openapi_first 1.0.0.beta4 → 1.0.0.beta5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c02c053192b6b39cb8f05acd35f7a257ee98b449c49f8ceeec4ac6e542f09e15
-  data.tar.gz: c36d3598b263ebd3d1a9bd23e6aa0b66256890f68e2f70fe245ca932d2f004f0
+  metadata.gz: 8e6c1f8f1a6fffd91827a74f95b932bfd5be9d4a897f3704efd6313bac9e6be4
+  data.tar.gz: 59041cacdcb634bb25e5d23025c0f86afe97632918f1e10d6f67409d31ba5f9b
 SHA512:
-  metadata.gz: e70192d7c2cb58734b8ebb6ccf53b2f243a98e78adbea271a3b0df1468f400d60080ead1ea68c07dd33bd9985d67de02ec4e0200e3ca0d49272a893c97611ffb
-  data.tar.gz: c59e62cd24dd767330f7e9ce6ad96a9c13005a4498c39f3ccf10bc801b49b6bddccf3ac62f858ae3ecf56fa4c695b4ad010fea7292171f98b640dec968ea357d
+  metadata.gz: 1955264ba1b60f477123cd1bbb71a14d611d598664965548a9ebe3c6508d5ac6e205dfe971bc7c1ebe6b27da78a48f1bf5d27239c886a9b4aa7db303224e0cfc
+  data.tar.gz: 2f25b5944e546a6619c2be01462008d358a0a80140594b0906ca62e9b152fa97b2b8225d0c137acbe29c64b7732bbd00d3f35459cd0b771b2b38c409303adde8

data/CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## Unreleased
 
+## 1.0.0.beta5
+
+- Added: `OpenapiFirst::Config.default_options=` to set default options globally
+- Added: You can define custom error responses by subclassing `OpenapiFirst::ErrorResponse` and register it via `OpenapiFirst::Plugins.register_error_response(name, MyCustomErrorResponse)`
+
 ## 1.0.0.beta4
 
 - Update json_schemer to version 2.0

data/Gemfile.lock

@@ -1,19 +1,18 @@
 PATH
   remote: .
   specs:
-    openapi_first (1.0.0.beta4)
+    openapi_first (1.0.0.beta5)
       hanami-router (~> 2.0.0)
       json_refs (~> 0.1, >= 0.1.7)
       json_schemer (~> 2.0.0)
-      multi_json (~> 1.14)
-      openapi_parameters (~> 0.2.2)
+      multi_json (~> 1.15)
+      openapi_parameters (>= 0.3.1, < 2.0)
       rack (>= 2.2, < 4.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
     ast (2.4.2)
-    base64 (0.1.1)
     diff-lcs (1.5.0)
     hana (1.3.7)
     hanami-router (2.0.2)
@@ -35,20 +34,20 @@ GEM
     mustermann-contrib (3.0.0)
       hansi (~> 0.2.0)
       mustermann (= 3.0.0)
-    openapi_parameters (0.2.2)
+    openapi_parameters (0.3.1)
       rack (>= 2.2)
       zeitwerk (~> 2.6)
     parallel (1.23.0)
-    parser (3.2.2.3)
+    parser (3.2.2.4)
       ast (~> 2.4.1)
       racc
-    racc (1.7.1)
+    racc (1.7.3)
     rack (2.2.8)
     rack-test (2.1.0)
       rack (>= 1.3)
     rainbow (3.1.1)
-    rake (13.0.6)
-    regexp_parser (2.8.1)
+    rake (13.1.0)
+    regexp_parser (2.8.2)
     rexml (3.2.6)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
@@ -63,19 +62,18 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.1)
-    rubocop (1.56.3)
-      base64 (~> 0.1.1)
+    rubocop (1.57.2)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.2.3)
+      parser (>= 3.2.2.4)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.28.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.29.0)
+    rubocop-ast (1.30.0)
       parser (>= 3.2.1.0)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
@@ -83,9 +81,9 @@ GEM
       unf (~> 0.1.4)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8.2)
-    unicode-display_width (2.4.2)
-    zeitwerk (2.6.11)
+    unf_ext (0.0.9)
+    unicode-display_width (2.5.0)
+    zeitwerk (2.6.12)
 
 PLATFORMS
   arm64-darwin-21

data/README.md

@@ -28,11 +28,11 @@ It adds these fields to the Rack env:
 
