jsonapionify 0.0.1.pre → 0.9.0

data/lib/jsonapionify/api/resource/definitions/actions.rb

@@ -1,3 +1,4 @@
+require 'possessive'
 require 'active_support/core_ext/array/wrap'
 
 module JSONAPIonify::Api
@@ -7,15 +8,10 @@ module JSONAPIonify::Api
     def self.extended(klass)
       klass.class_eval do
         extend JSONAPIonify::InheritedAttributes
+        include JSONAPIonify::Callbacks
+        define_callbacks :request, :list, :create, :read, :update, :delete,
+                         :show, :add, :remove, :replace, :exception
         inherited_array_attribute :action_definitions
-        inherited_hash_attribute :callbacks
-
-        def self.inherited(subclass)
-          super
-          callbacks.each do |action_name, klass|
-            subclass.callbacks[action_name] = Class.new klass
-          end
-        end
       end
     end
 
@@ -27,7 +23,6 @@ module JSONAPIonify::Api
             context.response_collection,
             fields: context.fields
           )
-          context.meta[:total_count]     = context.collection.count
           context.response_object.to_json
         end
       end
@@ -42,6 +37,7 @@ module JSONAPIonify::Api
       define_action(:create, 'POST', **options, &block).tap do |action|
         action.response status: 201 do |context|
           context.response_object[:data] = build_resource(context.request, context.instance, fields: context.fields)
+          response_headers['Location']   = build_url(context.request, context.instance)
           context.response_object.to_json
         end
       end
@@ -74,9 +70,19 @@ module JSONAPIonify::Api
     def process(request)
       path_actions = self.path_actions(request)
       if request.options? && path_actions.present?
-        Action.stub do
-          headers['Allow'] = path_actions.map(&:request_method).join(', ')
-          response(status: 200, accept: '*/*')
+        allow    = [*path_actions.map(&:request_method), 'OPTIONS']
+        requests = allow.each_with_object({}) do |method, h|
+          h[method] = options_for_method(method)
+        end
+        Action.dummy do
+          response_headers['Allow'] = allow.join(', ')
+        end.response(status: 200, accept: 'application/vnd.api+json') do
+          JSONAPIonify.new_object(
+            meta: {
+              type: self.class.type,
+              requests: requests
+            }
+          ).to_json
         end.call(self, request)
       elsif (action = find_supported_action(request))
         action.call(self, request)
@@ -87,39 +93,28 @@ module JSONAPIonify::Api
       end
     end
 
+    def options_for_method(method)
+      case method
+      when 'GET'
+        { attributes: attributes.select(&:read).map(&:options_json) }
+      when 'POST', 'PUT', 'PATCH'
+        { attributes: attributes.select(&:write).map(&:options_json) }
+      else
+        {}
+      end
+    end
+
     def before(action_name = nil, &block)
       if action_name == :index
         warn 'the `index` action will soon be deprecated, use `list` instead!'
         action_name = :list
       end
-      return base_callbacks.before_request(&block) if action_name == nil
-      callbacks_for(action_name).before_request(&block)
-    end
-
-    def base_callbacks
-      resource       = self
-      callbacks['*'] ||= Class.new do
-        def self.context(*)
-        end
-
-        include Resource::ErrorHandling
-
-        define_singleton_method(:error_definitions) do
-          resource.error_definitions
-        end
-
-        include JSONAPIonify::Callbacks
-        define_callbacks :request
-      end
-    end
-
-    def callbacks_for(action_name)
-      resource               = self
-      callbacks[action_name] ||= Class.new(base_callbacks)
+      return before_request &block if action_name == nil
+      send("before_#{action_name}", &block)
     end
 
-    def define_action(*args, **options, &block)
-      Action.new(*args, **options, &block).tap do |new_action|
+    def define_action(name, *args, **options, &block)
+      Action.new(name, *args, **options, &block).tap do |new_action|
         action_definitions.delete new_action
         action_definitions << new_action
       end
@@ -133,14 +128,11 @@ module JSONAPIonify::Api
 
     def no_action_response(request)
       if request_method_actions(request).present?
-        Action.stub { error_now :unsupported_media_type }
-      elsif (path_actions = self.path_actions(request)).present?
-        Action.stub do
-          headers['Allow'] = path_actions.map(&:request_method).join(', ')
-          error_now :method_not_allowed
-        end
+        Action.error :unsupported_media_type
+      elsif self.path_actions(request).present?
+        Action.error :forbidden
       else
-        Action.stub { error_now :not_found }
+        Action.error :not_found
       end
     end
 
