openapi_first 0.12.3 → 0.13.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f5e77e342d4dba0c6ac4d535511148333efac5bc4b2cea62ee6d8b75219233e
-  data.tar.gz: 9b3341115e77bd4abc4b14d89464093d78483e251cf69e2b2508461c98aa1ccf
+  metadata.gz: 94cbe97158c8482c40dd1521e1f83cef287ad2e7e32f82746f24adcf45f60c4e
+  data.tar.gz: 1aff02e97e51b67334c34bc6ee967559def9218c4e81dc6295204bb5447f6715
 SHA512:
-  metadata.gz: 86f19dc76569748825731014124b689b7bddf5cce6a6fe38b5d95adb4643eeeeaa3ae6024a290aaf2aed92127147cc948a55faa062b5d97b99b7d2fe65df98cd
-  data.tar.gz: 27cef03d9ef7e0b49af33154e44ca68d3e0e860dcd94cbf6d2cdc4661ff90a4be590b92365aabfcdffe330f2aa2e96c12f7277ee2fa572fe02a2cc2c263e34b5
+  metadata.gz: 4ca9c77f8b70024083b831a02d824c2fd0321ff3598234f085133b161ba46a2177e9279e80e22f2ca56da466b087c0c7ac3a62c6dec9a7f906bf03fd44f2eb47
+  data.tar.gz: bcffa9f70194081780a0348f17e695b05f879eb029e4932baa224c3ca1d03e7fb531931f111bfdbcf452f772c0729e725cd3101779aa363408f859e63fd989f8

data/.rubocop.yml

@@ -1,5 +1,6 @@
 AllCops:
   TargetRubyVersion: 2.6
+  NewCops: enable
 Style/Documentation:
   Enabled: false
 Style/ExponentialNotation:
@@ -8,29 +9,5 @@ Metrics/BlockLength:
   Exclude:
   - 'spec/**/*.rb'
   - '*.gemspec'
-Layout/EmptyLinesAroundAttributeAccessor:
-  Enabled: true
-Layout/SpaceAroundMethodCallOperator:
-  Enabled: true
-Lint/DeprecatedOpenSSLConstant:
-  Enabled: true
-Lint/RaiseException:
-  Enabled: true
-Lint/MixedRegexpCaptureTypes:
-  Enabled: true
-Style/RedundantRegexpCharacterClass:
-  Enabled: true
-Style/RedundantRegexpEscape:
-  Enabled: true
-Style/SlicingWithRange:
-  Enabled: true
-Lint/StructNewOverride:
-  Enabled: true
-Style/HashEachMethods:
-  Enabled: false
-Style/HashTransformKeys:
-  Enabled: true
-Style/HashTransformValues:
-  Enabled: true
-Style/RedundantFetchBlock:
-  Enabled: true
+Metrics/MethodLength:
+  Max: 20

data/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+## 0.13.3
+- Better error message if string does not match format
+
+## 0.13.2
+- Return indicator (`source: { parameter: 'list/1' }`) in error response body when array item in query parameter is invalid
+
+## 0.13.0
+- Add support for arrays in query parameters (style: form, explode: false)
+- Remove warning when handler is not implemented
+
+## 0.12.5
+- Add `not_found: :continue` option to Router to make it do nothing if request is unknown
+
+## 0.12.4
+- content-type is found while ignoring additional content-type parameters (`application/json` is found when request/response content-type is `application/json; charset=UTF8`)
+- Support wildcard mime-types when finding the content-type
+
 ## 0.12.3
 - Add `response_validation:`, `router_raise_error` options to standalone mode.
 
@@ -8,7 +25,7 @@
 
 ## 0.12.1
 - Fix response when handler returns 404 or 405
-- Don't validate the response content if status is 205 (no content)
+- Don't validate the response content if status is 204 (no content)
 