 ### Options and defaults
 
-| Name           | Possible values | Description                                                                                        | Default                            |
-| :------------- | --------------- | -------------------------------------------------------------------------------------------------- | ---------------------------------- |
-| `spec:`        |                 | The path to the spec file or spec loaded via `OpenapiFirst.load`                                   |
-| `raise_error:` | `false`, `true` | If set to true the middleware raises `OpenapiFirst::RequestInvalidError` instead of returning 4xx. | `false` (don't raise an exception) |
-| `error_response:`| `:default`, Your implementation of `ErrorResponse` | :default
+| Name              | Possible values                                                 | Description                                                                                        | Default                            |
+| :---------------- | --------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ---------------------------------- |
+| `spec:`           |                                                                 | The path to the spec file or spec loaded via `OpenapiFirst.load`                                   |
+| `raise_error:`    | `false`, `true`                                                 | If set to true the middleware raises `OpenapiFirst::RequestInvalidError` instead of returning 4xx. | `false` (don't raise an exception) |
+| `error_response:` | `:default`, `:json_api`, Your implementation of `ErrorResponse` | :default                                                                                           |
 
 The error responses conform with [JSON:API](https://jsonapi.org).
 
@@ -40,7 +40,7 @@ Here's an example response body for a missing query parameter "search":
 
 ```json
 http-status: 400
-content-type: "application/vnd.api+json"
+content-type: "application/json"
 
 {
   "errors": [
@@ -54,7 +54,6 @@ content-type: "application/vnd.api+json"
 }
 ```
 
-
 ### Parameters
 
 The `RequestValidation` middleware adds `env[OpenapiFirst::PARAMS]` (or `env['openapi.params']` ) with the converted query and path parameters. This only includes the parameters that are defined in the API description. It supports every [`style` and `explode` value as described](https://spec.openapis.org/oas/latest.html#style-examples) in the OpenAPI 3.0 and 3.1 specs. So you can do things these:
@@ -120,6 +119,17 @@ This middleware adds `env['openapi.operation']` which holds an instance of `Open
 | `raise_error:` | `false`, `true`      | If set to true the middleware raises `OpenapiFirst::NotFoundError` when a path or method was not found in the API description. This is useful during testing to spot an incomplete API description.                                                             | `false` (don't raise an exception) |
 | `not_found:`   | `:continue`, `:halt` | If set to `:continue` the middleware will not return 404 (405, 415), but just pass handling the request to the next middleware or application in the Rack stack. If combined with `raise_error: true` `raise_error` gets preference and an exception is raised. | `:halt` (return 4xx response)      |
 
+## Global configuration
+
+You can configure default options gobally via `OpenapiFirst::Config`:
+
+```ruby
+OpenapiFirst::Config.default_options = {
+  error_response: :json_api,
+  request_validation_raise_error: true
+}
+```
+
 ## Alternatives
 
 This gem is inspired by [committee](https://github.com/interagent/committee) (Ruby) and [connexion](https://github.com/zalando/connexion) (Python).

data/benchmarks/Gemfile.lock

@@ -1,32 +1,42 @@
 PATH
   remote: ..
   specs:
-    openapi_first (1.0.0.beta3)
+    openapi_first (1.0.0.beta5)
       hanami-router (~> 2.0.0)
       json_refs (~> 0.1, >= 0.1.7)
       json_schemer (~> 2.0.0)
-      multi_json (~> 1.14)
-      openapi_parameters (~> 0.2.2)
+      multi_json (~> 1.15)
+      openapi_parameters (>= 0.3.1, < 2.0)
       rack (>= 2.2, < 4.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.0.8)
+    activesupport (7.1.2)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
+    base64 (0.2.0)
     benchmark-ips (2.12.0)
     benchmark-memory (0.2.0)
       memory_profiler (~> 1)
+    bigdecimal (3.1.4)
     builder (3.2.4)
     committee (5.0.0)
       json_schema (~> 0.14, >= 0.14.3)
       openapi_parser (~> 1.0)
       rack (>= 1.5)
     concurrent-ruby (1.2.2)
-    dry-core (1.0.0)
+    connection_pool (2.4.1)
+    drb (2.2.0)
+      ruby2_keywords
+    dry-core (1.0.1)
       concurrent-ruby (~> 1.0)
       zeitwerk (~> 2.6)
     dry-inflector (1.0.0)
@@ -40,12 +50,12 @@ GEM
       dry-inflector (~> 1.0)
       dry-logic (~> 1.4)
       zeitwerk (~> 2.6)
-    grape (1.7.1)
-      activesupport
+    grape (2.0.0)
+      activesupport (>= 5)
       builder
       dry-types (>= 1.1)
       mustermann-grape (~> 1.0.0)
-      rack (>= 1.3.0, < 3)
+      rack (>= 1.3.0)
       rack-accept
     hana (1.3.7)
     hanami-api (0.3.0)
@@ -74,40 +84,41 @@ GEM
       mustermann (= 3.0.0)
     mustermann-grape (1.0.2)
       mustermann (>= 1.0.0)
+    mutex_m (0.2.0)
     nio4r (2.5.9)
-    openapi_parameters (0.2.2)
+    openapi_parameters (0.3.1)
       rack (>= 2.2)
       zeitwerk (~> 2.6)
     openapi_parser (1.0.0)
-    puma (6.3.1)
+    puma (6.4.0)
       nio4r (~> 2.0)
     rack (2.2.8)
     rack-accept (0.4.5)
       rack (>= 0.4)
-    rack-protection (3.0.6)
-      rack
-    regexp_parser (2.8.1)
-    roda (3.68.0)
+    rack-protection (3.1.0)
+      rack (~> 2.2, >= 2.2.4)
+    regexp_parser (2.8.2)
+    roda (3.73.0)
       rack
     ruby2_keywords (0.0.5)
     seg (1.2.0)
     simpleidn (0.2.1)
       unf (~> 0.1.4)
-    sinatra (3.0.6)
+    sinatra (3.1.0)
       mustermann (~> 3.0)
       rack (~> 2.2, >= 2.2.4)
-      rack-protection (= 3.0.6)
+      rack-protection (= 3.1.0)
       tilt (~> 2.0)
     syro (3.2.1)
       rack (>= 1.6.0)
       seg
-    tilt (2.1.0)
+    tilt (2.3.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8.2)
-    zeitwerk (2.6.11)
+    unf_ext (0.0.9)
+    zeitwerk (2.6.12)
 
