openapi_first 1.3.1 → 1.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f7e9e0bad95211ba2b4f103089abc40d0e7fc46a24f7ce8e57318ba489655637
-  data.tar.gz: f1d28fbaa79a4eb7e00b242eb9bd89a78789bbb04742e0b87501ac454fb1cf47
+  metadata.gz: d004ac9e317cce0a7d9df95e49b3abbe435e9dab2f23d91880b29cb670ece06f
+  data.tar.gz: c8a1b0ee8238adbf6869aa4a81f642fa0bae0091eabab63417ee142df50ded47
 SHA512:
-  metadata.gz: f225e3a49d7f582e0f82822b2c9acbcd6008b6cc2464971e1485ef75ec12e508effc2165b6afc91535e27bc9bb9004f92fb160218f7295b0f45c3f58946ed616
-  data.tar.gz: 4c6ef209df4816361bed148f33b4e55ace50a5481172913c5760d014b09247adf74ffdbd2422ae930cd889494fe941c20d492835863d52a9dde67a75c1bd8622
+  metadata.gz: 2e937d066ee559653a60c28b910da5f02def4b73cbb653673c89b2402f96f2dbe79aad482e4c92c23270d0cf9b9e8b35b2423770abc89590056bcd9b5d16332d
+  data.tar.gz: edab0f813f6e98f2db2e245d6d306b0218e678a5ff0e8b22330d6bb69354011d4c254a9e38b2bf15869294b7f9e5d2b19eb7511079665f414b15f2f3da8b2357