 ## 0.12.0
 - Change `ResponseValidator` to raise an exception if it found a problem

data/Gemfile.lock

@@ -1,11 +1,11 @@
 PATH
   remote: .
   specs:
-    openapi_first (0.12.3)
+    openapi_first (0.13.3)
       deep_merge (>= 1.2.1)
       hanami-router (~> 2.0.alpha3)
       hanami-utils (~> 2.0.alpha1)
-      json_schemer (~> 0.2)
+      json_schemer (~> 0.2.16)
       multi_json (~> 1.14)
       oas_parser (~> 0.25.1)
       rack (~> 2.2)
@@ -13,7 +13,7 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (6.0.3.2)
+    activesupport (6.0.3.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -24,7 +24,7 @@ GEM
     ast (2.4.1)
     builder (3.2.4)
     coderay (1.1.3)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     deep_merge (1.2.1)
     diff-lcs (1.4.4)
     ecma-re-validator (0.2.1)
@@ -39,16 +39,16 @@ GEM
       transproc (~> 1.0)
     hansi (0.2.0)
     hash-deep-merge (0.1.1)
-    i18n (1.8.3)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
-    json_schemer (0.2.11)
+    json_schemer (0.2.16)
       ecma-re-validator (~> 0.2)
       hana (~> 1.3)
       regexp_parser (~> 1.5)
       uri_template (~> 0.7)
     method_source (1.0.0)
     mini_portile2 (2.4.0)
-    minitest (5.14.1)
+    minitest (5.14.2)
     multi_json (1.15.0)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
@@ -66,24 +66,24 @@ GEM
       mustermann-contrib (~> 1.1.1)
       nokogiri
     parallel (1.19.2)
-    parser (2.7.1.4)
+    parser (2.7.2.0)
       ast (~> 2.4.1)
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.5)
+    public_suffix (4.0.6)
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rainbow (3.0.0)
     rake (13.0.1)
-    regexp_parser (1.7.1)
+    regexp_parser (1.8.2)
     rexml (3.2.4)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.2)
+    rspec-core (3.9.3)
       rspec-support (~> 3.9.3)
     rspec-expectations (3.9.2)
       diff-lcs (>= 1.2.0, < 2.0)
@@ -92,26 +92,26 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-support (3.9.3)
-    rubocop (0.87.1)
+    rubocop (0.93.1)
       parallel (~> 1.10)
-      parser (>= 2.7.1.1)
+      parser (>= 2.7.1.5)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.7)
+      regexp_parser (>= 1.8)
       rexml
-      rubocop-ast (>= 0.1.0, < 1.0)
+      rubocop-ast (>= 0.6.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (0.1.0)
-      parser (>= 2.7.0.1)
+    rubocop-ast (0.8.0)
+      parser (>= 2.7.1.5)
     ruby-progressbar (1.10.1)
     ruby2_keywords (0.0.2)
     thread_safe (0.3.6)
     transproc (1.1.1)
-    tzinfo (1.2.7)
+    tzinfo (1.2.8)
       thread_safe (~> 0.1)
     unicode-display_width (1.7.0)
     uri_template (0.7.0)
-    zeitwerk (2.3.1)
+    zeitwerk (2.4.1)
 
 PLATFORMS
   ruby

data/README.md

@@ -19,7 +19,7 @@ OpenapiFirst consists of these Rack middlewares:
 
 - [`OpenapiFirst::Router`](#OpenapiFirst::Router) – Finds the OpenAPI operation for the current request or returns 404 if no operation was found. This can be customized.
 - [`OpenapiFirst::RequestValidation`](#OpenapiFirst::RequestValidation) – Validates the request against the API description and returns 400 if the request is invalid.
-- [`OpenapiFirst::Responder`](#OpenapiFirst::Responder) calls the [handler](#handlers) found for the operation.
+- [`OpenapiFirst::Responder`](#OpenapiFirst::Responder) calls the [handler](#handlers) found for the operation, sets the correct content-type and serialized the response body to json if needed.
 - [`OpenapiFirst::ResponseValidation`](#OpenapiFirst::ResponseValidation) Validates the response and raises an exception if the response body is invalid.
 
 ## OpenapiFirst::Router
@@ -37,6 +37,7 @@ Options and their defaults:
 |:---|---|---|---|
 |`spec:`| | The spec loaded via `OpenapiFirst.load` ||
 | `raise_error:` |`false`, `true` | If set to true the middleware raises `OpenapiFirst::NotFoundError` when a path or method was not found in the API description. This is useful during testing to spot an incomplete API description. | `false` (don't raise an exception)
+| `not_found:` | `:continue`, `:halt`| If set to `:continue` the middleware will not return 404 (405, 415), but just pass handling the request to the next middleware or application in the Rack stack. If combined with `raise_error: true` `raise_error` gets preference and an exception is raised. | `:halt` (return 4xx response)
 
