openapi_first 1.0.0.beta1 → 1.0.0.beta4

data/lib/openapi_first/default_error_response.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class DefaultErrorResponse < ErrorResponse
+    OpenapiFirst::Plugins.register_error_response(:default, self)
+
+    def body
+      MultiJson.dump({ errors: serialized_errors })
+    end
+
+    def serialized_errors
+      return default_errors unless validation_output
+
+      key = pointer_key
+      [
+        {
+          source: { key => pointer(validation_output['instanceLocation']) },
+          title: validation_output['error']
+        }
+      ]
+    end
+
+    def default_errors
+      [{
+        status: status.to_s,
+        title:
+      }]
+    end
+
+    def pointer_key
+      case location
+      when :request_body
+        :pointer
+      when :query, :path
+        :parameter
+      else
+        location
+      end
+    end
+
+    def pointer(data_pointer)
+      return data_pointer if location == :request_body
+
+      data_pointer.delete_prefix('/')
+    end
+  end
+end

data/lib/openapi_first/definition.rb

@@ -3,6 +3,7 @@
 require_relative 'operation'
 
 module OpenapiFirst
+  # Represents an OpenAPI API Description document
   class Definition
     attr_reader :filepath, :operations
 
@@ -11,9 +12,15 @@ module OpenapiFirst
       methods = %w[get head post put patch delete trace options]
       @operations = resolved['paths'].flat_map do |path, path_item|
         path_item.slice(*methods).map do |request_method, _operation_object|
-          Operation.new(path, request_method, path_item)
+          Operation.new(path, request_method, path_item, openapi_version: detect_version(resolved))
         end
       end
     end
+
+    private
+
+    def detect_version(resolved)
+      (resolved['openapi'] || resolved['swagger'])[0..2]
+    end
   end
 end

data/lib/openapi_first/error_response.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  # This is the base class for error responses
+  class ErrorResponse
+    ## @param status [Integer] The HTTP status code.
+    ## @param title [String] The title of the error. Usually the name of the HTTP status code.
+    ## @param location [Symbol] The location of the error (:request_body, :query, :header, :cookie, :path).
+    ## @param validation_result [ValidationResult]
+    def initialize(status:, location:, title:, validation_result:)
+      @status = status
+      @title = title
+      @location = location
+      @validation_output = validation_result&.output
+      @schema = validation_result&.schema
+      @data = validation_result&.data
+    end
+
+    attr_reader :status, :location, :title, :schema, :data, :validation_output
+
+    def render
+      Rack::Response.new(body, status, Rack::CONTENT_TYPE => content_type).finish
+    end
+
+    def content_type = 'application/json'
+
+    def body
+      raise NotImplementedError
+    end
+  end
+end

data/lib/openapi_first/errors.rb

@@ -5,15 +5,6 @@ module OpenapiFirst
 
   class NotFoundError < Error; end
 
-  class HandlerNotFoundError < Error; end
-
-  class NotImplementedError < Error
-    def initialize(message)
-      warn 'NotImplementedError is deprecated. Handle HandlerNotFoundError instead'
-      super
-    end
-  end
-
   class ResponseInvalid < Error; end
 
   class ResponseCodeNotFoundError < ResponseInvalid; end
@@ -22,37 +13,9 @@ module OpenapiFirst
 
   class ResponseBodyInvalidError < ResponseInvalid; end
 
+  class ResponseHeaderInvalidError < ResponseInvalid; end
+
   class BodyParsingError < Error; end
 
-  class RequestInvalidError < Error
-    def initialize(serialized_errors)
-      message = error_message(serialized_errors)
-      super message
-    end
-
-    private
-
-    def error_message(errors)
-      errors.map do |error|
-        [human_source(error), human_error(error)].compact.join(' ')
-      end.join(', ')
-    end
-
-    def human_source(error)
-      return unless error[:source]
-
-      source_key = error[:source].keys.first
-      source = {
-        pointer: 'Request body invalid:',
-        parameter: 'Query parameter invalid:'
-      }.fetch(source_key, source_key)
-      name = error[:source].values.first
-      source += " #{name}" unless name.nil? || name.empty?
-      source
-    end
-
-    def human_error(error)
-      error[:title]
-    end
-  end
+  class RequestInvalidError < Error; end
 end

data/lib/openapi_first/operation.rb

@@ -3,10 +3,10 @@
 require 'forwardable'
 require 'set'
 require_relative 'schema_validation'
-require_relative 'utils'
+require_relative 'operation_schemas'
 
 module OpenapiFirst
-  class Operation
+  class Operation # rubocop:disable Metrics/ClassLength
     extend Forwardable
     def_delegators :operation_object,
                    :[],
@@ -15,12 +15,13 @@ module OpenapiFirst
     WRITE_METHODS = Set.new(%w[post put patch delete]).freeze
     private_constant :WRITE_METHODS
 
