openapi_first 0.6.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 55b0bba2e51dd0517e3306e34d345ec34d2165a2a3d8536c140941b74818d945
+  data.tar.gz: 8ba6d8d04a3abb38e60a2716f7515df945b870e0b8a874b6d217773894e4642c
+SHA512:
+  metadata.gz: d072794a009783f7cb4ea4141ffadfaea699701954f1c994dc6db69faf18e36ed554bdeb979d81d5b31d7abb8a668e17113156e96ccf311b99a0187a7d48dc06
+  data.tar.gz: 608a19940d52d6e554c6d53a95ea1942731d2a8df9118a3c91202d7b8220c7eb0899bffccbcd9a3ff6213ad520851ab446909bd6e2b4d17950937017179f264b

data/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @ahx

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,8 @@
+AllCops:
+  TargetRubyVersion: 2.6
+Documentation:
+  Enabled: false
+BlockLength:
+  Exclude:
+  - 'spec/**/*.rb'
+  - '*.gemspec'

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.1
+before_install: gem install bundler -v 2.0.1

data/CHANGELOG.md

@@ -0,0 +1,6 @@
+# Unreleased
+
+# 0.6.0
+
+- Set the content-type based on the OpenAPI description [#29](https://github.com/ahx/openapi-first/pull/29)
+- Add CHANGELOG 📝

data/Gemfile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in openapi_first.gemspec
+gemspec
+
+group :test, :development do
+  gem 'pry'
+  gem 'rubocop'
+end

data/Gemfile.lock

@@ -0,0 +1,108 @@
+PATH
+  remote: .
+  specs:
+    openapi_first (0.6.0)
+      json_schemer (~> 0.2)
+      multi_json (~> 1.13)
+      oas_parser (~> 0.19)
+      rack (~> 2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (5.2.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.6.0)
+      public_suffix (>= 2.0.2, < 4.0)
+    ast (2.4.0)
+    builder (3.2.3)
+    coderay (1.1.2)
+    concurrent-ruby (1.1.5)
+    deep_merge (1.2.1)
+    diff-lcs (1.3)
+    ecma-re-validator (0.2.0)
+      regexp_parser (~> 1.2)
+    hana (1.3.5)
+    hansi (0.2.0)
+    i18n (1.6.0)
+      concurrent-ruby (~> 1.0)
+    jaro_winkler (1.5.2)
+    json_schemer (0.2.0)
+      ecma-re-validator (~> 0.2.0)
+      hana (~> 1.3.3)
+      regexp_parser (~> 1.2.0)
+      uri_template (~> 0.7.0)
+    method_source (0.9.2)
+    mini_portile2 (2.4.0)
+    minitest (5.11.3)
+    multi_json (1.13.1)
+    mustermann (1.0.3)
+    mustermann-contrib (1.0.3)
+      hansi (~> 0.2.0)
+      mustermann (= 1.0.3)
+    nokogiri (1.10.3)
+      mini_portile2 (~> 2.4.0)
+    oas_parser (0.19.0)
+      activesupport (>= 4.0.0)
+      addressable (~> 2.3)
+      builder (~> 3.2.3)
+      deep_merge (~> 1.2.1)
+      mustermann-contrib (~> 1.0.3s)
+      nokogiri
+    parallel (1.17.0)
+    parser (2.6.3.0)
+      ast (~> 2.4.0)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    public_suffix (3.1.1)
+    rack (2.0.7)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    regexp_parser (1.2.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    rubocop (0.69.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.6)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 1.7)
+    ruby-progressbar (1.10.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    unicode-display_width (1.6.0)
+    uri_template (0.7.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  openapi_first!
+  pry
+  rack-test (~> 1)
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  rubocop
+
+BUNDLED WITH
+   2.0.1

