openapi_first 1.0.0.beta6 → 1.0.0

data/lib/openapi_first/schema/validation_result.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative 'validation_error'
+
+module OpenapiFirst
+  class Schema
+    class ValidationResult
+      def initialize(validation, schema:, data:)
+        @validation = validation
+        @schema = schema
+        @data = data
+      end
+
+      attr_reader :schema, :data
+
+      def error? = @validation.any?
+
+      def errors
+        @errors ||= @validation.map do |err|
+          ValidationError.new(err)
+        end
+      end
+
+      # Returns a message that is used in exception messages.
+      def message
+        return unless error?
+
+        errors.map(&:error).join('. ')
+      end
+    end
+  end
+end

data/lib/openapi_first/{definition/schema.rb → schema.rb}

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'json_schemer'
-require_relative 'schema/result'
+require_relative 'schema/validation_result'
 
 module OpenapiFirst
   class Schema
@@ -19,19 +19,23 @@ module OpenapiFirst
         access_mode: write ? 'write' : 'read',
         meta_schema: SCHEMAS.fetch(openapi_version),
         insert_property_defaults: true,
-        output_format: 'detailed',
+        output_format: 'classic',
         before_property_validation: method(:before_property_validation)
       )
     end
 
     def validate(data)
-      Result.new(
-        output: @schemer.validate(data),
+      ValidationResult.new(
+        @schemer.validate(data),
         schema:,
         data:
       )
     end
 
+    def [](key)
+      @schema[key]
+    end
+
     private
 
     def before_property_validation(data, property, property_schema, parent)

data/lib/openapi_first/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiFirst
-  VERSION = '1.0.0.beta6'
+  VERSION = '1.0.0'
 end

data/lib/openapi_first.rb

@@ -1,47 +1,51 @@
 # frozen_string_literal: true
 
 require 'yaml'
+require 'multi_json'
 require 'json_refs'
-require_relative 'openapi_first/config'
+require_relative 'openapi_first/errors'
+require_relative 'openapi_first/configuration'
 require_relative 'openapi_first/plugins'
 require_relative 'openapi_first/definition'
 require_relative 'openapi_first/version'
-require_relative 'openapi_first/errors'
-require_relative 'openapi_first/router'
-require_relative 'openapi_first/request_validation'
-require_relative 'openapi_first/response_validator'
-require_relative 'openapi_first/response_validation'
-require_relative 'openapi_first/error_responses/default'
-require_relative 'openapi_first/error_responses/json_api'
+require_relative 'openapi_first/error_response'
+require_relative 'openapi_first/middlewares/response_validation'
+require_relative 'openapi_first/middlewares/request_validation'
 
 module OpenapiFirst
-  # The OpenAPI operation for the current request
-  OPERATION = 'openapi.operation'
+  extend Plugins
 
-  # Merged parsed path and query parameters
-  PARAMS = 'openapi.params'
+  class << self
+    def configuration
+      @configuration ||= Configuration.new
+    end
 
-  # Parsed query parameters
-  QUERY_PARAMS = 'openapi.query'
+    def configure
+      yield configuration
+    end
+  end
 
-  # Parsed path parameters
-  PATH_PARAMS = 'openapi.path_params'
+  # Key in rack to find instance of RuntimeRequest
+  REQUEST = 'openapi.request'
 
-  # Parsed header parameters, except for Content-Type, Accept and Authorization
-  HEADER_PARAMS = 'openapi.headers'
+  def self.load(spec_path, only: nil)
+    resolved = Bundle.resolve(spec_path)
+    resolved['paths'].filter!(&->(key, _) { only.call(key) }) if only
+    Definition.new(resolved, spec_path)
+  end
 
-  # Parsed cookie parameter values
-  COOKIE_PARAMS = 'openapi.cookies'
+  module Bundle
+    def self.resolve(spec_path)
+      Dir.chdir(File.dirname(spec_path)) do
+        content = load_file(File.basename(spec_path))
+        JsonRefs.call(content, resolve_local_ref: true, resolve_file_ref: true)
+      end
+    end
 
