openapi_first 0.12.2 → 0.13.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 689e572886b7ca556ffb00c89368195e129d954a03a3899f3d7d8401bd724196
-  data.tar.gz: e2669f12188188ac232d0c52b8a371e221ce65e589f2bd06dc6b7547fd0cafc2
+  metadata.gz: 579d36678fe6b41e050a370017165899c82be5e64b352e45410107e7302d26af
+  data.tar.gz: 0ddd3ab2f5ed7bb9aadc41cba158ea3fc9f2e59a93054c4f76f3766109e03192
 SHA512:
-  metadata.gz: c3409b992b56a09eb9e4bc75d20e6711a4ebda0bd93c0422316343ea48b4f8816394f1506b675c56e42f3dad339a0b7aa9c4834f0372045815a81888724ad45e
-  data.tar.gz: 2893535646d84f3ca6db6efc63c5334961929b9f6e561b8d36f771ca4ad0b9e25af5c5b06292ae9745610fa6dd229516c4aa4b42c01c52fc176294a1713b8767
+  metadata.gz: fb1ca083cce9a636bf42f33c308dcd5c1e19b14b31bebe0534646baf0af8c43e6ce1d5b1e20b0657872a12c90e2446122a33c015ce42ee96ee16c8b1f4cc8b79
+  data.tar.gz: 8a2f1af143f23f21381691d158d0991b1e055d726c8e0c46579bd1d88383f3c4f66ca3a8b1554a47bdab5e6278340b6e6e8ace1d983e95b01b84c1f822a5249b

data/.rubocop.yml

@@ -14,6 +14,8 @@ Layout/SpaceAroundMethodCallOperator:
   Enabled: true
 Lint/DeprecatedOpenSSLConstant:
   Enabled: true
+Lint/DuplicateElsifCondition:
+  Enabled: true
 Lint/RaiseException:
   Enabled: true
 Lint/MixedRegexpCaptureTypes:
@@ -28,7 +30,25 @@ Lint/StructNewOverride:
   Enabled: true
 Style/HashEachMethods:
   Enabled: false
+Style/AccessorGrouping:
+  Enabled: true
+Style/ArrayCoercion:
+  Enabled: true
+Style/BisectedAttrAccessor:
+  Enabled: true
+Style/CaseLikeIf:
+  Enabled: true
+Style/HashAsLastArrayItem:
+  Enabled: true
+Style/HashLikeCase:
+  Enabled: true
 Style/HashTransformKeys:
   Enabled: true
 Style/HashTransformValues:
   Enabled: true
+Style/RedundantAssignment:
+  Enabled: true
+Style/RedundantFetchBlock:
+  Enabled: true
+Style/RedundantFileExtensionInRequire:
+  Enabled: true