 PLATFORMS
   arm64-darwin-21

data/lib/openapi_first/body_parser_middleware.rb

@@ -4,29 +4,16 @@ require 'multi_json'
 
 module OpenapiFirst
   class BodyParserMiddleware
-    def initialize(app, options = {})
+    def initialize(app)
       @app = app
-      @raise = options.fetch(:raise_error, false)
     end
 
-    RACK_INPUT = 'rack.input'
     ROUTER_PARSED_BODY = 'router.parsed_body'
+    private_constant :ROUTER_PARSED_BODY
 
     def call(env)
       env[ROUTER_PARSED_BODY] = parse_body(env)
       @app.call(env)
-    rescue BodyParsingError => e
-      raise if @raise
-
-      err = { title: "Failed to parse body as #{env['CONTENT_TYPE']}", status: '400' }
-      err[:detail] = e.cause unless ENV['RACK_ENV'] == 'production'
-      errors = [err]
-
-      Rack::Response.new(
-        MultiJson.dump(errors:),
-        400,
-        Rack::CONTENT_TYPE => 'application/vnd.api+json'
-      ).finish
     end
 
     private
@@ -40,8 +27,8 @@ module OpenapiFirst
       return request.POST if request.form_data?
 
       body
-    rescue MultiJson::ParseError => e
-      raise BodyParsingError, e
+    rescue MultiJson::ParseError
+      raise BodyParsingError, 'Failed to parse body as application/json'
     end
 
     def read_body(request)

data/lib/openapi_first/config.rb

@@ -2,11 +2,12 @@
 
 module OpenapiFirst
   class Config
-    def initialize(error_response: :default)
-      @error_response = error_response
+    def initialize(error_response: :default, request_validation_raise_error: false)
+      @error_response = Plugins.find_error_response(error_response)
+      @request_validation_raise_error = request_validation_raise_error
     end
 
-    attr_reader :error_response
+    attr_reader :error_response, :request_validation_raise_error
 
     def self.default_options
       @default_options ||= new

data/lib/openapi_first/error_response.rb

@@ -3,20 +3,34 @@
 module OpenapiFirst
   # This is the base class for error responses
   class ErrorResponse
-    ## @param status [Integer] The HTTP status code.
-    ## @param title [String] The title of the error. Usually the name of the HTTP status code.
-    ## @param location [Symbol] The location of the error (:request_body, :query, :header, :cookie, :path).
-    ## @param validation_result [ValidationResult]
-    def initialize(status:, location:, title:, validation_result:)
-      @status = status
-      @title = title
-      @location = location
-      @validation_output = validation_result&.output
-      @schema = validation_result&.schema
-      @data = validation_result&.data
+    ## @param request [Hash] The Rack request env
+    ## @param request_validation_error [OpenapiFirst::RequestValidationError]
+    def initialize(env, request_validation_error)
+      @env = env
+      @request_validation_error = request_validation_error
     end
 