-  # The parsed request body
-  REQUEST_BODY = 'openapi.parsed_request_body'
+    def self.load_file(spec_path)
+      return MultiJson.load(File.read(spec_path)) if File.extname(spec_path) == '.json'
 
-  def self.load(spec_path, only: nil)
-    resolved = Dir.chdir(File.dirname(spec_path)) do
-      content = YAML.load_file(File.basename(spec_path))
-      JsonRefs.call(content, resolve_local_ref: true, resolve_file_ref: true)
+      YAML.unsafe_load_file(spec_path)
     end
-    resolved['paths'].filter!(&->(key, _) { only.call(key) }) if only
-    Definition.new(resolved, spec_path)
   end
 end

data/openapi_first.gemspec

@@ -17,7 +17,8 @@ Gem::Specification.new do |spec|
   if spec.respond_to?(:metadata)
     spec.metadata['https://github.com/ahx/openapi_first'] = spec.homepage
     spec.metadata['source_code_uri'] = 'https://github.com/ahx/openapi_first'
-    spec.metadata['changelog_uri'] = 'https://github.com/ahx/openapi_first/blob/master/CHANGELOG.md'
+    spec.metadata['changelog_uri'] = 'https://github.com/ahx/openapi_first/blob/main/CHANGELOG.md'
+    spec.metadata['rubygems_mfa_required'] = 'true'
   else
     raise 'RubyGems 2.0 or newer is required to protect against ' \
           'public gem pushes.'
@@ -38,12 +39,9 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 3.1.1'
 
   spec.add_runtime_dependency 'json_refs', '~> 0.1', '>= 0.1.7'
-  spec.add_runtime_dependency 'json_schemer', '~> 2.0.0'
+  spec.add_runtime_dependency 'json_schemer', '~> 2.1.0'
   spec.add_runtime_dependency 'multi_json', '~> 1.15'
   spec.add_runtime_dependency 'mustermann-contrib', '~> 3.0.0'
   spec.add_runtime_dependency 'openapi_parameters', '>= 0.3.2', '< 2.0'
   spec.add_runtime_dependency 'rack', '>= 2.2', '< 4.0'
-  spec.metadata = {
-    'rubygems_mfa_required' => 'true'
-  }
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openapi_first
 version: !ruby/object:Gem::Version
-  version: 1.0.0.beta6
+  version: 1.0.0
 platform: ruby
 authors:
 - Andreas Haller
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-11-16 00:00:00.000000000 Z
+date: 2024-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json_refs
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -126,14 +126,14 @@ files:
 - Gemfile
 - Gemfile.lock
 - Gemfile.rack2
+- Gemfile.rack2.lock
 - LICENSE.txt
 - README.md
 - lib/openapi_first.rb
 - lib/openapi_first/body_parser.rb
-- lib/openapi_first/config.rb
+- lib/openapi_first/configuration.rb
 - lib/openapi_first/definition.rb
 - lib/openapi_first/definition/cookie_parameters.rb
-- lib/openapi_first/definition/has_content.rb
 - lib/openapi_first/definition/header_parameters.rb
 - lib/openapi_first/definition/operation.rb
 - lib/openapi_first/definition/parameters.rb
@@ -142,26 +142,34 @@ files:
 - lib/openapi_first/definition/query_parameters.rb
 - lib/openapi_first/definition/request_body.rb
 - lib/openapi_first/definition/response.rb
-- lib/openapi_first/definition/schema.rb
-- lib/openapi_first/definition/schema/result.rb
+- lib/openapi_first/definition/responses.rb
 - lib/openapi_first/error_response.rb
-- lib/openapi_first/error_responses/default.rb
-- lib/openapi_first/error_responses/json_api.rb
 - lib/openapi_first/errors.rb
+- lib/openapi_first/failure.rb
+- lib/openapi_first/middlewares/request_validation.rb
+- lib/openapi_first/middlewares/response_validation.rb
 - lib/openapi_first/plugins.rb
-- lib/openapi_first/request_body_validator.rb
-- lib/openapi_first/request_validation.rb
-- lib/openapi_first/request_validation_error.rb
-- lib/openapi_first/response_validation.rb
-- lib/openapi_first/response_validator.rb
-- lib/openapi_first/router.rb
-- lib/openapi_first/use_router.rb
+- lib/openapi_first/plugins/default.rb
+- lib/openapi_first/plugins/default/error_response.rb
+- lib/openapi_first/plugins/jsonapi.rb
+- lib/openapi_first/plugins/jsonapi/error_response.rb
+- lib/openapi_first/request_validation/request_body_validator.rb
+- lib/openapi_first/request_validation/validator.rb
+- lib/openapi_first/response_validation/validator.rb
+- lib/openapi_first/runtime_request.rb
+- lib/openapi_first/runtime_response.rb
+- lib/openapi_first/schema.rb
+- lib/openapi_first/schema/validation_error.rb
+- lib/openapi_first/schema/validation_result.rb
 - lib/openapi_first/version.rb
 - openapi_first.gemspec
 homepage: https://github.com/ahx/openapi_first
 licenses:
 - MIT
 metadata:
+  https://github.com/ahx/openapi_first: https://github.com/ahx/openapi_first
+  source_code_uri: https://github.com/ahx/openapi_first
+  changelog_uri: https://github.com/ahx/openapi_first/blob/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
@@ -174,11 +182,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 3.1.1
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Implement REST APIs based on OpenApi 3.x

