openapi_first 1.0.0.beta3 → 1.0.0.beta4

data/lib/openapi_first/operation.rb

@@ -3,10 +3,10 @@
 require 'forwardable'
 require 'set'
 require_relative 'schema_validation'
-require_relative 'utils'
+require_relative 'operation_schemas'
 
 module OpenapiFirst
-  class Operation
+  class Operation # rubocop:disable Metrics/ClassLength
     extend Forwardable
     def_delegators :operation_object,
                    :[],
@@ -15,12 +15,13 @@ module OpenapiFirst
     WRITE_METHODS = Set.new(%w[post put patch delete]).freeze
     private_constant :WRITE_METHODS
 
-    attr_reader :path, :method
+    attr_reader :path, :method, :openapi_version
 
-    def initialize(path, request_method, path_item_object)
+    def initialize(path, request_method, path_item_object, openapi_version:)
       @path = path
       @method = request_method
       @path_item_object = path_item_object
+      @openapi_version = openapi_version
     end
 
     def operation_id
@@ -39,7 +40,7 @@ module OpenapiFirst
       operation_object['requestBody']
     end
 
-    def response_schema_for(status, content_type)
+    def response_body_schema(status, content_type)
       content = response_for(status)['content']
       return if content.nil? || content.empty?
 
@@ -52,16 +53,18 @@ module OpenapiFirst
         raise ResponseContentTypeNotFoundError, message
       end
       schema = media_type['schema']
-      SchemaValidation.new(schema, write: false) if schema
+      return unless schema
+
+      SchemaValidation.new(schema, write: false, openapi_version:)
     end
 
     def request_body_schema(request_content_type)
-      content = operation_object.dig('requestBody', 'content')
-      media_type = find_content_for_content_type(content, request_content_type)
-      schema = media_type&.fetch('schema', nil)
-      return unless schema
-
-      SchemaValidation.new(schema, write: write?)
+      (@request_body_schema ||= {})[request_content_type] ||= begin
+        content = operation_object.dig('requestBody', 'content')
+        media_type = find_content_for_content_type(content, request_content_type)
+        schema = media_type&.fetch('schema', nil)
+        SchemaValidation.new(schema, write: write?, openapi_version:) if schema
+      end
     end
 
     def response_for(status)
@@ -73,12 +76,12 @@ module OpenapiFirst
     end
 
     def name
-      "#{method.upcase} #{path} (#{operation_id})"
+      @name ||= "#{method.upcase} #{path} (#{operation_id})"
     end
 
     def valid_request_content_type?(request_content_type)
       content = operation_object.dig('requestBody', 'content')
-      return unless content
+      return false unless content
 
       !!find_content_for_content_type(content, request_content_type)
     end
@@ -91,6 +94,17 @@ module OpenapiFirst
       @path_parameters ||= all_parameters.filter { |p| p['in'] == 'path' }
     end
 
+    IGNORED_HEADERS = Set['Content-Type', 'Accept', 'Authorization'].freeze
+    private_constant :IGNORED_HEADERS
+
+    def header_parameters
+      @header_parameters ||= all_parameters.filter { |p| p['in'] == 'header' && !IGNORED_HEADERS.include?(p['name']) }
+    end
+
+    def cookie_parameters
+      @cookie_parameters ||= all_parameters.filter { |p| p['in'] == 'cookie' }
+    end
+
     def all_parameters
       @all_parameters ||= begin
         parameters = @path_item_object['parameters']&.dup || []
@@ -100,6 +114,11 @@ module OpenapiFirst
       end
     end
 
+    # visibility: private
+    def schemas
+      @schemas ||= OperationSchemas.new(self)
+    end
+
     private
 
     def response_by_code(status)

data/lib/openapi_first/operation_schemas.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'openapi_parameters/parameter'
+require_relative 'schema_validation'
+
+module OpenapiFirst
+  # This class is basically a cache for JSON Schemas of parameters
+  class OperationSchemas
+    # @operation [OpenapiFirst::Operation]
+    def initialize(operation)
+      @operation = operation
+    end
+
+    attr_reader :operation
+
+    # Return JSON Schema of for all query parameters
+    def query_parameters_schema
+      @query_parameters_schema ||= build_json_schema(operation.query_parameters)
+    end
+
+    # Return JSON Schema of for all path parameters
+    def path_parameters_schema
+      @path_parameters_schema ||= build_json_schema(operation.path_parameters)
+    end
+
+    def header_parameters_schema
+      @header_parameters_schema ||= build_json_schema(operation.header_parameters)
+    end
+
+    def cookie_parameters_schema
+      @cookie_parameters_schema ||= build_json_schema(operation.cookie_parameters)
+    end
+
+    private
+
+    # Build JSON Schema for given parameter definitions
+    # @parameter_defs [Array<Hash>] Parameter definitions
+    def build_json_schema(parameter_defs)
+      init_schema = {
+        'type' => 'object',
+        'properties' => {},
+        'required' => []
+      }
+      schema = parameter_defs.each_with_object(init_schema) do |parameter_def, result|
+        parameter = OpenapiParameters::Parameter.new(parameter_def)
+        result['properties'][parameter.name] = parameter.schema if parameter.schema
+        result['required'] << parameter.name if parameter.required?
+      end
+      SchemaValidation.new(schema, openapi_version: operation.openapi_version)
+    end
+  end
+end