-    attr_reader :status, :location, :title, :schema, :data, :validation_output
+    extend Forwardable
+
+    attr_reader :env, :request_validation_error
+
+    def_delegators :@request_validation_error, :status, :location, :schema_validation
+
+    def validation_output
+      schema_validation&.output
+    end
+
+    def schema
+      schema_validation&.schema
+    end
+
+    def data
+      schema_validation&.data
+    end
+
+    def message
+      request_validation_error.message
+    end
 
     def render
       Rack::Response.new(body, status, Rack::CONTENT_TYPE => content_type).finish

data/lib/openapi_first/error_responses/default.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  module ErrorResponses
+    class Default < ErrorResponse
+      OpenapiFirst::Plugins.register_error_response(:default, self)
+
+      def body
+        MultiJson.dump({ errors: serialized_errors })
+      end
+
+      def content_type
+        'application/json'
+      end
+
+      def serialized_errors
+        return default_errors unless validation_output
+
+        key = pointer_key
+        validation_errors&.map do |error|
+          {
+            status: status.to_s,
+            source: { key => pointer(error['instanceLocation']) },
+            title: error['error']
+          }
+        end
+      end
+
+      def validation_errors
+        validation_output['errors'] || [validation_output]
+      end
+
+      def default_errors
+        [{
+          status: status.to_s,
+          title: message
+        }]
+      end
+
+      def pointer_key
+        case location
+        when :body
+          :pointer
+        when :query, :path
+          :parameter
+        else
+          location
+        end
+      end
+
+      def pointer(data_pointer)
+        return data_pointer if location == :body
+
+        data_pointer.delete_prefix('/')
+      end
+    end
+  end
+end

data/lib/openapi_first/error_responses/json_api.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  module ErrorResponses
+    class JsonApi < ErrorResponse
+      OpenapiFirst::Plugins.register_error_response(:json_api, self)
+
+      def body
+        MultiJson.dump({ errors: serialized_errors })
+      end
+
+      def content_type
+        'application/vnd.api+json'
+      end
+
+      def serialized_errors
+        return default_errors unless validation_output
+
+        key = pointer_key
+        validation_errors&.map do |error|
+          {
+            status: status.to_s,
+            source: { key => pointer(error['instanceLocation']) },
+            title: error['error']
+          }
+        end
+      end
+
+      def validation_errors
+        validation_output['errors'] || [validation_output]
+      end
+
+      def default_errors
+        [{
+          status: status.to_s,
+          title: message
+        }]
+      end
+
+      def pointer_key
+        case location
+        when :body
+          :pointer
+        when :query, :path
+          :parameter
+        else
+          location
+        end
+      end
+
+      def pointer(data_pointer)
+        return data_pointer if location == :body
+
+        data_pointer.delete_prefix('/')
+      end
+    end
+  end
+end

data/lib/openapi_first/json_schema/result.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class JsonSchema
+    Result = Struct.new(:output, :schema, :data, keyword_init: true) do
+      def valid? = output['valid']
+      def error? = !output['valid']
+
+      # Returns a message that is used in exception messages.
+      def message
+        return if valid?
+
+        (output['errors']&.map { |e| e['error'] }&.join('. ') || output['error'])
+      end
+    end
+  end
+end

data/lib/openapi_first/{schema_validation.rb → json_schema.rb}

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 require 'json_schemer'
-require_relative 'validation_result'
+require_relative 'json_schema/result'
 
 module OpenapiFirst
-  class SchemaValidation
-    attr_reader :raw_schema
+  class JsonSchema
+    attr_reader :schema
 
     SCHEMAS = {
       '3.1' => 'https://spec.openapis.org/oas/3.1/dialect/base',
@@ -13,7 +13,7 @@ module OpenapiFirst
     }.freeze
 
     def initialize(schema, openapi_version:, write: true)
-      @raw_schema = schema
+      @schema = schema
       @schemer = JSONSchemer.schema(
         schema,
         access_mode: write ? 'write' : 'read',
@@ -25,9 +25,9 @@ module OpenapiFirst
     end
 
     def validate(data)
-      ValidationResult.new(
+      Result.new(
         output: @schemer.validate(data),
-        schema: raw_schema,
+        schema:,
         data:
       )
     end

data/lib/openapi_first/operation.rb

@@ -2,8 +2,7 @@
 
 require 'forwardable'
 require 'set'
-require_relative 'schema_validation'
-require_relative 'operation_schemas'
+require_relative 'json_schema'
 
 module OpenapiFirst
   class Operation # rubocop:disable Metrics/ClassLength
@@ -55,7 +54,7 @@ module OpenapiFirst
       schema = media_type['schema']
       return unless schema
 
-      SchemaValidation.new(schema, write: false, openapi_version:)
+      JsonSchema.new(schema, write: false, openapi_version:)
     end
 
     def request_body_schema(request_content_type)
@@ -63,7 +62,7 @@ module OpenapiFirst
         content = operation_object.dig('requestBody', 'content')
         media_type = find_content_for_content_type(content, request_content_type)
         schema = media_type&.fetch('schema', nil)
-        SchemaValidation.new(schema, write: write?, openapi_version:) if schema
+        JsonSchema.new(schema, write: write?, openapi_version:) if schema
       end
     end
 
