jpie 0.4.5 → 1.0.1

data/Rakefile

@@ -1,19 +1,8 @@
 # frozen_string_literal: true
 
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
 
 RSpec::Core::RakeTask.new(:spec)
-RuboCop::RakeTask.new
 
-desc 'Run Brakeman security scanner'
-task brakeman: :environment do
-  require 'brakeman'
-  Brakeman.run app_path: '.', print_report: true, exit_on_warn: true
-end
-
-desc 'Run all checks (RSpec, RuboCop, Brakeman)'
-task check: %i[spec rubocop brakeman]
-
-task default: :check
+task default: :spec

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "json_api"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/jpie.gemspec

@@ -1,48 +1,31 @@
 # frozen_string_literal: true
 
-require_relative 'lib/jpie/version'
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "json_api/version"
 
 Gem::Specification.new do |spec|
-  spec.name = 'jpie'
-  spec.version = JPie::VERSION
-  spec.authors = ['Emil Kampp']
-  spec.email = ['emil@example.com']
+  spec.name          = "jpie"
+  spec.version       = JSONAPI::VERSION
+  spec.authors       = ["Emil Kampp"]
+  spec.email         = ["emil@kampp.me"]
 
-  spec.summary = 'A resource-focused Rails library for developing JSON:API compliant servers'
-  spec.description = 'JPie provides a framework for developing JSON:API compliant servers with Rails 8+. ' \
-                     'It focuses on clean architecture with strong separation of concerns.'
-  spec.homepage = 'https://github.com/emk-klaay/jpie'
-  spec.license = 'MIT'
-  spec.required_ruby_version = '>= 3.4.0'
+  spec.summary       = "JSON:API compliant Rails gem for producing and consuming JSON:API resources"
+  spec.description   = "A Rails 8+ gem that provides jsonapi_resources routing DSL and generic JSON:API controllers"
+  spec.homepage      = "https://github.com/klaay/json_api"
+  spec.license       = "MIT"
 
-  spec.metadata['allowed_push_host'] = 'https://rubygems.org'
-  spec.metadata['homepage_uri'] = spec.homepage
-  spec.metadata['source_code_uri'] = "#{spec.homepage}.git"
-  spec.metadata['changelog_uri'] = "#{spec.homepage}/blob/main/CHANGELOG.md"
-
-  # Specify which files should be added to the gem when it is released.
-  spec.files = Dir.chdir(__dir__) do
-    `git ls-files -z`.split("\x0").reject do |f|
-      (File.expand_path(f) == __FILE__) ||
-        f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile])
-    end
+  spec.files         = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir = 'exe'
-  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
-  spec.require_paths = ['lib']
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.required_ruby_version = ">= 3.4.0"
 
-  # Runtime dependencies
-  spec.add_dependency 'activesupport', '~> 8.0', '>= 8.0.0'
-  spec.add_dependency 'rails', '~> 8.0', '>= 8.0.0'
+  spec.add_dependency "actionpack", "~> 8.0", ">= 8.0.0"
+  spec.add_dependency "rails", "~> 8.0", ">= 8.0.0"
 
-  # Development dependencies
-  spec.add_development_dependency 'brakeman', '~> 6.0'
-  spec.add_development_dependency 'rake', '~> 13.0'
-  spec.add_development_dependency 'rspec', '~> 3.12'
-  spec.add_development_dependency 'rspec-rails', '~> 7.0'
-  spec.add_development_dependency 'rubocop', '~> 1.50'
-  spec.add_development_dependency 'rubocop-performance', '~> 1.16'
-  spec.add_development_dependency 'rubocop-rails', '~> 2.18'
-  spec.add_development_dependency 'rubocop-rspec', '~> 2.20'
-  spec.metadata['rubygems_mfa_required'] = 'true'
+  spec.metadata["rubygems_mfa_required"] = "true"
 end

data/kiln/app/resources/user_message_resource.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class UserMessageResource < MessageResource
+end