@@ -173,12 +165,26 @@ module JSONAPIonify::Api
     end
 
     def actions
+      return if action_definitions.blank?
       action_definitions.select do |action|
         action.only_associated == false ||
           (respond_to?(:rel) && action.only_associated == true)
       end
     end
 
+    def documented_actions
+      api.eager_load
+      relationships = descendants.select { |descendant| descendant.respond_to? :rel }
+      rels          = relationships.each_with_object([]) do |rel, ary|
+        rel.actions.each do |action|
+          ary << [action, "#{rel.rel.owner.type}/:id", [rel, rel.rel.name, false, "#{action.name} #{rel.rel.owner.type.singularize.possessive} #{rel.rel.name}"]]
+        end
+      end
+      actions.map do |action|
+        [action, '', [self, type, true, "#{action.name} #{type}"]]
+      end + rels
+    end
+
     private
 
     def base_path

data/lib/jsonapionify/api/resource/definitions/attributes.rb

@@ -6,7 +6,7 @@ module JSONAPIonify::Api
         extend JSONAPIonify::InheritedAttributes
         extend JSONAPIonify::Types
         inherited_array_attribute :attributes
-        delegate :attributes, to: :class
+        delegate :id_attribute, :attributes, to: :class
 
         context(:fields, readonly: true) do |context|
           should_error = false
@@ -20,7 +20,7 @@ module JSONAPIonify::Api
                 attribute ? field_list << attribute.name : error(:field_not_permitted, type, field) && (should_error = true)
               end
           end
-          raise error_exception if should_error
+          raise Errors::RequestError if should_error
           fields
         end
       end

data/lib/jsonapionify/api/resource/definitions/helpers.rb

@@ -5,5 +5,23 @@ module JSONAPIonify::Api
       define_method(name, &block)
     end
 
+    def authentication(&block)
+      context :authentication, readonly: true do |context|
+        OpenStruct.new.tap do |authentication_object|
+          if instance_exec(context.request, authentication_object, &block) == false
+            error_now :forbidden
+          end
+        end
+      end
+
+      before do |context|
+        context.authentication
+      end
+    end
+
+    def on_exception(&block)
+      before_exception &block
+    end
+
   end
 end

data/lib/jsonapionify/api/resource/definitions/pagination.rb

@@ -1,79 +1,209 @@
 module JSONAPIonify::Api
   module Resource::Definitions::Pagination
-
     class PaginationLinksDelegate
 
-      def initialize(request, links)
-        @request = request
-        @links   = links
+      def initialize(url, params, links)
+        @url    = url
+        @params = params
+        @links  = links
       end
 
       %i{first last next prev}.each do |method|
         define_method method do |**options|
-          @links[method] = URI.parse(@request.url).tap do |uri|
+          @links[method] = URI.parse(@url).tap do |uri|
             page_params = { page: options }.deep_stringify_keys
-            uri.query   = @request.params.deep_merge(page_params).to_param
+            uri.query   = @params.deep_merge(page_params).to_param
           end.to_s
         end
       end
 
