openapi_first 0.19.0 → 0.21.0

data/benchmarks/apps/openapi.yaml

@@ -73,6 +73,16 @@ paths:
       operationId: create_thing
       description: Create a thing
       tags: ["Metadata"]
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              required:
+                - say
+              properties:
+                say:
+                  type: string
       responses:
         "201":
           description: OK
@@ -84,3 +94,175 @@ paths:
                 properties:
                   hello:
                     type: string
+  /pets:
+    get:
+      description: |
+        Returns all pets from the system that the user has access to
+        Nam sed condimentum est. Maecenas tempor sagittis sapien, nec rhoncus sem sagittis sit amet. Aenean at gravida augue, ac iaculis sem. Curabitur odio lorem, ornare eget elementum nec, cursus id lectus. Duis mi turpis, pulvinar ac eros ac, tincidunt varius justo. In hac habitasse platea dictumst. Integer at adipiscing ante, a sagittis ligula. Aenean pharetra tempor ante molestie imperdiet. Vivamus id aliquam diam. Cras quis velit non tortor eleifend sagittis. Praesent at enim pharetra urna volutpat venenatis eget eget mauris. In eleifend fermentum facilisis. Praesent enim enim, gravida ac sodales sed, placerat id erat. Suspendisse lacus dolor, consectetur non augue vel, vehicula interdum libero. Morbi euismod sagittis libero sed lacinia.
+
+        Sed tempus felis lobortis leo pulvinar rutrum. Nam mattis velit nisl, eu condimentum ligula luctus nec. Phasellus semper velit eget aliquet faucibus. In a mattis elit. Phasellus vel urna viverra, condimentum lorem id, rhoncus nibh. Ut pellentesque posuere elementum. Sed a varius odio. Morbi rhoncus ligula libero, vel eleifend nunc tristique vitae. Fusce et sem dui. Aenean nec scelerisque tortor. Fusce malesuada accumsan magna vel tempus. Quisque mollis felis eu dolor tristique, sit amet auctor felis gravida. Sed libero lorem, molestie sed nisl in, accumsan tempor nisi. Fusce sollicitudin massa ut lacinia mattis. Sed vel eleifend lorem. Pellentesque vitae felis pretium, pulvinar elit eu, euismod sapien.
+      operationId: find_pets
+      parameters:
+        - name: tags
+          in: query
+          description: tags to filter by
+          required: false
+          style: form
+          schema:
+            type: array
+            items:
+              type: string
+        - name: limit
+          in: query
+          description: maximum number of results to return
+          required: false
+          schema:
+            type: integer
+            format: int32
+      responses:
+        '200':
+          description: pet response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Pet'
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+    post:
+      description: Creates a new pet in the store.  Duplicates are allowed
+      operationId: create_pet
+      requestBody:
+        description: Pet to add to the store
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/NewPet'
+      responses:
+        '200':
+          description: pet response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Pet'
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+  /pets/{id}:
+    parameters:
+      - name: id
+        in: path
+        description: ID of pet to fetch
+        required: true
+        schema:
+          type: integer
+          format: int64
+    get:
+      description: Returns a user based on a single ID, if the user does not have access to the pet
+      operationId: find_pet
+      responses:
+        '200':
+          description: pet response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Pet'
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+    delete:
+      description: deletes a single pet based on the ID supplied
+      operationId: delete_pet
+      parameters:
+        - name: id
+          in: path
+          description: ID of pet to delete
+          required: true
+          schema:
+            type: integer
+            format: int64
+      responses:
+        '204':
+          description: pet deleted
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+    patch:
+      description: Updates a pet
+      operationId: update_pet
+      requestBody:
+        description: Changes
+        required: false
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/NewPet'
+      responses:
+        '200':
+          description: pet response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Pet'
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+
+components:
+  schemas:
+    Pet:
+      allOf:
+        - $ref: '#/components/schemas/NewPet'
+        - required:
+          - id
+          properties:
+            id:
+              type: integer
+              format: int64
+
+    NewPet:
+      required:
+        - type
+        - attributes
+      properties:
+        type:
+          type: string
+          enum:
+            - pet
+            - plant
+        attributes:
+          additionalProperties: false
+          type: object
+          required: [name]
+          properties:
+            name:
+              type: string
+
+    Error:
+      required:
+        - code
+        - message
+      properties:
+        code:
+          type: integer
+          format: int32
+        message:
+          type: string