data/README.md

@@ -0,0 +1,243 @@
+# OpenapiFirst
+
+OpenapiFirst helps to implement Rack based HTTP APIs based on an [OpenApi](https://www.openapis.org/) API description. The idea is that you create an API description first, then add minimal code about your business logic (some call this "Resolver") and be done.
+
+## TL;DR
+
+```ruby
+module Pets
+  def self.find_pet(params, _res) # "find_pet" is an operationId from your OpenApi file
+    {
+      id: params['id'],
+      name: 'Oscar'
+    }
+  end
+end
+
+# In config.ru:
+require 'openapi_first'
+run OpenapiFirst.app('./openapi/openapi.yaml', namespace: Pets)
+```
+
+The above will:
+
+- Validate the request and respond with 400 if the request does not match against your spec
+- Map the request (for example `GET /pet/1`) to the method call `Pets.find_pet`
+- Set the response content type according to your spec (here with the default status code `200`)
+
+### Usage as Rack middlware
+
+```ruby
+# Just like the above, except the last line
+# ...
+run OpenapiFirst.middleware('./openapi/openapi.yaml', namespace: Pets)
+```
+
+When using the middleware, all requests that are not part of the API description will be passed to the next app.
+
+## Try it out
+
+See [example](examples)
+
+## Missing features
+See [issues](https://github.com/ahx/openapi_first/issues).
+
+## Start
+
+Start with writing an OpenAPI file that describes the API, which you are about to write. Use a [validator](http://speccy.io/) to make sure the file is valid.
+
+We recommend saving the file as `openapi/openapi.yaml`.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'openapi_first'
+```
+
+OpenapiFirst uses [`multi_json`](https://rubygems.org/gems/multi_json).
+
+## How it works
+
+OpenapiFirst offers Rack middlewares to auto-implement different aspects of request validation:
+
+- Query parameter validation
+- Request body validation
+- Mapping request to a function call
+
+It starts with a router middleware:
+
+```ruby
+spec = OpenapiFirst.load('petstore.yaml')
+use OpenapiFirst::Router, spec: spec
+```
+
+If the request is not valid, these middlewares return a 400 status code with a body that describes the error. If unkwon routes in your application exist, which are not specified in the openapi spec file, set `:allow_unknown_operation` to `true`.
+
+The error responses conform with [JSON:API](https://jsonapi.org).
+
+Here's an example response body for a missing query parameter "search":
+
+```json
+http-status: 400
+content-type: "application/vnd.api+json"
+
+{
+  "errors": [
+    {
+      "title": "is missing",
+      "source": {
+        "parameter": "search"
+      }
+    }
+  ]
+}
+```
+
+### Query parameter validation
+
+```ruby
+use OpenapiFirst::QueryParameterValidation
+```
+
+By default OpenapiFirst does not allow additional query parameters and will respond with 400 if additional parameters are sent. You can allow additional parameters with `additional_properties: true`:
+
+```ruby
+use OpenapiFirst::QueryParameterValidation,
+    allow_additional_parameters: true
+```
+
+The middleware filteres all top-level query parameters and adds these to the Rack env: `env[OpenapiFirst::QUERY_PARAMS]`.
+If you want to forbid nested query parameters you will need to use `additionalProperties: false` in your query parameter json schema.
+
+OpenapiFirst does not support parameters set to `explode: false` and treats nested query parameters (`filter[foo]=bar`) like [`style: deepObject`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#style-values).
+
+### TODO: Header, Cookie, Path parameter validation
+
+tbd.
+
+### Request Body validation
+
+```ruby
+# Add the middleware:
+use OpenapiFirst::RequestBodyValidation
+```
+
+This will return a `415` if the requests content type does not match or `400` if the request body is invalid.
+This will add the parsed request body to `env[OpenapiFirst::REQUEST_BODY]`.
+
+OpenAPI request (and response) body validation is based on [JSON Schema](http://json-schema.org/).
+
+### Mapping request to a function call
+
+OpenapiFirst has a `OperationResolver` middleware to map the HTTP request to a function (method) call
+
+```ruby
+# Define some methods
+module MyApi
+  def create_pet(params, res)
+    res.status = 201
+    {
+      id: '1',
+      name: params['name']
+    }
+  end
+end
+
+# Add the middleware:
+use OpenapiFirst::OperationResolver, namespace: MyApi
+# If the operation was not found in the OAS file, the next app will be called
+
+# OR use it as a Rack app via `run`:
+run OpenapiFirst::OperationResolver, namespace: Pets
+# If the operation was not found, this will return 404
+
+# Now make a request like
+# POST /pets, { name: 'Oscar' }
+```
+
+The resolver function is found via the [`operationId`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#operation-object) attribute in your API description. If your operationId has dots like `Pets.find`, the resolver above would call `MyApi::Pets.find(params, req)`.
+
+These resolver functions are called with two arguments:
+
+- `params` - Holds the parsed request body, filtered query params and path parameters
+- `res` - Holds a Rack::Response that you can modify if needed
+
+You can call `params.env` to access the Rack env (just like in [Hanami actions](https://guides.hanamirb.org/actions/parameters/))
+
+There are two ways to set the response body:
+
+- Calling `res.write "things"` (see [Rack::Response](https://www.rubydoc.info/github/rack/rack/Rack/Response))
+- Returning a value from the function (see example above) (this will always converted to JSON)
+
+## Testing
+
+OpenapiFirst offers tools to help testing your app.
+
+### Response validation
+
+Response validation is to make sure your app responds as described in your OpenAPI spec. You usually do this in your tests using [rack-test](https://github.com/rack-test/rack-test).
+
+```ruby
+# In your test:
+require 'openapi_first/response_validator'
+spec = OpenapiFirst.load('petstore.yaml')
+validator = OpenapiFirst::ResponseValidator.new(spec)
+validator.validate(last_request, last_response).errors? # => true or false
+```
+
+TODO: Add RSpec matcher (via extra rubygem)
+
+### Coverage
+
+(This is a bit experimental. Please try it out and give feedback.)
+
+`OpenapiFirst::Coverage` helps you make sure, that you have called all endpoints of your OAS file when running tests via `rack-test`.
+
+```ruby
+# In your test (rspec example):
+require 'openapi_first/coverage'
+
+describe MyApp do
+  include Rack::Test::Methods
+
+  before(:all) do
+    spec = OpenapiFirst.load('petstore.yaml')
+    @app_wrapper = OpenapiFirst::Coverage.new(MyApp, spec)
+  end
+
+  after(:all) do
+    message = "The following paths have not been called yet: #{@app_wrapper.to_be_called}"
+    expect(@app_wrapper.to_be_called).to be_empty
+  end
+
+  # Overwrite `#app` to make rack-test call the wrapped app
+  def app
+    @app_wrapper
+  end
+
+  it 'does things' do
+    get '/i/my/stuff'
+    # …
+  end
+end
+```
+
+## Mocking
+
+Currently out of scope. Use https://github.com/JustinFeng/fakeit or something else.
+
+## Alternatives
+
+This gem is inspired by [committee](https://github.com/interagent/committee), which has much more features like response stubs or support for Hyper-Schema or OpenAPI 2.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/ahx/openapi_first.

