openapi_first 1.0.0.beta5 → 1.0.0

data/lib/openapi_first/config.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class Config
-    def initialize(error_response: :default, request_validation_raise_error: false)
-      @error_response = Plugins.find_error_response(error_response)
-      @request_validation_raise_error = request_validation_raise_error
-    end
-
-    attr_reader :error_response, :request_validation_raise_error
-
-    def self.default_options
-      @default_options ||= new
-    end
-
-    def self.default_options=(options)
-      @default_options = new(**options)
-    end
-  end
-end

data/lib/openapi_first/error_responses/default.rb

@@ -1,58 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  module ErrorResponses
-    class Default < ErrorResponse
-      OpenapiFirst::Plugins.register_error_response(:default, self)
-
-      def body
-        MultiJson.dump({ errors: serialized_errors })
-      end
-
-      def content_type
-        'application/json'
-      end
-
-      def serialized_errors
-        return default_errors unless validation_output
-
-        key = pointer_key
-        validation_errors&.map do |error|
-          {
-            status: status.to_s,
-            source: { key => pointer(error['instanceLocation']) },
-            title: error['error']
-          }
-        end
-      end
-
-      def validation_errors
-        validation_output['errors'] || [validation_output]
-      end
-
-      def default_errors
-        [{
-          status: status.to_s,
-          title: message
-        }]
-      end
-
-      def pointer_key
-        case location
-        when :body
-          :pointer
-        when :query, :path
-          :parameter
-        else
-          location
-        end
-      end
-
-      def pointer(data_pointer)
-        return data_pointer if location == :body
-
-        data_pointer.delete_prefix('/')
-      end
-    end
-  end
-end

data/lib/openapi_first/error_responses/json_api.rb

@@ -1,58 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  module ErrorResponses
-    class JsonApi < ErrorResponse
-      OpenapiFirst::Plugins.register_error_response(:json_api, self)
-
-      def body
-        MultiJson.dump({ errors: serialized_errors })
-      end
-
-      def content_type
-        'application/vnd.api+json'
-      end
-
-      def serialized_errors
-        return default_errors unless validation_output
-
-        key = pointer_key
-        validation_errors&.map do |error|
-          {
-            status: status.to_s,
-            source: { key => pointer(error['instanceLocation']) },
-            title: error['error']
-          }
-        end
-      end
-
-      def validation_errors
-        validation_output['errors'] || [validation_output]
-      end
-
-      def default_errors
-        [{
-          status: status.to_s,
-          title: message
-        }]
-      end
-
-      def pointer_key
-        case location
-        when :body
-          :pointer
-        when :query, :path
-          :parameter
-        else
-          location
-        end
-      end
-
-      def pointer(data_pointer)
-        return data_pointer if location == :body
-
-        data_pointer.delete_prefix('/')
-      end
-    end
-  end
-end

data/lib/openapi_first/json_schema/result.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class JsonSchema
-    Result = Struct.new(:output, :schema, :data, keyword_init: true) do
-      def valid? = output['valid']
-      def error? = !output['valid']
-
-      # Returns a message that is used in exception messages.
-      def message
-        return if valid?
-
-        (output['errors']&.map { |e| e['error'] }&.join('. ') || output['error'])
-      end
-    end
-  end
-end