data/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+## 0.13.2
+- Return indicator (`source: { parameter: 'list/1' }`) in error response body when array item in query parameter is invalid
+
+## 0.13.0
+- Add support for arrays in query parameters (style: form, explode: false)
+- Remove warning when handler is not implemented
+
+## 0.12.5
+- Add `not_found: :continue` option to Router to make it do nothing if request is unknown
+
+## 0.12.4
+- content-type is found while ignoring additional content-type parameters (`application/json` is found when request/response content-type is `application/json; charset=UTF8`)
+- Support wildcard mime-types when finding the content-type
+
+## 0.12.3
+- Add `response_validation:`, `router_raise_error` options to standalone mode.
+
 ## 0.12.2
 - Allow response to have no media type object specified
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    openapi_first (0.12.2)
+    openapi_first (0.13.2)
       deep_merge (>= 1.2.1)
       hanami-router (~> 2.0.alpha3)
       hanami-utils (~> 2.0.alpha1)
@@ -24,9 +24,9 @@ GEM
     ast (2.4.1)
     builder (3.2.4)
     coderay (1.1.3)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     deep_merge (1.2.1)
-    diff-lcs (1.4.2)
+    diff-lcs (1.4.4)
     ecma-re-validator (0.2.1)
       regexp_parser (~> 1.2)
     hana (1.3.6)
@@ -39,9 +39,9 @@ GEM
       transproc (~> 1.0)
     hansi (0.2.0)
     hash-deep-merge (0.1.1)
-    i18n (1.8.3)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
-    json_schemer (0.2.11)
+    json_schemer (0.2.13)
       ecma-re-validator (~> 0.2)
       hana (~> 1.3)
       regexp_parser (~> 1.5)
@@ -49,15 +49,15 @@ GEM
     method_source (1.0.0)
     mini_portile2 (2.4.0)
     minitest (5.14.1)
-    multi_json (1.14.1)
+    multi_json (1.15.0)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
     mustermann-contrib (1.1.1)
       hansi (~> 0.2.0)
       mustermann (= 1.1.1)
-    nokogiri (1.10.9)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
-    oas_parser (0.25.2)
+    oas_parser (0.25.1)
       activesupport (>= 4.0.0)
       addressable (~> 2.3)
       builder (~> 3.2.3)
@@ -92,16 +92,16 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-support (3.9.3)
-    rubocop (0.86.0)
+    rubocop (0.88.0)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 2.7.1.1)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.7)
       rexml
-      rubocop-ast (>= 0.0.3, < 1.0)
+      rubocop-ast (>= 0.1.0, < 1.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (0.0.3)
+    rubocop-ast (0.2.0)
       parser (>= 2.7.0.1)
     ruby-progressbar (1.10.1)
     ruby2_keywords (0.0.2)
@@ -111,7 +111,7 @@ GEM
       thread_safe (~> 0.1)
     unicode-display_width (1.7.0)
     uri_template (0.7.0)
-    zeitwerk (2.3.0)
+    zeitwerk (2.4.0)
 
 PLATFORMS
   ruby

data/README.md

@@ -37,6 +37,7 @@ Options and their defaults:
 |:---|---|---|---|
 |`spec:`| | The spec loaded via `OpenapiFirst.load` ||
 | `raise_error:` |`false`, `true` | If set to true the middleware raises `OpenapiFirst::NotFoundError` when a path or method was not found in the API description. This is useful during testing to spot an incomplete API description. | `false` (don't raise an exception)
+| `not_found:` | `:continue`, `:halt`| If set to `:continue` the middleware will not return 404 (405, 415), but just pass handling the request to the next middleware or application in the Rack stack. If combined with `raise_error: true` `raise_error` gets preference and an exception is raised. | `:halt` (return 4xx response)
 
 ## OpenapiFirst::RequestValidation
 
@@ -78,7 +79,12 @@ This middleware adds `env[OpenapiFirst::INBOX]` which holds the (filtered) path
 ### Parameter validation
 
 The middleware filteres all top-level query parameters and paths parameters and tries to convert numeric values. Meaning, if you have an `:something_id` path with `type: integer`, it will try convert the value to an integer.
-Note that is currently does not convert date, date-time or time formats and that conversion is currently done only for path and query parameters, but not for the request body. It just works with a parameter with `name: filter[age]`.
+
+It just works with a parameter with `name: filter[age]`.
+
+OpenapiFirst also supports `type: array` for query parameters and will convert `items` just as described above. [`style`](http://spec.openapis.org/oas/v3.0.3#style-values) and `explode` attributes are not supported for query parameters. It will always act as if `style: form` and `explode: false` were used for query parameters.
+
+Conversion is currently done only for path and query parameters, but not for the request body. OpenapiFirst currently does not convert date, date-time or time formats.
 
 If you want to forbid _nested_ query parameters you will need to use [`additionalProperties: false`](https://json-schema.org/understanding-json-schema/reference/object.html#properties) in your query parameter JSON schema.
 
