openapi_first 0.13.0 → 0.14.1

data/benchmarks/apps/syro.ru

@@ -7,17 +7,17 @@ app = Syro.new do
   on 'hello' do
     on :id do
       get do
-        res.json MultiJson.dump(hello: 'world', id: inbox[:id])
+        res.json({ hello: 'world', id: inbox[:id] })
       end
     end
 
     get do
-      res.json [MultiJson.dump(hello: 'world')]
+      res.json([{ hello: 'world' }])
     end
 
     post do
       res.status = 201
-      res.json MultiJson.dump(hello: 'world')
+      res.json({ hello: 'world' })
     end
   end
 end

data/benchmarks/benchmarks.rb

@@ -19,28 +19,25 @@ apps = Dir['./apps/*.ru'].each_with_object({}) do |config, hash|
 end
 apps.freeze
 
+bench = lambda do |app|
+  examples.each do |example|
+    env, expected_status = example
+    100.times { app.call(env) }
+    response = app.call(env)
+    raise unless response[0] == expected_status
+  end
+end
+
 Benchmark.ips do |x|
   apps.each do |config, app|
-    x.report(config) do
-      examples.each do |example|
-        env, expected_status = example
-        response = app.call(env)
-        raise unless response[0] == expected_status
-      end
-    end
+    x.report(config) { bench.call(app) }
   end
   x.compare!
 end
 
 Benchmark.memory do |x|
   apps.each do |config, app|
-    x.report(config) do
-      examples.each do |example|
-        env, expected_status = example
-        response = app.call(env)
-        raise unless response[0] == expected_status
-      end
-    end
+    x.report(config) { bench.call(app) }
   end
   x.compare!
 end

data/lib/openapi_first/app.rb

@@ -11,17 +11,15 @@ module OpenapiFirst
       namespace:,
       router_raise_error: false,
       request_validation_raise_error: false,
-      response_validation: false
+      response_validation: false,
+      resolver: nil
     )
       @stack = Rack::Builder.app do
         freeze_app
         use OpenapiFirst::Router, spec: spec, raise_error: router_raise_error, parent_app: parent_app
         use OpenapiFirst::RequestValidation, raise_error: request_validation_raise_error
         use OpenapiFirst::ResponseValidation if response_validation
-        run OpenapiFirst::Responder.new(
-          spec: spec,
-          namespace: namespace
-        )
+        run OpenapiFirst::Responder.new(namespace: namespace, resolver: resolver)
       end
     end
 

data/lib/openapi_first/{find_handler.rb → default_operation_resolver.rb}

@@ -3,20 +3,14 @@
 require_relative 'utils'
 
 module OpenapiFirst
-  class FindHandler
-    def initialize(spec, namespace)
+  class DefaultOperationResolver
+    def initialize(namespace)
       @namespace = namespace
-      @handlers = spec.operations.each_with_object({}) do |operation, hash|
-        operation_id = operation.operation_id
-        handler = find_handler(operation_id)
-        next if handler.nil?
-
-        hash[operation_id] = handler
-      end
+      @handlers = {}
     end
 
-    def [](operation_id)
-      @handlers[operation_id]
+    def call(operation)
+      @handlers[operation.name] ||= find_handler(operation['x-handler'] || operation['operationId'])
     end
 
     def find_handler(operation_id)

data/lib/openapi_first/definition.rb

@@ -4,15 +4,16 @@ require_relative 'operation'
 
 module OpenapiFirst
   class Definition
-    attr_reader :filepath
+    attr_reader :filepath, :operations
 
-    def initialize(parsed)
-      @filepath = parsed.path
-      @spec = parsed
-    end
-
-    def operations
-      @spec.endpoints.map { |e| Operation.new(e) }
+    def initialize(resolved, filepath)
+      @filepath = filepath
+      methods = %w[get head post put patch delete trace options]
+      @operations = resolved['paths'].flat_map do |path, path_item|
+        path_item.slice(*methods).map do |request_method, _operation_object|
+          Operation.new(path, request_method, path_item)
+        end
+      end
     end
   end
 end

data/lib/openapi_first/operation.rb

@@ -2,32 +2,49 @@
 
 require 'forwardable'
 require 'json_schemer'
+require_relative 'schema_validation'
 require_relative 'utils'
 require_relative 'response_object'
 
 module OpenapiFirst
-  class Operation
+  class Operation # rubocop:disable Metrics/ClassLength
     extend Forwardable
-    def_delegators :@operation,
-                   :parameters,
-                   :method,
-                   :request_body,
-                   :operation_id
+    def_delegators :operation_object,
+                   :[],
+                   :dig
 