data/lib/openapi_first/operation.rb

@@ -1,170 +0,0 @@
-# frozen_string_literal: true
-
-require 'forwardable'
-require 'set'
-require_relative 'json_schema'
-
-module OpenapiFirst
-  class Operation # rubocop:disable Metrics/ClassLength
-    extend Forwardable
-    def_delegators :operation_object,
-                   :[],
-                   :dig
-
-    WRITE_METHODS = Set.new(%w[post put patch delete]).freeze
-    private_constant :WRITE_METHODS
-
-    attr_reader :path, :method, :openapi_version
-
-    def initialize(path, request_method, path_item_object, openapi_version:)
-      @path = path
-      @method = request_method
-      @path_item_object = path_item_object
-      @openapi_version = openapi_version
-    end
-
-    def operation_id
-      operation_object['operationId']
-    end
-
-    def read?
-      !write?
-    end
-
-    def write?
-      WRITE_METHODS.include?(method)
-    end
-
-    def request_body
-      operation_object['requestBody']
-    end
-
-    def response_body_schema(status, content_type)
-      content = response_for(status)['content']
-      return if content.nil? || content.empty?
-
-      raise ResponseInvalid, "Response has no content-type for '#{name}'" unless content_type
-
-      media_type = find_content_for_content_type(content, content_type)
-
-      unless media_type
-        message = "Response content type not found '#{content_type}' for '#{name}'"
-        raise ResponseContentTypeNotFoundError, message
-      end
-      schema = media_type['schema']
-      return unless schema
-
-      JsonSchema.new(schema, write: false, openapi_version:)
-    end
-
-    def request_body_schema(request_content_type)
-      (@request_body_schema ||= {})[request_content_type] ||= begin
-        content = operation_object.dig('requestBody', 'content')
-        media_type = find_content_for_content_type(content, request_content_type)
-        schema = media_type&.fetch('schema', nil)
-        JsonSchema.new(schema, write: write?, openapi_version:) if schema
-      end
-    end
-
-    def response_for(status)
-      response_content = response_by_code(status)
-      return response_content if response_content
-
-      message = "Response status code or default not found: #{status} for '#{name}'"
-      raise OpenapiFirst::ResponseCodeNotFoundError, message
-    end
-
-    def name
-      @name ||= "#{method.upcase} #{path} (#{operation_id})"
-    end
-
-    def valid_request_content_type?(request_content_type)
-      content = operation_object.dig('requestBody', 'content')
-      return false unless content
-
-      !!find_content_for_content_type(content, request_content_type)
-    end
-
-    def query_parameters
-      @query_parameters ||= all_parameters.filter { |p| p['in'] == 'query' }
-    end
-
-    def path_parameters
-      @path_parameters ||= all_parameters.filter { |p| p['in'] == 'path' }
-    end
-
-    IGNORED_HEADERS = Set['Content-Type', 'Accept', 'Authorization'].freeze
-    private_constant :IGNORED_HEADERS
-
-    def header_parameters
-      @header_parameters ||= all_parameters.filter { |p| p['in'] == 'header' && !IGNORED_HEADERS.include?(p['name']) }
-    end
-
-    def cookie_parameters
-      @cookie_parameters ||= all_parameters.filter { |p| p['in'] == 'cookie' }
-    end
-
-    def all_parameters
-      @all_parameters ||= begin
-        parameters = @path_item_object['parameters']&.dup || []
-        parameters_on_operation = operation_object['parameters']
-        parameters.concat(parameters_on_operation) if parameters_on_operation
-        parameters
-      end
-    end
-
-    # Return JSON Schema of for all query parameters
-    def query_parameters_schema
-      @query_parameters_schema ||= build_json_schema(query_parameters)
-    end
-
-    # Return JSON Schema of for all path parameters
-    def path_parameters_schema
-      @path_parameters_schema ||= build_json_schema(path_parameters)
-    end
-
-    def header_parameters_schema
-      @header_parameters_schema ||= build_json_schema(header_parameters)
-    end
-
-    def cookie_parameters_schema
-      @cookie_parameters_schema ||= build_json_schema(cookie_parameters)
-    end
-
-    private
-
-    # Build JSON Schema for given parameter definitions
-    # @parameter_defs [Array<Hash>] Parameter definitions
-    def build_json_schema(parameter_defs)
-      init_schema = {
-        'type' => 'object',
-        'properties' => {},
-        'required' => []
-      }
-      schema = parameter_defs.each_with_object(init_schema) do |parameter_def, result|
-        parameter = OpenapiParameters::Parameter.new(parameter_def)
-        result['properties'][parameter.name] = parameter.schema if parameter.schema
-        result['required'] << parameter.name if parameter.required?
-      end
-      JsonSchema.new(schema, openapi_version:)
-    end
-
-    def response_by_code(status)
-      operation_object.dig('responses', status.to_s) ||
-        operation_object.dig('responses', "#{status / 100}XX") ||
-        operation_object.dig('responses', "#{status / 100}xx") ||
-        operation_object.dig('responses', 'default')
-    end
-
-    def operation_object
-      @path_item_object[method]
-    end
-
-    def find_content_for_content_type(content, request_content_type)
-      content.fetch(request_content_type) do |_|
-        type = request_content_type.split(';')[0]
-        content[type] || content["#{type.split('/')[0]}/*"] || content['*/*']
-      end
-    end
-  end
-end

data/lib/openapi_first/request_body_validator.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class RequestBodyValidator
-    def initialize(operation, env)
-      @operation = operation
-      @env = env
-      @parsed_request_body = env[REQUEST_BODY]
-    end
-
-    def validate!
-      content_type = Rack::Request.new(@env).content_type
-      validate_request_content_type!(@operation, content_type)
-      validate_request_body!(@operation, @parsed_request_body, content_type)
-    end
-
-    private
-
-    def validate_request_content_type!(operation, content_type)
-      operation.valid_request_content_type?(content_type) || RequestValidation.fail!(415, :header)
-    end
-
-    def validate_request_body!(operation, body, content_type)
-      validate_request_body_presence!(body, operation)
-      return if content_type.nil?
-
-      schema = operation&.request_body_schema(content_type)
-      return unless schema
-
-      schema_validation = schema.validate(body)
-      RequestValidation.fail!(400, :body, schema_validation:) if schema_validation.error?
-      body
-    end
-
-    def validate_request_body_presence!(body, operation)
-      return unless operation.request_body['required'] && body.nil?
-
-      RequestValidation.fail!(400, :body)
-    end
-  end
-end