 ## OpenapiFirst::RequestValidation
 
@@ -78,7 +79,12 @@ This middleware adds `env[OpenapiFirst::INBOX]` which holds the (filtered) path
 ### Parameter validation
 
 The middleware filteres all top-level query parameters and paths parameters and tries to convert numeric values. Meaning, if you have an `:something_id` path with `type: integer`, it will try convert the value to an integer.
-Note that is currently does not convert date, date-time or time formats and that conversion is currently done only for path and query parameters, but not for the request body. It just works with a parameter with `name: filter[age]`.
+
+It just works with a parameter with `name: filter[age]`.
+
+OpenapiFirst also supports `type: array` for query parameters and will convert `items` just as described above. [`style`](http://spec.openapis.org/oas/v3.0.3#style-values) and `explode` attributes are not supported for query parameters. It will always act as if `style: form` and `explode: false` were used for query parameters.
+
+Conversion is currently done only for path and query parameters, but not for the request body. OpenapiFirst currently does not convert date, date-time or time formats.
 
 If you want to forbid _nested_ query parameters you will need to use [`additionalProperties: false`](https://json-schema.org/understanding-json-schema/reference/object.html#properties) in your query parameter JSON schema.
 
@@ -93,6 +99,12 @@ This will also add the parsed request body to `env[OpenapiFirst::REQUEST_BODY]`.
 
 tbd.
 
+### readOnly / writeOnly properties
+
+Request validation fails if request includes a property with `readOnly: true`.
+
+Response validation fails if response body includes a property with `writeOnly: true`.
+
 ## OpenapiFirst::Responder
 
 This Rack endpoint maps the HTTP request to a method call based on the [operationId](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#operation-object) in your API description and calls it. Responder also adds a content-type to the response.

data/benchmarks/Gemfile

@@ -6,7 +6,8 @@ gem 'benchmark-ips'
 gem 'benchmark-memory'
 gem 'committee'
 gem 'grape'
-gem 'hanami-router', '~> 2.0.0.alpha2'
+gem 'hanami-api'
+gem 'hanami-router', '~> 2.0.0.alpha3'
 gem 'multi_json'
 gem 'openapi_first', path: '../'
 gem 'sinatra'