-    attr_reader :path, :method
+    attr_reader :path, :method, :openapi_version
 
-    def initialize(path, request_method, path_item_object)
+    def initialize(path, request_method, path_item_object, openapi_version:)
       @path = path
       @method = request_method
       @path_item_object = path_item_object
+      @openapi_version = openapi_version
     end
 
     def operation_id
@@ -39,7 +40,7 @@ module OpenapiFirst
       operation_object['requestBody']
     end
 
-    def response_schema_for(status, content_type)
+    def response_body_schema(status, content_type)
       content = response_for(status)['content']
       return if content.nil? || content.empty?
 
@@ -52,16 +53,18 @@ module OpenapiFirst
         raise ResponseContentTypeNotFoundError, message
       end
       schema = media_type['schema']
-      SchemaValidation.new(schema, write: false) if schema
+      return unless schema
+
+      SchemaValidation.new(schema, write: false, openapi_version:)
     end
 
     def request_body_schema(request_content_type)
-      content = operation_object.dig('requestBody', 'content')
-      media_type = find_content_for_content_type(content, request_content_type)
-      schema = media_type&.fetch('schema', nil)
-      return unless schema
-
-      SchemaValidation.new(schema, write: write?)
+      (@request_body_schema ||= {})[request_content_type] ||= begin
+        content = operation_object.dig('requestBody', 'content')
+        media_type = find_content_for_content_type(content, request_content_type)
+        schema = media_type&.fetch('schema', nil)
+        SchemaValidation.new(schema, write: write?, openapi_version:) if schema
+      end
     end
 
     def response_for(status)
@@ -73,12 +76,12 @@ module OpenapiFirst
     end
 
     def name
-      "#{method.upcase} #{path} (#{operation_id})"
+      @name ||= "#{method.upcase} #{path} (#{operation_id})"
     end
 
     def valid_request_content_type?(request_content_type)
       content = operation_object.dig('requestBody', 'content')
-      return unless content
+      return false unless content
 
       !!find_content_for_content_type(content, request_content_type)
     end
@@ -91,6 +94,17 @@ module OpenapiFirst
       @path_parameters ||= all_parameters.filter { |p| p['in'] == 'path' }
     end
 
+    IGNORED_HEADERS = Set['Content-Type', 'Accept', 'Authorization'].freeze
+    private_constant :IGNORED_HEADERS
+
+    def header_parameters
+      @header_parameters ||= all_parameters.filter { |p| p['in'] == 'header' && !IGNORED_HEADERS.include?(p['name']) }
+    end
+
+    def cookie_parameters
+      @cookie_parameters ||= all_parameters.filter { |p| p['in'] == 'cookie' }
+    end
+
     def all_parameters
       @all_parameters ||= begin
         parameters = @path_item_object['parameters']&.dup || []
@@ -100,6 +114,11 @@ module OpenapiFirst
       end
     end
 
+    # visibility: private
+    def schemas
+      @schemas ||= OperationSchemas.new(self)
+    end
+
     private
 
     def response_by_code(status)