data/lib/openapi_first/plugins.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  module Plugins
+    ERROR_RESPONSES = {} # rubocop:disable Style/MutableConstant
+
+    def self.register_error_response(name, klass)
+      ERROR_RESPONSES[name] = klass
+    end
+
+    def self.find_error_response(name)
+      return name if name.is_a?(Class)
+
+      ERROR_RESPONSES.fetch(name)
+    end
+  end
+end

data/lib/openapi_first/request_body_validator.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class RequestBodyValidator
+    def initialize(operation, env)
+      @operation = operation
+      @env = env
+      @parsed_request_body = env[REQUEST_BODY]
+    end
+
+    def validate!
+      content_type = Rack::Request.new(@env).content_type
+      validate_request_content_type!(@operation, content_type)
+      validate_request_body!(@operation, @parsed_request_body, content_type)
+    end
+
+    private
+
+    def validate_request_content_type!(operation, content_type)
+      operation.valid_request_content_type?(content_type) || OpenapiFirst.error!(415)
+    end
+
+    def validate_request_body!(operation, body, content_type)
+      validate_request_body_presence!(body, operation)
+      return if content_type.nil?
+
+      schema = operation&.request_body_schema(content_type)
+      return unless schema
+
+      validation_result = schema.validate(body)
+      OpenapiFirst.error!(400, :request_body, validation_result:) if validation_result.error?
+      body
+    end
+
+    def validate_request_body_presence!(body, operation)
+      return unless operation.request_body['required'] && body.nil?
+
+      OpenapiFirst.error!(400, :request_body, title: 'Request body is required')
+    end
+  end
+end

data/lib/openapi_first/request_validation.rb

@@ -3,7 +3,9 @@
 require 'rack'
 require 'multi_json'
 require_relative 'use_router'
-require_relative 'validation_format'
+require_relative 'error_response'
+require_relative 'request_body_validator'
+require_relative 'string_keyed_hash'
 require 'openapi_parameters'
 
 module OpenapiFirst
@@ -13,118 +15,98 @@ module OpenapiFirst
     def initialize(app, options = {})
       @app = app
       @raise = options.fetch(:raise_error, false)
+      @error_response_class =
+        Plugins.find_error_response(options.fetch(:error_response, Config.default_options.error_response))
     end
 
-    def call(env) # rubocop:disable Metrics/AbcSize
+    def call(env)
       operation = env[OPERATION]
       return @app.call(env) unless operation
 
-      error = catch(:error) do
-        query_params = OpenapiParameters::Query.new(operation.query_parameters).unpack(env['QUERY_STRING'])
-        validate_query_parameters!(operation, query_params)
-        env[PARAMS].merge!(query_params)
-
-        return @app.call(env) unless operation.request_body
-
-        content_type = Rack::Request.new(env).content_type
-        validate_request_content_type!(operation, content_type)
-        parsed_request_body = env[REQUEST_BODY]
-        validate_request_body!(operation, parsed_request_body, content_type)
-        nil
-      end
+      error = validate_request(operation, env)
       if error
-        raise RequestInvalidError, error[:errors] if @raise
+        location, title = error.values_at(:location, :title)
+        raise RequestInvalidError, error_message(title, location) if @raise
 
-        return validation_error_response(error[:status], error[:errors])
+        return error_response(error).render
       end
       @app.call(env)
     end
 
     private
 
-    def validate_request_body!(operation, body, content_type)
-      validate_request_body_presence!(body, operation)
-      return if content_type.nil?
+    def error_message(title, location)
+      return title unless location
 
-      schema = operation&.request_body_schema(content_type)
-      return unless schema
-
-      errors = schema.validate(body)
-      throw_error(400, serialize_request_body_errors(errors)) if errors.any?
-      body
-    end
-
-    def validate_request_content_type!(operation, content_type)
-      operation.valid_request_content_type?(content_type) || throw_error(415)
+      "#{TOPICS.fetch(location)} #{title}"
     end
 