data/benchmarks/Gemfile.lock

@@ -1,11 +1,11 @@
 PATH
   remote: ..
   specs:
-    openapi_first (0.12.3)
+    openapi_first (0.13.3)
       deep_merge (>= 1.2.1)
       hanami-router (~> 2.0.alpha3)
       hanami-utils (~> 2.0.alpha1)
-      json_schemer (~> 0.2)
+      json_schemer (~> 0.2.16)
       multi_json (~> 1.14)
       oas_parser (~> 0.25.1)
       rack (~> 2.2)
@@ -13,7 +13,7 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (6.0.3.2)
+    activesupport (6.0.3.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -21,15 +21,15 @@ GEM
       zeitwerk (~> 2.2, >= 2.2.2)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    benchmark-ips (2.8.2)
+    benchmark-ips (2.8.3)
     benchmark-memory (0.1.2)
       memory_profiler (~> 0.9)
     builder (3.2.4)
-    committee (4.1.0)
+    committee (4.2.0)
       json_schema (~> 0.14, >= 0.14.3)
       openapi_parser (>= 0.11.1)
       rack (>= 1.5)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     deep_merge (1.2.1)
     dry-configurable (0.11.6)
       concurrent-ruby (~> 1.0)
@@ -42,7 +42,7 @@ GEM
       concurrent-ruby (~> 1.0)
     dry-equalizer (0.3.0)
     dry-inflector (0.2.0)
-    dry-logic (1.0.6)
+    dry-logic (1.0.8)
       concurrent-ruby (~> 1.0)
       dry-core (~> 0.2)
       dry-equalizer (~> 0.2)
@@ -55,7 +55,7 @@ GEM
       dry-logic (~> 1.0, >= 1.0.2)
     ecma-re-validator (0.2.1)
       regexp_parser (~> 1.2)
-    grape (1.3.3)
+    grape (1.5.0)
       activesupport
       builder
       dry-types (>= 1.1)
@@ -63,6 +63,8 @@ GEM
       rack (>= 1.3.0)
       rack-accept
     hana (1.3.6)
+    hanami-api (0.1.1)
+      hanami-router (~> 2.0.alpha)
     hanami-router (2.0.0.alpha3)
       mustermann (~> 1.0)
       mustermann-contrib (~> 1.0)
@@ -72,17 +74,17 @@ GEM
       transproc (~> 1.0)
     hansi (0.2.0)
     hash-deep-merge (0.1.1)
-    i18n (1.8.3)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
     json_schema (0.20.9)
-    json_schemer (0.2.11)
+    json_schemer (0.2.16)
       ecma-re-validator (~> 0.2)
       hana (~> 1.3)
       regexp_parser (~> 1.5)
       uri_template (~> 0.7)
     memory_profiler (0.9.14)
     mini_portile2 (2.4.0)
-    minitest (5.14.1)
+    minitest (5.14.2)
     multi_json (1.15.0)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
@@ -93,7 +95,7 @@ GEM
       mustermann (>= 1.0.0)
     nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
-    oas_parser (0.25.1)
+    oas_parser (0.25.2)
       activesupport (>= 4.0.0)
       addressable (~> 2.3)
       builder (~> 3.2.3)
@@ -101,20 +103,20 @@ GEM
       hash-deep-merge
       mustermann-contrib (~> 1.1.1)
       nokogiri
-    openapi_parser (0.11.2)
-    public_suffix (4.0.5)
+    openapi_parser (0.12.1)
+    public_suffix (4.0.6)
     rack (2.2.3)
     rack-accept (0.4.5)
       rack (>= 0.4)
-    rack-protection (2.0.8.1)
+    rack-protection (2.1.0)
       rack
-    regexp_parser (1.7.1)
+    regexp_parser (1.8.2)
     ruby2_keywords (0.0.2)
     seg (1.2.0)
-    sinatra (2.0.8.1)
+    sinatra (2.1.0)
       mustermann (~> 1.0)
-      rack (~> 2.0)
-      rack-protection (= 2.0.8.1)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
       tilt (~> 2.0)
     syro (3.2.0)
       rack (>= 1.6.0)
@@ -125,7 +127,7 @@ GEM
     tzinfo (1.2.7)
       thread_safe (~> 0.1)
     uri_template (0.7.0)
-    zeitwerk (2.3.1)
+    zeitwerk (2.4.0)
 
 PLATFORMS
   ruby
@@ -135,7 +137,8 @@ DEPENDENCIES
   benchmark-memory
   committee
   grape
-  hanami-router (~> 2.0.0.alpha2)
+  hanami-api
+  hanami-router (~> 2.0.0.alpha3)
   multi_json
   openapi_first!
   sinatra

data/benchmarks/apps/committee.ru

@@ -1,30 +1,24 @@
 # frozen_string_literal: true
 
-require 'committee'
-require 'syro'
 require 'multi_json'
+require 'committee'
+require 'hanami/api'
 
-app = Syro.new do
-  on 'hello' do
-    on :id do
-      get do
-        res.json MultiJson.dump(hello: 'world', id: inbox[:id])
-      end
-    end
+app = Class.new(Hanami::API) do
+  get '/hello/:id' do
+    json(hello: 'world', id: params.fetch(:id))
+  end
 
-    get do
-      res.json [MultiJson.dump(hello: 'world')]
-    end
+  get '/hello' do
+    json([{ hello: 'world' }])
+  end
 
-    post do
-      res.status = 201
-      res.json MultiJson.dump(hello: 'world')
-    end
+  post '/hello' do
+    status 201
+    json(hello: 'world')
   end
-end
+end.new
 
-use Committee::Middleware::RequestValidation,
-    schema_path: './apps/openapi.yaml',
-    coerce_date_times: false
+use Committee::Middleware::RequestValidation, schema_path: './apps/openapi.yaml'
 
 run app

data/benchmarks/apps/hanami_api.ru

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'multi_json'
+require 'hanami/api'
+
+app = Class.new(Hanami::API) do
+  get '/hello/:id' do
+    json(hello: 'world', id: params.fetch(:id))
+  end
+
+  get '/hello' do
+    json([{ hello: 'world' }])
+  end
+
+  post '/hello' do
+    status 201
+    json(hello: 'world')
+  end
+end.new
+
+run app

data/benchmarks/apps/hanami_router.ru

@@ -4,7 +4,7 @@ require 'hanami/router'
 require 'multi_json'
 