data/lib/openapi_first/operation_schemas.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'openapi_parameters/parameter'
+require_relative 'schema_validation'
+
+module OpenapiFirst
+  # This class is basically a cache for JSON Schemas of parameters
+  class OperationSchemas
+    # @operation [OpenapiFirst::Operation]
+    def initialize(operation)
+      @operation = operation
+    end
+
+    attr_reader :operation
+
+    # Return JSON Schema of for all query parameters
+    def query_parameters_schema
+      @query_parameters_schema ||= build_json_schema(operation.query_parameters)
+    end
+
+    # Return JSON Schema of for all path parameters
+    def path_parameters_schema
+      @path_parameters_schema ||= build_json_schema(operation.path_parameters)
+    end
+
+    def header_parameters_schema
+      @header_parameters_schema ||= build_json_schema(operation.header_parameters)
+    end
+
+    def cookie_parameters_schema
+      @cookie_parameters_schema ||= build_json_schema(operation.cookie_parameters)
+    end
+
+    private
+
+    # Build JSON Schema for given parameter definitions
+    # @parameter_defs [Array<Hash>] Parameter definitions
+    def build_json_schema(parameter_defs)
+      init_schema = {
+        'type' => 'object',
+        'properties' => {},
+        'required' => []
+      }
+      schema = parameter_defs.each_with_object(init_schema) do |parameter_def, result|
+        parameter = OpenapiParameters::Parameter.new(parameter_def)
+        result['properties'][parameter.name] = parameter.schema if parameter.schema
+        result['required'] << parameter.name if parameter.required?
+      end
+      SchemaValidation.new(schema, openapi_version: operation.openapi_version)
+    end
+  end
+end

data/lib/openapi_first/plugins.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  module Plugins
+    ERROR_RESPONSES = {} # rubocop:disable Style/MutableConstant
+
+    def self.register_error_response(name, klass)
+      ERROR_RESPONSES[name] = klass
+    end
+
+    def self.find_error_response(name)
+      return name if name.is_a?(Class)
+
+      ERROR_RESPONSES.fetch(name)
+    end
+  end
+end

data/lib/openapi_first/request_body_validator.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class RequestBodyValidator
+    def initialize(operation, env)
+      @operation = operation
+      @env = env
+      @parsed_request_body = env[REQUEST_BODY]
+    end
+
+    def validate!
+      content_type = Rack::Request.new(@env).content_type
+      validate_request_content_type!(@operation, content_type)
+      validate_request_body!(@operation, @parsed_request_body, content_type)
+    end
+
+    private
+
+    def validate_request_content_type!(operation, content_type)
+      operation.valid_request_content_type?(content_type) || OpenapiFirst.error!(415)
+    end
+
+    def validate_request_body!(operation, body, content_type)
+      validate_request_body_presence!(body, operation)
+      return if content_type.nil?
+
+      schema = operation&.request_body_schema(content_type)
+      return unless schema
+
+      validation_result = schema.validate(body)
+      OpenapiFirst.error!(400, :request_body, validation_result:) if validation_result.error?
+      body
+    end
+
+    def validate_request_body_presence!(body, operation)
+      return unless operation.request_body['required'] && body.nil?
+
+      OpenapiFirst.error!(400, :request_body, title: 'Request body is required')
+    end
+  end
+end

data/lib/openapi_first/request_validation.rb

@@ -3,7 +3,9 @@
 require 'rack'
 require 'multi_json'
 require_relative 'use_router'
-require_relative 'validation_format'
+require_relative 'error_response'
+require_relative 'request_body_validator'
+require_relative 'string_keyed_hash'
 require 'openapi_parameters'
 
 module OpenapiFirst
@@ -13,118 +15,98 @@ module OpenapiFirst
     def initialize(app, options = {})
       @app = app
       @raise = options.fetch(:raise_error, false)
+      @error_response_class =
+        Plugins.find_error_response(options.fetch(:error_response, Config.default_options.error_response))
     end
 
-    def call(env) # rubocop:disable Metrics/AbcSize
+    def call(env)
       operation = env[OPERATION]
       return @app.call(env) unless operation
 
-      error = catch(:error) do
-        query_params = OpenapiParameters::Query.new(operation.query_parameters).unpack(env['QUERY_STRING'])
-        validate_query_parameters!(operation, query_params)
-        env[PARAMS].merge!(query_params)
-
-        return @app.call(env) unless operation.request_body
-
-        content_type = Rack::Request.new(env).content_type
-        validate_request_content_type!(operation, content_type)
-        parsed_request_body = env[REQUEST_BODY]
-        validate_request_body!(operation, parsed_request_body, content_type)
-        nil
-      end
+      error = validate_request(operation, env)
       if error
-        raise RequestInvalidError, error[:errors] if @raise
+        location, title = error.values_at(:location, :title)
+        raise RequestInvalidError, error_message(title, location) if @raise
 