data/lib/openapi_first/config.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class Config
-    def initialize(error_response: :default, request_validation_raise_error: false)
-      @error_response = Plugins.find_error_response(error_response)
-      @request_validation_raise_error = request_validation_raise_error
-    end
-
-    attr_reader :error_response, :request_validation_raise_error
-
-    def self.default_options
-      @default_options ||= new
-    end
-
-    def self.default_options=(options)
-      @default_options = new(**options)
-    end
-  end
-end

data/lib/openapi_first/definition/has_content.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-require_relative 'schema'
-
-module OpenapiFirst
-  module HasContent
-    def schema_for(content_type)
-      return unless content&.any?
-
-      content_schemas&.fetch(content_type) do
-        type = content_type.split(';')[0]
-        content_schemas[type] || content_schemas["#{type.split('/')[0]}/*"] || content_schemas['*/*']
-      end
-    end
-
-    private
-
-    def content
-      raise NotImplementedError
-    end
-
-    def schema_write?
-      raise NotImplementedError
-    end
-
-    def content_schemas
-      @content_schemas ||= content&.each_with_object({}) do |kv, result|
-        type, media_type = kv
-        schema_object = media_type['schema']
-        next unless schema_object
-
-        result[type] = Schema.new(schema_object, write: schema_write?,
-                                                 openapi_version: @operation.openapi_version)
-      end
-    end
-  end
-end

data/lib/openapi_first/definition/schema/result.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class Schema
-    Result = Struct.new(:output, :schema, :data, keyword_init: true) do
-      def valid? = output['valid']
-      def error? = !output['valid']
-
-      # Returns a message that is used in exception messages.
-      def message
-        return if valid?
-
-        (output['errors']&.map { |e| e['error'] }&.join('. ') || output['error'])
-      end
-    end
-  end
-end

data/lib/openapi_first/error_responses/default.rb

@@ -1,58 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  module ErrorResponses
-    class Default < ErrorResponse
-      OpenapiFirst::Plugins.register_error_response(:default, self)
-
-      def body
-        MultiJson.dump({ errors: serialized_errors })
-      end
-
-      def content_type
-        'application/json'
-      end
-
-      def serialized_errors
-        return default_errors unless validation_output
-
-        key = pointer_key
-        validation_errors&.map do |error|
-          {
-            status: status.to_s,
-            source: { key => pointer(error['instanceLocation']) },
-            title: error['error']
-          }
-        end
-      end
-
-      def validation_errors
-        validation_output['errors'] || [validation_output]
-      end
-
-      def default_errors
-        [{
-          status: status.to_s,
-          title: message
-        }]
-      end
-
-      def pointer_key
-        case location
-        when :body
-          :pointer
-        when :query, :path
-          :parameter
-        else
-          location
-        end
-      end
-
-      def pointer(data_pointer)
-        return data_pointer if location == :body
-
-        data_pointer.delete_prefix('/')
-      end
-    end
-  end
-end