@@ -114,13 +113,42 @@ module OpenapiFirst
       end
     end
 
-    # visibility: private
-    def schemas
-      @schemas ||= OperationSchemas.new(self)
+    # Return JSON Schema of for all query parameters
+    def query_parameters_schema
+      @query_parameters_schema ||= build_json_schema(query_parameters)
+    end
+
+    # Return JSON Schema of for all path parameters
+    def path_parameters_schema
+      @path_parameters_schema ||= build_json_schema(path_parameters)
+    end
+
+    def header_parameters_schema
+      @header_parameters_schema ||= build_json_schema(header_parameters)
+    end
+
+    def cookie_parameters_schema
+      @cookie_parameters_schema ||= build_json_schema(cookie_parameters)
     end
 
     private
 
+    # Build JSON Schema for given parameter definitions
+    # @parameter_defs [Array<Hash>] Parameter definitions
+    def build_json_schema(parameter_defs)
+      init_schema = {
+        'type' => 'object',
+        'properties' => {},
+        'required' => []
+      }
+      schema = parameter_defs.each_with_object(init_schema) do |parameter_def, result|
+        parameter = OpenapiParameters::Parameter.new(parameter_def)
+        result['properties'][parameter.name] = parameter.schema if parameter.schema
+        result['required'] << parameter.name if parameter.required?
+      end
+      JsonSchema.new(schema, openapi_version:)
+    end
+
     def response_by_code(status)
       operation_object.dig('responses', status.to_s) ||
         operation_object.dig('responses', "#{status / 100}XX") ||

data/lib/openapi_first/request_body_validator.rb

@@ -17,7 +17,7 @@ module OpenapiFirst
     private
 
     def validate_request_content_type!(operation, content_type)
-      operation.valid_request_content_type?(content_type) || OpenapiFirst.error!(415)
+      operation.valid_request_content_type?(content_type) || RequestValidation.fail!(415, :header)
     end
 
     def validate_request_body!(operation, body, content_type)
@@ -27,15 +27,15 @@ module OpenapiFirst
       schema = operation&.request_body_schema(content_type)
       return unless schema
 
-      validation_result = schema.validate(body)
-      OpenapiFirst.error!(400, :request_body, validation_result:) if validation_result.error?
+      schema_validation = schema.validate(body)
+      RequestValidation.fail!(400, :body, schema_validation:) if schema_validation.error?
       body
     end
 
     def validate_request_body_presence!(body, operation)
       return unless operation.request_body['required'] && body.nil?
 
-      OpenapiFirst.error!(400, :request_body, title: 'Request body is required')
+      RequestValidation.fail!(400, :body)
     end
   end
 end

data/lib/openapi_first/request_validation.rb

@@ -6,15 +6,37 @@ require_relative 'use_router'
 require_relative 'error_response'
 require_relative 'request_body_validator'
 require_relative 'string_keyed_hash'
+require_relative 'request_validation_error'
 require 'openapi_parameters'
 
 module OpenapiFirst
+  # A Rack middleware to validate requests against an OpenAPI API description
   class RequestValidation
     prepend UseRouter
 
+    FAIL = :request_validation_failed
+    private_constant :FAIL
+
+    # @param status [Integer] The intended HTTP status code (usually 400)
+    # @param location [Symbol] One of :body, :header, :cookie, :query, :path
+    # @param schema_validation [OpenapiFirst::JsonSchema::Result]
+    def self.fail!(status, location, schema_validation: nil)
+      throw FAIL, RequestValidationError.new(
+        status:,
+        location:,
+        schema_validation:
+      )
+    end
+
+    # @param app The parent Rack application
+    # @param options An optional Hash of configuration options to override defaults
+    #   :error_response A Boolean indicating whether to raise an error if validation fails.
+    #                   default: OpenapiFirst::ErrorResponses::Default (Config.default_options.error_response)
+    #   :raise_error    The Class to use for error responses.
+    #                   default: false (Config.default_options.request_validation_raise_error)
     def initialize(app, options = {})
       @app = app
-      @raise = options.fetch(:raise_error, false)
+      @raise = options.fetch(:raise_error, Config.default_options.request_validation_raise_error)
       @error_response_class =
         Plugins.find_error_response(options.fetch(:error_response, Config.default_options.error_response))
     end
@@ -25,43 +47,23 @@ module OpenapiFirst
 
       error = validate_request(operation, env)
       if error
-        location, title = error.values_at(:location, :title)
-        raise RequestInvalidError, error_message(title, location) if @raise
+        raise RequestInvalidError, error.error_message if @raise
 
