moonrope 1.3.3 → 2.0.2

data/lib/moonrope/eval_helpers/filter_helper.rb

@@ -0,0 +1,82 @@
+module Moonrope
+  module EvalHelpers
+    module FilterHelper
+
+      #
+      # Return information which has been passed through the filterable filters
+      #
+      def filter(collection, &block)
+        filters_flags = {}
+        if params.filters.is_a?(Hash)
+          params.filters.each do |key, value|
+            options = {}
+            if filter = action.filters[key.to_sym]
+              if value.is_a?(Hash)
+                options[:operator] = value['operator'] ? value['operator'].to_sym : filter[:operators].first
+                options[:value] = value['value']
+              else
+                # If no hash is provided, we'll always attempt to use the first operator
+                # for the filter.
+                options[:operator] = filter[:operators].first
+                options[:value] = value
+              end
+
+              # Check that the operator is supported
+              unless filter[:operators].include?(options[:operator])
+                error 'FilterError', :issue_code => 'InvalidOperator', :issue_message => "The operator '#{options[:operator]}' is not supported for the '#{key}' attribute."
+              end
+
+              # Add this item to the flags which will be set at the end of the method
+              filters_flags[key] = options
+
+              # Do the filtering...
+              if filter[:block]
+                # If a block is provided, we'll refer to that to do the lookups
+                # and ensure that return the collection
+                collection = instance_exec(options[:operator], options[:value], collection, &filter[:block])
+              else
+                # If no block is provided, we'll fall back to Active Record like where
+                # lookups on the original collection.
+                case options[:operator]
+                when :eq
+                  collection = collection.where("#{key} = ?", options[:value].to_s)
+                when :not_eq
+                  collection = collection.where("#{key} != ?", options[:value].to_s)
+                when :starts_with
+                  collection = collection.where("#{key} LIKE ?", "#{options[:value].to_s}%")
+                when :ends_with
+                  collection = collection.where("#{key} LIKE ?", "%#{options[:value].to_s}")
+                when :gt
+                  collection = collection.where("#{key} > ?", options[:value].to_s)
+                when :gte
+                  collection = collection.where("#{key} >= ?", options[:value].to_s)
+                when :lt
+                  collection = collection.where("#{key} < ?", options[:value].to_s)
+                when :lte
+                  collection = collection.where("#{key} <= ?", options[:value].to_s)
+                when :in, :not_in
+                  # For checking with arrays, we must make sure the user has sent us
+                  # an array otherwise we'll raise an error.
+                  unless options[:value].is_a?(Array)
+                    error 'FilterError', :issue_code => "ArrayNeeded", :issue_message => "An array value is needed for '#{key}' for in/not_in operator"
+                  end
+                  values = options[:value].map(&:to_s)
+                  collection = options[:operator] == :in ? collection.where(key => values) : collection.where.not(key => values)
+                else
+                  error 'FilterError', :issue_code => "UnsupportedOperator", :issue_message => "The operator '#{options[:operator]}' is not supported."
+                end
+              end
+            else
+              # Raise an error if the attribute has been provided by the consumer
+              # that isn't supported by the action.
+              error 'FilterError', :issue_code => "UnsupportedAttribute", :issue_message => "The '#{key}' attribute is not supported for filtering on this action."
+            end
+          end
+        end
+        set_flag :filters, filters_flags
+        instance_exec(collection, &block)
+      end
+
+    end
+  end
+end

data/lib/moonrope/guard.rb

@@ -0,0 +1,35 @@
+module ::Guard
+  class Moonrope < Plugin
+    def initialize(options)
+      super
+      @options = options
+      @options[:source] ||= "api"
+      @options[:destination] ||= ".apidoc"
+    end
+
+    def start
+      UI.info "Starting Moonrope Watching"
+    end
+
+    def reload
+      stop ; start
+    end
+
+    def run_all
+      generate_moonrope_docs
+    end
+
+    def run_on_modifications(paths)
+      generate_moonrope_docs
+    end
+
+    private
+
+    def generate_moonrope_docs
+      if File.exist?(File.join(@options[:destination], 'moonrope.txt'))
+        system("rm -Rf #{@options[:destination]}/*")
+      end
+      system("bundle exec moonrope #{@options[:source]} #{@options[:destination]}")
+    end
+  end
+end