-        return validation_error_response(error[:status], error[:errors])
+        return error_response(error).render
       end
       @app.call(env)
     end
 
     private
 
-    def validate_request_body!(operation, body, content_type)
-      validate_request_body_presence!(body, operation)
-      return if content_type.nil?
+    def error_message(title, location)
+      return title unless location
 
-      schema = operation&.request_body_schema(content_type)
-      return unless schema
-
-      errors = schema.validate(body)
-      throw_error(400, serialize_request_body_errors(errors)) if errors.any?
-      body
-    end
-
-    def validate_request_content_type!(operation, content_type)
-      operation.valid_request_content_type?(content_type) || throw_error(415)
+      "#{TOPICS.fetch(location)} #{title}"
     end
 
-    def validate_request_body_presence!(body, operation)
-      return unless operation.request_body['required'] && body.nil?
-
-      throw_error(415, 'Request body is required')
+    TOPICS = {
+      request_body: 'Request body invalid:',
+      query: 'Query parameter invalid:',
+      header: 'Header parameter invalid:',
+      path: 'Path segment invalid:',
+      cookie: 'Cookie value invalid:'
+    }.freeze
+    private_constant :TOPICS
+
+    def error_response(error_object)
+      @error_response_class.new(**error_object)
     end
 
-    def default_error(status, title = Rack::Utils::HTTP_STATUS_CODES[status])
-      {
-        status: status.to_s,
-        title: title
-      }
+    def validate_request(operation, env)
+      catch(:error) do
+        env[PARAMS] = {}
+        validate_query_params!(operation, env)
+        validate_path_params!(operation, env)
+        validate_cookie_params!(operation, env)
+        validate_header_params!(operation, env)
+        RequestBodyValidator.new(operation, env).validate! if operation.request_body
+        nil
+      end
     end
 
-    def throw_error(status, errors = [default_error(status)])
-      throw :error, {
-        status: status,
-        errors: errors
-      }
-    end
+    def validate_path_params!(operation, env)
+      path_parameters = operation.path_parameters
+      return if path_parameters.empty?
 
-    def validation_error_response(status, errors)
-      Rack::Response.new(
-        MultiJson.dump(errors: errors),
-        status,
-        Rack::CONTENT_TYPE => 'application/vnd.api+json'
-      ).finish
+      hashy = StringKeyedHash.new(env[Router::RAW_PATH_PARAMS])
+      unpacked_path_params = OpenapiParameters::Path.new(path_parameters).unpack(hashy)
+      validation_result = operation.schemas.path_parameters_schema.validate(unpacked_path_params)
+      OpenapiFirst.error!(400, :path, validation_result:) if validation_result.error?
+      env[PATH_PARAMS] = unpacked_path_params
+      env[PARAMS].merge!(unpacked_path_params)
     end
 
-    def serialize_request_body_errors(validation_errors)
-      validation_errors.map do |error|
-        {
-          source: {
-            pointer: error['data_pointer']
-          }
-        }.update(ValidationFormat.error_details(error))
-      end
-    end
+    def validate_query_params!(operation, env)
+      query_parameters = operation.query_parameters
+      return if operation.query_parameters.empty?
 
-    def build_json_schema(parameter_defs)
-      init_schema = {
-        'type' => 'object',
-        'properties' => {},
-        'required' => []
-      }
-      parameter_defs.each_with_object(init_schema) do |parameter_def, schema|
-        parameter = OpenapiParameters::Parameter.new(parameter_def)
-        schema['properties'][parameter.name] = parameter.schema if parameter.schema
-        schema['required'] << parameter.name if parameter.required?
-      end
+      unpacked_query_params = OpenapiParameters::Query.new(query_parameters).unpack(env['QUERY_STRING'])
+      validation_result = operation.schemas.query_parameters_schema.validate(unpacked_query_params)
+      OpenapiFirst.error!(400, :query, validation_result:) if validation_result.error?
+      env[QUERY_PARAMS] = unpacked_query_params
+      env[PARAMS].merge!(unpacked_query_params)
     end
 
-    def validate_query_parameters!(operation, params)
-      parameter_defs = operation.query_parameters
-      return unless parameter_defs&.any?
+    def validate_cookie_params!(operation, env)
+      cookie_parameters = operation.cookie_parameters
+      return unless cookie_parameters&.any?
 