 app = Hanami::Router.new do
-  get '/hello', to: ->(_env) { [200, {}, [MultiJson.dump(hello: 'world')]] }
+  get '/hello', to: ->(_env) { [200, {}, [MultiJson.dump([{ hello: 'world' }])]] }
   get '/hello/:id', to: lambda { |env|
     [200, {}, [MultiJson.dump(hello: 'world', id: env['router.params'][:id])]]
   }

data/benchmarks/apps/sinatra.ru

@@ -13,7 +13,7 @@ class SinatraExample < Sinatra::Base
 
   get '/hello' do
     content_type :json
-    [MultiJson.dump(hello: 'world')]
+    MultiJson.dump([{ hello: 'world' }])
   end
 
   post '/hello' do

data/benchmarks/apps/syro.ru

@@ -7,17 +7,17 @@ app = Syro.new do
   on 'hello' do
     on :id do
       get do
-        res.json MultiJson.dump(hello: 'world', id: inbox[:id])
+        res.json({ hello: 'world', id: inbox[:id] })
       end
     end
 
     get do
-      res.json [MultiJson.dump(hello: 'world')]
+      res.json([{ hello: 'world' }])
     end
 
     post do
       res.status = 201
-      res.json MultiJson.dump(hello: 'world')
+      res.json({ hello: 'world' })
     end
   end
 end

data/lib/openapi_first/definition.rb

@@ -4,15 +4,11 @@ require_relative 'operation'
 
 module OpenapiFirst
   class Definition
-    attr_reader :filepath
+    attr_reader :filepath, :operations
 
     def initialize(parsed)
       @filepath = parsed.path
-      @spec = parsed
-    end
-
-    def operations
-      @spec.endpoints.map { |e| Operation.new(e) }
+      @operations = parsed.endpoints.map { |e| Operation.new(e) }
     end
   end
 end

data/lib/openapi_first/find_handler.rb

@@ -9,10 +9,8 @@ module OpenapiFirst
       @handlers = spec.operations.each_with_object({}) do |operation, hash|
         operation_id = operation.operation_id
         handler = find_handler(operation_id)
-        if handler.nil?
-          warn "#{self.class.name} cannot not find handler for '#{operation.operation_id}' (#{operation.method} #{operation.path}). This operation will be ignored." # rubocop:disable Layout/LineLength
-          next
-        end
+        next if handler.nil?
+
         hash[operation_id] = handler
       end
     end

data/lib/openapi_first/operation.rb

@@ -2,6 +2,7 @@
 
 require 'forwardable'
 require 'json_schemer'
+require_relative 'schema_validation'
 require_relative 'utils'
 require_relative 'response_object'
 
@@ -14,6 +15,9 @@ module OpenapiFirst
                    :request_body,
                    :operation_id
 
+    WRITE_METHODS = Set.new(%w[post put patch delete]).freeze
+    private_constant :WRITE_METHODS
+
     def initialize(parsed)
       @operation = parsed
     end
@@ -22,12 +26,19 @@ module OpenapiFirst
       @operation.path.path
     end
 
-    def parameters_json_schema
-      @parameters_json_schema ||= build_parameters_json_schema
+    def read?
+      !write?
+    end
+
+    def write?
+      WRITE_METHODS.include?(method)
     end
 
     def parameters_schema
-      @parameters_schema ||= parameters_json_schema && JSONSchemer.schema(parameters_json_schema)
+      @parameters_schema ||= begin
+        parameters_json_schema = build_parameters_json_schema
+        parameters_json_schema && SchemaValidation.new(parameters_json_schema)
+      end
     end
 
     def content_type_for(status)
@@ -41,12 +52,22 @@ module OpenapiFirst
 
       raise ResponseInvalid, "Response has no content-type for '#{name}'" unless content_type
 
-      media_type = content[content_type]
+      media_type = find_content_for_content_type(content, content_type)
       unless media_type
         message = "Response content type not found '#{content_type}' for '#{name}'"
         raise ResponseContentTypeNotFoundError, message
       end
-      media_type['schema']
+      schema = media_type['schema']
+      SchemaValidation.new(schema, write: false) if schema
+    end
+
+    def request_body_schema(request_content_type)
+      content = @operation.request_body.content
+      media_type = find_content_for_content_type(content, request_content_type)
+      schema = media_type&.fetch('schema', nil)
+      return unless schema
+
+      SchemaValidation.new(schema, write: write?)
     end
 
     def response_for(status)
@@ -62,6 +83,13 @@ module OpenapiFirst
 
     private
 
+    def find_content_for_content_type(content, request_content_type)
+      content.fetch(request_content_type) do |_|
+        type = request_content_type.split(';')[0]
+        content[type] || content["#{type.split('/')[0]}/*"] || content['*/*']
+      end
+    end
+
     def build_parameters_json_schema
       return unless @operation.parameters&.any?
 