data/lib/moonrope/html_generator.rb

@@ -0,0 +1,65 @@
+require 'erb'
+require 'fileutils'
+require 'moonrope/doc_context'
+
+module Moonrope
+  class HtmlGenerator
+
+    def initialize(base, template_root_path)
+      @base = base
+      @template_root_path = template_root_path
+    end
+
+    attr_reader :base
+    attr_reader :template_root_path
+
+    def host
+      ENV['MR_HOST']
+    end
+
+    def prefix
+      ENV['MR_PREFIX'] || 'api'
+    end
+
+    def version
+      ENV['MR_VERSION'] || 'v1'
+    end
+
+    def generate(output_path)
+      FileUtils.mkdir_p(output_path)
+      FileUtils.cp_r(File.join(@template_root_path, 'assets'), File.join(output_path, 'assets'))
+      FileUtils.touch(File.join(output_path, 'moonrope.txt'))
+      # Index
+      generate_file(output_path, "index.html", "index")
+      # Controllers
+      @base.controllers.select { |c| c.doc != false }.each do |controller|
+        generate_file(output_path, File.join("controllers", "#{controller.name}.html"), "controller", {:controller => controller})
+        controller.actions.select { |_,a| a.doc != false }.each do |_, action|
+          generate_file(output_path, File.join("controllers", controller.name.to_s, "#{action.name}.html"), "action", {:controller => controller, :action => action})
+        end
+      end
+      # Structures
+      @base.structures.select { |s| s.doc != false }.each do |structure|
+        generate_file(output_path, File.join("structures", "#{structure.name}.html"), "structure", {:structure => structure})
+      end
+      # Authenticators
+      @base.authenticators.values.select { |s| s.doc != false }.each do |authenticator|
+        generate_file(output_path, File.join("authenticators", "#{authenticator.name}.html"), "authenticator", {:authenticator => authenticator})
+      end
+
+    end
+
+    private
+
+    def generate_file(root_dir, output_file, template_file, variables = {})
+      file = DocContext.new(self, :html_extensions => true, :welcome_file => 'index', :output_file => output_file, :vars => variables)
+      file_string = file.render(File.join(@template_root_path, "#{template_file}.erb"))
+      layout = DocContext.new(self, :html_extensions => true, :welcome_file => 'index', :output_file => output_file, :vars => {:page_title => file.vars[:page_title], :active_nav =>file.vars[:active_nav], :body => file_string}).render(File.join(@template_root_path, "layout.erb"))
+      path = File.join(root_dir, output_file)
+      FileUtils.mkdir_p(File.dirname(path))
+      File.open(path, 'w') { |f| f.write(layout) }
+    end
+
+  end
+
+end

data/lib/moonrope/param_set.rb

@@ -29,7 +29,7 @@ module Moonrope
     #
     def _value_for(key)
       # Get the value from the params and defaults
-      value = (@params[key.to_s] || @defaults[key.to_s])
+      value = @params.has_key?(key.to_s) ? @params[key.to_s] : @defaults[key.to_s]
       # Ensure that empty strings are actually nil.
       value = nil if value.is_a?(String) && value.length == 0
       # Return the value
@@ -39,6 +39,16 @@ module Moonrope
     alias_method :[], :_value_for
     alias_method :method_missing, :_value_for
 
+    #
+    # Set the value for a given param
+    #
+    # @param key [String]
+    # @param value [AnyObject]
+    #
+    def _set_value(name, value)
+      @params[name.to_s] = value
+    end
+
     #
     # Set the defaults for the param set
     #

data/lib/moonrope/rack_middleware.rb

@@ -25,23 +25,6 @@ module Moonrope
     #
     def call(env)
       if env['PATH_INFO'] =~ Moonrope::Request.path_regex
-
-        if @options[:reload_on_each_request]
-          @base.load
-        end
-
-        #
-        # Call the on request block if one has been defined for the base.
-        #
-        if @base.on_request.is_a?(Proc)
-          @base.on_request.call(@base, env)
-        end
-
-        #
-        # Create a new request object
-        #
-        request = @base.request(env, $1)
-
         #
         # Set some global headers which are always returned
         #
@@ -65,6 +48,38 @@ module Moonrope
         #
         global_headers['Content-Type'] = 'application/json'
 
+        #
+        # Reload if needed
+        #
+        if @options[:reload_on_each_request]
+          @base = @base.copy
+          begin
+            @base.load
+          rescue => e
+            return generate_error_triplet(@base, nil, e, global_headers)
+          end
+        end
+
+        #
+        # Create a new request object
+        #
+        request = base.request(env, $1)
+
+        #
+        # If force SSL is enabled, don't allow requests to proceed if they're
+        # not SSL
+        #
+        if base.force_ssl? && !request.ssl?
+          return [400, global_headers, [{:status => 'http-not-supported', :message => "Non-secure HTTP connections are not supported. Requests should be made using https:// rather than http://."}.to_json]]
+        end
+
+        #
+        # Call the on request block if one has been defined for the base.
+        #
+        if base.on_request.is_a?(Proc)
+          base.on_request.call(base, env)
+        end
+
         #
         # Check the request is valid
         #
@@ -78,30 +93,22 @@ module Moonrope
         begin
           result = request.execute
           json = result.to_json
-          global_headers['Content-Length'] = json.bytesize.to_s
-          [200, global_headers.merge(result.headers), [result.to_json]]
-        rescue JSON::ParserError => e
-          [400, global_headers, [{:status => 'invalid-json', :details => e.message}.to_json]]
-        rescue => e
-          Moonrope.logger.info e.class
-          Moonrope.logger.info e.message
-          Moonrope.logger.info e.backtrace.join("\n")
-
-          response = {:status => 'internal-server-error'}
 