data/Rakefile

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task :version do
+  puts Gem::Specification.load('openapi_first.gemspec').version
+end
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: %i[spec rubocop]

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'openapi_first'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/examples/README.md

@@ -0,0 +1,13 @@
+# Example
+
+How to run the example:
+
+```bash
+cd examples
+bundle install
+bundle exec rackup
+```
+
+open http://localhost:9292/
+
+🎉

data/examples/app.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'openapi_first'
+
+module Example
+  def self.find_thing(_params, _res)
+    { hello: 'world' }
+  end
+end
+
+oas_path = File.absolute_path('./openapi.yaml', __dir__)
+App = OpenapiFirst.app(oas_path, namespace: Example)

data/examples/config.ru

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('../lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require_relative 'app'
+run App

data/examples/openapi.yaml

@@ -0,0 +1,29 @@
+openapi: 3.0.0
+info:
+  title: "API"
+  version: "1.0.0"
+  contact:
+    name: Contact Name
+    email: contact@example.com
+    url: https://example.com/
+tags:
+  - name: Metadata
+    description: Metadata related requests
+paths:
+  /:
+    get:
+      operationId: find_thing
+      summary: Get metadata from the root of the API
+      tags: ["Metadata"]
+      responses:
+        "200":
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                required: [hello]
+                properties:
+                  hello:
+                    type: string
+

data/lib/openapi_first.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'oas_parser'
+require 'openapi_first/version'
+require 'openapi_first/router'
+require 'openapi_first/query_parameter_validation'
+require 'openapi_first/request_body_validation'
+require 'openapi_first/operation_resolver'
+require 'openapi_first/app'
+
+module OpenapiFirst
+  OPERATION = 'openapi_first.operation'
+  PATH_PARAMS = 'openapi_first.path_params'
+  REQUEST_BODY = 'openapi_first.parsed_request_body'
+  QUERY_PARAMS = 'openapi_first.query_params'
+
+  def self.load(spec_path)
+    OasParser::Definition.resolve(spec_path)
+  end
+
+  def self.app(spec, namespace:)
+    spec = OpenapiFirst.load(spec) if spec.is_a?(String)
+    App.new(spec, namespace: namespace)
+  end
+
+  def self.middleware(spec, namespace:)
+    spec = OpenapiFirst.load(spec) if spec.is_a?(String)
+    AppWithOptions.new(spec, namespace: namespace)
+  end
+
+  class AppWithOptions
+    def initialize(*options)
+      @options = options
+    end
+
+    def new(app)
+      App.new(app, *@options)
+    end
+  end
+
+  class Error < StandardError; end
+  # Your code goes here...
+end

data/lib/openapi_first/app.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'rack'
+
+module OpenapiFirst
+  class App
+    def initialize(
+      app = nil, # rubocop:disable Style/OptionalArguments
+      spec,
+      namespace:,
+      allow_unknown_operation: !app.nil?
+    )
+      @stack = Rack::Builder.new do
+        use OpenapiFirst::Router,
+            spec: spec,
+            allow_unknown_operation: allow_unknown_operation
+        use OpenapiFirst::QueryParameterValidation
+        use OpenapiFirst::RequestBodyValidation
+        run OpenapiFirst::OperationResolver.new(app, namespace: namespace)
+      end
+    end
+
+    def call(env)
+      @stack.call(env)
+    end
+  end
+end

data/lib/openapi_first/coverage.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class Coverage
+    attr_reader :to_be_called
+
+    def initialize(app, spec)
+      @app = app
+      @spec = spec
+      @to_be_called = spec.endpoints.map do |endpoint|
+        endpoint_id(endpoint)
+      end
+    end
+
+    def call(env)
+      endpoint = endpoint_for_request(Rack::Request.new(env))
+      @to_be_called.delete(endpoint_id(endpoint)) if endpoint
+      @app.call(env)
+    end
+
+    private
+
+    def endpoint_id(endpoint)
+      "#{endpoint.path.path}##{endpoint.method}"
+    end
+
+    def endpoint_for_request(request)
+      @spec
+        .path_by_path(request.path)
+        .endpoint_by_method(request.request_method.downcase)
+    rescue OasParser::PathNotFound
+      nil
+    end
+  end
+end

data/lib/openapi_first/error_response_method.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  module ErrorResponseMethod
+    def default_error(status, title = Rack::Utils::HTTP_STATUS_CODES[status])
+      {
+        status: status.to_s,
+        title: title
+      }
+    end
+
+    def error_response(status, errors = [default_error(status)])
+      Rack::Response.new(
+        MultiJson.dump(errors: errors),
+        status,
+        Rack::CONTENT_TYPE => 'application/vnd.api+json'
+      )
+    end
+  end
+end