data/lib/openapi_first/request_validation.rb

@@ -1,118 +0,0 @@
-# frozen_string_literal: true
-
-require 'rack'
-require 'multi_json'
-require_relative 'use_router'
-require_relative 'error_response'
-require_relative 'request_body_validator'
-require_relative 'string_keyed_hash'
-require_relative 'request_validation_error'
-require 'openapi_parameters'
-
-module OpenapiFirst
-  # A Rack middleware to validate requests against an OpenAPI API description
-  class RequestValidation
-    prepend UseRouter
-
-    FAIL = :request_validation_failed
-    private_constant :FAIL
-
-    # @param status [Integer] The intended HTTP status code (usually 400)
-    # @param location [Symbol] One of :body, :header, :cookie, :query, :path
-    # @param schema_validation [OpenapiFirst::JsonSchema::Result]
-    def self.fail!(status, location, schema_validation: nil)
-      throw FAIL, RequestValidationError.new(
-        status:,
-        location:,
-        schema_validation:
-      )
-    end
-
-    # @param app The parent Rack application
-    # @param options An optional Hash of configuration options to override defaults
-    #   :error_response A Boolean indicating whether to raise an error if validation fails.
-    #                   default: OpenapiFirst::ErrorResponses::Default (Config.default_options.error_response)
-    #   :raise_error    The Class to use for error responses.
-    #                   default: false (Config.default_options.request_validation_raise_error)
-    def initialize(app, options = {})
-      @app = app
-      @raise = options.fetch(:raise_error, Config.default_options.request_validation_raise_error)
-      @error_response_class =
-        Plugins.find_error_response(options.fetch(:error_response, Config.default_options.error_response))
-    end
-
-    def call(env)
-      operation = env[OPERATION]
-      return @app.call(env) unless operation
-
-      error = validate_request(operation, env)
-      if error
-        raise RequestInvalidError, error.error_message if @raise
-
-        return @error_response_class.new(env, error).render
-      end
-      @app.call(env)
-    end
-
-    private
-
-    def validate_request(operation, env)
-      catch(FAIL) do
-        env[PARAMS] = {}
-        validate_query_params!(operation, env)
-        validate_path_params!(operation, env)
-        validate_cookie_params!(operation, env)
-        validate_header_params!(operation, env)
-        validate_request_body!(operation, env)
-        nil
-      end
-    end
-
-    def validate_path_params!(operation, env)
-      path_parameters = operation.path_parameters
-      return if path_parameters.empty?
-
-      hashy = StringKeyedHash.new(env[Router::RAW_PATH_PARAMS])
-      unpacked_path_params = OpenapiParameters::Path.new(path_parameters).unpack(hashy)
-      schema_validation = operation.path_parameters_schema.validate(unpacked_path_params)
-      RequestValidation.fail!(400, :path, schema_validation:) if schema_validation.error?
-      env[PATH_PARAMS] = unpacked_path_params
-      env[PARAMS].merge!(unpacked_path_params)
-    end
-
-    def validate_query_params!(operation, env)
-      query_parameters = operation.query_parameters
-      return if operation.query_parameters.empty?
-
-      unpacked_query_params = OpenapiParameters::Query.new(query_parameters).unpack(env['QUERY_STRING'])
-      schema_validation = operation.query_parameters_schema.validate(unpacked_query_params)
-      RequestValidation.fail!(400, :query, schema_validation:) if schema_validation.error?
-      env[QUERY_PARAMS] = unpacked_query_params
-      env[PARAMS].merge!(unpacked_query_params)
-    end
-
-    def validate_cookie_params!(operation, env)
-      cookie_parameters = operation.cookie_parameters
-      return unless cookie_parameters&.any?
-
-      unpacked_params = OpenapiParameters::Cookie.new(cookie_parameters).unpack(env['HTTP_COOKIE'])
-      schema_validation = operation.cookie_parameters_schema.validate(unpacked_params)
-      RequestValidation.fail!(400, :cookie, schema_validation:) if schema_validation.error?
-      env[COOKIE_PARAMS] = unpacked_params
-    end
-
-    def validate_header_params!(operation, env)
-      header_parameters = operation.header_parameters
-      return if header_parameters.empty?
-
-      unpacked_header_params = OpenapiParameters::Header.new(header_parameters).unpack_env(env)
-      schema_validation = operation.header_parameters_schema.validate(unpacked_header_params)
-      RequestValidation.fail!(400, :header, schema_validation:) if schema_validation.error?
-      env[HEADER_PARAMS] = unpacked_header_params
-    end
-
-    def validate_request_body!(operation, env)
-      RequestBodyValidator.new(operation, env).validate! if operation.request_body
-    end
-  end
-end