-          # Call any request errors which have been registered on the base
-          @base.request_error_callbacks.each do |callback|
-            callback.call(request, e)
-          end
+          global_headers['Content-Length'] = json.bytesize.to_s
+          headers = global_headers.merge(result.headers)
+          Moonrope.logger.info "[#{Time.now.utc.strftime("%Y-%m-%d %H:%M:%S")}] controller=#{request.controller.name} action=#{request.action.name} status=#{result.status} time=#{result.time} ip=#{request.ip} size=#{json.bytesize}"
 
-          # If in development, return more details about the exception which was raised.
-          if @base.environment == 'development'
-            response[:error] = e.class.to_s
-            response[:message] = e.message
-            response[:backtrace] = e.backtrace[0,6]
+          base.request_callbacks.each do |callback|
+            # Call each request callback and provide the request, the result
+            # and the raw that's being returned to the user.
+            callback.call(request, result, json, headers)
           end
 
-          [500, global_headers, [response.to_json]]
+          [200, headers, [json]]
+        rescue JSON::ParserError => e
+          [400, global_headers, [{:status => 'invalid-json', :details => e.message}.to_json]]
+        rescue => e
+          generate_error_triplet(base, request, e, global_headers)
         end
 
       else
@@ -113,5 +120,27 @@ module Moonrope
       end
     end
 
+    def generate_error_triplet(base, request, exception, headers = {})
+      Moonrope.logger.info exception.class
+      Moonrope.logger.info exception.message
+      Moonrope.logger.info exception.backtrace.join("\n")
+
+      response = {:status => 'internal-server-error'}
+
+      # Call any request errors which have been registered on the base
+      base.request_error_callbacks.each do |callback|
+        callback.call(request, exception)
+      end
+
+      # If in development, return more details about the exception which was raised.
+      if base.environment == 'development'
+        response[:error] = exception.class.to_s
+        response[:message] = exception.message
+        response[:backtrace] = exception.backtrace[0,6]
+      end
+
+      [500, headers, [response.to_json]]
+    end
+
   end
 end

data/lib/moonrope/railtie.rb

@@ -1,19 +1,21 @@
+require 'moonrope/doc_server'
+
 module Moonrope
   class Railtie < Rails::Railtie
 
     initializer 'moonrope.initialize' do |app|
 
       # Initialize a new moonrope base.
-      app.config.moonrope = Moonrope::Base.load(Rails.root.join('api'))
+      Moonrope::Base.instance = Moonrope::Base.load(Rails.root.join('api'))
 
       # Set the logger
       Moonrope.logger = Rails.logger
 
       # Set the environment to match the Rails environment
-      app.config.moonrope.environment = Rails.env.to_s
+      Moonrope::Base.instance.environment = Rails.env.to_s
 
       # Ensure all request use UTC
-      app.config.moonrope.on_request = Proc.new do |base, env|
+      Moonrope::Base.instance.on_request = Proc.new do |base, env|
         Time.zone = 'UTC'
       end
 
@@ -22,29 +24,44 @@ module Moonrope
         Moonrope::Request.path_regex = app.config.moonrope_request_path_regex
       end
 
-      # Catch ActiveRecord::RecordNotFound exception as a standard not-found error
-      if defined?(ActiveRecord)
-        app.config.moonrope.register_external_error ActiveRecord::RecordNotFound do |exception, result|
+      ActiveSupport.on_load(:active_record) do
+
+        # Catch ActiveRecord::RecordNotFound exception as a standard not-found error
+        Moonrope::Base.instance.register_external_error ActiveRecord::RecordNotFound do |exception, result|
           result.status = 'not-found'
           result.data = {:message => exception.message}
         end
 
-        # Add a helper for auto setting parameters
-        app.config.moonrope.dsl.instance_eval do
-          helper :auto_set_params_for, :unloadable => false do |object|
-            current_action = object.new_record? ? :create_only : :update_only
-            request.action.params.select { |k,v| v[:set] == true || v[:set] == current_action }.keys.each do |param|
-              object.send("#{param}=", params[param])  if params.has?(param)
-            end
+        # Catch ActiveRecord::DeleteRestrictionError and raise an a DeleteRestrictionError
+        Moonrope::Base.instance.register_external_error ActiveRecord::DeleteRestrictionError do |exception, result|
+          result.status = 'error'
+          result.data = {:code => "DeleteRestrictionError", :message => "Object could not be deleted due to dependency"}
+          if exception.message =~ /([\w\-]+)\z/
+            result.data[:dependency] = $1
           end
         end
+
+        # Catch ActiveRecord::RecordInvalid and raise an a ValidationError
+        Moonrope::Base.instance.register_external_error ActiveRecord::RecordInvalid do |exception, result|
+          result.status = 'error'
+          errors = exception.record.errors.respond_to?(:to_api_hash) ? exception.record.errors.to_api_hash : exception.record.errors
+          result.data = {:code => "ValidationError", :message => "Object could not be saved due to a validation error", :errors => errors}
+        end
+
       end
 
