input_sanitizer 0.1.10 → 0.4.1

data/lib/input_sanitizer/v1/sanitizer.rb

@@ -0,0 +1,166 @@
+class InputSanitizer::V1::Sanitizer
+  def initialize(data)
+    @data = symbolize_keys(data)
+    @performed = false
+    @errors = []
+    @cleaned = InputSanitizer::RestrictedHash.new(self.class.fields.keys)
+  end
+
+  def self.clean(data)
+    new(data).cleaned
+  end
+
+  def [](field)
+    cleaned[field]
+  end
+
+  def cleaned
+    return @cleaned if @performed
+
+    perform_clean
+
+    @performed = true
+    @cleaned.freeze
+  end
+
+  def valid?
+    cleaned
+    @errors.empty?
+  end
+
+  def errors
+    cleaned
+    @errors
+  end
+
+  def self.converters
+    {
+      :integer => InputSanitizer::V1::IntegerConverter.new,
+      :string => InputSanitizer::V1::StringConverter.new,
+      :date => InputSanitizer::V1::DateConverter.new,
+      :time => InputSanitizer::V1::TimeConverter.new,
+      :boolean => InputSanitizer::V1::BooleanConverter.new,
+      :integer_or_blank => InputSanitizer::V1::IntegerConverter.new.extend(InputSanitizer::V1::AllowNil),
+      :string_or_blank => InputSanitizer::V1::StringConverter.new.extend(InputSanitizer::V1::AllowNil),
+      :date_or_blank => InputSanitizer::V1::DateConverter.new.extend(InputSanitizer::V1::AllowNil),
+      :time_or_blank => InputSanitizer::V1::TimeConverter.new.extend(InputSanitizer::V1::AllowNil),
+      :boolean_or_blank => InputSanitizer::V1::BooleanConverter.new.extend(InputSanitizer::V1::AllowNil),
+    }
+  end
+
+  def self.inherited(subclass)
+    subclass.fields = self.fields.dup
+  end
+
+  def self.initialize_types_dsl
+    converters.keys.each do |name|
+      class_eval <<-END
+        def self.#{name}(*keys)
+          set_keys_to_converter(keys, :#{name})
+        end
+      END
+    end
+  end
+
+  initialize_types_dsl
+
+  def self.custom(*keys)
+    options = keys.pop
+    converter = options.delete(:converter)
+    keys.push(options)
+    raise "You did not define a converter for a custom type" if converter == nil
+    self.set_keys_to_converter(keys, converter)
+  end
+
+  def self.nested(*keys)
+    options = keys.pop
+    sanitizer = options.delete(:sanitizer)
+    keys.push(options)
+    raise "You did not define a sanitizer for nested value" if sanitizer == nil
+    converter = lambda { |value|
+      instance = sanitizer.new(value)
+      raise InputSanitizer::ConversionError.new(instance.errors) unless instance.valid?
+      instance.cleaned
+    }
+
+    keys << {} unless keys.last.is_a?(Hash)
+    keys.last[:nested] = true
+
+    self.set_keys_to_converter(keys, converter)
+  end
+
+  protected
+  def self.fields
+    @fields ||= {}
+  end
+
+  def self.fields=(new_fields)
+    @fields = new_fields
+  end
+
+  private
+  def self.extract_options!(array)
+    array.last.is_a?(Hash) ? array.pop : {}
+  end
+
+  def perform_clean
+    self.class.fields.each { |field, hash| clean_field(field, hash) }
+  end
+
+  def clean_field(field, hash)
+    if hash[:options][:nested] && @data.has_key?(field)
+      if hash[:options][:collection]
+        raise InputSanitizer::ConversionError.new("expected an array") unless @data[field].is_a?(Array)
+      else
+        raise InputSanitizer::ConversionError.new("expected a hash") unless @data[field].is_a?(Hash)
+      end
+    end
+
+    @cleaned[field] = InputSanitizer::V1::CleanField.call(hash[:options].merge({
+      :has_key => @data.has_key?(field),
+      :data => @data[field],
+      :converter => hash[:converter],
+      :provide => @data[hash[:options][:provide]],
+    }))
+  rescue InputSanitizer::ConversionError => error
+    add_error(field, :invalid_value, @data[field], error.message)
+  rescue InputSanitizer::ValueMissingError => error
+    add_error(field, :missing, nil, nil)
+  rescue InputSanitizer::OptionalValueOmitted
+  end
+
+  def add_error(field, error_type, value, description = nil)
+    @errors << {
+      :field => field,
+      :type => error_type,
+      :value => value,
+      :description => description
+    }
+  end
+
+  def symbolize_keys(data)
+    symbolized_hash = {}
+
+    data.each do |key, value|
+      symbolized_hash[key.to_sym] = value
+    end
+
+    symbolized_hash
+  end
+
+  def self.set_keys_to_converter(keys, converter_or_type)
+    options = extract_options!(keys)
+    converter = if converter_or_type.is_a?(Symbol)
+      converters[converter_or_type]
+    else
+      converter_or_type
+    end
+
+    keys.each do |key|
+      fields[key] = {
+        :converter => converter,
+        :options => options
+      }
+    end
+  end
+end