-      json_schema = build_json_schema(parameter_defs)
-      errors = SchemaValidation.new(json_schema).validate(params)
-      throw_error(400, serialize_parameter_errors(errors)) if errors.any?
+      unpacked_params = OpenapiParameters::Cookie.new(cookie_parameters).unpack(env['HTTP_COOKIE'])
+      validation_result = operation.schemas.cookie_parameters_schema.validate(unpacked_params)
+      OpenapiFirst.error!(400, :cookie, validation_result:) if validation_result.error?
+      env[COOKIE_PARAMS] = unpacked_params
     end
 
-    def serialize_parameter_errors(validation_errors)
-      validation_errors.map do |error|
-        pointer = error['data_pointer'][1..].to_s
-        {
-          source: { parameter: pointer }
-        }.update(ValidationFormat.error_details(error))
-      end
+    def validate_header_params!(operation, env)
+      header_parameters = operation.header_parameters
+      return if header_parameters.empty?
+
+      unpacked_header_params = OpenapiParameters::Header.new(header_parameters).unpack_env(env)
+      validation_result = operation.schemas.header_parameters_schema.validate(unpacked_header_params)
+      OpenapiFirst.error!(400, :header, validation_result:) if validation_result.error?
+      env[HEADER_PARAMS] = unpacked_header_params
     end
   end
 end

data/lib/openapi_first/response_validation.rb

@@ -2,7 +2,6 @@
 
 require 'multi_json'
 require_relative 'use_router'
-require_relative 'validation_format'
 
 module OpenapiFirst
   class ResponseValidation
@@ -26,8 +25,9 @@ module OpenapiFirst
       return validate_status_only(operation, status) if status == 204
 
       content_type = headers[Rack::CONTENT_TYPE]
-      response_schema = operation.response_schema_for(status, content_type)
+      response_schema = operation.response_body_schema(status, content_type)
       validate_response_body(response_schema, body) if response_schema
+      validate_response_headers(operation, status, headers)
     end
 
     private
@@ -40,14 +40,45 @@ module OpenapiFirst
       full_body = +''
       response.each { |chunk| full_body << chunk }
       data = full_body.empty? ? {} : load_json(full_body)
-      errors = schema.validate(data)
-      errors = errors.to_a.map! do |error|
-        format_error(error)
+      validation = schema.validate(data)
+      raise ResponseBodyInvalidError, validation.message if validation.error?
+    end
+
+    def validate_response_headers(operation, status, response_headers)
+      response_header_definitions = operation.response_for(status)&.dig('headers')
+      return unless response_header_definitions
+
+      unpacked_headers = unpack_response_headers(response_header_definitions, response_headers)
+      response_header_definitions.each do |name, definition|
+        next if name == 'Content-Type'
+
+        validate_response_header(name, definition, unpacked_headers, openapi_version: operation.openapi_version)
+      end
+    end
+
+    def validate_response_header(name, definition, unpacked_headers, openapi_version:)
+      unless unpacked_headers.key?(name)
+        raise ResponseHeaderInvalidError, "Required response header '#{name}' is missing" if definition['required']
+
+        return
+      end
+
+      return unless definition.key?('schema')
+
+      validation = SchemaValidation.new(definition['schema'], openapi_version:)
+      value = unpacked_headers[name]
+      validation_result = validation.validate(value)
+      raise ResponseHeaderInvalidError, validation_result.message if validation_result.error?
+    end
+
+    def unpack_response_headers(response_header_definitions, response_headers)
+      headers_as_parameters = response_header_definitions.map do |name, definition|
+        definition.merge('name' => name)
       end
-      raise ResponseBodyInvalidError, errors.join(', ') if errors.any?
+      OpenapiParameters::Header.new(headers_as_parameters).unpack(response_headers)
     end
 
-    def format_error(error)
+    def format_response_error(error)
       return "Write-only field appears in response: #{error['data_pointer']}" if error['type'] == 'writeOnly'
 
       JSONSchemer::Errors.pretty(error)

data/lib/openapi_first/response_validator.rb

@@ -7,7 +7,7 @@ module OpenapiFirst
   class ResponseValidator
     def initialize(spec)
       @spec = spec
-      @router = Router.new(->(_env) {}, spec: spec, raise_error: true)
+      @router = Router.new(->(_env) {}, spec:, raise_error: true)
       @response_validation = ResponseValidation.new(->(response) { response.to_a })
     end