length
+if path.split("-").length < 2
   puts Rainbow("\nError: The directory name must start with 'plug-'").red
   exit 1
 end

data/lib/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/lib/hephaestus/engine.rb

@@ -0,0 +1,72 @@
+# typed: false
+# frozen_string_literal: true
+
+require "propshaft"
+require "jbuilder"
+require "solid_queue"
+require "mission_control/jobs"
+
+module Hephaestus
+  class Engine < ::Rails::Engine
+    isolate_namespace Hephaestus
+    config.generators.api_only = true
+
+    GIT_SHA = case Rails.env
+    when "production", "staging"
+      result = nil
+      result = "" if PRECOMPILING # skip if we're just precompiling assets
+
+      result ||= Rails.root.join("GIT_SHA").read if Rails.root.join("GIT_SHA").exist?
+
+      result ||= %x(git rev-parse HEAD) # fallback to git (should only happen locally)
+
+      result || ""
+    when "development"
+      %x(git rev-parse HEAD)
+    when "test"
+      "deadbeef"
+    end.chomp
+
+    require "hephaestus/http"
+
+    initializer "hephaestus.add_middleware" do |app|
+      Hephaestus::Engine.root.glob("lib/hephaestus/middleware/*.{rb}").each { |file| require_relative file }
+
+      app.config.middleware.insert(0, Hephaestus::Middleware::TracingAttributes)
+      app.config.middleware.insert(0, Hephaestus::Middleware::MalformedRequest)
+
+      app.config.middleware.use(Hephaestus::Middleware::OpenapiValidation)
+    end
+
+    initializer :append_migrations do |app|
+      unless app.root.to_s.match?(root.to_s)
+        config.paths["db/migrate"].expanded.each do |expanded_path|
+          app.config.paths["db/migrate"] << expanded_path
+          ActiveRecord::Migrator.migrations_paths << expanded_path
+        end
+      end
+    end
+
+    class << self
+      def insert_routes
+        Rails.application.routes.draw do
+          # Staff pages
+          get("staff", to: "staff#index")
+
+          constraints(->(request) { StaffController.staff_request?(request) }) do
+            mount(MissionControl::Jobs::Engine, at: "staff/jobs", as: :staff_jobs)
+          end
+
+          #############################################
+          # error pages -- these MUST be at the end! ##
+          #############################################
+
+          get("/500", to: "application#render500") if Rails.env.production? || Rails.env.staging?
+
+          match("/", to: "application#not_found", via: :all)
+          match("/*unmatched_route", to: "application#not_found", via: :all)
+        end
+      end
+    end
+  end
+end

data/lib/hephaestus/http.rb

@@ -0,0 +1,36 @@
+# typed: strict
+# frozen_string_literal: true
+
+module Hephaestus
+  module HTTP
+    OK = "OK"
+    OK_I = 200
+
+    CREATED = "Created"
+    CREATED_I = 201
+
+    NO_CONTENT = "No Content"
+    NO_CONTENT_I = 204
+
+    FOUND = "Found"
+    FOUND_I = 302
+
+    BAD_REQUEST = "Bad Request"
+    BAD_REQUEST_I = 400
+
+    UNAUTHORIZED = "Unauthorized"
+    UNAUTHORIZED_I = 401
+
+    FORBIDDEN = "Forbidden"
+    FORBIDDEN_I = 403
+
+    NOT_FOUND = "Not Found"
+    NOT_FOUND_I = 404
+
+    NOT_ACCEPTABLE = "Not Acceptable"
+    NOT_ACCEPTABLE_I = 406
+
+    SERVICE_UNAVAILABLE = "Service Unavailable"
+    SERVICE_UNAVAILABLE_I = 503
+  end
+end

data/lib/hephaestus/middleware/malformed_request.rb

@@ -0,0 +1,100 @@
+# typed: strict
+# frozen_string_literal: true
+
+module Hephaestus
+  module Middleware
+    # There is no valid reason for a request to contain a malformed string
+    # so just return HTTP 400 (Bad Request) if we receive one
+    class MalformedRequest
+      include ActionController::HttpAuthentication::Basic
+
+      NULL_BYTE_REGEX = Regexp.new(Regexp.escape("\u0000")).freeze
+
+      attr_reader :app
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        return [Hephaestus::HTTP::BAD_REQUEST_I, { "Content-Type" => "text/plain" }, [Hephaestus::HTTP::BAD_REQUEST]] if request_contains_malformed_string?(env)
+
+        app.call(env)
+      end
+
+      private
+
+      def request_contains_malformed_string?(env)
+        # Duplicate the env, so it is not modified when accessing the parameters
+        # https://github.com/rails/rails/blob/34991a6ae2fc68347c01ea7382fa89004159e019/actionpack/lib/action_dispatch/http/parameters.rb#L59
+        request = ActionDispatch::Request.new(env.dup)
+
+        return true if malformed_path?(request.path)
+        return true if credentials_malformed?(request)
+
+        request.params.values.any? do |value|
+          param_has_null_byte?(value)
+        end
+      rescue ActionController::BadRequest
+        # If we can't build an ActionDispatch::Request something's wrong
+        # This would also happen if `#params` contains invalid UTF-8
+        # in this case we'll return a 400
+        true
+      end
+
+      def malformed_path?(path)
+        string_malformed?(Rack::Utils.unescape(path))
+      rescue ArgumentError
+        # Rack::Utils.unescape raised this, path is malformed.
+        true
+      end
+
+      def credentials_malformed?(request)
+        credentials = if has_basic_credentials?(request)
+          decode_credentials(request).presence
+        else
+          request.authorization.presence
+        end
+
+        return false unless credentials
+
+        string_malformed?(credentials)
+      end
+
+      def param_has_null_byte?(value, depth = 0)
+        # Guard against possible attack sending large amounts of nested params
+        # Should be safe as deeply nested params are highly uncommon.
+        return false if depth > 2
+
+        depth += 1
+
+        if value.respond_to?(:match)
+          string_malformed?(value)
+        elsif value.respond_to?(:values)
+          value.values.any? do |hash_value|
+            param_has_null_byte?(hash_value, depth)
+          end
+        elsif value.is_a?(Array)
+          value.any? do |array_value|
+            param_has_null_byte?(array_value, depth)
+          end
+        else
+          false
+        end
+      end
+
+      def string_malformed?(string)
+        # We're using match instead of include because that raises an ArgumentError
+        # when the string contains invalid UTF-8
+        #
+        # We try to encode the string from ASCII-8BIT to UTF8. If we failed to do
+        # so for certain characters in the string, those chars are probably incomplete
+        # multibyte characters.
+        string.dup.force_encoding(Encoding::UTF_8).match?(NULL_BYTE_REGEX)
+      rescue ArgumentError, Encoding::UndefinedConversionError
+        # If we're here, we caught a malformed string. Return true
+        true
+      end
+    end
+  end
+end