@@ -150,7 +156,12 @@ end
 
 # In config.ru:
 require 'openapi_first'
-run OpenapiFirst.app('./openapi/openapi.yaml', namespace: Pets)
+run OpenapiFirst.app(
+  './openapi/openapi.yaml',
+  namespace: Pets,
+  response_validation: ENV['RACK_ENV'] == 'test',
+  router_raise_error:  ENV['RACK_ENV'] == 'test'
+)
 ```
 
 The above will use the mentioned Rack middlewares to:
@@ -159,6 +170,17 @@ The above will use the mentioned Rack middlewares to:
 - Map the request to a method call `Pets.find_pet` based on the `operationId` in the API description
 - Set the response content type according to your spec (here with the default status code `200`)
 
+### Options and their defaults:
+
+| Name | Possible values | Description | Default
+|:---|---|---|---|
+| `spec_path` || A filepath to an OpenAPI definition file. |
+| `namespace:` || A class or module where to find the handler methods.|
+| `response_validation:` | `true`, `false` | If set to true it raises an exception if the response is invalid. This is useful during testing. | `false`
+| `router_raise_error:` | `true`, `false` | If set to true it raises an exception (subclass of `OpenapiFirst::Error` when a request path/method is not specified. This is useful during testing. | `false`
+| `request_validation_raise_error:` | `true`, `false` | If set to true it raises an exception (subclass of `OpenapiFirst::Error` when a request is not valid. | `false`
+
+
 Handler functions (`find_pet`) are called with two arguments:
 
 - `params` - Holds the parsed request body, filtered query params and path parameters

data/benchmarks/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    openapi_first (0.12.2)
+    openapi_first (0.13.2)
       deep_merge (>= 1.2.1)
       hanami-router (~> 2.0.alpha3)
       hanami-utils (~> 2.0.alpha1)
@@ -25,11 +25,11 @@ GEM
     benchmark-memory (0.1.2)
       memory_profiler (~> 0.9)
     builder (3.2.4)
-    committee (4.0.0)
+    committee (4.2.0)
       json_schema (~> 0.14, >= 0.14.3)
       openapi_parser (>= 0.11.1)
       rack (>= 1.5)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     deep_merge (1.2.1)
     dry-configurable (0.11.6)
       concurrent-ruby (~> 1.0)
@@ -42,7 +42,7 @@ GEM
       concurrent-ruby (~> 1.0)
     dry-equalizer (0.3.0)
     dry-inflector (0.2.0)
-    dry-logic (1.0.6)
+    dry-logic (1.0.7)
       concurrent-ruby (~> 1.0)
       dry-core (~> 0.2)
       dry-equalizer (~> 0.2)
@@ -55,7 +55,7 @@ GEM
       dry-logic (~> 1.0, >= 1.0.2)
     ecma-re-validator (0.2.1)
       regexp_parser (~> 1.2)
-    grape (1.3.3)
+    grape (1.4.0)
       activesupport
       builder
       dry-types (>= 1.1)
@@ -72,10 +72,10 @@ GEM
       transproc (~> 1.0)
     hansi (0.2.0)
     hash-deep-merge (0.1.1)
-    i18n (1.8.3)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
     json_schema (0.20.9)
-    json_schemer (0.2.11)
+    json_schemer (0.2.13)
       ecma-re-validator (~> 0.2)
       hana (~> 1.3)
       regexp_parser (~> 1.5)
@@ -83,7 +83,7 @@ GEM
     memory_profiler (0.9.14)
     mini_portile2 (2.4.0)
     minitest (5.14.1)
-    multi_json (1.14.1)
+    multi_json (1.15.0)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
     mustermann-contrib (1.1.1)
@@ -91,9 +91,9 @@ GEM
       mustermann (= 1.1.1)
     mustermann-grape (1.0.1)
       mustermann (>= 1.0.0)
-    nokogiri (1.10.9)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
-    oas_parser (0.25.2)
+    oas_parser (0.25.1)
       activesupport (>= 4.0.0)
       addressable (~> 2.3)
       builder (~> 3.2.3)
@@ -101,7 +101,7 @@ GEM
       hash-deep-merge
       mustermann-contrib (~> 1.1.1)
       nokogiri
-    openapi_parser (0.11.2)
+    openapi_parser (0.12.1)
     public_suffix (4.0.5)
     rack (2.2.3)
     rack-accept (0.4.5)
@@ -125,7 +125,7 @@ GEM
     tzinfo (1.2.7)
       thread_safe (~> 0.1)