-    def validate_request_body_presence!(body, operation)
-      return unless operation.request_body['required'] && body.nil?
-
-      throw_error(415, 'Request body is required')
+    TOPICS = {
+      request_body: 'Request body invalid:',
+      query: 'Query parameter invalid:',
+      header: 'Header parameter invalid:',
+      path: 'Path segment invalid:',
+      cookie: 'Cookie value invalid:'
+    }.freeze
+    private_constant :TOPICS
+
+    def error_response(error_object)
+      @error_response_class.new(**error_object)
     end
 
-    def default_error(status, title = Rack::Utils::HTTP_STATUS_CODES[status])
-      {
-        status: status.to_s,
-        title: title
-      }
+    def validate_request(operation, env)
+      catch(:error) do
+        env[PARAMS] = {}
+        validate_query_params!(operation, env)
+        validate_path_params!(operation, env)
+        validate_cookie_params!(operation, env)
+        validate_header_params!(operation, env)
+        RequestBodyValidator.new(operation, env).validate! if operation.request_body
+        nil
+      end
     end
 
-    def throw_error(status, errors = [default_error(status)])
-      throw :error, {
-        status: status,
-        errors: errors
-      }
-    end
+    def validate_path_params!(operation, env)
+      path_parameters = operation.path_parameters
+      return if path_parameters.empty?
 
-    def validation_error_response(status, errors)
-      Rack::Response.new(
-        MultiJson.dump(errors: errors),
-        status,
-        Rack::CONTENT_TYPE => 'application/vnd.api+json'
-      ).finish
+      hashy = StringKeyedHash.new(env[Router::RAW_PATH_PARAMS])
+      unpacked_path_params = OpenapiParameters::Path.new(path_parameters).unpack(hashy)
+      validation_result = operation.schemas.path_parameters_schema.validate(unpacked_path_params)
+      OpenapiFirst.error!(400, :path, validation_result:) if validation_result.error?
+      env[PATH_PARAMS] = unpacked_path_params
+      env[PARAMS].merge!(unpacked_path_params)
     end
 
-    def serialize_request_body_errors(validation_errors)
-      validation_errors.map do |error|
-        {
-          source: {
-            pointer: error['data_pointer']
-          }
-        }.update(ValidationFormat.error_details(error))
-      end
-    end
+    def validate_query_params!(operation, env)
+      query_parameters = operation.query_parameters
+      return if operation.query_parameters.empty?
 
-    def build_json_schema(parameter_defs)
-      init_schema = {
-        'type' => 'object',
-        'properties' => {},
-        'required' => []
-      }
-      parameter_defs.each_with_object(init_schema) do |parameter_def, schema|
-        parameter = OpenapiParameters::Parameter.new(parameter_def)
-        schema['properties'][parameter.name] = parameter.schema if parameter.schema
-        schema['required'] << parameter.name if parameter.required?
-      end
+      unpacked_query_params = OpenapiParameters::Query.new(query_parameters).unpack(env['QUERY_STRING'])
+      validation_result = operation.schemas.query_parameters_schema.validate(unpacked_query_params)
+      OpenapiFirst.error!(400, :query, validation_result:) if validation_result.error?
+      env[QUERY_PARAMS] = unpacked_query_params
+      env[PARAMS].merge!(unpacked_query_params)
     end
 
-    def validate_query_parameters!(operation, params)
-      parameter_defs = operation.query_parameters
-      return unless parameter_defs&.any?
+    def validate_cookie_params!(operation, env)
+      cookie_parameters = operation.cookie_parameters
+      return unless cookie_parameters&.any?
 
-      json_schema = build_json_schema(parameter_defs)
-      errors = SchemaValidation.new(json_schema).validate(params)
-      throw_error(400, serialize_parameter_errors(errors)) if errors.any?
+      unpacked_params = OpenapiParameters::Cookie.new(cookie_parameters).unpack(env['HTTP_COOKIE'])
+      validation_result = operation.schemas.cookie_parameters_schema.validate(unpacked_params)
+      OpenapiFirst.error!(400, :cookie, validation_result:) if validation_result.error?
+      env[COOKIE_PARAMS] = unpacked_params
     end
 