data/lib/jpie.rb

@@ -1,27 +1,5 @@
 # frozen_string_literal: true
 
-require 'active_support'
-require 'active_support/core_ext'
-require 'jpie/version'
-require_relative 'jpie/resource'
-require_relative 'jpie/errors'
-
-module JPie
-  autoload :Serializer, 'jpie/serializer'
-  autoload :Deserializer, 'jpie/deserializer'
-  autoload :Controller, 'jpie/controller'
-  autoload :Configuration, 'jpie/configuration'
-  autoload :Routing, 'jpie/routing'
-
-  class << self
-    def configuration
-      @configuration ||= Configuration.new
-    end
-
-    def configure
-      yield(configuration)
-    end
-  end
-end
-
-require 'jpie/railtie' if defined?(Rails)
+# jpie gem entry point
+# Requires the json_api code which provides the JSONAPI namespace
+require "json_api"

data/lib/json_api/active_storage/deserialization.rb

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+module JSONAPI
+  module ActiveStorage
+    module Deserialization
+      module_function
+
+      def extract_params_from_hash(params_hash, model_class)
+        return {} unless defined?(::ActiveStorage)
+
+        attachment_params = {}
+        model_class.attachment_reflections.each_key do |attachment_name|
+          attachment_name_str = attachment_name.to_s
+          attachment_params[attachment_name] = params_hash[attachment_name_str] if params_hash.key?(attachment_name_str)
+        end
+        attachment_params
+      end
+
+      def attach_files(record, attachment_params, definition: nil)
+        return if attachment_params.empty?
+
+        attachment_params.each do |name, blobs|
+          attach_single(record, name, blobs, definition)
+        end
+      end
+
+      def attach_single(record, name, blobs, definition)
+        attachment = record.public_send(name)
+        if blobs.is_a?(Array)
+          handle_has_many_attachment(attachment, blobs,
+                                     append_only: append_only_enabled?(name, definition),
+                                     attachment_name: name, definition:,)
+        else
+          handle_has_one_attachment(attachment, blobs, attachment_name: name, definition:)
+        end
+      end
+
+      def process_attachment(attrs, association_name, id_or_ids, singular:)
+        if singular
+          blob = find_blob_by_signed_id(id_or_ids)
+          attrs[association_name.to_s] = blob
+        else
+          blobs = Array(id_or_ids).map { |id| find_blob_by_signed_id(id) }
+          attrs[association_name.to_s] = blobs
+        end
+      end
+
+      def find_blob_by_signed_id(signed_id)
+        return nil if signed_id.blank?
+
+        ::ActiveStorage::Blob.find_signed!(signed_id)
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+        raise
+      rescue ActiveRecord::RecordNotFound => e
+        raise ArgumentError, "Blob not found for signed ID: #{e.message}"
+      end
+
+      def purge_on_nil_enabled?(attachment_name, definition)
+        return true unless definition
+
+        relationship_def = find_relationship_definition(attachment_name, definition)
+        return true unless relationship_def
+
+        relationship_def[:options].fetch(:purge_on_nil, true)
+      end
+
+      def append_only_enabled?(attachment_name, definition)
+        return false unless definition
+
+        relationship_def = find_relationship_definition(attachment_name, definition)
+        return false unless relationship_def
+
+        relationship_def[:options].fetch(:append_only, false)
+      end
+
+      def find_relationship_definition(attachment_name, definition)
+        return nil unless definition.respond_to?(:relationship_definitions)
+
+        definition.relationship_definitions.find { |r| r[:name].to_s == attachment_name.to_s }
+      end
+
+      # Private helper methods
+      def handle_has_many_attachment(attachment, blob_or_blobs, append_only:, attachment_name:, definition:)
+        return handle_empty_blobs(attachment, append_only, attachment_name, definition) if blob_or_blobs.empty?
+        return append_blobs(attachment, blob_or_blobs) if append_only
+
+        replace_blobs(attachment, blob_or_blobs)
+      end
+
+      def handle_empty_blobs(attachment, append_only, attachment_name, definition)
+        return if append_only
+
+        attachment.purge if purge_on_nil_enabled?(attachment_name, definition) && attachment.attached?
+      end
+
+      def append_blobs(attachment, blob_or_blobs)
+        existing_blobs = attachment.attached? ? attachment.blobs.to_a : []
+        attachment.attach(existing_blobs + blob_or_blobs)
+      end
+
+      def replace_blobs(attachment, blob_or_blobs)
+        attachment.purge if attachment.attached?
+        attachment.attach(blob_or_blobs)
+      end
+
+      def handle_has_one_attachment(attachment, blob_or_blobs, attachment_name:, definition:)
+        if blob_or_blobs.present?
+          attachment.purge if attachment.attached?
+          attachment.attach(blob_or_blobs)
+        elsif blob_or_blobs.nil?
+          attachment.purge if purge_on_nil_enabled?(attachment_name, definition) && attachment.attached?
+        end
+      end
+    end
+  end
+end