data/lib/openapi_first/operation_resolver.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'rack'
+
+module OpenapiFirst
+  class OperationResolver
+    DEFAULT_APP = ->(_env) { Rack::Response.new('', 404) }
+
+    def initialize(app = DEFAULT_APP, namespace:)
+      @app = app
+      @namespace = namespace
+    end
+
+    def call(env)
+      operation = env[OpenapiFirst::OPERATION]
+      return @app.call(env) unless operation
+
+      operation_id = operation.operation_id
+      res = Rack::Response.new
+      result = call_operation_method(operation_id, env, res)
+      res.write MultiJson.dump(result) if result && res.body.empty?
+      res[Rack::CONTENT_TYPE] ||= find_content_type(operation, res.status)
+      res
+    end
+
+    private
+
+    def find_content_type(operation, status)
+      content = operation
+                .response_by_code(status.to_s, use_default: true)
+                .content
+      content.keys[0] if content
+    end
+
+    def call_operation_method(operation_id, env, res)
+      target = @namespace
+      methods = operation_id.split('.')
+      final = methods.pop
+      methods.each { |m| target = target.send(m) }
+      params = build_params(env)
+      target.send(final, params, res)
+    end
+
+    def build_params(env)
+      sources = [
+        env[PATH_PARAMS],
+        env[QUERY_PARAMS],
+        env[REQUEST_BODY]
+      ].tap(&:compact!)
+      hash = {}.merge!(*sources)
+      hash.define_singleton_method(:env) { env }
+      hash
+    end
+  end
+end

data/lib/openapi_first/query_parameter_validation.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'rack'
+require 'json_schemer'
+require 'multi_json'
+require_relative 'validation_format'
+require_relative 'error_response_method'
+
+module OpenapiFirst
+  class QueryParameterValidation
+    include ErrorResponseMethod
+
+    def initialize(app, allow_additional_parameters: false)
+      @app = app
+      @additional_properties = allow_additional_parameters
+    end
+
+    def call(env)
+      req = Rack::Request.new(env)
+      schema = parameter_schema(env[OpenapiFirst::OPERATION])
+      params = req.params
+      if schema
+        errors = schema && JSONSchemer.schema(schema).validate(params)
+        return error_response(400, serialize_errors(errors)) if errors&.any?
+
+        req.env[QUERY_PARAMS] = allowed_query_parameters(schema, params)
+      end
+
+      @app.call(env)
+    end
+
+    def allowed_query_parameters(params_schema, query_params)
+      params_schema['properties']
+        .keys
+        .each_with_object({}) do |parameter_name, filtered|
+          value = query_params[parameter_name]
+          filtered[parameter_name] = value if value
+        end
+    end
+
+    def parameter_schema(operation)
+      return unless operation&.query_parameters&.any?
+
+      operation.query_parameters.each_with_object(
+        'type' => 'object',
+        'required' => [],
+        'additionalProperties' => @additional_properties,
+        'properties' => {}
+      ) do |parameter, schema|
+        schema['required'] << parameter.name if parameter.required
+        schema['properties'][parameter.name] = parameter.schema
+      end
+    end
+
+    def serialize_errors(validation_errors)
+      validation_errors.map do |error|
+        {
+          source: {
+            parameter: File.basename(error['data_pointer'])
+          }
+        }.update(ValidationFormat.error_details(error))
+      end
+    end
+  end
+end