-    def serialize_parameter_errors(validation_errors)
-      validation_errors.map do |error|
-        pointer = error['data_pointer'][1..].to_s
-        {
-          source: { parameter: pointer }
-        }.update(ValidationFormat.error_details(error))
-      end
+    def validate_header_params!(operation, env)
+      header_parameters = operation.header_parameters
+      return if header_parameters.empty?
+
+      unpacked_header_params = OpenapiParameters::Header.new(header_parameters).unpack_env(env)
+      validation_result = operation.schemas.header_parameters_schema.validate(unpacked_header_params)
+      OpenapiFirst.error!(400, :header, validation_result:) if validation_result.error?
+      env[HEADER_PARAMS] = unpacked_header_params
     end
   end
 end

data/lib/openapi_first/response_validation.rb

@@ -2,7 +2,6 @@
 
 require 'multi_json'
 require_relative 'use_router'
-require_relative 'validation_format'
 
 module OpenapiFirst
   class ResponseValidation
@@ -26,8 +25,9 @@ module OpenapiFirst
       return validate_status_only(operation, status) if status == 204
 
       content_type = headers[Rack::CONTENT_TYPE]
-      response_schema = operation.response_schema_for(status, content_type)
+      response_schema = operation.response_body_schema(status, content_type)
       validate_response_body(response_schema, body) if response_schema
+      validate_response_headers(operation, status, headers)
     end
 
     private
@@ -40,14 +40,45 @@ module OpenapiFirst
       full_body = +''
       response.each { |chunk| full_body << chunk }
       data = full_body.empty? ? {} : load_json(full_body)
-      errors = schema.validate(data)
-      errors = errors.to_a.map! do |error|
-        format_error(error)
+      validation = schema.validate(data)
+      raise ResponseBodyInvalidError, validation.message if validation.error?
+    end
+
+    def validate_response_headers(operation, status, response_headers)
+      response_header_definitions = operation.response_for(status)&.dig('headers')
+      return unless response_header_definitions
+
+      unpacked_headers = unpack_response_headers(response_header_definitions, response_headers)
+      response_header_definitions.each do |name, definition|
+        next if name == 'Content-Type'
+
+        validate_response_header(name, definition, unpacked_headers, openapi_version: operation.openapi_version)
+      end
+    end
+
+    def validate_response_header(name, definition, unpacked_headers, openapi_version:)
+      unless unpacked_headers.key?(name)
+        raise ResponseHeaderInvalidError, "Required response header '#{name}' is missing" if definition['required']
+
+        return
+      end
+
+      return unless definition.key?('schema')
+
+      validation = SchemaValidation.new(definition['schema'], openapi_version:)
+      value = unpacked_headers[name]
+      validation_result = validation.validate(value)
+      raise ResponseHeaderInvalidError, validation_result.message if validation_result.error?
+    end
+
+    def unpack_response_headers(response_header_definitions, response_headers)
+      headers_as_parameters = response_header_definitions.map do |name, definition|
+        definition.merge('name' => name)
       end
-      raise ResponseBodyInvalidError, errors.join(', ') if errors.any?
+      OpenapiParameters::Header.new(headers_as_parameters).unpack(response_headers)
     end
 
-    def format_error(error)
+    def format_response_error(error)
       return "Write-only field appears in response: #{error['data_pointer']}" if error['type'] == 'writeOnly'
 
       JSONSchemer::Errors.pretty(error)

data/lib/openapi_first/response_validator.rb

@@ -7,7 +7,7 @@ module OpenapiFirst
   class ResponseValidator
     def initialize(spec)
       @spec = spec
-      @router = Router.new(->(_env) {}, spec: spec, raise_error: true)
+      @router = Router.new(->(_env) {}, spec:, raise_error: true)
       @response_validation = ResponseValidation.new(->(response) { response.to_a })
     end
 

data/lib/openapi_first/router.rb

@@ -7,6 +7,9 @@ require_relative 'body_parser_middleware'
 
 module OpenapiFirst
   class Router
+    # The unconverted path parameters before they are converted to the types defined in the API description
+    RAW_PATH_PARAMS = 'openapi.raw_path_params'
+
     def initialize(
       app,
       options
@@ -63,17 +66,16 @@ module OpenapiFirst
       env[Rack::PATH_INFO] = env.delete(ORIGINAL_PATH) if env[ORIGINAL_PATH]
     end
 