data/benchmarks/apps/openapi_first_with_hanami_api.ru

@@ -19,8 +19,7 @@ app = Class.new(Hanami::API) do
   end
 end.new
 
-oas_path = File.absolute_path('./openapi.yaml', __dir__)
-use OpenapiFirst::Router, spec: OpenapiFirst.load(oas_path)
+use OpenapiFirst::Router, spec: File.absolute_path('./openapi.yaml', __dir__)
 use OpenapiFirst::RequestValidation
 
 run app

data/benchmarks/benchmark-wrk.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+wrk -t12 -c400 -d10s --latency -s post.lua http://localhost:9292/hello

data/benchmarks/benchmarks.rb

@@ -3,18 +3,23 @@
 require 'benchmark/ips'
 require 'benchmark/memory'
 require 'rack'
+require 'json'
 ENV['RACK_ENV'] = 'production'
 
 examples = [
   [Rack::MockRequest.env_for('/hello'), 200],
   [Rack::MockRequest.env_for('/unknown'), 404],
-  [Rack::MockRequest.env_for('/hello', method: 'POST'), 201],
+  [
+    Rack::MockRequest.env_for('/hello', method: 'POST', input: JSON.dump({ say: 'hi!' }),
+                                        'CONTENT_TYPE' => 'application/json'), 201
+  ],
   [Rack::MockRequest.env_for('/hello/1'), 200],
   [Rack::MockRequest.env_for('/hello/123'), 200],
   [Rack::MockRequest.env_for('/hello?filter[id]=1,2'), 200]
 ]
 
-apps = Dir['./apps/*.ru'].each_with_object({}) do |config, hash|
+glob = ARGV[0] || './apps/*.ru'
+apps = Dir[glob].each_with_object({}) do |config, hash|
   hash[config] = Rack::Builder.parse_file(config).first
 end
 apps.freeze
@@ -24,7 +29,7 @@ bench = lambda do |app|
     env, expected_status = example
     100.times { app.call(env) }
     response = app.call(env)
-    raise unless response[0] == expected_status
+    raise "expected status #{expected_status}, but was #{response[0]}" unless response[0] == expected_status
   end
 end
 

data/benchmarks/post.lua

@@ -0,0 +1,3 @@
+wrk.method = "POST"
+wrk.body   = "{\"say\":\"hi!\"}"
+wrk.headers["Content-Type"] = "application/json"

data/lib/openapi_first/body_parser_middleware.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'multi_json'
+
+module OpenapiFirst
+  class BodyParserMiddleware
+    def initialize(app, options = {})
+      @app = app
+      @raise = options.fetch(:raise_error, false)
+    end
+
+    RACK_INPUT = 'rack.input'
+    ROUTER_PARSED_BODY = 'router.parsed_body'
+
+    def call(env)
+      env[ROUTER_PARSED_BODY] = parse_body(env)
+      @app.call(env)
+    rescue BodyParsingError => e
+      raise if @raise
+
+      err = { title: "Failed to parse body as #{env['CONTENT_TYPE']}", status: '400' }
+      err[:detail] = e.cause unless ENV['RACK_ENV'] == 'production'
+      errors = [err]
+
+      Rack::Response.new(
+        MultiJson.dump(errors: errors),
+        400,
+        Rack::CONTENT_TYPE => 'application/vnd.api+json'
+      ).finish
+    end
+
+    private
+
+    def parse_body(env)
+      request = Rack::Request.new(env)
+      body = read_body(request)
+      return if body.empty?
+
+      return MultiJson.load(body) if request.media_type =~ (/json/i) && (request.media_type =~ /json/i)
+      return request.POST if request.form_data?
+
+      body
+    rescue MultiJson::ParseError => e
+      raise BodyParsingError, e
+    end
+
+    def read_body(request)
+      body = request.body.read
+      request.body.rewind
+      body
+    end
+  end
+end

data/lib/openapi_first/default_operation_resolver.rb

@@ -10,11 +10,14 @@ module OpenapiFirst
     end
 
     def call(operation)
-      @handlers[operation.name] ||= find_handler(operation['x-handler'] || operation['operationId'])
+      @handlers[operation.name] ||= begin
+        id = handler_id(operation)
+        find_handler(id) if id
+      end
     end
 