-    def initialize(parsed)
-      @operation = parsed
+    WRITE_METHODS = Set.new(%w[post put patch delete]).freeze
+    private_constant :WRITE_METHODS
+
+    attr_reader :path, :method
+
+    def initialize(path, request_method, path_item_object)
+      @path = path
+      @method = request_method
+      @path_item_object = path_item_object
+    end
+
+    def operation_id
+      operation_object['operationId']
     end
 
-    def path
-      @operation.path.path
+    def read?
+      !write?
     end
 
-    def parameters_json_schema
-      @parameters_json_schema ||= build_parameters_json_schema
+    def write?
+      WRITE_METHODS.include?(method)
+    end
+
+    def request_body
+      operation_object['requestBody']
     end
 
     def parameters_schema
-      @parameters_schema ||= parameters_json_schema && JSONSchemer.schema(parameters_json_schema)
+      @parameters_schema ||= begin
+        parameters_json_schema = build_parameters_json_schema
+        parameters_json_schema && SchemaValidation.new(parameters_json_schema)
+      end
     end
 
     def content_type_for(status)
@@ -42,22 +59,28 @@ module OpenapiFirst
       raise ResponseInvalid, "Response has no content-type for '#{name}'" unless content_type
 
       media_type = find_content_for_content_type(content, content_type)
+
       unless media_type
         message = "Response content type not found '#{content_type}' for '#{name}'"
         raise ResponseContentTypeNotFoundError, message
       end
-      media_type['schema']
+      schema = media_type['schema']
+      SchemaValidation.new(schema, write: false) if schema
     end
 
-    def request_body_schema_for(request_content_type)
-      content = @operation.request_body.content
+    def request_body_schema(request_content_type)
+      content = operation_object.dig('requestBody', 'content')
       media_type = find_content_for_content_type(content, request_content_type)
-      media_type&.fetch('schema', nil)
+      schema = media_type&.fetch('schema', nil)
+      return unless schema
+
+      SchemaValidation.new(schema, write: write?)
     end
 
     def response_for(status)
-      @operation.response_by_code(status.to_s, use_default: true).raw
-    rescue OasParser::ResponseCodeNotFound
+      response_content = response_by_code(status)
+      return response_content if response_content
+
       message = "Response status code or default not found: #{status} for '#{name}'"
       raise OpenapiFirst::ResponseCodeNotFoundError, message
     end
@@ -68,6 +91,15 @@ module OpenapiFirst
 
     private
 
+    def response_by_code(status)
+      operation_object.dig('responses', status.to_s) ||
+        operation_object.dig('responses', 'default')
+    end
+
+    def operation_object
+      @path_item_object[method]
+    end
+
     def find_content_for_content_type(content, request_content_type)
       content.fetch(request_content_type) do |_|
         type = request_content_type.split(';')[0]
@@ -76,24 +108,32 @@ module OpenapiFirst
     end
 
     def build_parameters_json_schema
-      return unless @operation.parameters&.any?
+      parameters = all_parameters
+      return unless parameters&.any?
 
-      @operation.parameters.each_with_object(new_node) do |parameter, schema|
-        params = Rack::Utils.parse_nested_query(parameter.name)
+      parameters.each_with_object(new_node) do |parameter, schema|
+        params = Rack::Utils.parse_nested_query(parameter['name'])
         generate_schema(schema, params, parameter)
       end
     end
 