data/lib/openapi_first/request_body_validation.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+require 'rack'
+require 'json_schemer'
+require 'multi_json'
+require_relative 'error_response_method'
+require_relative 'validation_format'
+
+module OpenapiFirst
+  class RequestBodyValidation
+    include ErrorResponseMethod
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env) # rubocop:disable Metrics/MethodLength
+      operation = env[OpenapiFirst::OPERATION]
+      return @app.call(env) unless operation&.request_body
+
+      req = Rack::Request.new(env)
+      content_type = req.content_type
+      body = req.body
+      catch(:halt) do
+        validate_request_content_type!(content_type, operation)
+        validate_request_body_presence!(env, body, operation)
+        parse_and_validate_request_body!(env, content_type, body, operation)
+        @app.call(env)
+      end
+    end
+
+    def halt(response)
+      throw :halt, response
+    end
+
+    def validate_request_content_type!(content_type, operation)
+      return if content_type_valid?(content_type, operation)
+
+      halt(error_response(415))
+    end
+
+    def validate_request_body_presence!(env, body, operation)
+      return unless body.size.zero?
+
+      if operation.request_body.required
+        halt(error_response(415, 'Request body is required'))
+      end
+      halt(@app.call(env))
+    end
+
+    def parse_and_validate_request_body!(env, content_type, body, operation)
+      schema = request_body_schema(content_type, operation)
+      return unless schema
+
+      parsed_request_body = MultiJson.load(body)
+      errors = validate_json_schema(schema, parsed_request_body)
+      halt(error_response(400, serialize_errors(errors))) if errors&.any?
+      env[OpenapiFirst::REQUEST_BODY] = parsed_request_body
+    end
+
+    def validate_json_schema(schema, object)
+      JSONSchemer.schema(schema).validate(object)
+    end
+
+    def default_error(status, title = Rack::Utils::HTTP_STATUS_CODES[status])
+      {
+        status: status.to_s,
+        title: title
+      }
+    end
+
+    def content_type_valid?(content_type, endpoint)
+      endpoint.request_body.content[content_type]
+    end
+
+    def request_body_schema(content_type, endpoint)
+      return unless endpoint
+
+      endpoint.request_body.content[content_type]&.fetch('schema')
+    end
+
+    def serialize_errors(validation_errors)
+      validation_errors.map do |error|
+        {
+          source: {
+            pointer: error['data_pointer']
+          }
+        }.update(ValidationFormat.error_details(error))
+      end
+    end
+  end
+end

data/lib/openapi_first/response_validator.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'json_schemer'
+require 'multi_json'
+require_relative 'validation'
+
+module OpenapiFirst
+  class ResponseValidator
+    def initialize(schema)
+      @schema = schema
+    end
+
+    def validate(request, response)
+      errors = validation_errors(request, response)
+      Validation.new(errors || [])
+    rescue OasParser::ResponseCodeNotFound, OasParser::MethodNotFound => e
+      Validation.new([e.message])
+    end
+
+    private
+
+    def validation_errors(request, response)
+      content = response_for(request, response).content
+      return unless content
+
+      content_type = content[response.content_type]
+      unless content_type
+        return ["Content type not found: '#{response.content_type}'"]
+      end
+
+      response_schema = content_type['schema']
+      return unless response_schema
+
+      response_data = MultiJson.load(response.body)
+      validate_json_schema(response_schema, response_data)
+    end
+
+    def validate_json_schema(schema, data)
+      JSONSchemer.schema(schema).validate(data).to_a.map do |error|
+        error.delete('root_schema')
+        error
+      end
+    end
+
+    def response_for(request, response)
+      @schema
+        .path_by_path(request.path)
+        .endpoint_by_method(request.request_method.downcase)
+        .response_by_code(response.status.to_s, use_default: true)
+    end
+  end
+end

data/lib/openapi_first/router.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'rack'
+require 'json_schemer'
+require 'multi_json'
+require 'mustermann/template'
+
+module OpenapiFirst
+  class Router
+    def initialize(app, spec:, allow_unknown_operation: false)
+      @app = app
+      @spec = spec
+      @allow_unknown_operation = allow_unknown_operation
+    end
+
+    def call(env)
+      req = Rack::Request.new(env)
+      operation = env[OPERATION] = find_operation(req)
+      path_params = find_path_params(operation, req)
+      env[PATH_PARAMS] = path_params if path_params
+      return @app.call(env) if operation || @allow_unknown_operation
+
+      Rack::Response.new('', 404)
+    end
+
+    def find_operation(req)
+      path = @spec.path_by_path(req.path)
+      path.endpoint_by_method(req.request_method.downcase)
+    rescue OasParser::PathNotFound, OasParser::MethodNotFound
+      nil
+    end
+
+    def find_path_params(operation, req)
+      return unless operation&.path_parameters&.any?
+
+      pattern = Mustermann::Template.new(operation.path.path)
+      pattern.params(req.path)
+    end
+  end
+end