data/lib/openapi_first/error_responses/json_api.rb

@@ -1,58 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  module ErrorResponses
-    class JsonApi < ErrorResponse
-      OpenapiFirst::Plugins.register_error_response(:json_api, self)
-
-      def body
-        MultiJson.dump({ errors: serialized_errors })
-      end
-
-      def content_type
-        'application/vnd.api+json'
-      end
-
-      def serialized_errors
-        return default_errors unless validation_output
-
-        key = pointer_key
-        validation_errors&.map do |error|
-          {
-            status: status.to_s,
-            source: { key => pointer(error['instanceLocation']) },
-            title: error['error']
-          }
-        end
-      end
-
-      def validation_errors
-        validation_output['errors'] || [validation_output]
-      end
-
-      def default_errors
-        [{
-          status: status.to_s,
-          title: message
-        }]
-      end
-
-      def pointer_key
-        case location
-        when :body
-          :pointer
-        when :query, :path
-          :parameter
-        else
-          location
-        end
-      end
-
-      def pointer(data_pointer)
-        return data_pointer if location == :body
-
-        data_pointer.delete_prefix('/')
-      end
-    end
-  end
-end

data/lib/openapi_first/request_body_validator.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class RequestBodyValidator
-    def initialize(operation, env)
-      @operation = operation
-      @env = env
-    end
-
-    def validate!
-      request_body = @operation.request_body
-      return unless request_body
-
-      request_content_type = Rack::Request.new(@env).content_type
-      schema = request_body.schema_for(request_content_type)
-      RequestValidation.fail!(415, :header) unless schema
-
-      parsed_request_body = BodyParser.new.parse_body(@env)
-      RequestValidation.fail!(400, :body) if request_body.required? && parsed_request_body.nil?
-
-      validate_body!(parsed_request_body, schema)
-      parsed_request_body
-    rescue BodyParsingError => e
-      RequestValidation.fail!(400, :body, message: e.message)
-    end
-
-    private
-
-    def validate_body!(parsed_request_body, schema)
-      request_body_schema = schema
-      return unless request_body_schema
-
-      schema_validation = request_body_schema.validate(parsed_request_body)
-      RequestValidation.fail!(400, :body, schema_validation:) if schema_validation.error?
-    end
-  end
-end