-        return error_response(error).render
+        return @error_response_class.new(env, error).render
       end
       @app.call(env)
     end
 
     private
 
-    def error_message(title, location)
-      return title unless location
-
-      "#{TOPICS.fetch(location)} #{title}"
-    end
-
-    TOPICS = {
-      request_body: 'Request body invalid:',
-      query: 'Query parameter invalid:',
-      header: 'Header parameter invalid:',
-      path: 'Path segment invalid:',
-      cookie: 'Cookie value invalid:'
-    }.freeze
-    private_constant :TOPICS
-
-    def error_response(error_object)
-      @error_response_class.new(**error_object)
-    end
-
     def validate_request(operation, env)
-      catch(:error) do
+      catch(FAIL) do
         env[PARAMS] = {}
         validate_query_params!(operation, env)
         validate_path_params!(operation, env)
         validate_cookie_params!(operation, env)
         validate_header_params!(operation, env)
-        RequestBodyValidator.new(operation, env).validate! if operation.request_body
+        validate_request_body!(operation, env)
         nil
       end
     end
@@ -72,8 +74,8 @@ module OpenapiFirst
 
       hashy = StringKeyedHash.new(env[Router::RAW_PATH_PARAMS])
       unpacked_path_params = OpenapiParameters::Path.new(path_parameters).unpack(hashy)
-      validation_result = operation.schemas.path_parameters_schema.validate(unpacked_path_params)
-      OpenapiFirst.error!(400, :path, validation_result:) if validation_result.error?
+      schema_validation = operation.path_parameters_schema.validate(unpacked_path_params)
+      RequestValidation.fail!(400, :path, schema_validation:) if schema_validation.error?
       env[PATH_PARAMS] = unpacked_path_params
       env[PARAMS].merge!(unpacked_path_params)
     end
@@ -83,8 +85,8 @@ module OpenapiFirst
       return if operation.query_parameters.empty?
 
       unpacked_query_params = OpenapiParameters::Query.new(query_parameters).unpack(env['QUERY_STRING'])
-      validation_result = operation.schemas.query_parameters_schema.validate(unpacked_query_params)
-      OpenapiFirst.error!(400, :query, validation_result:) if validation_result.error?
+      schema_validation = operation.query_parameters_schema.validate(unpacked_query_params)
+      RequestValidation.fail!(400, :query, schema_validation:) if schema_validation.error?
       env[QUERY_PARAMS] = unpacked_query_params
       env[PARAMS].merge!(unpacked_query_params)
     end
@@ -94,8 +96,8 @@ module OpenapiFirst
       return unless cookie_parameters&.any?
 
       unpacked_params = OpenapiParameters::Cookie.new(cookie_parameters).unpack(env['HTTP_COOKIE'])
-      validation_result = operation.schemas.cookie_parameters_schema.validate(unpacked_params)
-      OpenapiFirst.error!(400, :cookie, validation_result:) if validation_result.error?
+      schema_validation = operation.cookie_parameters_schema.validate(unpacked_params)
+      RequestValidation.fail!(400, :cookie, schema_validation:) if schema_validation.error?
       env[COOKIE_PARAMS] = unpacked_params
     end
 
@@ -104,9 +106,13 @@ module OpenapiFirst
       return if header_parameters.empty?
 
       unpacked_header_params = OpenapiParameters::Header.new(header_parameters).unpack_env(env)
-      validation_result = operation.schemas.header_parameters_schema.validate(unpacked_header_params)
-      OpenapiFirst.error!(400, :header, validation_result:) if validation_result.error?
+      schema_validation = operation.header_parameters_schema.validate(unpacked_header_params)
+      RequestValidation.fail!(400, :header, schema_validation:) if schema_validation.error?
       env[HEADER_PARAMS] = unpacked_header_params
     end
+
+    def validate_request_body!(operation, env)
+      RequestBodyValidator.new(operation, env).validate! if operation.request_body
+    end
   end
 end

data/lib/openapi_first/request_validation_error.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module OpenapiFirst
+  class RequestValidationError
+    def initialize(status:, location:, message: nil, schema_validation: nil)
+      @status = status
+      @location = location
+      @message = message
+      @schema_validation = schema_validation
+    end
+
+    attr_reader :status, :request, :location, :schema_validation
+
+    def message
+      @message || schema_validation&.message || Rack::Utils::HTTP_STATUS_CODES[status]
+    end
+
+    def error_message
+      "#{TOPICS.fetch(location)} #{message}"
+    end
+
+    TOPICS = {
+      body: 'Request body invalid:',
+      query: 'Query parameter invalid:',
+      header: 'Header parameter invalid:',
+      path: 'Path segment invalid:',
+      cookie: 'Cookie value invalid:'
+    }.freeze
+    private_constant :TOPICS
+  end
+end

data/lib/openapi_first/response_validation.rb

@@ -65,10 +65,10 @@ module OpenapiFirst
 
       return unless definition.key?('schema')
 