     end
 
-    STRATEGIES         = {
-      active_record: proc do |collection, params, links|
-        page_number = Integer(params['number'] || 1)
-        page_number = 1 if page_number < 1
-        page_size   = Integer(params['size'] || 50)
-        raise PaginationError if page_size > 250
-        first_page = 1
-        last_page  = (collection.count / page_size).ceil
-        last_page  = 1 if last_page == 0
-
-        links.first number: 1 unless page_number == first_page
-        links.last number: last_page unless page_number == last_page
-        links.prev number: page_number - 1 unless page_number <= first_page
-        links.next number: page_number + 1 unless page_number >= last_page
-
-        slice_start = (page_number - 1) * page_size
-        collection.limit(page_size).offset(slice_start)
-      end,
-      enumerable:    proc do |collection, params, links|
-        page_number = Integer(params['number'] || 1)
-        page_number = 1 if page_number < 1
-        page_size   = Integer(params['size'] || 50)
-        first_page  = 1
-        last_page   = (collection.count / page_size).ceil
-        last_page   = 1 if last_page == 0
-
-        links.first number: 1 unless page_number == first_page
-        links.last number: last_page unless page_number == last_page
-        links.prev number: page_number - 1 unless page_number <= first_page
-        links.next number: page_number + 1 unless page_number >= last_page
-
-        slice_start = (page_number - 1) * page_size
-
-        collection.slice(slice_start, page_size)
+    def self.extended(klass)
+      klass.class_eval do
+        include InstanceMethods
+
+        inherited_hash_attribute :pagination_strategies
+
+        define_pagination_strategy 'Object' do |collection|
+          collection
+        end
+
+        define_pagination_strategy 'Enumerable' do |collection, params, links, per, context|
+          size = Integer(params['first'] || params['last'] || per)
+
+          slice =
+            if (params['before'] && params['first']) || (params['after'] && params['last'])
+              error :forbidden do
+                message 'Illegal combination of parameters'
+              end
+            elsif (after = params['after'])
+              key_values = parse_and_validate_cursor(:after, after, context)
+              array_select_past_cursor(
+                collection,
+                context.sort_params,
+                key_values
+              ).first(size)
+            elsif (before = params['before'])
+              key_values = parse_and_validate_cursor(:before, before, context)
+              array_select_past_cursor(
+                collection,
+                context.sort_params.reverse,
+                key_values
+              ).last(size)
+            elsif params['last']
+              collection.last(size)
+            else
+              collection.first(size)
+            end
+
+          links.first first: size
+          links.last last: size
+          links.prev before: build_cursor_from_instance(context.request, slice.first), last: size unless slice.first == collection.first
+          links.next after: build_cursor_from_instance(context.request, slice.last), first: size unless slice.last == collection.last
+
+          slice
+        end
+
+        define_pagination_strategy 'ActiveRecord::Relation' do |collection, params, links, per, context|
+          size = Integer(params['first'] || params['last'] || per)
+
+          slice =
+            if (params['before'] && params['first']) || (params['after'] && params['last'])
+              error :forbidden do
+                message 'Illegal combination of parameters'
+              end
+            elsif (after = params['after'])
+              key_values = parse_and_validate_cursor(:after, after, context)
+              arel_select_past_cursor(
+                collection,
+                context.sort_params,
+                key_values
+              ).limit(size)
+            elsif (before = params['before'])
+              key_values = parse_and_validate_cursor(:before, before, context)
+              ids        = arel_select_past_cursor(
+                collection,
+                context.sort_params.reverse,
+                key_values
+              ).reverse_order.limit(size).pluck(:id)
+              collection.where(id_attribute => ids)
+            elsif params['last']
+              ids = collection.reverse_order.limit(size).pluck(id_attribute)
+              collection.where(id_attribute => ids).limit(size)
+            else
+              collection.limit(size)
+            end
+
+          links.first first: size
+          links.last last: size
+          links.prev before: build_cursor_from_instance(context.request, slice.first), last: size unless slice.first == collection.first
+          links.next after: build_cursor_from_instance(context.request, slice.last), first: size unless slice.last == collection.last
+
+          slice
+        end
       end
-    }
-    STRATEGIES[:array] = STRATEGIES[:enumerable]
-    DEFAULT            = STRATEGIES[:enumerable]
+    end
+
+    def define_pagination_strategy(mod, &block)
+      pagination_strategies[mod.to_s] = block
+    end
 
-    def pagination(*params, strategy: nil, &block)
-      params = %i{number size} unless block
-      params.each { |p| param :page, p, actions: %i{list} }
+    def enable_pagination(per: 50)
+      param :page, :after, actions: %i{list}
+      param :page, :before, actions: %i{list}
+      param :page, :first, actions: %i{list}
+      param :page, :last, actions: %i{list}
       context :paginated_collection do |context|
-        unless (actual_block = block)
-          actual_strategy = strategy || self.class.default_strategy
-          actual_block    = actual_strategy ? STRATEGIES[actual_strategy] : DEFAULT
+        collection = context.sorted_collection
+        _, block   = pagination_strategies.to_a.reverse.to_h.find do |mod, _|
+          Object.const_defined?(mod, false) && context.collection.class <= Object.const_get(mod, false)
         end
-        Object.new.instance_exec(
-          context.respond_to?(:sorted_collection) ? context.sorted_collection : context.collection,
+
+        links_delegate = PaginationLinksDelegate.new(
+          context.request.url,
+          self.class.sticky_params(context.params),
+          context.links
+        )
+
+        instance_exec(
+          collection,
           context.request.params['page'] || {},
-          PaginationLinksDelegate.new(context.request, context.links),
-          &actual_block
+          links_delegate,
+          per,
+          context,
+          &block
         )
       end
     end
 