-    def find_handler(operation_id)
-      name = operation_id.match(/:*(.*)/)&.to_a&.at(1)
+    def find_handler(id)
+      name = id.match(/:*(.*)/)&.to_a&.at(1)
       return if name.nil?
 
       catch :halt do
@@ -27,6 +30,16 @@ module OpenapiFirst
       @namespace.method(method_name)
     end
 
+    def handler_id(operation)
+      id = operation['x-handler'] || operation['operationId']
+      if id.nil?
+        raise HandlerNotFoundError,
+              "operationId or x-handler is missing in '#{operation.method} #{operation.path}' so I cannot find a handler for this operation." # rubocop:disable Layout/LineLength
+      end
+
+      id
+    end
+
     def find_class_method_handler(name)
       module_name, method_name = name.split('.')
       klass = find_const(@namespace, module_name)

data/lib/openapi_first/errors.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class Error < StandardError; end
+
+  class NotFoundError < Error; end
+
+  class HandlerNotFoundError < Error; end
+
+  class NotImplementedError < Error
+    def initialize(message)
+      warn 'NotImplementedError is deprecated. Handle HandlerNotFoundError instead'
+      super
+    end
+  end
+
+  class ResponseInvalid < Error; end
+
+  class ResponseCodeNotFoundError < ResponseInvalid; end
+
+  class ResponseContentTypeNotFoundError < ResponseInvalid; end
+
+  class ResponseBodyInvalidError < ResponseInvalid; end
+
+  class BodyParsingError < Error; end
+
+  class RequestInvalidError < Error
+    def initialize(serialized_errors)
+      message = error_message(serialized_errors)
+      super message
+    end
+
+    private
+
+    def error_message(errors)
+      errors.map do |error|
+        [human_source(error), human_error(error)].compact.join(' ')
+      end.join(', ')
+    end
+
+    def human_source(error)
+      return unless error[:source]
+
+      source_key = error[:source].keys.first
+      source = {
+        pointer: 'Request body invalid:',
+        parameter: 'Query parameter invalid:'
+      }.fetch(source_key, source_key)
+      name = error[:source].values.first
+      source += " #{name}" unless name.nil? || name.empty?
+      source
+    end
+
+    def human_error(error)
+      error[:title]
+    end
+  end
+end

data/lib/openapi_first/inbox.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module OpenapiFirst
-  # An instance of this gets passed to handler functions as first argument.
+  # An instance of this gets passed to handler functions in the Responder.
   class Inbox < Hash
     attr_reader :env
 

data/lib/openapi_first/operation.rb

@@ -47,6 +47,13 @@ module OpenapiFirst
       end
     end
 
+    def query_parameters_schema
+      @query_parameters_schema ||= begin
+        query_parameters_json_schema = build_query_parameters_json_schema
+        query_parameters_json_schema && SchemaValidation.new(query_parameters_json_schema)
+      end
+    end
+
     def content_types_for(status)
       response_for(status)['content']&.keys
     end
@@ -88,11 +95,19 @@ module OpenapiFirst
       "#{method.upcase} #{path} (#{operation_id})"
     end
 
+    def valid_request_content_type?(request_content_type)
+      content = operation_object.dig('requestBody', 'content')
+      return unless content
+
+      !!find_content_for_content_type(content, request_content_type)
+    end
+
     private
 
     def response_by_code(status)
       operation_object.dig('responses', status.to_s) ||
         operation_object.dig('responses', "#{status / 100}XX") ||
+        operation_object.dig('responses', "#{status / 100}xx") ||
         operation_object.dig('responses', 'default')
     end
 