-    def generate_schema(schema, params, parameter) # rubocop:disable Metrics/MethodLength
+    def all_parameters
+      parameters = @path_item_object['parameters']&.dup || []
+      parameters_on_operation = operation_object['parameters']
+      parameters.concat(parameters_on_operation) if parameters_on_operation
+      parameters
+    end
+
+    def generate_schema(schema, params, parameter)
       required = Set.new(schema['required'])
       params.each do |key, value|
-        required << key if parameter.required
+        required << key if parameter['required']
         if value.is_a? Hash
           property_schema = new_node
           generate_schema(property_schema, value, parameter)
           Utils.deep_merge!(schema['properties'], { key => property_schema })
         else
-          schema['properties'][key] = parameter.schema
+          schema['properties'][key] = parameter['schema']
         end
       end
       schema['required'] = required.to_a

data/lib/openapi_first/request_validation.rb

@@ -16,7 +16,7 @@ module OpenapiFirst
       @raise = raise_error
     end
 
-    def call(env) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+    def call(env) # rubocop:disable Metrics/AbcSize
       operation = env[OpenapiFirst::OPERATION]
       return @app.call(env) unless operation
 
@@ -45,17 +45,17 @@ module OpenapiFirst
       validate_request_body_presence!(body, operation)
       return if body.empty?
 
-      schema = request_body_schema(content_type, operation)
+      schema = operation&.request_body_schema(content_type)
       return unless schema
 
       parsed_request_body = parse_request_body!(body)
-      errors = validate_json_schema(schema, parsed_request_body)
+      errors = schema.validate(parsed_request_body)
       halt_with_error(400, serialize_request_body_errors(errors)) if errors.any?
-      env[INBOX].merge! env[REQUEST_BODY] = parsed_request_body
+      env[INBOX].merge! env[REQUEST_BODY] = Utils.deep_symbolize(parsed_request_body)
     end
 
     def parse_request_body!(body)
-      MultiJson.load(body, symbolize_keys: true)
+      MultiJson.load(body)
     rescue MultiJson::ParseError => e
       err = { title: 'Failed to parse body as JSON' }
       err[:detail] = e.cause unless ENV['RACK_ENV'] == 'production'
@@ -63,21 +63,17 @@ module OpenapiFirst
     end
 
     def validate_request_content_type!(content_type, operation)
-      return if operation.request_body.content[content_type]
+      return if operation.request_body.dig('content', content_type)
 
       halt_with_error(415)
     end
 
     def validate_request_body_presence!(body, operation)
-      return unless operation.request_body.required && body.empty?
+      return unless operation.request_body['required'] && body.empty?
 
       halt_with_error(415, 'Request body is required')
     end
 
-    def validate_json_schema(schema, object)
-      schema.validate(Utils.deep_stringify(object))
-    end
-
     def default_error(status, title = Rack::Utils::HTTP_STATUS_CODES[status])
       {
         status: status.to_s,
@@ -95,14 +91,6 @@ module OpenapiFirst
       ).finish
     end
 
-    def request_body_schema(content_type, operation)
-      return unless operation
-
-      schema = operation.request_body_schema_for(content_type)
-
-      JSONSchemer.schema(schema) if schema
-    end
-
     def serialize_request_body_errors(validation_errors)
       validation_errors.map do |error|
         {
@@ -114,14 +102,11 @@ module OpenapiFirst
     end
 
     def validate_query_parameters!(env, operation, params)
-      json_schema = operation.parameters_json_schema
-      return unless json_schema
-
-      params = filtered_params(json_schema, params)
-      errors = validate_json_schema(
-        operation.parameters_schema,
-        params
-      )
+      schema = operation.parameters_schema
+      return unless schema
+
+      params = filtered_params(schema.raw_schema, params)
+      errors = schema.validate(Utils.deep_stringify(params))
       halt_with_error(400, serialize_query_parameter_errors(errors)) if errors.any?
       env[PARAMETERS] = params
       env[INBOX].merge! params
@@ -141,8 +126,9 @@ module OpenapiFirst
 
     def serialize_query_parameter_errors(validation_errors)
       validation_errors.map do |error|
+        pointer = error['data_pointer'][1..].to_s
         {
-          source: { parameter: File.basename(error['data_pointer']) }
+          source: { parameter: pointer }
         }.update(ValidationFormat.error_details(error))
       end
     end

data/lib/openapi_first/responder.rb

@@ -2,12 +2,12 @@
 
 require 'rack'
 require_relative 'inbox'
-require_relative 'find_handler'
+require_relative 'default_operation_resolver'
 
 module OpenapiFirst
   class Responder
-    def initialize(spec:, namespace:, resolver: FindHandler.new(spec, namespace))
-      @resolver = resolver
+    def initialize(namespace: nil, resolver: nil)
+      @resolver = resolver || DefaultOperationResolver.new(namespace)
       @namespace = namespace
     end
 