data/CHANGELOG.md

@@ -0,0 +1,310 @@
+# Changelog
+
+## Unreleased
+
+## 1.3.2
+
+### Changed
+
+- The response definition is found even if the status is defined as an Integer instead of a String. This is not provided for in the OAS specification, but is often done this way, because of YAML.
+
+### Fixed
+
+- Reduced initial load time for composed API descriptions [#232](https://github.com/ahx/openapi_first/pull/232)
+- Chore: Add Readme back to gem. Add link to docs.
+
+## 1.3.1
+
+- Fixed warning about duplicated constant
+
+## 1.3.0
+
+No breaking changes
+
+New features:
+
+- Added new API: `Definition#validate_request`, `Definition#validate_response`, `RuntimeRequest#validate_response` (see readme) [#222](https://github.com/ahx/openapi_first/pull/222)
+
+Fixes:
+
+- Manual response validation (without the middleware) just works in Rails' request tests now. [#224](https://github.com/ahx/openapi_first/pull/224)
+
+## 1.2.0
+
+No breaking changes
+
+- Added `OpenapiFirst.parse(hash)` to load ("parse") a resolved/de-referenced Hash
+- Added support for unescaped special characters in the path params (https://github.com/ahx/openapi_first/pull/217)
+- Added `operation` to `RuntimeRequest` by [@MrBananaLord](https://github.com/ahx/openapi_first/pull/216)
+
+## 1.1.1
+
+- Fix reading response body for example when running Rails (`ActionDispatch::Response::RackBody`)
+- Add `known?`, `status`, `body`, `headers`, `content_type` methods to inspect the parsed response (`RuntimeResponse`)
+- Add `OpenapiFirst::ParseError` which is raised by low-level interfaces like `request.body` if the body could not be parsed.
+- Add "code" field to errors in JSON:API error response
+
+## 1.1.0 (yanked)
+
+## 1.0.0
+
+- Breaking: The default error uses application/problem+json content-type
+- Breaking: Moved rack middlewares to OpenapiFirst::Middlewares
+- Breaking: Rename OpenapiFirst::ResponseInvalid to OpenapiFirst::ResponseInvalidError
+- Breaking: Remove OpenapiFirst::Router
+- Breaking: Remove `env[OpenapiFirst::OPERATION]`. Use `env[OpenapiFirst::REQUEST]` instead.
+- Breaking: Remove `env[OpenapiFirst::REQUEST_BODY]`, `env[OpenapiFirst::PARAMS]`. Use `env[OpenapiFirst::REQUEST].body env[OpenapiFirst::REQUEST].params` instead.
+- Add interface to validate requests / responses without middlewares (see "Manual validation" in README)
+- Add OpenapiFirst.configure
+- Add OpenapiFirst.register, OpenapiFirst.plugin
+- Fix response header validation with Rack 3
+- Fixed: Add support for paths like `/{a}..{b}`
+
+## 1.0.0.beta6
+
+- Fix: Make response header validation work with rack 3
+- Refactor router
+  - Remove dependency hanami-router
+  - PathItem and Operation for a request can be found by calling methods on the Definitnion
+- Fixed https://github.com/ahx/openapi_first/issues/155
+- Breaking / Regression: A paths like /pets/{from}-{to} if there is a path "/pets/{id}"
+
+## 1.0.0.beta5
+
+- Added: `OpenapiFirst::Config.default_options=` to set default options globally
+- Added: You can define custom error responses by subclassing `OpenapiFirst::ErrorResponse` and register it via `OpenapiFirst.register_error_response(name, MyCustomErrorResponse)`
+
+## 1.0.0.beta4
+
+- Update json_schemer to version 2.0
+- Breaking: Requires Ruby 3.1 or later
+- Added: Parameters are available at `env[OpenapiFirst::PATH_PARAMS]`, `env[OpenapiFirst::QUERY_PARAMS]`, `env[OpenapiFirst::HEADER_PARAMS]`, `env[OpenapiFirst::COOKIE_PARAMS]` in case you need to access them separately. Merged path and query parameters are still available at `env[OpenapiFirst::PARAMS]`
+- Breaking / Added: ResponseValidation now validates response headers
+- Breaking / Added: RequestValidation now validates cookie, path and header parameters
+- Breaking: multipart File uploads are now read and then validated
+- Breaking: Remove OpenapiFirst.env method
+- Breaking: Request validation returns 400 instead of 415 if request body is required, but empty
+
+## 1.0.0.beta3