data/lib/openapi_first/request_validation_error.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class RequestValidationError
-    def initialize(status:, location:, message: nil, schema_validation: nil)
-      @status = status
-      @location = location
-      @message = message
-      @schema_validation = schema_validation
-    end
-
-    attr_reader :status, :request, :location, :schema_validation
-
-    def message
-      @message || schema_validation&.message || Rack::Utils::HTTP_STATUS_CODES[status]
-    end
-
-    def error_message
-      "#{TOPICS.fetch(location)} #{message}"
-    end
-
-    TOPICS = {
-      body: 'Request body invalid:',
-      query: 'Query parameter invalid:',
-      header: 'Header parameter invalid:',
-      path: 'Path segment invalid:',
-      cookie: 'Cookie value invalid:'
-    }.freeze
-    private_constant :TOPICS
-  end
-end

data/lib/openapi_first/response_validation.rb

@@ -1,93 +0,0 @@
-# frozen_string_literal: true
-
-require 'multi_json'
-require_relative 'use_router'
-
-module OpenapiFirst
-  class ResponseValidation
-    prepend UseRouter
-
-    def initialize(app, _options = {})
-      @app = app
-    end
-
-    def call(env)
-      operation = env[OPERATION]
-      return @app.call(env) unless operation
-
-      response = @app.call(env)
-      validate(response, operation)
-      response
-    end
-
-    def validate(response, operation)
-      status, headers, body = response.to_a
-      return validate_status_only(operation, status) if status == 204
-
-      content_type = headers[Rack::CONTENT_TYPE]
-      response_schema = operation.response_body_schema(status, content_type)
-      validate_response_body(response_schema, body) if response_schema
-      validate_response_headers(operation, status, headers)
-    end
-
-    private
-
-    def validate_status_only(operation, status)
-      operation.response_for(status)
-    end
-
-    def validate_response_body(schema, response)
-      full_body = +''
-      response.each { |chunk| full_body << chunk }
-      data = full_body.empty? ? {} : load_json(full_body)
-      validation = schema.validate(data)
-      raise ResponseBodyInvalidError, validation.message if validation.error?
-    end
-
-    def validate_response_headers(operation, status, response_headers)
-      response_header_definitions = operation.response_for(status)&.dig('headers')
-      return unless response_header_definitions
-
-      unpacked_headers = unpack_response_headers(response_header_definitions, response_headers)
-      response_header_definitions.each do |name, definition|
-        next if name == 'Content-Type'
-
-        validate_response_header(name, definition, unpacked_headers, openapi_version: operation.openapi_version)
-      end
-    end
-
-    def validate_response_header(name, definition, unpacked_headers, openapi_version:)
-      unless unpacked_headers.key?(name)
-        raise ResponseHeaderInvalidError, "Required response header '#{name}' is missing" if definition['required']
-
-        return
-      end
-
-      return unless definition.key?('schema')
-
-      validation = JsonSchema.new(definition['schema'], openapi_version:)
-      value = unpacked_headers[name]
-      schema_validation = validation.validate(value)
-      raise ResponseHeaderInvalidError, schema_validation.message if schema_validation.error?
-    end
-
-    def unpack_response_headers(response_header_definitions, response_headers)
-      headers_as_parameters = response_header_definitions.map do |name, definition|
-        definition.merge('name' => name)
-      end
-      OpenapiParameters::Header.new(headers_as_parameters).unpack(response_headers)
-    end
-
-    def format_response_error(error)
-      return "Write-only field appears in response: #{error['data_pointer']}" if error['type'] == 'writeOnly'
-
-      JSONSchemer::Errors.pretty(error)
-    end
-
-    def load_json(string)
-      MultiJson.load(string)
-    rescue MultiJson::ParseError
-      string
-    end
-  end
-end

data/lib/openapi_first/response_validator.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-require_relative 'response_validation'
-require_relative 'router'
-
-module OpenapiFirst
-  # A class to run manual response validation
-  class ResponseValidator
-    def initialize(spec)
-      @spec = spec
-      @router = Router.new(->(_env) {}, spec:, raise_error: true)
-      @response_validation = ResponseValidation.new(->(response) { response.to_a })
-    end
-
-    def validate(request, response)
-      env = request.env.dup
-      @router.call(env)
-      @response_validation.validate(response, env[OPERATION])
-    end
-  end
-end