@@ -24,7 +24,7 @@ module OpenapiFirst
     private
 
     def find_handler(operation)
-      handler = @resolver[operation.operation_id]
+      handler = @resolver.call(operation)
       raise NotImplementedError, "Could not find handler for #{operation.name}" unless handler
 
       handler

data/lib/openapi_first/response_validation.rb

@@ -41,7 +41,8 @@ module OpenapiFirst
       full_body = +''
       response.each { |chunk| full_body << chunk }
       data = full_body.empty? ? {} : load_json(full_body)
-      errors = JSONSchemer.schema(schema).validate(data).to_a.map do |error|
+      errors = schema.validate(data)
+      errors = errors.to_a.map! do |error|
         error_message_for(error)
       end
       raise ResponseBodyInvalidError, errors.join(', ') if errors.any?

data/lib/openapi_first/router.rb

@@ -40,7 +40,10 @@ module OpenapiFirst
 
     def raise_error(env)
       req = Rack::Request.new(env)
-      msg = "Could not find definition for #{req.request_method} '#{req.path}' in API description #{@filepath}"
+      msg =
+        "Could not find definition for #{req.request_method} '#{
+          req.path
+        }' in API description #{@filepath}"
       raise NotFoundError, msg
     end
 
@@ -53,13 +56,12 @@ module OpenapiFirst
       env[Rack::PATH_INFO] = env.delete(ORIGINAL_PATH) if env[ORIGINAL_PATH]
     end
 
-    def build_router(operations) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-      router = Hanami::Router.new {}
+    def build_router(operations) # rubocop:disable Metrics/AbcSize
+      router = Hanami::Router.new
       operations.each do |operation|
         normalized_path = operation.path.gsub('{', ':').gsub('}', '')
         if operation.operation_id.nil?
           warn "operationId is missing in '#{operation.method} #{operation.path}'. I am ignoring this operation."
-          next
         end
         router.public_send(
           operation.method,

data/lib/openapi_first/schema_validation.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'json_schemer'
+
+module OpenapiFirst
+  class SchemaValidation
+    attr_reader :raw_schema
+
+    def initialize(schema, write: true)
+      @raw_schema = schema
+      custom_keywords = {}
+      custom_keywords['writeOnly'] = proc { |data| !data } unless write
+      custom_keywords['readOnly'] = proc { |data| !data } if write
+      @schemer = JSONSchemer.schema(
+        schema,
+        keywords: custom_keywords,
+        before_property_validation: proc do |data, property, property_schema, parent|
+          convert_nullable(data, property, property_schema, parent)
+        end
+      )
+    end
+
+    def validate(input)
+      @schemer.validate(input)
+    end
+
+    private
+
+    def convert_nullable(_data, _property, property_schema, _parent)
+      return unless property_schema.is_a?(Hash) && property_schema['nullable'] && property_schema['type']
+
+      property_schema['type'] = [*property_schema['type'], 'null']
+      property_schema.delete('nullable')
+    end
+  end
+end

data/lib/openapi_first/utils.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'hanami/utils/string'
+require 'hanami/utils/hash'
 require 'deep_merge/core'
 
 module OpenapiFirst
@@ -17,20 +18,12 @@ module OpenapiFirst
       Hanami::Utils::String.classify(string)
     end
 
-    def self.deep_stringify(params) # rubocop:disable Metrics/MethodLength
-      params.each_with_object({}) do |(key, value), output|
-        output[key.to_s] =
-          case value
-          when ::Hash
-            deep_stringify(value)
-          when Array
-            value.map do |item|
-              item.is_a?(::Hash) ? deep_stringify(item) : item
-            end
-          else
-            value
-          end
-      end
+    def self.deep_symbolize(hash)
+      Hanami::Utils::Hash.deep_symbolize(hash)
+    end
+
+    def self.deep_stringify(hash)
+      Hanami::Utils::Hash.deep_stringify(hash)
     end
   end
 end