+
+- Remove obsolete dependency: deep_merge
+- Remove obsolete dependency: hanami-utils
+
+## 1.0.0.beta2
+
+- Fixed dependencies. Remove unused code.
+
+## 1.0.0.beta1
+
+- Removed: `OpenapiFirst::Responder` and `OpenapiFirst::RackResponder`
+- Removed: `OpenapiFirst.app` and `OpenapiFirst.middleware`
+- Removed: `OpenapiFirst::Coverage`
+- Breaking: Parsed query and path parameters are available at `env[OpenapiFirst::PARAMS]`(or `env['openapi.params']`) instead of `OpenapiFirst::PARAMETERS`.
+- Breaking: Request body and parameters now use string keys instead of symbols!
+- Breaking: Query parameters are now parsed exactly like in the API description via the openapi_parameters gem. This means a couple of things:
+  - Query parameters now support `explode: true` (default) and `explode: false` for array and object parameters.
+  - Query parameters with brackets like 'filter[tag]' are no longer deconstructed into nested hashes, but accessible via the `filter[tag]` key.
+  - Query parameters are no longer interpreted as `style: deepObject` by default. If you want to use `style: deepObject`, for example to pass a nested hash as a query parameter like `filter[tag]`, you have to set `style: deepObject` explicitly.
+- Path parameters are now parsed exactly as in the API description via the openapi_parameters gem.
+
+## 0.21.0
+
+- Fix: Query parameter validation does not fail if header parameters are defined (Thanks to [JF Lalonde](https://github.com/JF-Lalonde))
+- Update Ruby dependency to >= 3.0.5
+- Handle simple form-data in request bodies (see https://github.com/ahx/openapi_first/issues/149)
+- Update to hanami-router 2.0.0 stable
+
+## 0.20.0
+
+- You can pass a filepath to `spec:` now so you no longer have to call `OpenapiFirst.load` anymore.
+- Router is optional now.
+  You no longer have to add `Router` to your middleware stack. You still can add it to customize behaviour by setting options, but you no longer have to add it.
+  If you don't add the Router, make sure you pass `spec:` to your request/response validation middleware.
+- Support "4xx" and "4XX" response definitions.
+  (4XX is defined in the standard, but 2xx is used in the wild as well 🦁.)
+- Removed warning about missing operationId, because operationId is not used until the Responder is used.
+- Raise HandlerNotFoundError when handler cannot be found
+
+## 0.19.0
+
+- Add `RackResponder`
+
+- BREAKING CHANGE: Handler classes are now instantiated only once without any arguments and the same instance is called on each following call/request.
+
+## 0.18.0
+
+Yanked. No useful changes.
+
+## 0.17.0
+
+- BREAKING CHANGE: Use a Hash instead of named arguments for middleware options for better compatibility
+  Using named arguments is actually not supported in Rack.
+
+## 0.16.1
+
+- Pin hanami-router version, because alpha6 is broken.
+
+## 0.16.0
+
+- Support status code wildcards like "2XX", "4XX"
+
+## 0.15.0
+
+- Populate default parameter values
+
+## 0.14.3
+
+- Use json_refs to resolve OpenAPI file. This removes oas_parser and ActiveSupport from list of dependencies
+
+## 0.14.2
+
+- Empty query parameters are parsed and request validation returns 400 if an empty string is not allowed. Note that this does not look at `allowEmptyValue` in any way, because allowEmptyValue is deprecated.
+
+## 0.14.1
+
+- Fix: Don't mix path- and operation-level parameters for request validation
+
+## 0.14.0
+
+- Handle custom x-handler field in the API description to find a handler method not based on operationId
+- Add `resolver` option to provide a custom resolver to find a handler method
+
+## 0.13.3
+
+- Better error message if string does not match format
+- readOnly and writeOnly just works when used inside allOf
+
+## 0.13.2
+
+- Return indicator (`source: { parameter: 'list/1' }`) in error response body when array item in query parameter is invalid
+
+## 0.13.0
+
+- Add support for arrays in query parameters (style: form, explode: false)