     uri_template (0.7.0)
-    zeitwerk (2.3.0)
+    zeitwerk (2.4.0)
 
 PLATFORMS
   ruby

data/examples/app.rb

@@ -17,5 +17,6 @@ oas_path = File.absolute_path('./openapi.yaml', __dir__)
 App = OpenapiFirst.app(
   oas_path,
   namespace: Web,
-  raise_error: OpenapiFirst.env == 'test'
+  router_raise_error: OpenapiFirst.env == 'test',
+  response_validation: OpenapiFirst.env == 'test'
 )

data/lib/openapi_first.rb

@@ -31,14 +31,39 @@ module OpenapiFirst
     Definition.new(parsed)
   end
 
-  def self.app(spec, namespace:, raise_error: false)
+  def self.app(
+    spec,
+    namespace:,
+    router_raise_error: false,
+    request_validation_raise_error: false,
+    response_validation: false
+  )
     spec = OpenapiFirst.load(spec) if spec.is_a?(String)
-    App.new(nil, spec, namespace: namespace, raise_error: raise_error)
+    App.new(
+      nil,
+      spec,
+      namespace: namespace,
+      router_raise_error: router_raise_error,
+      request_validation_raise_error: request_validation_raise_error,
+      response_validation: response_validation
+    )
   end
 
-  def self.middleware(spec, namespace:, raise_error: false)
+  def self.middleware(
+    spec,
+    namespace:,
+    router_raise_error: false,
+    request_validation_raise_error: false,
+    response_validation: false
+  )
     spec = OpenapiFirst.load(spec) if spec.is_a?(String)
-    AppWithOptions.new(spec, namespace: namespace, raise_error: raise_error)
+    AppWithOptions.new(
+      spec,
+      namespace: namespace,
+      router_raise_error: router_raise_error,
+      request_validation_raise_error: request_validation_raise_error,
+      response_validation: response_validation
+    )
   end
 
   class AppWithOptions

data/lib/openapi_first/app.rb

@@ -5,12 +5,19 @@ require 'logger'
 
 module OpenapiFirst
   class App
-    def initialize(parent_app, spec, namespace:, raise_error:)
+    def initialize( # rubocop:disable Metrics/ParameterLists
+      parent_app,
+      spec,
+      namespace:,
+      router_raise_error: false,
+      request_validation_raise_error: false,
+      response_validation: false
+    )
       @stack = Rack::Builder.app do
         freeze_app
-        use OpenapiFirst::Router, spec: spec, raise_error: raise_error, parent_app: parent_app
-        use OpenapiFirst::RequestValidation, raise_error: raise_error
-        use OpenapiFirst::ResponseValidation if raise_error
+        use OpenapiFirst::Router, spec: spec, raise_error: router_raise_error, parent_app: parent_app
+        use OpenapiFirst::RequestValidation, raise_error: request_validation_raise_error
+        use OpenapiFirst::ResponseValidation if response_validation
         run OpenapiFirst::Responder.new(
           spec: spec,
           namespace: namespace

data/lib/openapi_first/find_handler.rb

@@ -9,10 +9,8 @@ module OpenapiFirst
       @handlers = spec.operations.each_with_object({}) do |operation, hash|
         operation_id = operation.operation_id
         handler = find_handler(operation_id)
-        if handler.nil?
-          warn "#{self.class.name} cannot not find handler for '#{operation.operation_id}' (#{operation.method} #{operation.path}). This operation will be ignored." # rubocop:disable Layout/LineLength
-          next
-        end
+        next if handler.nil?
+
         hash[operation_id] = handler
       end
     end

data/lib/openapi_first/operation.rb

@@ -41,7 +41,7 @@ module OpenapiFirst
 
       raise ResponseInvalid, "Response has no content-type for '#{name}'" unless content_type
 
-      media_type = content[content_type]
+      media_type = find_content_for_content_type(content, content_type)
       unless media_type
         message = "Response content type not found '#{content_type}' for '#{name}'"
         raise ResponseContentTypeNotFoundError, message
@@ -49,6 +49,12 @@ module OpenapiFirst