+      # Insert the documentation middleware
+      app.middleware.use(
+        Moonrope::DocServer,
+        Moonrope::Base.instance,
+        :reload_on_each_request => !app.config.cache_classes
+      )
+
       # Insert the Moonrope middleware into the application's middleware
       # stack (at the bottom).
       app.middleware.use(
         Moonrope::RackMiddleware,
-        app.config.moonrope,
+        Moonrope::Base.instance,
         :reload_on_each_request => !app.config.cache_classes
       )
 

data/lib/moonrope/request.rb

@@ -3,10 +3,16 @@ module Moonrope
 
     class << self
       attr_accessor :path_regex
+      attr_accessor :path_prefix
 
       # @return [Regex] the regex which should be matched for all API requests
       def path_regex
-        @path_regex ||= /\A\/api\/([\w\/\-\.]+)?/
+        @path_regex ||= /\A\/#{path_prefix}([\w\/\-\.]+)?/
+      end
+
+      # @return [Regex] the initial path of the prefix to be matched
+      def path_prefix
+        @path_prefix ||= /api\//
       end
     end
 
@@ -17,7 +23,7 @@ module Moonrope
     # @return [String] the name of the action which was requested
     attr_reader :action_name
     # @return [Object] the authenticated user
-    attr_reader :authenticated_user
+    attr_reader :identity
 
     #
     # Initialize a new Moonrope::Request
@@ -80,25 +86,30 @@ module Moonrope
     # @return [Moonrope::ActionResult]
     #
     def execute
-      eval_env = EvalEnvironment.new(@base, self)
-      if @base.authenticator
+      eval_env = EvalEnvironment.new(@base, self, action)
+
+      if action.authenticator_to_use.is_a?(Moonrope::Authenticator)
         result = action.convert_errors_to_action_result do
-          @authenticated_user = eval_env.instance_eval(&@base.authenticator)
-          # If we are authenticated, check whether the action permits access to
-          # this user, if not raise an error.
-          if authenticated?
-            unless action.check_access(eval_env) == true
-              raise Moonrope::Errors::AccessDenied, "Access to #{controller.name}/#{action.name} is not permitted."
+          if block = action.authenticator_to_use.lookup
+            @identity = eval_env.instance_eval(&block)
+          end
+
+          unless action.check_access(eval_env) == true
+            if rule = action.authenticator_to_use.rules[action.access_rule_to_use]
+              eval_env.structured_error(rule[:error_code], rule[:description], :action => action.name, :controller => controller.name)
+            else
+              eval_env.structured_error("NotPermitted", "You are not permitted to access #{controller.name}/#{action.name}", :action => action.name, :controller => controller.name)
             end
           end
         end
 
         if result.is_a?(Moonrope::ActionResult)
-          # If we already have a result, we should return it and no longer execute
-          # this request.
           return result
         end
+      elsif action.authenticator_to_use == :not_found
+        raise Moonrope::Errors::MissingAuthenticator, "Wanted to use authenticator that was not defined."
       end
+
       action.execute(eval_env)
     end
 
@@ -109,7 +120,7 @@ module Moonrope
     #
     def params
       @params ||= begin
-        if @env['CONTENT_TYPE'] == 'application/json'
+        if @env['CONTENT_TYPE'] && @env['CONTENT_TYPE'] =~ /\Aapplication\/json(;|\z)/i
           Moonrope::ParamSet.new(rack_request.body.read)
         else
           Moonrope::ParamSet.new(rack_request.params['params'])
@@ -132,7 +143,7 @@ module Moonrope
     # @return [Boolean]
     #
     def anonymous?
-      authenticated_user.nil?
+      identity.nil?
     end
 
     #
@@ -141,7 +152,24 @@ module Moonrope
     # @return [Boolean]
     #
     def authenticated?
-      !(authenticated_user.nil? || authenticated_user == false)
+      !(identity.nil? || identity == false)
+    end
+
+    #
+    # Return the remote IP
+    #
+    # @return [String]
+    #
+    def ip
+      rack_request.ip
+    end
+
+    #
+    # Is this request on SSL?
+    #
+    # @return [Boolean]
+    def ssl?
+      rack_request.ssl?
     end
 
     private