data/lib/input_sanitizer/v2.rb

@@ -0,0 +1,13 @@
+module InputSanitizer::V2
+end
+
+dir = File.dirname(__FILE__)
+require File.join(dir, 'v2/types')
+require File.join(dir, 'v2/clean_payload_collection_field')
+require File.join(dir, 'v2/clean_query_collection_field')
+require File.join(dir, 'v2/clean_field')
+require File.join(dir, 'v2/nested_sanitizer_factory')
+require File.join(dir, 'v2/error_collection')
+require File.join(dir, 'v2/payload_sanitizer')
+require File.join(dir, 'v2/query_sanitizer')
+require File.join(dir, 'v2/payload_transform')

data/lib/input_sanitizer/v2/clean_field.rb

@@ -0,0 +1,36 @@
+class InputSanitizer::V2::CleanField < MethodStruct.new(:data, :has_key, :default, :collection, :type, :converter, :options)
+  def call
+    if has_key
+      convert
+    elsif default
+      converter.call(default, options)
+    elsif options[:required]
+      raise InputSanitizer::ValueMissingError
+    else
+      raise InputSanitizer::OptionalValueOmitted
+    end
+  end
+
+  private
+  def convert
+    if collection
+      collection_clean.call(
+        :data => data,
+        :collection => collection,
+        :converter => converter,
+        :options => options
+      )
+    else
+      converter.call(data, options)
+    end
+  end
+
+  def collection_clean
+    case type
+    when :payload
+      InputSanitizer::V2::CleanPayloadCollectionField
+    when :query
+      InputSanitizer::V2::CleanQueryCollectionField
+    end
+  end
+end

data/lib/input_sanitizer/v2/clean_payload_collection_field.rb

@@ -0,0 +1,41 @@
+class InputSanitizer::V2::CleanPayloadCollectionField < MethodStruct.new(:data, :converter, :collection, :options)
+  def call
+    return nil if options[:allow_nil] && data == nil
+
+    validate_type
+    validate_size
+
+    result, errors = [], {}
+
+    data.each_with_index do |value, idx|
+      begin
+        result << converter.call(value, options)
+      rescue InputSanitizer::ValidationError => e
+        errors[idx] = e
+      end
+    end
+
+    if errors.any?
+      raise InputSanitizer::CollectionError.new(errors)
+    else
+      result
+    end
+  end
+
+  private
+  def validate_type
+    unless data.respond_to?(:to_ary)
+      raise InputSanitizer::TypeMismatchError.new(data, :array)
+    end
+  end
+
+  def validate_size
+    if collection.respond_to?(:fetch)
+      if collection[:minimum] && data.length < collection[:minimum]
+        raise InputSanitizer::CollectionLengthError.new(data.length, collection[:minimum], collection[:maximum])
+      elsif collection[:maximum] && data.length > collection[:maximum]
+        raise InputSanitizer::CollectionLengthError.new(data.length, collection[:minimum], collection[:maximum])
+      end
+    end
+  end
+end