       media_type['schema']
     end
 
+    def request_body_schema_for(request_content_type)
+      content = @operation.request_body.content
+      media_type = find_content_for_content_type(content, request_content_type)
+      media_type&.fetch('schema', nil)
+    end
+
     def response_for(status)
       @operation.response_by_code(status.to_s, use_default: true).raw
     rescue OasParser::ResponseCodeNotFound
@@ -62,6 +68,13 @@ module OpenapiFirst
 
     private
 
+    def find_content_for_content_type(content, request_content_type)
+      content.fetch(request_content_type) do |_|
+        type = request_content_type.split(';')[0]
+        content[type] || content["#{type.split('/')[0]}/*"] || content['*/*']
+      end
+    end
+
     def build_parameters_json_schema
       return unless @operation.parameters&.any?
 

data/lib/openapi_first/request_validation.rb

@@ -98,7 +98,8 @@ module OpenapiFirst
     def request_body_schema(content_type, operation)
       return unless operation
 
-      schema = operation.request_body.content[content_type]&.fetch('schema')
+      schema = operation.request_body_schema_for(content_type)
+
       JSONSchemer.schema(schema) if schema
     end
 
@@ -140,8 +141,9 @@ module OpenapiFirst
 
     def serialize_query_parameter_errors(validation_errors)
       validation_errors.map do |error|
+        pointer = error['data_pointer'][1..].to_s
         {
-          source: { parameter: File.basename(error['data_pointer']) }
+          source: { parameter: pointer }
         }.update(ValidationFormat.error_details(error))
       end
     end
@@ -149,14 +151,27 @@ module OpenapiFirst
     def parse_parameter(value, schema)
       return filtered_params(schema, value) if schema['properties']
 
+      return parse_array_parameter(value, schema) if schema['type'] == 'array'
+
+      parse_simple_value(value, schema)
+    end
+
+    def parse_array_parameter(value, schema)
+      array = value.is_a?(Array) ? value : value.split(',')
+      return array unless schema['items']
+
+      array.map! { |e| parse_simple_value(e, schema['items']) }
+    end
+
+    def parse_simple_value(value, schema)
+      return to_boolean(value) if schema['type'] == 'boolean'
+
       begin
         return Integer(value, 10) if schema['type'] == 'integer'
         return Float(value) if schema['type'] == 'number'
       rescue ArgumentError
         value
       end
-      return to_boolean(value) if schema['type'] == 'boolean'
-
       value
     end
 

data/lib/openapi_first/router.rb

@@ -10,11 +10,13 @@ module OpenapiFirst
       app,
       spec:,
       raise_error: false,
+      not_found: :halt,
       parent_app: nil
     )
       @app = app
       @parent_app = parent_app
       @raise = raise_error
+      @not_found = not_found
       @filepath = spec.filepath
       @router = build_router(spec.operations)
     end
@@ -23,9 +25,11 @@ module OpenapiFirst
       env[OPERATION] = nil
       response = call_router(env)
       if env[OPERATION].nil?
-        return @parent_app.call(env) if @parent_app # This should only happen if used via OpenapiFirst.middlware
+        return @parent_app.call(env) if @parent_app # This should only happen if used via OpenapiFirst.middleware
 
         raise_error(env) if @raise
+
+        return @app.call(env) if @not_found == :continue
       end
       response
     end

data/lib/openapi_first/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiFirst
-  VERSION = '0.12.2'
+  VERSION = '0.13.2'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openapi_first
 version: !ruby/object:Gem::Version
-  version: 0.12.2
+  version: 0.13.2
 platform: ruby
 authors:
 - Andreas Haller
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-06-24 00:00:00.000000000 Z
+date: 2020-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deep_merge