+- Remove warning when handler is not implemented
+
+## 0.12.5
+
+- Add `not_found: :continue` option to Router to make it do nothing if request is unknown
+
+## 0.12.4
+
+- content-type is found while ignoring additional content-type parameters (`application/json` is found when request/response content-type is `application/json; charset=UTF8`)
+- Support wildcard mime-types when finding the content-type
+
+## 0.12.3
+
+- Add `response_validation:`, `router_raise_error` options to standalone mode.
+
+## 0.12.2
+
+- Allow response to have no media type object specified
+
+## 0.12.1
+
+- Fix response when handler returns 404 or 405
+- Don't validate the response content if status is 204 (no content)
+
+## 0.12.0
+
+- Change `ResponseValidator` to raise an exception if it found a problem
+- Params have symbolized keys now
+- Remove `not_found` option from Router. Return 405 if HTTP verb is not allowed (via Hanami::Router)
+- Add `raise_error` option to OpenapiFirst.app (false by default)
+- Add ResponseValidation to OpenapiFirst.app if raise_error option is true
+- Rename `raise` option to `raise_error`
+- Add `raise_error` option to RequestValidation middleware
+- Raise error if handler could not be found by Responder
+- Add `Operation#name` that returns a human readable name for an operation
+
+## 0.11.0
+
+- Raise error if you forgot to add the Router middleware
+- Make OpenapiFirst.app raise an error in test env when request path is not specified
+- Rename OperationResolver to Responder
+- Add ResponseValidation middleware that validates the response body
+- Add `raise` option to Router middleware to raise an error if request could not be found in the API description similar to committee's raise option.
+- Move namespace option from Router to OperationResolver
+
+## 0.10.2
+
+- Return 400 if request body has invalid JSON ([issue](https://github.com/ahx/openapi_first/issues/73)) thanks Thomas Frütel
+
+## 0.10.1
+
+- Fix duplicated key in `required` when generating JSON schema for `some[thing]` parameters
+
+## 0.10.0
+
+- Add support for query parameters named `"some[thing]"` ([issue](https://github.com/ahx/openapi_first/issues/40))
+
+## 0.9.0
+
+- Make request validation usable standalone
+
+## 0.8.0
+
+- Add merged parameter and request body available to env at `env[OpenapiFirst::INBOX]` in request validation
+- Path and query parameters with `type: boolean` now get converted to `true`/`false`
+- Rename `OpenapiFirst::PARAMS` to `OpenapiFirst::PARAMETERS`
+
+## 0.7.1
+
+- Add missing `require` to work with new version of `oas_parser`
+
+## 0.7.0
+
+- Make use of hanami-router, because it's fast
+- Remove option `allow_unknown_query_paramerters`
+- Move the namespace option to Router
+- Convert numeric path and query parameters to `Integer` or `Float`
+- Pass the Rack env if your action class' initializers accepts an argument
+- Respec rack's `env['SCRIPT_NAME']` in router
+- Add MIT license
+
+## 0.6.10
+
+- Bugfix: params.env['unknown'] now returns `nil` as expected. Thanks @tristandruyen.
+
+## 0.6.9
+
+- Removed radix tree, because of a bug (https://github.com/namusyaka/r2ree-ruby/issues/2)
+
+## 0.6.8
+
+- Performance: About 25% performance increase (i/s) with help of c++ based radix-tree and some optimizations
+- Update dependencies
+
+## 0.6.7
+
+- Fix: version number of oas_parser
+
+## 0.6.6
+
+- Remove warnings for Ruby 2.7
+
+## 0.6.5
+
+- Merge QueryParameterValidation and ReqestBodyValidation middlewares into RequestValidation
+- Rename option to `allow_unknown_query_paramerters`
+
+## 0.6.4
+
+- Fix: Rewind request body after reading
+
+## 0.6.3
+
+- Add option to parse only certain paths from OAS file
+
+## 0.6.2
+
+- Add support to map operationIds like `things#index` or `web.things_index`
+
+## 0.6.1
+
+- Make ResponseValidator errors easier to read
+
+## 0.6.0
+
+- Set the content-type based on the OpenAPI description [#29](https://github.com/ahx/openapi-first/pull/29)
+- Add CHANGELOG 📝