+    module InstanceMethods
+
+      def array_select_past_cursor(collection, sort_params, key_values)
+        sort_params.length.times.map do |i|
+          set                             = sort_params[0..i]
+          *contains_fields, outside_field = set
+
+          # Collect the contains results
+          contains_results                = contains_fields.map do |field|
+            collection.select do |item|
+              value          = item.send(field.name)
+              expected_value = key_values[field.name]
+              value && value.send(field.contains_operator, expected_value)
+            end
+          end
+
+          # Collect the outside results
+          outside_results                 = collection.select do |item|
+            value          = item.send(outside_field.name)
+            expected_value = key_values[outside_field.name.to_s]
+            value && value.send(outside_field.outside_operator, expected_value)
+          end
+
+          # Finish the query
+          [*contains_results, outside_results].reduce(:&)
+        end.reduce(:|) || []
+      end
+
+      def arel_select_past_cursor(collection, sort_params, key_values)
+        subselect = sort_params.length.times.map do |i|
+          set                             = sort_params[0..i]
+          *contains_fields, outside_field = set
+          contains_fields.reduce(collection.reorder(nil)) do |relation, field|
+            relation.where <<-SQL.strip, value: key_values[field.name.to_s]
+              "#{field.name}" #{field.contains_operator} :value
+            SQL
+          end.where(<<-SQL.strip, key_values[outside_field.name.to_s]).to_sql
+            "#{outside_field.name}" #{outside_field.outside_operator} ?
+          SQL
+        end.join(' UNION ')
+        collection.from("(#{subselect}) AS #{collection.table_name}")
+      end
+
+      def parse_and_validate_cursor(param, cursor, context)
+        should_error = false
+        options      = JSON.parse(Base64.urlsafe_decode64(cursor))
+
+        # Validate Type
+        unless options['t'] == self.class.type
+          should_error = true
+          error(:page_parameter_invalid, :page, param) do
+            detail 'The cursor type does not match the resource'
+          end
+        end
+
+        # Validate Sort
+        unless options['s'] == context.params['sort']
+          should_error = true
+          error(:page_parameter_invalid, :page, param) do
+            detail 'The cursor sort does not match the request sort'
+          end
+        end
+        raise Errors::RequestError if should_error
+
+        options['a']
+      end
+    end
+
   end
 end

data/lib/jsonapionify/api/resource/definitions/params.rb

@@ -6,24 +6,30 @@ module JSONAPIonify::Api
         extend JSONAPIonify::InheritedAttributes
         inherited_hash_attribute :param_definitions
 
-        before do |context|
-          context.params # pull params so they verify
-        end
-
         context(:params, readonly: true) do |context|
-          should_error    = false
+          should_error = false
 
-          # Check for validity
-          params          = self.class.param_definitions.select do |_, v|
+          params = self.class.param_definitions.select do |_, v|
             v.actions.blank? || v.actions.include?(action_name)
           end
+
+          context.request.params.replace(
+            [*params.values.select(&:has_default?).map(&:default), context.request.params].reduce(:deep_merge)
+          )
+
           required_params = params.select do |_, v|
             v.required
           end
-          if (invalid_params = ParamOptions.invalid_parameters(context.request.params, params.values.map(&:keypath))).present?
-            should_error = true
-            invalid_params.each do |string|
-              error :parameter_not_permitted, string
+
+          # Check for validity
+          context.request.params.each do |k, v|
+            keypath  = ParamOptions.hash_to_keypaths(k => v)[0]
+            reserved = ParamOptions.reserved?(k)
+            allowed  = params.keys.include? keypath
+            valid    = ParamOptions.valid?(k) || v.is_a?(Hash)
+            unless reserved || (allowed && valid)
+              should_error = true
+              error :parameter_invalid, ParamOptions.keypath_to_string(*keypath)
             end
           end
 
@@ -32,7 +38,7 @@ module JSONAPIonify::Api
             error :parameters_missing, missing_params
           end
 
-          raise error_exception if should_error
+          raise Errors::RequestError if should_error
 
           # Return the params
           context.request.params
@@ -45,5 +51,30 @@ module JSONAPIonify::Api
       param_definitions[keypath] = ParamOptions.new(*keypath, **options)
     end
 