@@ -71,7 +99,7 @@ module OpenapiFirst
       end
     end
 
-    def generate_schema(schema, params, parameter) # rubocop:disable Metrics/MethodLength
+    def generate_schema(schema, params, parameter)
       required = Set.new(schema['required'])
       params.each do |key, value|
         required << key if parameter.required

data/lib/openapi_first/request_validation.rb

@@ -16,7 +16,7 @@ module OpenapiFirst
       @raise = raise_error
     end
 
-    def call(env) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+    def call(env) # rubocop:disable Metrics/AbcSize
       operation = env[OpenapiFirst::OPERATION]
       return @app.call(env) unless operation
 
@@ -45,17 +45,17 @@ module OpenapiFirst
       validate_request_body_presence!(body, operation)
       return if body.empty?
 
-      schema = request_body_schema(content_type, operation)
+      schema = operation&.request_body_schema(content_type)
       return unless schema
 
       parsed_request_body = parse_request_body!(body)
-      errors = validate_json_schema(schema, parsed_request_body)
+      errors = schema.validate(parsed_request_body)
       halt_with_error(400, serialize_request_body_errors(errors)) if errors.any?
-      env[INBOX].merge! env[REQUEST_BODY] = parsed_request_body
+      env[INBOX].merge! env[REQUEST_BODY] = Utils.deep_symbolize(parsed_request_body)
     end
 
     def parse_request_body!(body)
-      MultiJson.load(body, symbolize_keys: true)
+      MultiJson.load(body)
     rescue MultiJson::ParseError => e
       err = { title: 'Failed to parse body as JSON' }
       err[:detail] = e.cause unless ENV['RACK_ENV'] == 'production'
@@ -74,10 +74,6 @@ module OpenapiFirst
       halt_with_error(415, 'Request body is required')
     end
 
-    def validate_json_schema(schema, object)
-      schema.validate(Utils.deep_stringify(object))
-    end
-
     def default_error(status, title = Rack::Utils::HTTP_STATUS_CODES[status])
       {
         status: status.to_s,
@@ -95,13 +91,6 @@ module OpenapiFirst
       ).finish
     end
 
-    def request_body_schema(content_type, operation)
-      return unless operation
-
-      schema = operation.request_body.content[content_type]&.fetch('schema')
-      JSONSchemer.schema(schema) if schema
-    end
-
     def serialize_request_body_errors(validation_errors)
       validation_errors.map do |error|
         {
@@ -113,14 +102,11 @@ module OpenapiFirst
     end
 
     def validate_query_parameters!(env, operation, params)
-      json_schema = operation.parameters_json_schema
-      return unless json_schema
-
-      params = filtered_params(json_schema, params)
-      errors = validate_json_schema(
-        operation.parameters_schema,
-        params
-      )
+      schema = operation.parameters_schema
+      return unless schema
+
+      params = filtered_params(schema.raw_schema, params)
+      errors = schema.validate(Utils.deep_stringify(params))
       halt_with_error(400, serialize_query_parameter_errors(errors)) if errors.any?
       env[PARAMETERS] = params
       env[INBOX].merge! params
@@ -140,8 +126,9 @@ module OpenapiFirst
 
     def serialize_query_parameter_errors(validation_errors)
       validation_errors.map do |error|
+        pointer = error['data_pointer'][1..].to_s
         {
-          source: { parameter: File.basename(error['data_pointer']) }
+          source: { parameter: pointer }
         }.update(ValidationFormat.error_details(error))
       end
     end
@@ -149,14 +136,27 @@ module OpenapiFirst
     def parse_parameter(value, schema)
       return filtered_params(schema, value) if schema['properties']
 