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Andreas Haller
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,262 @@
+# openapi_first
+
+OpenapiFirst helps to implement HTTP APIs based on an [OpenAPI](https://www.openapis.org/) API description. It supports OpenAPI 3.0 and 3.1. It offers request and response validation and it ensures that your implementation follows exactly the API description.
+
+## Contents
+
+<!-- TOC -->
+
+- [Rack Middlewares](#rack-middlewares)
+  - [Request validation](#request-validation)
+  - [Response validation](#response-validation)
+- [Manual use](#manual-use)
+  - [Validate request](#validate-request)
+  - [Validate response](#validate-response)
+- [Configuration](#configuration)
+- [Framework integration](#framework-integration)
+- [Alternatives](#alternatives)
+- [Development](#development)
+  - [Benchmarks](#benchmarks)
+  - [Contributing](#contributing)
+
+<!-- /TOC -->
+
+## Rack Middlewares
+
+All middlewares add a _request_ object to the current Rack env at `env[OpenapiFirst::REQUEST]`), which is in an instance of `OpenapiFirst::RuntimeRequest` that responds to `.params`, `.parsed_body` etc.
+
+This gives you access to the converted request parameters and body exaclty as described in your API description instead of relying on Rack alone to parse the request. This only includes query parameters that are defined in the API description. It supports every [`style` and `explode` value as described](https://spec.openapis.org/oas/latest.html#style-examples) in the OpenAPI 3.0 and 3.1 specs.
+
+### Request validation
+
+The request validation middleware returns a 4xx if the request is invalid or not defined in the API description.
+
+```ruby
+use OpenapiFirst::Middlewares::RequestValidation, spec: 'openapi.yaml'
+```
+
+#### Options
+
+| Name              | Possible values                                                          | Description                                                                                                                         |
+| :---------------- | ------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------- |
+| `spec:`           |                                                                          | The path to the spec file or spec loaded via `OpenapiFirst.load`                                                                    |
+| `raise_error:`    | `false` (default), `true`                                                | If set to true the middleware raises `OpenapiFirst::RequestInvalidError` or `OpenapiFirst::NotFoundError` instead of returning 4xx. |
+| `error_response:` | `:default` (default), `:jsonapi`, Your implementation of `ErrorResponse` |
+
+#### Error responses
+
+openapi_first produces a useful machine readable error response that can be customized.
+The default response looks like this. See also [RFC 9457](https://www.rfc-editor.org/rfc/rfc9457).
+
+```json
+http-status: 400
+content-type: "application/problem+json"
+
+{
+  "title": "Bad Request Body",
+  "status": 400,
+  "errors": [
+    {
+      "message": "value at `/data/name` is not a string",
+      "pointer": "/data/name",
+      "code": "string"
+    },
+    {
+      "message": "number at `/data/numberOfLegs` is less than: 2",
+      "pointer": "/data/numberOfLegs",
+      "code": "minimum"
+    },
+    {
+      "message": "object at `/data` is missing required properties: mandatory",
+      "pointer": "/data",
+      "code": "required"
+    }
+  ]
+}
+```
+
+openapi_first offers a [JSON:API](https://jsonapi.org/) error response as well:
+
+```ruby
+use OpenapiFirst::Middlewares::RequestValidation, spec: 'openapi.yaml, error_response: :jsonapi'
+```
+
+<details>
+<summary>See details of JSON:API error response</summary>
+
+```json
+// http-status: 400
+// content-type: "application/vnd.api+json"
+
+{
+  "errors": [
+    {
+      "status": "400",
+      "source": {
+        "pointer": "/data/name"
+      },
+      "title": "value at `/data/name` is not a string",
+      "code": "string"
+    },
+    {
+      "status": "400",
+      "source": {
+        "pointer": "/data/numberOfLegs"
+      },
+      "title": "number at `/data/numberOfLegs` is less than: 2",
+      "code": "minimum"
+    },
+    {
+      "status": "400",
+      "source": {
+        "pointer": "/data"
+      },
+      "title": "object at `/data` is missing required properties: mandatory",
+      "code": "required"
+    }
+  ]
+}
+```
+
+</details>
+
+#### Custom error responses
+
+You can build your own custom error response with `error_response: MyCustomClass` that implements `OpenapiFirst::ErrorResponse`.
+
+#### readOnly / writeOnly properties
+
+Request validation fails if request includes a property with `readOnly: true`.
+