@@ -117,6 +132,16 @@ module OpenapiFirst
       end
     end
 
+    def build_query_parameters_json_schema
+      query_parameters = all_parameters.reject { |field, _value| field['in'] == 'header' }
+      return unless query_parameters&.any?
+
+      query_parameters.each_with_object(new_node) do |parameter, schema|
+        params = Rack::Utils.parse_nested_query(parameter['name'])
+        generate_schema(schema, params, parameter)
+      end
+    end
+
     def all_parameters
       parameters = @path_item_object['parameters']&.dup || []
       parameters_on_operation = operation_object['parameters']

data/lib/openapi_first/rack_responder.rb

@@ -1,35 +1,12 @@
 # frozen_string_literal: true
 
-require 'rack'
-require 'multi_json'
-require_relative 'inbox'
-require_relative 'default_operation_resolver'
+require_relative 'responder'
 
 module OpenapiFirst
-  class RackResponder
-    def initialize(namespace: nil, resolver: nil)
-      @resolver = resolver || DefaultOperationResolver.new(namespace)
-      @namespace = namespace
-    end
-
+  class RackResponder < Responder
     def call(env)
       operation = env[OpenapiFirst::OPERATION]
       find_handler(operation)&.call(env)
     end
-
-    private
-
-    def find_handler(operation)
-      handler = @resolver.call(operation)
-      raise NotImplementedError, "Could not find handler for #{operation.name}" unless handler
-
-      handler
-    end
-
-    def serialize(result)
-      return result if result.is_a?(String)
-
-      MultiJson.dump(result)
-    end
   end
 end

data/lib/openapi_first/request_validation.rb

@@ -3,12 +3,12 @@
 require 'rack'
 require 'multi_json'
 require_relative 'inbox'
-require_relative 'router_required'
+require_relative 'use_router'
 require_relative 'validation_format'
 
 module OpenapiFirst
   class RequestValidation # rubocop:disable Metrics/ClassLength
-    prepend RouterRequired
+    prepend UseRouter
 
     def initialize(app, options = {})
       @app = app
@@ -16,61 +16,60 @@ module OpenapiFirst
     end
 
     def call(env) # rubocop:disable Metrics/AbcSize
-      operation = env[OpenapiFirst::OPERATION]
+      operation = env[OPERATION]
       return @app.call(env) unless operation
 
-      env[INBOX] = Inbox.new(env)
-      catch(:halt) do
-        validate_query_parameters!(env, operation, env[PARAMETERS])
+      env[INBOX] = {}
+      error = catch(:error) do
+        params = validate_query_parameters!(operation, env[PARAMETERS])
+        env[INBOX].merge! env[PARAMETERS] = params if params
         req = Rack::Request.new(env)
-        content_type = req.content_type
         return @app.call(env) unless operation.request_body
 
-        validate_request_content_type!(content_type, operation)
-        body = req.body.read
-        req.body.rewind
-        parse_and_validate_request_body!(env, content_type, body, operation)
-        @app.call(env)
+        validate_request_content_type!(operation, req.content_type)
+        parsed_request_body = parse_and_validate_request_body!(operation, req)
+        env[REQUEST_BODY] = parsed_request_body
+        env[INBOX].merge! parsed_request_body if parsed_request_body.is_a?(Hash)
+        nil
       end
+      if error
+        raise RequestInvalidError, error[:errors] if @raise
+
+        return validation_error_response(error[:status], error[:errors])
+      end
+      @app.call(env)
     end
 
     private
 
-    def halt(response)
-      throw :halt, response
-    end
+    ROUTER_PARSED_BODY = 'router.parsed_body'
+
+    def parse_and_validate_request_body!(operation, request)
+      env = request.env
+
+      body = env.delete(ROUTER_PARSED_BODY) if env.key?(ROUTER_PARSED_BODY)
 
-    def parse_and_validate_request_body!(env, content_type, body, operation)
       validate_request_body_presence!(body, operation)
-      return if body.empty?
+      return if body.nil?
 