data/lib/input_sanitizer/v2/clean_query_collection_field.rb

@@ -0,0 +1,40 @@
+class InputSanitizer::V2::CleanQueryCollectionField < MethodStruct.new(:data, :converter, :collection, :options)
+  def call
+    validate_type
+    validate_size
+
+    result, errors = [], {}
+    items.each_with_index do |value, idx|
+      begin
+        result << converter.call(value, options)
+      rescue InputSanitizer::ValidationError => e
+        errors[idx] = e
+      end
+    end
+
+    if errors.any?
+      raise InputSanitizer::CollectionError.new(errors)
+    else
+      result
+    end
+  end
+
+  private
+  def items
+    @items ||= data.to_s.split(',')
+  end
+
+  def validate_type
+    InputSanitizer::V2::Types::StringCheck.new.call(data)
+  end
+
+  def validate_size
+    if collection.respond_to?(:fetch)
+      if collection[:minimum] && items.length < collection[:minimum]
+        raise InputSanitizer::CollectionLengthError.new(items.length, collection[:minimum], collection[:maximum])
+      elsif collection[:maximum] && items.length > collection[:maximum]
+        raise InputSanitizer::CollectionLengthError.new(items.length, collection[:minimum], collection[:maximum])
+      end
+    end
+  end
+end

data/lib/input_sanitizer/v2/error_collection.rb

@@ -0,0 +1,49 @@
+class InputSanitizer::V2::ErrorCollection
+  include Enumerable
+
+  attr_reader :error_codes, :messages
+
+  def initialize(errors)
+    @error_codes = {}
+    @messages = {}
+    @error_details = {}
+
+    errors.each do |error|
+      (@error_codes[error.field] ||= []) << error.code
+      (@messages[error.field] ||= []) << error.message
+      error_value_hash = { :value => error.value }
+      (@error_details[error.field] ||= []) << error_value_hash
+    end
+  end
+
+  def [](attribute)
+    @error_codes[attribute]
+  end
+
+  def each
+    @error_codes.each_key do |attribute|
+      self[attribute].each { |error| yield attribute, error }
+    end
+  end
+
+  def size
+    @error_codes.size
+  end
+  alias_method :length, :size
+  alias_method :count, :size
+
+  def empty?
+    @error_codes.empty?
+  end
+
+  def add(attribute, code = :invalid, options = {})
+    (@error_codes[attribute] ||= []) << code
+    (@messages[attribute] ||= []) << options.delete(:messages)
+    (@error_details[attribute] ||= []) << options
+  end
+
+  def to_hash
+    messages.dup
+  end
+  alias_method :full_messages, :to_hash
+end

data/lib/input_sanitizer/v2/nested_sanitizer_factory.rb

@@ -0,0 +1,19 @@
+class InputSanitizer::V2::NestedSanitizerFactory
+  class NilAllowed
+    def cleaned
+      nil
+    end
+
+    def valid?
+      true
+    end
+  end
+
+  def self.for(nested_sanitizer_klass, value, options)
+    if value.nil? && options[:allow_nil] && !options[:collection]
+      NilAllowed.new
+    else
+      nested_sanitizer_klass.new(value, options)
+    end
+  end
+end