+Response validation fails if response body includes a property with `writeOnly: true`.
+
+### Response validation
+
+This middleware is especially useful when testing. It _always_ raises an error if the response is not valid.
+
+```ruby
+use OpenapiFirst::Middlewares::ResponseValidation, spec: 'openapi.yaml' if ENV['RACK_ENV'] == 'test'
+```
+
+#### Options
+
+| Name    | Possible values | Description                                                      |
+| :------ | --------------- | ---------------------------------------------------------------- |
+| `spec:` |                 | The path to the spec file or spec loaded via `OpenapiFirst.load` |
+
+## Manual use
+
+Load the API description:
+
+```ruby
+require 'openapi_first'
+
+definition = OpenapiFirst.load('openapi.yaml')
+```
+
+### Validate request
+
+```ruby
+# Find and validate request
+rack_request = Rack::Request.new(env)
+request = definition.validate_request(rack_request)
+# Or raise an exception if validation fails:
+request = definition.validate_request(rack_request, raise_error: true) # Raises OpenapiFirst::RequestInvalidError or OpenapiFirst::NotFoundError if request is invalid
+
+# Inspect the request and access parsed parameters
+request.known? # Is the request defined in the API description?
+request.valid? # => true / false
+request.error # => Failure object if request is invalid
+request.body # alias: parsed_body
+request.path_parameters # => { "pet_id" => 42 }
+request.query # alias: query_parameters
+request.params # Merged path and query parameters
+request.headers
+request.cookies
+request.content_type
+request.request_method # => "get"
+request.path # => "/pets/42"
+```
+
+### Validate response
+
+```ruby
+# Find and validate the response
+rack_response = Rack::Response[*app.call(env)]
+response = definition.validate_response(rack_request, rack_response)
+
+# Raise an exception if validation fails:
+response = definition.validate_response(rack_request,rack_response, raise_error: true) # Raises OpenapiFirst::ResponseInvalidError or OpenapiFirst::ResponseNotFoundError
+# Or you can also call a method on the request object mentioned above
+request.validate_response(rack_response)
+
+# Inspect the response and access parsed parameters and
+response.known? # Is the response defined in the API description?
+response.valid? # => true / false
+response.error # => Failure object if response is invalid
+response.body
+request.headers
+response.status # => 200
+response.content_type
+```
+
+OpenapiFirst uses [`multi_json`](https://rubygems.org/gems/multi_json).
+
+## Configuration
+
+You can configure default options globally:
+
+```ruby
+OpenapiFirst.configure do |config|
+  # Specify which plugin is used to render error responses returned by the request validation middleware (defaults to :default)
+  config.request_validation_error_response = :jsonapi
+  # Configure if the request validation middleware should raise an exception (defaults to false)
+  config.request_validation_raise_error = true
+end
+```
+
+## Framework integration
+
+Using rack middlewares is supported in probably all Ruby web frameworks.
+If you are using Ruby on Rails for example, you can add the request validation middleware globally in `config/application.rb` or inside specific controllers.
+
+When running integration tests (or request specs when using rspec), it makes sense to add the response validation middleware to `config/environments/test.rb`:
+
+```ruby
+config.middleware.use OpenapiFirst::Middlewares::ResponseValidation,
+  spec: 'api/openapi.yaml'
+```
+
+That way you don't have to call specific test assertions to make sure your API matches the OpenAPI document.
+There is no need to run response validation on production if your test coverage is decent.
+
+## Alternatives
+
+This gem was inspired by [committe](https://github.com/interagent/committee) (Ruby) and [Connexion](https://github.com/spec-first/connexion) (Python).
+Here is a [feature comparison between openapi_first and committee](https://gist.github.com/ahx/1538c31f0652f459861713b5259e366a).
+
+## Development
+
+Run `bin/setup` to install dependencies.
+
+See `bundle exec rake` to run the linter and the tests.
+
+Run `bundle exec rspec` to run the tests only.
+
+### Benchmarks
+
+[Results](https://gist.github.com/ahx/e6ffced58bd2e8d5baffb2f4d2c1f823)
+
+Run benchmarks:
+
+```sh
+cd benchmarks
+bundle
+bundle exec ruby benchmarks.rb
+```
+
+### Contributing
+
+If you have a question or an idea or found a bug don't hesitate to [create an issue](https://github.com/ahx/openapi_first/issues) or [start a discussion](https://github.com/ahx/openapi_first/discussions).
+
+Pull requests are very welcome as well, of course. Feel free to create a "draft" pull request early on, even if your change is still work in progress. 🤗