data/lib/json_api/active_storage/detection.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module JSONAPI
+  module ActiveStorage
+    module Detection
+      module_function
+
+      def attachment?(association_name, model_class)
+        return false unless defined?(::ActiveStorage)
+
+        model_class.respond_to?(:reflect_on_attachment) &&
+          model_class.reflect_on_attachment(association_name.to_sym).present?
+      end
+
+      def blob_type?(type)
+        return false unless defined?(::ActiveStorage)
+
+        type.to_s == "active_storage_blobs"
+      end
+
+      def filter_from_includes(includes_hash, current_model_class)
+        return {} unless defined?(::ActiveStorage)
+
+        includes_hash.each_with_object({}) do |(key, value), filtered|
+          process_include_entry(key, value, current_model_class, filtered)
+        end
+      end
+
+      def process_include_entry(key, value, current_model_class, filtered)
+        return if current_model_class.reflect_on_attachment(key).present?
+
+        association = current_model_class.reflect_on_association(key)
+        return if association.nil?
+
+        result = filter_include_value(value, association)
+        filtered[key] = result unless result.nil?
+      end
+
+      def filter_include_value(value, association)
+        return value unless value.is_a?(Hash) && value.any?
+        return value if association.polymorphic?
+
+        nested_filtered = filter_from_includes(value, association.klass)
+        nested_filtered.any? ? nested_filtered : nil
+      end
+
+      def filter_polymorphic_from_includes(includes_hash, current_model_class)
+        includes_hash.each_with_object({}) do |(key, value), filtered|
+          process_polymorphic_include(key, value, current_model_class, filtered)
+        end
+      end
+
+      def process_polymorphic_include(key, value, model_class, filtered)
+        association = model_class.reflect_on_association(key)
+        return unless association && !association.polymorphic?
+
+        result = resolve_polymorphic_value(value, association)
+        filtered[key] = result if result
+      end
+
+      def resolve_polymorphic_value(value, association)
+        return value unless value.is_a?(Hash) && value.any?
+
+        nested = filter_polymorphic_from_includes(value, association.klass)
+        nested.any? ? nested : nil
+      end
+    end
+  end
+end

data/lib/json_api/active_storage/serialization.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module JSONAPI
+  module ActiveStorage
+    module Serialization
+      module_function
+
+      def serialize_relationship(attachment_name, record)
+        return nil unless defined?(::ActiveStorage)
+
+        attachment = record.public_send(attachment_name)
+        return nil unless attachment.respond_to?(:attached?)
+
+        attachment.attached? ? serialize_attached(attachment) : empty_attachment_value(attachment)
+      end
+
+      def serialize_attached(attachment)
+        if attachment.is_a?(::ActiveStorage::Attached::Many)
+          return attachment.blobs.map { |blob| serialize_blob_identifier(blob) }
+        end
+
+        serialize_blob_identifier(attachment.blob)
+      end
+
+      def empty_attachment_value(attachment)
+        attachment.is_a?(::ActiveStorage::Attached::Many) ? [] : nil
+      end
+
+      def serialize_blob_identifier(blob)
+        { type: "active_storage_blobs", id: blob.id.to_s }
+      end
+    end
+  end
+end

data/lib/json_api/configuration.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module JSONAPI
+  class Configuration
+    attr_accessor :default_page_size, :max_page_size, :jsonapi_meta, :authorization_handler,
+                  :authorization_scope, :document_meta_resolver
+
+    def initialize
+      @default_page_size = 25
+      @max_page_size = 100
+      @jsonapi_meta = nil
+      @authorization_handler = nil
+      @authorization_scope = nil
+      @document_meta_resolver = ->(controller:) { {} } # rubocop:disable Lint/UnusedBlockArgument
+      @base_controller_class = "ActionController::API"
+    end
+
+    def base_controller_class=(value)
+      if value.is_a?(Class)
+        @base_controller_class = value.name
+      elsif value.is_a?(String)
+        raise ArgumentError, "base_controller_class cannot be blank" if value.nil? || value.strip.empty?
+
+        @base_controller_class = value
+      else
+        raise ArgumentError, "base_controller_class must be a string or class"
+      end
+
+      return unless Rails.application&.initialized?
+
+      JSONAPI.rebuild_base_controllers!
+    end
+
+    def base_controller_class
+      @base_controller_class.constantize
+    end
+
+    def resolved_base_controller_class
+      class_name = @base_controller_class
+      raise ArgumentError, "base_controller_class cannot be blank" if class_name.nil? || class_name.empty?
+
+      class_name.constantize
+    end
+
+    def base_controller_overridden?
+      @base_controller_class != "ActionController::API"
+    end
+  end
+
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.configure
+    yield configuration if block_given?
+  end
+end