-      validation = SchemaValidation.new(definition['schema'], openapi_version:)
+      validation = JsonSchema.new(definition['schema'], openapi_version:)
       value = unpacked_headers[name]
-      validation_result = validation.validate(value)
-      raise ResponseHeaderInvalidError, validation_result.message if validation_result.error?
+      schema_validation = validation.validate(value)
+      raise ResponseHeaderInvalidError, schema_validation.message if schema_validation.error?
     end
 
     def unpack_response_headers(response_header_definitions, response_headers)

data/lib/openapi_first/response_validator.rb

@@ -4,6 +4,7 @@ require_relative 'response_validation'
 require_relative 'router'
 
 module OpenapiFirst
+  # A class to run manual response validation
   class ResponseValidator
     def initialize(spec)
       @spec = spec

data/lib/openapi_first/router.rb

@@ -17,6 +17,7 @@ module OpenapiFirst
       @app = app
       @raise = options.fetch(:raise_error, false)
       @not_found = options.fetch(:not_found, :halt)
+      @error_response_class = options.fetch(:error_response, Config.default_options.error_response)
       spec = options.fetch(:spec)
       raise "You have to pass spec: when initializing #{self.class}" unless spec
 
@@ -61,21 +62,13 @@ module OpenapiFirst
       env[Rack::PATH_INFO] = Rack::Request.new(env).path
       @router.call(env)
     rescue BodyParsingError => e
-      handle_body_parsing_error(e)
-    ensure
-      env[Rack::PATH_INFO] = env.delete(ORIGINAL_PATH) if env[ORIGINAL_PATH]
-    end
-
-    def handle_body_parsing_error(_exception)
-      message = 'Failed to parse body as application/json'
+      message = e.message
       raise RequestInvalidError, message if @raise
 
-      error = {
-        status: 400,
-        title: message
-      }
-
-      ErrorResponse::Default.new(**error).finish
+      error = RequestValidationError.new(status: 400, location: :body, message:)
+      @error_response_class.new(env, error).render
+    ensure
+      env[Rack::PATH_INFO] = env.delete(ORIGINAL_PATH) if env[ORIGINAL_PATH]
     end
 
     def build_router(operations)
@@ -89,9 +82,8 @@ module OpenapiFirst
           )
         end
       end
-      raise_error = @raise
       Rack::Builder.app do
-        use(BodyParserMiddleware, raise_error:)
+        use(BodyParserMiddleware)
         run router
       end
     end

data/lib/openapi_first/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiFirst
-  VERSION = '1.0.0.beta4'
+  VERSION = '1.0.0.beta5'
 end

data/lib/openapi_first.rb

@@ -11,7 +11,8 @@ require_relative 'openapi_first/router'
 require_relative 'openapi_first/request_validation'
 require_relative 'openapi_first/response_validator'
 require_relative 'openapi_first/response_validation'
-require_relative 'openapi_first/default_error_response'
+require_relative 'openapi_first/error_responses/default'
+require_relative 'openapi_first/error_responses/json_api'
 
 module OpenapiFirst
   # The OpenAPI operation for the current request
@@ -35,18 +36,6 @@ module OpenapiFirst
   # The parsed request body
   REQUEST_BODY = 'openapi.parsed_request_body'
 
-  class << self
-    # Throws an error in the middle of the request validation to stop validation and send a response.
-    def error!(status, location = nil, title: nil, validation_result: nil)
-      throw :error, {
-        status:,
-        location:,
-        title: title || validation_result&.output&.fetch('error') || Rack::Utils::HTTP_STATUS_CODES[status],
-        validation_result:
-      }
-    end
-  end
-
   def self.load(spec_path, only: nil)
     resolved = Dir.chdir(File.dirname(spec_path)) do
       content = YAML.load_file(File.basename(spec_path))