data/lib/openapi_first/request_validation.rb

@@ -1,122 +0,0 @@
-# frozen_string_literal: true
-
-require 'rack'
-require 'multi_json'
-require_relative 'use_router'
-require_relative 'error_response'
-require_relative 'request_body_validator'
-require_relative 'request_validation_error'
-require 'openapi_parameters'
-
-module OpenapiFirst
-  # A Rack middleware to validate requests against an OpenAPI API description
-  class RequestValidation
-    prepend UseRouter
-
-    FAIL = :request_validation_failed
-    private_constant :FAIL
-
-    # @param status [Integer] The intended HTTP status code (usually 400)
-    # @param location [Symbol] One of :body, :header, :cookie, :query, :path
-    # @param schema_validation [OpenapiFirst::Schema::Result]
-    def self.fail!(status, location, message: nil, schema_validation: nil)
-      throw FAIL, RequestValidationError.new(
-        status:,
-        location:,
-        message:,
-        schema_validation:
-      )
-    end
-
-    # @param app The parent Rack application
-    # @param options An optional Hash of configuration options to override defaults
-    #   :error_response A Boolean indicating whether to raise an error if validation fails.
-    #                   default: OpenapiFirst::ErrorResponses::Default (Config.default_options.error_response)
-    #   :raise_error    The Class to use for error responses.
-    #                   default: false (Config.default_options.request_validation_raise_error)
-    def initialize(app, options = {})
-      @app = app
-      @raise = options.fetch(:raise_error, Config.default_options.request_validation_raise_error)
-      @error_response_class =
-        Plugins.find_error_response(options.fetch(:error_response, Config.default_options.error_response))
-    end
-
-    def call(env)
-      operation = env[OPERATION]
-      return @app.call(env) unless operation
-
-      error = validate_request(operation, env)
-      if error
-        raise RequestInvalidError, error.error_message if @raise
-
-        return @error_response_class.new(env, error).render
-      end
-
-      @app.call(env)
-    end
-
-    private
-
-    def validate_request(operation, env)
-      catch(FAIL) do
-        env[PARAMS] = {}
-        validate_parameters!(operation, env)
-        validate_request_body!(operation, env)
-        nil
-      end
-    end
-
-    def validate_parameters!(operation, env)
-      validate_query_params!(operation, env)
-      validate_path_params!(operation, env)
-      validate_cookie_params!(operation, env)
-      validate_header_params!(operation, env)
-    end
-
-    def validate_path_params!(operation, env)
-      parameters = operation.path_parameters
-      return unless parameters
-
-      unpacked_params = parameters.unpack(env)
-      schema_validation = parameters.schema.validate(unpacked_params)
-      RequestValidation.fail!(400, :path, schema_validation:) if schema_validation.error?
-      env[PATH_PARAMS] = unpacked_params
-      env[PARAMS].merge!(unpacked_params)
-    end
-
-    def validate_query_params!(operation, env)
-      parameters = operation.query_parameters
-      return unless parameters
-
-      unpacked_params = parameters.unpack(env)
-      schema_validation = parameters.schema.validate(unpacked_params)
-      RequestValidation.fail!(400, :query, schema_validation:) if schema_validation.error?
-      env[QUERY_PARAMS] = unpacked_params
-      env[PARAMS].merge!(unpacked_params)
-    end
-
-    def validate_cookie_params!(operation, env)
-      parameters = operation.cookie_parameters
-      return unless parameters
-
-      unpacked_params = parameters.unpack(env)
-      schema_validation = parameters.schema.validate(unpacked_params)
-      RequestValidation.fail!(400, :cookie, schema_validation:) if schema_validation.error?
-      env[COOKIE_PARAMS] = unpacked_params
-    end
-
-    def validate_header_params!(operation, env)
-      parameters = operation.header_parameters
-      return unless parameters
-
-      unpacked_params = parameters.unpack(env)
-      schema_validation = parameters.schema.validate(unpacked_params)
-      RequestValidation.fail!(400, :header, schema_validation:) if schema_validation.error?
-      env[HEADER_PARAMS] = unpacked_params
-    end
-
-    def validate_request_body!(operation, env)
-      env[REQUEST_BODY] = RequestBodyValidator.new(operation, env).validate!
-    end
-  end
-end

data/lib/openapi_first/request_validation_error.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-module OpenapiFirst
-  class RequestValidationError
-    def initialize(status:, location:, message: nil, schema_validation: nil)
-      @status = status
-      @location = location
-      @message = message
-      @schema_validation = schema_validation
-    end
-
-    attr_reader :status, :request, :location, :schema_validation
-
-    def message
-      @message || schema_validation&.message || Rack::Utils::HTTP_STATUS_CODES[status]
-    end
-
-    def error_message
-      "#{TOPICS.fetch(location)} #{message}"
-    end
-
-    TOPICS = {
-      body: 'Request body invalid:',
-      query: 'Query parameter invalid:',
-      header: 'Header parameter invalid:',
-      path: 'Path segment invalid:',
-      cookie: 'Cookie value invalid:'
-    }.freeze
-    private_constant :TOPICS
-  end
-end