+      return parse_array_parameter(value, schema) if schema['type'] == 'array'
+
+      parse_simple_value(value, schema)
+    end
+
+    def parse_array_parameter(value, schema)
+      array = value.is_a?(Array) ? value : value.split(',')
+      return array unless schema['items']
+
+      array.map! { |e| parse_simple_value(e, schema['items']) }
+    end
+
+    def parse_simple_value(value, schema)
+      return to_boolean(value) if schema['type'] == 'boolean'
+
       begin
         return Integer(value, 10) if schema['type'] == 'integer'
         return Float(value) if schema['type'] == 'number'
       rescue ArgumentError
         value
       end
-      return to_boolean(value) if schema['type'] == 'boolean'
-
       value
     end
 

data/lib/openapi_first/response_validation.rb

@@ -41,7 +41,8 @@ module OpenapiFirst
       full_body = +''
       response.each { |chunk| full_body << chunk }
       data = full_body.empty? ? {} : load_json(full_body)
-      errors = JSONSchemer.schema(schema).validate(data).to_a.map do |error|
+      errors = schema.validate(data)
+      errors = errors.to_a.map! do |error|
         error_message_for(error)
       end
       raise ResponseBodyInvalidError, errors.join(', ') if errors.any?

data/lib/openapi_first/router.rb

@@ -10,11 +10,13 @@ module OpenapiFirst
       app,
       spec:,
       raise_error: false,
+      not_found: :halt,
       parent_app: nil
     )
       @app = app
       @parent_app = parent_app
       @raise = raise_error
+      @not_found = not_found
       @filepath = spec.filepath
       @router = build_router(spec.operations)
     end
@@ -23,9 +25,11 @@ module OpenapiFirst
       env[OPERATION] = nil
       response = call_router(env)
       if env[OPERATION].nil?
-        return @parent_app.call(env) if @parent_app # This should only happen if used via OpenapiFirst.middlware
+        return @parent_app.call(env) if @parent_app # This should only happen if used via OpenapiFirst.middleware
 
         raise_error(env) if @raise
+
+        return @app.call(env) if @not_found == :continue
       end
       response
     end
@@ -49,13 +53,12 @@ module OpenapiFirst
       env[Rack::PATH_INFO] = env.delete(ORIGINAL_PATH) if env[ORIGINAL_PATH]
     end
 
-    def build_router(operations) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+    def build_router(operations) # rubocop:disable Metrics/AbcSize
       router = Hanami::Router.new {}
       operations.each do |operation|
         normalized_path = operation.path.gsub('{', ':').gsub('}', '')
         if operation.operation_id.nil?
           warn "operationId is missing in '#{operation.method} #{operation.path}'. I am ignoring this operation."
-          next
         end
         router.public_send(
           operation.method,

data/lib/openapi_first/schema_validation.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'json_schemer'
+
+module OpenapiFirst
+  class SchemaValidation
+    attr_reader :raw_schema
+
+    def initialize(schema, write: true)
+      @raw_schema = schema
+      custom_keywords = {}
+      custom_keywords['writeOnly'] = proc { |data| !data } unless write
+      custom_keywords['readOnly'] = proc { |data| !data } if write
+      @schemer = JSONSchemer.schema(
+        schema,
+        keywords: custom_keywords,
+        before_property_validation: proc do |data, property, property_schema, parent|
+          convert_nullable(data, property, property_schema, parent)
+        end
+      )
+    end
+
+    def validate(input)
+      @schemer.validate(input)
+    end
+
+    private
+
+    def convert_nullable(_data, _property, property_schema, _parent)
+      return unless property_schema.is_a?(Hash) && property_schema['nullable'] && property_schema['type']
+
+      property_schema['type'] = [*property_schema['type'], 'null']
+      property_schema.delete('nullable')
+    end
+  end
+end

data/lib/openapi_first/utils.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'hanami/utils/string'
+require 'hanami/utils/hash'
 require 'deep_merge/core'
 
 module OpenapiFirst
@@ -17,20 +18,12 @@ module OpenapiFirst
       Hanami::Utils::String.classify(string)
     end
 