data/lib/openapi_first/configuration.rb

@@ -4,7 +4,7 @@ module OpenapiFirst
   # Global configuration. Currently only used for the request validation middleware.
   class Configuration
     def initialize
-      @request_validation_error_response = OpenapiFirst.plugin(:default)::ErrorResponse
+      @request_validation_error_response = OpenapiFirst.find_plugin(:default)::ErrorResponse
       @request_validation_raise_error = false
     end
 
@@ -13,7 +13,7 @@ module OpenapiFirst
 
     def request_validation_error_response=(mod)
       @request_validation_error_response = if mod.is_a?(Symbol)
-                                             OpenapiFirst.plugin(:default)::ErrorResponse
+                                             OpenapiFirst.find_plugin(:default)::ErrorResponse
                                            else
                                              mod
                                            end

data/lib/openapi_first/definition/responses.rb

@@ -66,6 +66,10 @@ module OpenapiFirst
       end
 
       def find_response_object(status)
+        # According to OAS status has to be a string,
+        # but there are a few API descriptions out there that use integers because of YAML.
+        return @responses_object[status] if @responses_object.key?(status)
+
         @responses_object[status.to_s] ||
           @responses_object["#{status / 100}XX"] ||
           @responses_object["#{status / 100}xx"] ||

data/lib/openapi_first/json_refs.rb

@@ -0,0 +1,143 @@
+# frozen_string_literal: true
+
+# This is a fork of the json_refs gem, which does not use
+# open-uri, does not call chdir and adds caching of files during dereferencing.
+# The original code is available at https://github.com/tzmfreedom/json_refs
+# See also https://github.com/tzmfreedom/json_refs/pull/11
+# The code was originally written by Makoto Tajitsu with the MIT License.
+#
+# The MIT License (MIT)
+
+# Copyright (c) 2017 Makoto Tajitsu
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'hana'
+require 'json'
+require 'yaml'
+
+module JsonRefs
+  class << self
+    def dereference(doc)
+      file_cache = {}
+      Dereferencer.new(Dir.pwd, doc, file_cache).call
+    end
+
+    def load(filename)
+      doc_dir = File.dirname(filename)
+      doc = Loader.handle(filename)
+      file_cache = {}
+      Dereferencer.new(doc_dir, doc, file_cache).call
+    end
+  end
+
+  module LocalRef
+    module_function
+
+    def call(path:, doc:)
+      Hana::Pointer.new(path[1..]).eval(doc)
+    end
+  end
+
+  module Loader
+    module_function
+
+    def handle(filename)
+      body = File.read(filename)
+      return JSON.parse(body) if File.extname(filename) == '.json'
+
+      YAML.unsafe_load(body)
+    end
+  end
+
+  class Dereferencer
+    def initialize(doc_dir, doc, file_cache)
+      @doc = doc
+      @doc_dir = doc_dir
+      @file_cache = file_cache
+    end
+
+    def call(doc = @doc, keys = [])
+      if doc.is_a?(Array)
+        doc.each_with_index do |value, idx|
+          call(value, keys + [idx])
+        end
+      elsif doc.is_a?(Hash)
+        if doc.key?('$ref')
+          dereference(keys, doc['$ref'])
+        else
+          doc.each do |key, value|
+            call(value, keys + [key])
+          end
+        end
+      end
+      doc
+    end
+
+    private
+
+    attr_reader :doc_dir
+
+    def dereference(paths, referenced_path)
+      key = paths.pop
+      target = paths.inject(@doc) do |obj, k|
+        obj[k]
+      end
+      value = follow_referenced_value(referenced_path)
+      target[key] = value
+    end
+
+    def follow_referenced_value(referenced_path)
+      value = referenced_value(referenced_path)
+      return referenced_value(value['$ref']) if value.is_a?(Hash) && value.key?('$ref')
+
+      value
+    end
+
+    def referenced_value(referenced_path)
+      filepath, pointer = referenced_path.split('#')
+      pointer&.prepend('#')
+      return dereference_local(pointer) if filepath.empty?
+
+      dereferenced_file = dereference_file(filepath)
+      return dereferenced_file if pointer.nil?
+
+      LocalRef.call(
+        path: pointer,
+        doc: dereferenced_file
+      )
+    end
+
+    def dereference_local(referenced_path)
+      LocalRef.call(path: referenced_path, doc: @doc)
+    end
+
+    def dereference_file(referenced_path)
+      referenced_path = File.expand_path(referenced_path, doc_dir) unless File.absolute_path?(referenced_path)
+      @file_cache[referenced_path] ||= load_referenced_file(referenced_path)
+    end
+
+    def load_referenced_file(absolute_path)
+      directory = File.dirname(absolute_path)
+
+      referenced_doc = Loader.handle(absolute_path)
+      Dereferencer.new(directory, referenced_doc, @file_cache).call
+    end
+  end
+end