+    def sticky_params(params)
+      sticky_param_definitions = param_definitions.values.select(&:sticky)
+      ParamOptions.hash_to_keypaths(params).map do |keypath|
+        definition = sticky_param_definitions.find do |definition|
+          definition.keypath == keypath
+        end
+        next {} unless definition
+        value      = definition.extract_value(params)
+        if definition.default_value?(value)
+          {}
+        else
+          definition.with_value(value)
+        end
+      end.reduce(:deep_merge)
+
+      # sticky_param_definitions = param_definitions.values.select(&:sticky)
+      # params.each_with_object do |k, v|
+      #   definition = sticky_param_definitions.find do |definition|
+      #     definition.keypath == ParamOptions.hash_to_keypaths(k => v)[0]
+      #   end
+      #   binding.pry
+      #   definition && !definition.default_value?(v)
+      # end
+    end
+
   end
 end

data/lib/jsonapionify/api/resource/definitions/request_headers.rb

@@ -6,65 +6,6 @@ module JSONAPIonify::Api
         extend JSONAPIonify::InheritedAttributes
         inherited_hash_attribute :request_header_definitions
 
-        # Standard HTTP Headers
-        # https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Request_fields
-        request_header 'accept'
-        request_header 'accept-charset'
-        request_header 'accept-encoding'
-        request_header 'accept-language'
-        request_header 'accept-datetime'
-        request_header 'authorization'
-        request_header 'cache-control'
-        request_header 'connection'
-        request_header 'cookie'
-        request_header 'content-length'
-        request_header 'content-md5'
-        request_header 'content-type'
-        request_header 'date'
-        request_header 'expect'
-        request_header 'from'
-        request_header 'host'
-        request_header 'if-match'
-        request_header 'if-modified-since'
-        request_header 'if-none-match'
-        request_header 'if-range'
-        request_header 'if-unmodified-since'
-        request_header 'max-forwards'
-        request_header 'origin'
-        request_header 'pragma'
-        request_header 'proxy-authorization'
-        request_header 'range'
-        request_header 'referer'
-        request_header 'te'
-        request_header 'user-agent'
-        request_header 'upgrade'
-        request_header 'via'
-        request_header 'warning'
-
-        # Non-Standard, but widely used HTTP headers
-        request_header 'x-requested-with'
-        request_header 'dnt'
-        request_header 'x-forwarded-for'
-        request_header 'x-forwarded-host'
-        request_header 'x-forwarded-proto'
-        request_header 'front-end-https'
-        request_header 'x-att-device-id'
-        request_header 'x-wap-profile'
-        request_header 'proxy-connection'
-        request_header 'x-uidh'
-        request_header 'upgrade-insecure-requests'
-
-        # Don't allow method overrides
-        # request_header 'x-http-method-override'
-
-        # Don't allow CSRF tokens, as they should not be used
-        # in the api by default
-        # request_header 'x-csrf-token'
-
-        before do |context|
-          context.request_headers # pull request_headers so they verify
-        end
-
         context(:request_headers) do |context|
           should_error     = false
 
@@ -76,19 +17,12 @@ module JSONAPIonify::Api
             v.required
           end
 
-          if (invalid_keys = context.request.headers.keys.map(&:downcase) - headers.keys.map(&:downcase)).present?
-            should_error = true
-            invalid_keys.each do |key|
-              error :header_not_permitted, key
-            end
-          end
-
           if (missing_keys = required_headers.keys.map(&:downcase) - context.request.headers.keys.map(&:downcase)).present?
             should_error = true
             error :headers_missing, missing_keys
           end
 
-          raise error_exception if should_error
+          raise Errors::RequestError if should_error
 
           context.request.headers
         end

data/lib/jsonapionify/api/resource/definitions/scopes.rb

@@ -1,17 +1,6 @@
 module JSONAPIonify::Api
   module Resource::Definitions::Scopes
 
-    def self.extended(klass)
-      klass.class_eval do
-        id :id
-        scope { raise NotImplementedError, 'scope not implemented' }
-        collection { raise NotImplementedError, 'collection not implemented' }
-        instance { raise NotImplementedError, 'instance not implemented' }
-        new_instance { raise NotImplementedError, 'new instance not implemented' }
-        param :include
-      end
-    end
-
     def scope(&block)
       define_singleton_method(:current_scope) do
         Object.new.instance_eval(&block)
@@ -25,10 +14,10 @@ module JSONAPIonify::Api
 
     def instance(&block)
       define_singleton_method(:find_instance) do |id|
-        Object.new.instance_exec(current_scope, id, &block)
+        instance_exec(current_scope, id, OpenStruct.new, &block)
       end
       context :instance do |context|
-        self.class.find_instance(context.id)
+        instance_exec(context.scope, context.id, context, &block)
       end
     end