-    def self.deep_stringify(params) # rubocop:disable Metrics/MethodLength
-      params.each_with_object({}) do |(key, value), output|
-        output[key.to_s] =
-          case value
-          when ::Hash
-            deep_stringify(value)
-          when Array
-            value.map do |item|
-              item.is_a?(::Hash) ? deep_stringify(item) : item
-            end
-          else
-            value
-          end
-      end
+    def self.deep_symbolize(hash)
+      Hanami::Utils::Hash.deep_symbolize(hash)
+    end
+
+    def self.deep_stringify(hash)
+      Hanami::Utils::Hash.deep_stringify(hash)
     end
   end
 end

data/lib/openapi_first/validation_format.rb

@@ -6,17 +6,32 @@ module OpenapiFirst
 
     # rubocop:disable Metrics/MethodLength
     # rubocop:disable Metrics/AbcSize
+    # rubocop:disable Metrics/CyclomaticComplexity
+    # rubocop:disable Metrics/PerceivedComplexity
     def self.error_details(error)
       if error['type'] == 'pattern'
         {
           title: 'is not valid',
           detail: "does not match pattern '#{error['schema']['pattern']}'"
         }
+      elsif error['type'] == 'format'
+        {
+          title: "has not a valid #{error.dig('schema', 'format')} format",
+          detail: "#{error['data'].inspect} is not a valid #{error.dig('schema', 'format')} format"
+        }
       elsif error['type'] == 'required'
         missing_keys = error['details']['missing_keys']
         {
           title: "is missing required properties: #{missing_keys.join(', ')}"
         }
+      elsif error['type'] == 'readOnly'
+        {
+          title: 'appears in request, but is read-only'
+        }
+      elsif error['type'] == 'writeOnly'
+        {
+          title: 'write-only field appears in response:'
+        }
       elsif SIMPLE_TYPES.include?(error['type'])
         {
           title: "should be a #{error['type']}"
@@ -29,5 +44,7 @@ module OpenapiFirst
     end
     # rubocop:enable Metrics/MethodLength
     # rubocop:enable Metrics/AbcSize
+    # rubocop:enable Metrics/CyclomaticComplexity
+    # rubocop:enable Metrics/PerceivedComplexity
   end
 end

data/lib/openapi_first/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiFirst
-  VERSION = '0.12.3'
+  VERSION = '0.13.3'
 end

data/openapi_first.gemspec

@@ -32,10 +32,12 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.require_paths = ['lib']
 
+  spec.required_ruby_version = '>= 2.6.0'
+
   spec.add_runtime_dependency 'deep_merge', '>= 1.2.1'
   spec.add_runtime_dependency 'hanami-router', '~> 2.0.alpha3'
   spec.add_runtime_dependency 'hanami-utils', '~> 2.0.alpha1'
-  spec.add_runtime_dependency 'json_schemer', '~> 0.2'
+  spec.add_runtime_dependency 'json_schemer', '~> 0.2.16'
   spec.add_runtime_dependency 'multi_json', '~> 1.14'
   spec.add_runtime_dependency 'oas_parser', '~> 0.25.1'
   spec.add_runtime_dependency 'rack', '~> 2.2'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openapi_first
 version: !ruby/object:Gem::Version
-  version: 0.12.3
+  version: 0.13.3
 platform: ruby
 authors:
 - Andreas Haller
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-07-10 00:00:00.000000000 Z
+date: 2020-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deep_merge
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: 0.2.16
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: 0.2.16
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -164,7 +164,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3'
-description: 
+description:
 email:
 - andreas.haller@posteo.de
 executables: []
@@ -187,6 +187,7 @@ files:
 - benchmarks/Gemfile.lock
 - benchmarks/apps/committee.ru
 - benchmarks/apps/grape.ru
+- benchmarks/apps/hanami_api.ru
 - benchmarks/apps/hanami_router.ru
 - benchmarks/apps/openapi.yaml
 - benchmarks/apps/openapi_first.ru
@@ -213,6 +214,7 @@ files:
 - lib/openapi_first/response_validator.rb
 - lib/openapi_first/router.rb
 - lib/openapi_first/router_required.rb
+- lib/openapi_first/schema_validation.rb
 - lib/openapi_first/utils.rb
 - lib/openapi_first/validation.rb
 - lib/openapi_first/validation_format.rb
@@ -225,7 +227,7 @@ metadata:
   https://github.com/ahx/openapi_first: https://github.com/ahx/openapi_first
   source_code_uri: https://github.com/ahx/openapi_first
   changelog_uri: https://github.com/ahx/openapi_first/blob/master/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -233,7 +235,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -241,7 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.2
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Implement REST APIs based on OpenApi.
 test_files: []