data/lib/openapi_first/validation_format.rb

@@ -6,17 +6,37 @@ module OpenapiFirst
 
     # rubocop:disable Metrics/MethodLength
     # rubocop:disable Metrics/AbcSize
+    # rubocop:disable Metrics/CyclomaticComplexity
+    # rubocop:disable Metrics/PerceivedComplexity
     def self.error_details(error)
       if error['type'] == 'pattern'
         {
           title: 'is not valid',
           detail: "does not match pattern '#{error['schema']['pattern']}'"
         }
+      elsif error['type'] == 'format'
+        {
+          title: "has not a valid #{error.dig('schema', 'format')} format",
+          detail: "#{error['data'].inspect} is not a valid #{error.dig('schema', 'format')} format"
+        }
+      elsif error['type'] == 'enum'
+        {
+          title: "value #{error['data'].inspect} is not defined in enum",
+          detail: "value can be one of #{error.dig('schema', 'enum')&.join(', ')}"
+        }
       elsif error['type'] == 'required'
         missing_keys = error['details']['missing_keys']
         {
           title: "is missing required properties: #{missing_keys.join(', ')}"
         }
+      elsif error['type'] == 'readOnly'
+        {
+          title: 'appears in request, but is read-only'
+        }
+      elsif error['type'] == 'writeOnly'
+        {
+          title: 'write-only field appears in response:'
+        }
       elsif SIMPLE_TYPES.include?(error['type'])
         {
           title: "should be a #{error['type']}"
@@ -29,5 +49,7 @@ module OpenapiFirst
     end
     # rubocop:enable Metrics/MethodLength
     # rubocop:enable Metrics/AbcSize
+    # rubocop:enable Metrics/CyclomaticComplexity
+    # rubocop:enable Metrics/PerceivedComplexity
   end
 end

data/lib/openapi_first/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiFirst
-  VERSION = '0.13.0'
+  VERSION = '0.14.1'
 end

data/lib/openapi_first.rb

@@ -25,10 +25,9 @@ module OpenapiFirst
 
   def self.load(spec_path, only: nil)
     content = YAML.load_file(spec_path)
-    raw = OasParser::Parser.new(spec_path, content).resolve
-    raw['paths'].filter!(&->(key, _) { only.call(key) }) if only
-    parsed = OasParser::Definition.new(raw, spec_path)
-    Definition.new(parsed)
+    resolved = OasParser::Parser.new(spec_path, content).resolve
+    resolved['paths'].filter!(&->(key, _) { only.call(key) }) if only
+    Definition.new(resolved, spec_path)
   end
 
   def self.app(
@@ -78,11 +77,17 @@ module OpenapiFirst
   end
 
   class Error < StandardError; end
+
   class NotFoundError < Error; end
+
   class NotImplementedError < RuntimeError; end
+
   class ResponseInvalid < Error; end
+
   class ResponseCodeNotFoundError < ResponseInvalid; end
+
   class ResponseContentTypeNotFoundError < ResponseInvalid; end
+
   class ResponseBodyInvalidError < ResponseInvalid; end
 
   class RequestInvalidError < Error

data/openapi_first.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
     spec.metadata['changelog_uri'] = 'https://github.com/ahx/openapi_first/blob/master/CHANGELOG.md'
   else
     raise 'RubyGems 2.0 or newer is required to protect against ' \
-      'public gem pushes.'
+          'public gem pushes.'
   end
 
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
@@ -32,10 +32,12 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.require_paths = ['lib']
 
+  spec.required_ruby_version = '>= 2.6.0'
+
   spec.add_runtime_dependency 'deep_merge', '>= 1.2.1'
   spec.add_runtime_dependency 'hanami-router', '~> 2.0.alpha3'
   spec.add_runtime_dependency 'hanami-utils', '~> 2.0.alpha1'
-  spec.add_runtime_dependency 'json_schemer', '~> 0.2'
+  spec.add_runtime_dependency 'json_schemer', '~> 0.2.16'
   spec.add_runtime_dependency 'multi_json', '~> 1.14'
   spec.add_runtime_dependency 'oas_parser', '~> 0.25.1'
   spec.add_runtime_dependency 'rack', '~> 2.2'