-    def handle_body_parsing_error(exception)
-      err = { title: 'Failed to parse body as application/json', status: '400' }
-      err[:detail] = exception.cause unless ENV['RACK_ENV'] == 'production'
-      errors = [err]
-      raise RequestInvalidError, errors if @raise
-
-      Rack::Response.new(
-        MultiJson.dump(errors: errors),
-        400,
-        Rack::CONTENT_TYPE => 'application/vnd.api+json'
-      ).finish
+    def handle_body_parsing_error(_exception)
+      message = 'Failed to parse body as application/json'
+      raise RequestInvalidError, message if @raise
+
+      error = {
+        status: 400,
+        title: message
+      }
+
+      ErrorResponse::Default.new(**error).finish
     end
 
     def build_router(operations)
@@ -89,7 +91,7 @@ module OpenapiFirst
       end
       raise_error = @raise
       Rack::Builder.app do
-        use BodyParserMiddleware, raise_error: raise_error
+        use(BodyParserMiddleware, raise_error:)
         run router
       end
     end
@@ -99,8 +101,7 @@ module OpenapiFirst
         env[OPERATION] = operation
         path_info = env.delete(ORIGINAL_PATH)
         env[REQUEST_BODY] = env.delete(ROUTER_PARSED_BODY) if env.key?(ROUTER_PARSED_BODY)
-        route_params = Utils::StringKeyedHash.new(env['router.params'])
-        env[PARAMS] = OpenapiParameters::Path.new(operation.path_parameters).unpack(route_params)
+        env[RAW_PATH_PARAMS] = env['router.params']
         env[Rack::PATH_INFO] = path_info
         @app.call(env)
       end

data/lib/openapi_first/schema_validation.rb

@@ -1,46 +1,47 @@
 # frozen_string_literal: true
 
 require 'json_schemer'
+require_relative 'validation_result'
 
 module OpenapiFirst
   class SchemaValidation
     attr_reader :raw_schema
 
-    def initialize(schema, write: true)
+    SCHEMAS = {
+      '3.1' => 'https://spec.openapis.org/oas/3.1/dialect/base',
+      '3.0' => 'json-schemer://openapi30/schema'
+    }.freeze
+
+    def initialize(schema, openapi_version:, write: true)
       @raw_schema = schema
-      custom_keywords = {}
-      custom_keywords['writeOnly'] = proc { |data| !data } unless write
-      custom_keywords['readOnly'] = proc { |data| !data } if write
       @schemer = JSONSchemer.schema(
         schema,
-        keywords: custom_keywords,
+        access_mode: write ? 'write' : 'read',
+        meta_schema: SCHEMAS.fetch(openapi_version),
         insert_property_defaults: true,
-        before_property_validation: proc do |data, property, property_schema, parent|
-          convert_nullable(data, property, property_schema, parent)
-          binary_format(data, property, property_schema, parent)
-        end
+        output_format: 'detailed',
+        before_property_validation: method(:before_property_validation)
       )
     end
 
-    def validate(input)
-      @schemer.validate(input)
+    def validate(data)
+      ValidationResult.new(
+        output: @schemer.validate(data),
+        schema: raw_schema,
+        data:
+      )
     end
 
     private
 
-    def binary_format(data, property, property_schema, _parent)
-      return unless property_schema.is_a?(Hash) && property_schema['format'] == 'binary'
-
-      property_schema['type'] = 'object'
-      property_schema.delete('format')
-      data[property].transform_keys!(&:to_s)
+    def before_property_validation(data, property, property_schema, parent)
+      binary_format(data, property, property_schema, parent)
     end
 
-    def convert_nullable(_data, _property, property_schema, _parent)
-      return unless property_schema.is_a?(Hash) && property_schema['nullable'] && property_schema['type']
+    def binary_format(data, property, property_schema, _parent)
+      return unless property_schema.is_a?(Hash) && property_schema['format'] == 'binary'
 
-      property_schema['type'] = [*property_schema['type'], 'null']
-      property_schema.delete('nullable')
+      data[property] = data[property][:tempfile].read
     end
   end
 end

data/lib/openapi_first/string_keyed_hash.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class StringKeyedHash
+    extend Forwardable
+    def_delegators :@orig, :empty?
+
+    def initialize(original)
+      @orig = original
+    end
+
+    def key?(key)
+      @orig.key?(key.to_sym)
+    end
+
+    def [](key)
+      @orig[key.to_sym]
+    end
+  end
+end

data/lib/openapi_first/validation_result.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  ValidationResult = Struct.new(:output, :schema, :data, keyword_init: true) do
+    def valid? = output['valid']
+    def error? = !output['valid']
+
+    # Returns a message that is used in exception messages.
+    def message
+      return if valid?
+
+      (output['errors']&.map { |e| e['error'] }&.join('. ') || output['error'])&.concat('.')
+    end
+  end
+end

data/lib/openapi_first/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiFirst
-  VERSION = '1.0.0.beta3'
+  VERSION = '1.0.0.beta4'
 end