-      schema = operation&.request_body_schema(content_type)
+      schema = operation&.request_body_schema(request.content_type)
       return unless schema
 
-      parsed_request_body = parse_request_body!(body)
-      errors = schema.validate(parsed_request_body)
-      halt_with_error(400, serialize_request_body_errors(errors)) if errors.any?
-      env[INBOX].merge! env[REQUEST_BODY] = Utils.deep_symbolize(parsed_request_body)
-    end
+      errors = schema.validate(body)
+      throw_error(400, serialize_request_body_errors(errors)) if errors.any?
+      return Utils.deep_symbolize(body) if body.is_a?(Hash)
 
-    def parse_request_body!(body)
-      MultiJson.load(body)
-    rescue MultiJson::ParseError => e
-      err = { title: 'Failed to parse body as JSON' }
-      err[:detail] = e.cause unless ENV['RACK_ENV'] == 'production'
-      halt_with_error(400, [err])
+      body
     end
 
-    def validate_request_content_type!(content_type, operation)
-      return if operation.request_body.dig('content', content_type)
-
-      halt_with_error(415)
+    def validate_request_content_type!(operation, content_type)
+      operation.valid_request_content_type?(content_type) || throw_error(415)
     end
 
     def validate_request_body_presence!(body, operation)
-      return unless operation.request_body['required'] && body.empty?
+      return unless operation.request_body['required'] && body.nil?
 
-      halt_with_error(415, 'Request body is required')
+      throw_error(415, 'Request body is required')
     end
 
     def default_error(status, title = Rack::Utils::HTTP_STATUS_CODES[status])
@@ -80,10 +79,15 @@ module OpenapiFirst
       }
     end
 
-    def halt_with_error(status, errors = [default_error(status)])
-      raise RequestInvalidError, errors if @raise
+    def throw_error(status, errors = [default_error(status)])
+      throw :error, {
+        status: status,
+        errors: errors
+      }
+    end
 
-      halt Rack::Response.new(
+    def validation_error_response(status, errors)
+      Rack::Response.new(
         MultiJson.dump(errors: errors),
         status,
         Rack::CONTENT_TYPE => 'application/vnd.api+json'
@@ -100,17 +104,15 @@ module OpenapiFirst
       end
     end
 
-    def validate_query_parameters!(env, operation, params)
-      schema = operation.parameters_schema
+    def validate_query_parameters!(operation, params)
+      schema = operation.query_parameters_schema
       return unless schema
 
       params = filtered_params(schema.raw_schema, params)
       params = Utils.deep_stringify(params)
       errors = schema.validate(params)
-      halt_with_error(400, serialize_query_parameter_errors(errors)) if errors.any?
-      params = Utils.deep_symbolize(params)
-      env[PARAMETERS] = params
-      env[INBOX].merge! params
+      throw_error(400, serialize_query_parameter_errors(errors)) if errors.any?
+      Utils.deep_symbolize(params)
     end
 
     def filtered_params(json_schema, params)

data/lib/openapi_first/responder.rb

@@ -16,7 +16,7 @@ module OpenapiFirst
       operation = env[OpenapiFirst::OPERATION]
       res = Rack::Response.new
       handler = find_handler(operation)
-      result = handler.call(env[INBOX], res)
+      result = handler.call(inbox(env), res)
       res.write serialize(result) if result && res.body.empty?
       res[Rack::CONTENT_TYPE] ||= operation.content_types_for(res.status)&.first
       res.finish
@@ -24,6 +24,10 @@ module OpenapiFirst
 
     private
 
+    def inbox(env)
+      Inbox.new(env).tap { |i| i.merge!(env[INBOX]) if env[INBOX] }
+    end
+
     def find_handler(operation)
       handler = @resolver.call(operation)
       raise NotImplementedError, "Could not find handler for #{operation.name}" unless handler
@@ -37,11 +41,4 @@ module OpenapiFirst
       MultiJson.dump(result)
     end
   end
-
-  class OperationResolver < Responder
-    def initialize(spec:, namespace:)
-      warn "#{self.class.name} was renamed to #{OpenapiFirst::Responder.name}"
-      super
-    end
-  end
 end