data/lib/input_sanitizer/v2/payload_sanitizer.rb

@@ -0,0 +1,130 @@
+class InputSanitizer::V2::PayloadSanitizer < InputSanitizer::Sanitizer
+  attr_reader :validation_context
+
+  def initialize(data, validation_context = {})
+    super data
+
+    self.validation_context = validation_context || {}
+  end
+
+  def validation_context=(context)
+    raise ArgumentError, "validation_context must be a Hash" unless context && context.is_a?(Hash)
+    @validation_context = context
+  end
+
+  def error_collection
+    @error_collection ||= InputSanitizer::V2::ErrorCollection.new(errors)
+  end
+
+  def self.converters
+    {
+      :integer => InputSanitizer::V2::Types::IntegerCheck.new,
+      :float => InputSanitizer::V2::Types::FloatCheck.new,
+      :string => InputSanitizer::V2::Types::StringCheck.new,
+      :boolean => InputSanitizer::V2::Types::BooleanCheck.new,
+      :datetime => InputSanitizer::V2::Types::DatetimeCheck.new,
+      :date => InputSanitizer::V2::Types::DatetimeCheck.new(:check_date => true),
+      :url => InputSanitizer::V2::Types::URLCheck.new,
+    }
+  end
+  initialize_types_dsl
+
+  def self.nested(*keys)
+    options = keys.pop
+    sanitizer = options.delete(:sanitizer)
+    keys.push(options)
+    raise "You did not define a sanitizer for nested value" if sanitizer == nil
+    converter = lambda { |value, converter_options|
+      instance = InputSanitizer::V2::NestedSanitizerFactory.for(sanitizer, value, converter_options)
+      raise InputSanitizer::NestedError.new(instance.errors) unless instance.valid?
+      instance.cleaned
+    }
+
+    keys << {} unless keys.last.is_a?(Hash)
+    keys.last[:nested] = true
+
+    self.set_keys_to_converter(keys, converter)
+  end
+
+  private
+  def perform_clean
+    super
+    @data.reject { |key, _| self.class.fields.keys.include?(key) }.each { |key, _| @errors << InputSanitizer::ExtraneousParamError.new("/#{key}") }
+  end
+
+  def prepare_options!(options)
+    return options if @validation_context.empty?
+    context = @validation_context.dup
+    context_provided_values = context.delete(:provided)
+
+    intersection = options.keys & context.keys
+
+    unless intersection.empty?
+      message = "validation context and converter options have the same keys: #{intersection}. " \
+        "In order to proceed please fix the configuration. " \
+        "In the meantime aborting ..."
+      raise RuntimeError, message
+    end
+
+    if context_provided_values
+      options[:provided] ||= {}
+      options[:provided] = options[:provided].merge(context_provided_values)
+    end
+
+    options.merge(context)
+  end
+
+  def clean_field(field, hash)
+    options = hash[:options].clone
+    collection = options.delete(:collection)
+    default = options.delete(:default)
+    has_key = @data.has_key?(field)
+    value = @data[field]
+    is_nested = options.delete(:nested)
+
+    provide = options.delete(:provide)
+    provided = Array(provide).inject({}) { |memo, value| memo[value] = @data[value]; memo }
+    options[:provided] = provided
+
+    if is_nested && has_key
+      if collection
+        raise InputSanitizer::TypeMismatchError.new(value, "array") unless value.is_a?(Array)
+      elsif !options[:allow_nil] || (options[:allow_nil] && !value.nil?)
+        raise InputSanitizer::TypeMismatchError.new(value, "hash") unless value.is_a?(Hash)
+      end
+    end
+
+    @cleaned[field] = InputSanitizer::V2::CleanField.call(
+      :data => value,
+      :has_key => has_key,
+      :default => default,
+      :collection => collection,
+      :type => sanitizer_type,
+      :converter => hash[:converter],
+      :options => prepare_options!(options)
+    )
+  rescue InputSanitizer::OptionalValueOmitted
+  rescue InputSanitizer::ValidationError => error
+    @errors += handle_error(field, error)
+  end
+
+  def handle_error(field, error)
+    case error
+    when InputSanitizer::CollectionError
+      error.collection_errors.map do |index, error|
+        handle_error("#{field}/#{index}", error)
+      end
+    when InputSanitizer::NestedError
+      error.nested_errors.map do |error|
+        handle_error("#{field}#{error.field}", error)
+      end
+    else
+      error.field = "/#{field}"
+      Array(error)
+    end.flatten
+  end
+
+  def sanitizer_type
+    :payload
+  end
+end