data/openapi_first.gemspec

@@ -37,8 +37,8 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'hanami-router', '~> 2.0.0'
   spec.add_runtime_dependency 'json_refs', '~> 0.1', '>= 0.1.7'
   spec.add_runtime_dependency 'json_schemer', '~> 2.0.0'
-  spec.add_runtime_dependency 'multi_json', '~> 1.14'
-  spec.add_runtime_dependency 'openapi_parameters', '~> 0.2.2'
+  spec.add_runtime_dependency 'multi_json', '~> 1.15'
+  spec.add_runtime_dependency 'openapi_parameters', '>= 0.3.1', '< 2.0'
   spec.add_runtime_dependency 'rack', '>= 2.2', '< 4.0'
   spec.metadata = {
     'rubygems_mfa_required' => 'true'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openapi_first
 version: !ruby/object:Gem::Version
-  version: 1.0.0.beta4
+  version: 1.0.0.beta5
 platform: ruby
 authors:
 - Andreas Haller
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-25 00:00:00.000000000 Z
+date: 2023-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hanami-router
@@ -64,28 +64,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '1.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '1.15'
 - !ruby/object:Gem::Dependency
   name: openapi_parameters
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -153,22 +159,23 @@ files:
 - lib/openapi_first.rb
 - lib/openapi_first/body_parser_middleware.rb
 - lib/openapi_first/config.rb
-- lib/openapi_first/default_error_response.rb
 - lib/openapi_first/definition.rb
 - lib/openapi_first/error_response.rb
+- lib/openapi_first/error_responses/default.rb
+- lib/openapi_first/error_responses/json_api.rb
 - lib/openapi_first/errors.rb
+- lib/openapi_first/json_schema.rb
+- lib/openapi_first/json_schema/result.rb
 - lib/openapi_first/operation.rb
-- lib/openapi_first/operation_schemas.rb
 - lib/openapi_first/plugins.rb
 - lib/openapi_first/request_body_validator.rb
 - lib/openapi_first/request_validation.rb
+- lib/openapi_first/request_validation_error.rb
 - lib/openapi_first/response_validation.rb
 - lib/openapi_first/response_validator.rb
 - lib/openapi_first/router.rb
-- lib/openapi_first/schema_validation.rb
 - lib/openapi_first/string_keyed_hash.rb
 - lib/openapi_first/use_router.rb
-- lib/openapi_first/validation_result.rb
 - lib/openapi_first/version.rb
 - openapi_first.gemspec
 homepage: https://github.com/ahx/openapi_first

data/lib/openapi_first/default_error_response.rb

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class DefaultErrorResponse < ErrorResponse
-    OpenapiFirst::Plugins.register_error_response(:default, self)
-
-    def body
-      MultiJson.dump({ errors: serialized_errors })
-    end
-
-    def serialized_errors
-      return default_errors unless validation_output
-
-      key = pointer_key
-      [
-        {
-          source: { key => pointer(validation_output['instanceLocation']) },
-          title: validation_output['error']
-        }
-      ]
-    end
-
-    def default_errors
-      [{
-        status: status.to_s,
-        title:
-      }]
-    end
-
-    def pointer_key
-      case location
-      when :request_body
-        :pointer
-      when :query, :path
-        :parameter
-      else
-        location
-      end
-    end
-
-    def pointer(data_pointer)
-      return data_pointer if location == :request_body
-
-      data_pointer.delete_prefix('/')
-    end
-  end
-end

data/lib/openapi_first/operation_schemas.rb

@@ -1,52 +0,0 @@
-# frozen_string_literal: true
-
-require 'openapi_parameters/parameter'
-require_relative 'schema_validation'
-
-module OpenapiFirst
-  # This class is basically a cache for JSON Schemas of parameters
-  class OperationSchemas
-    # @operation [OpenapiFirst::Operation]
-    def initialize(operation)
-      @operation = operation
-    end
-
-    attr_reader :operation
-
-    # Return JSON Schema of for all query parameters
-    def query_parameters_schema
-      @query_parameters_schema ||= build_json_schema(operation.query_parameters)
-    end
-
-    # Return JSON Schema of for all path parameters
-    def path_parameters_schema
-      @path_parameters_schema ||= build_json_schema(operation.path_parameters)
-    end
-
-    def header_parameters_schema
-      @header_parameters_schema ||= build_json_schema(operation.header_parameters)
-    end
-
-    def cookie_parameters_schema
-      @cookie_parameters_schema ||= build_json_schema(operation.cookie_parameters)
-    end
-
-    private
-
-    # Build JSON Schema for given parameter definitions
-    # @parameter_defs [Array<Hash>] Parameter definitions
-    def build_json_schema(parameter_defs)
-      init_schema = {
-        'type' => 'object',
-        'properties' => {},
-        'required' => []
-      }
-      schema = parameter_defs.each_with_object(init_schema) do |parameter_def, result|
-        parameter = OpenapiParameters::Parameter.new(parameter_def)
-        result['properties'][parameter.name] = parameter.schema if parameter.schema
-        result['required'] << parameter.name if parameter.required?
-      end
-      SchemaValidation.new(schema, openapi_version: operation.openapi_version)
-    end
-  end
-end

data/lib/openapi_first/validation_result.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  ValidationResult = Struct.new(:output, :schema, :data, keyword_init: true) do
-    def valid? = output['valid']
-    def error? = !output['valid']
-
-    # Returns a message that is used in exception messages.
-    def message
-      return if valid?
-
-      (output['errors']&.map { |e| e['error'] }&.join('. ') || output['error'])&.concat('.')
-    end
-  end
-end