data/lib/openapi_first/validation.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class Validation
+    attr_reader :errors
+
+    def initialize(errors)
+      @errors = errors
+    end
+
+    def errors?
+      !errors.empty?
+    end
+  end
+end

data/lib/openapi_first/validation_format.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  module ValidationFormat
+    # rubocop:disable Metrics/MethodLength
+    def self.error_details(error)
+      if error['type'] == 'pattern'
+        {
+          title: 'is not valid',
+          detail: "does not match pattern '#{error['schema']['pattern']}'"
+        }
+      elsif error['type'] == 'required'
+        missing_keys = error['details']['missing_keys']
+        {
+          title: "is missing required properties: #{missing_keys.join(', ')}"
+        }
+      elsif error['schema'] == false
+        { title: 'unknown fields are not allowed' }
+      else
+        { title: 'is not valid' }
+      end
+    end
+    # rubocop:enable Metrics/MethodLength
+  end
+end

data/lib/openapi_first/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  VERSION = '0.6.0'
+end

data/openapi_first.gemspec

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'openapi_first/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'openapi_first'
+  spec.version       = OpenapiFirst::VERSION
+  spec.authors       = ['Andreas Haller']
+  spec.email         = ['andreas.haller@posteo.de']
+  spec.licenses      = ['MIT']
+
+  spec.summary       = 'Implement REST APIs based on an OpenApi API description'
+  spec.homepage      = 'https://github.com/ahx/openapi_first'
+
+  if spec.respond_to?(:metadata)
+    spec.metadata['https://github.com/ahx/openapi_first'] = spec.homepage
+  else
+    raise 'RubyGems 2.0 or newer is required to protect against ' \
+      'public gem pushes.'
+  end
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`
+      .split("\x0")
+      .reject { |f| f.match(%r{^(test|spec|features)/}) }
+      .reject { |f| %w[Dockerfile Jenkinsfile].include?(f) }
+  end
+  spec.bindir        = 'exe'
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'json_schemer', '~> 0.2'
+  spec.add_dependency 'multi_json', '~> 1.13'
+  spec.add_dependency 'oas_parser', '~> 0.19'
+  spec.add_dependency 'rack', '~> 2'
+
+  spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_development_dependency 'rack-test', '~> 1'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+end

metadata

@@ -0,0 +1,185 @@
+--- !ruby/object:Gem::Specification
+name: openapi_first
+version: !ruby/object:Gem::Version
+  version: 0.6.0
+platform: ruby
+authors:
+- Andreas Haller
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-07-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json_schemer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: oas_parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: 
+email:
+- andreas.haller@posteo.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/CODEOWNERS"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- examples/README.md
+- examples/app.rb
+- examples/config.ru
+- examples/openapi.yaml
+- lib/openapi_first.rb
+- lib/openapi_first/app.rb
+- lib/openapi_first/coverage.rb
+- lib/openapi_first/error_response_method.rb
+- lib/openapi_first/operation_resolver.rb
+- lib/openapi_first/query_parameter_validation.rb
+- lib/openapi_first/request_body_validation.rb
+- lib/openapi_first/response_validator.rb
+- lib/openapi_first/router.rb
+- lib/openapi_first/validation.rb
+- lib/openapi_first/validation_format.rb
+- lib/openapi_first/version.rb
+- openapi_first.gemspec
+homepage: https://github.com/ahx/openapi_first
+licenses:
+- MIT
+metadata:
+  https://github.com/ahx/openapi_first: https://github.com/ahx/openapi_first
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Implement REST APIs based on an OpenApi API description
+test_files: []