data/lib/json_api/controllers/base_controller.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module JSONAPI
+  class BaseController < JSONAPI.configuration.resolved_base_controller_class
+    include ControllerHelpers
+    include ResourceActions
+
+    rescue_from JSONAPI::AuthorizationError, with: :render_jsonapi_authorization_error
+    rescue_from Pundit::NotAuthorizedError, with: :render_jsonapi_authorization_error if defined?(Pundit)
+
+    private
+
+    def render_jsonapi_authorization_error(error)
+      detail = error&.message.presence || "You are not authorized to perform this action"
+      render json: {
+        errors: [
+          {
+            status: "403",
+            title: "Forbidden",
+            detail:,
+          },
+        ],
+      }, status: :forbidden
+    end
+  end
+end

data/lib/json_api/controllers/concerns/controller_helpers/authorization.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module JSONAPI
+  module ControllerHelpers
+    module Authorization
+      extend ActiveSupport::Concern
+
+      protected
+
+      def apply_authorization_scope(scope, action:)
+        handler = JSONAPI.configuration.authorization_scope
+        return scope unless handler
+
+        handler.call(controller: self, scope:, action:, model_class:)
+      end
+
+      def authorize_resource_action!(record, action:, context: nil)
+        handler = JSONAPI.configuration.authorization_handler
+        return unless handler
+
+        handler.call(controller: self, record:, action:, context:)
+      end
+
+      def current_user
+        nil
+      end
+      public :current_user
+    end
+  end
+end

data/lib/json_api/controllers/concerns/controller_helpers/document_meta.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module JSONAPI
+  module ControllerHelpers
+    module DocumentMeta
+      extend ActiveSupport::Concern
+
+      protected
+
+      def jsonapi_document_meta(extra_meta = {})
+        resolver = JSONAPI.configuration.document_meta_resolver
+        base_meta = resolver ? resolver.call(controller: self) : {}
+        meta = base_meta.merge(extra_meta || {})
+        return {} if meta.empty?
+
+        meta
+      end
+    end
+  end
+end

data/lib/json_api/controllers/concerns/controller_helpers/error_rendering.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module JSONAPI
+  module ControllerHelpers
+    module ErrorRendering
+      extend ActiveSupport::Concern
+
+      protected
+
+      def render_resource_not_found_error(message)
+        render_jsonapi_error(
+          status: 404,
+          title: "Resource Not Found",
+          detail: message,
+        )
+      end
+
+      def render_model_not_found_error(error)
+        render_jsonapi_error(
+          status: 404,
+          title: "Resource Not Found",
+          detail: "Model class for '#{@resource_name}' not found: #{error.message}",
+        )
+      end
+
+      def render_invalid_relationship_error(error)
+        render_jsonapi_error(
+          status: 400,
+          title: "Invalid Relationship",
+          detail: error.message,
+        )
+      end
+
+      def render_validation_errors(resource)
+        errors = resource.errors.map do |error|
+          {
+            status: "422",
+            title: "Validation Error",
+            detail: error.full_message,
+            source: { pointer: "/data/attributes/#{error.attribute}" },
+          }
+        end
+
+        render json: { errors: }, status: :unprocessable_entity
+      end
+
+      def render_parameter_not_allowed_error(error)
+        error_params = error.respond_to?(:params) ? error.params : []
+        detail = error_params.present? ? error_params.join(", ") : "Relationship or attribute is read-only"
+
+        render json: { errors: [parameter_not_allowed_error(detail)] }, status: :bad_request
+      end
+
+      def parameter_not_allowed_error(detail)
+        {
+          status: "400",
+          code: "parameter_not_allowed",
+          title: "Parameter Not Allowed",
+          detail:,
+        }
+      end
+    end
+  end
+end