data/lib/openapi_first/middlewares/request_validation.rb

@@ -22,6 +22,9 @@ module OpenapiFirst
         @definition = spec.is_a?(Definition) ? spec : OpenapiFirst.load(spec)
       end
 
+      # @attr_reader [Proc] app The upstream Rack application
+      attr_reader :app
+
       def call(env)
         request = find_request(env)
         return @app.call(env) unless request
@@ -40,7 +43,7 @@ module OpenapiFirst
       end
 
       def error_response(mod)
-        return OpenapiFirst.plugin(mod)::ErrorResponse if mod.is_a?(Symbol)
+        return OpenapiFirst.find_plugin(mod)::ErrorResponse if mod.is_a?(Symbol)
 
         mod || OpenapiFirst.configuration.request_validation_error_response
       end

data/lib/openapi_first/middlewares/response_validation.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'rack'
+
 module OpenapiFirst
   module Middlewares
     # A Rack middleware to validate requests against an OpenAPI API description
@@ -17,6 +18,9 @@ module OpenapiFirst
         @definition = spec.is_a?(Definition) ? spec : OpenapiFirst.load(spec)
       end
 
+      # @attr_reader [Proc] app The upstream Rack application
+      attr_reader :app
+
       def call(env)
         request = find_request(env)
         status, headers, body = @app.call(env)

data/lib/openapi_first/plugins.rb

@@ -7,13 +7,18 @@ module OpenapiFirst
   # @!visibility private
   module Plugins
     PLUGINS = {} # rubocop:disable Style/MutableConstant
+    private_constant :PLUGINS
 
     def register(name, klass)
-      PLUGINS[name] = klass
+      PLUGINS[name.to_sym] = klass
     end
 
     def plugin(name)
       require "openapi_first/plugins/#{name}"
+      PLUGINS.fetch(name.to_sym)
+    end
+
+    def find_plugin(name)
       PLUGINS.fetch(name)
     end
   end

data/lib/openapi_first/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiFirst
-  VERSION = '1.3.1'
+  VERSION = '1.3.2'
 end

data/lib/openapi_first.rb

@@ -2,7 +2,7 @@
 
 require 'yaml'
 require 'multi_json'
-require 'json_refs'
+require_relative 'openapi_first/json_refs'
 require_relative 'openapi_first/errors'
 require_relative 'openapi_first/configuration'
 require_relative 'openapi_first/plugins'
@@ -35,7 +35,7 @@ module OpenapiFirst
   # Load and dereference an OpenAPI spec file
   # @return [Definition]
   def self.load(filepath, only: nil)
-    resolved = bundle(filepath)
+    resolved = Bundle.resolve(filepath)
     parse(resolved, only:, filepath:)
   end
 
@@ -46,24 +46,13 @@ module OpenapiFirst
     Definition.new(resolved, filepath)
   end
 
-  # @!visibility private
-  def self.bundle(filepath)
-    Bundle.resolve(filepath)
-  end
-
   # @!visibility private
   module Bundle
     def self.resolve(spec_path)
-      Dir.chdir(File.dirname(spec_path)) do
-        content = load_file(File.basename(spec_path))
-        JsonRefs.call(content, resolve_local_ref: true, resolve_file_ref: true)
-      end
-    end
-
-    def self.load_file(spec_path)
-      return MultiJson.load(File.read(spec_path)) if File.extname(spec_path) == '.json'
-
-      YAML.unsafe_load_file(spec_path)
+      JsonRefs.load(spec_path)
     end
   end
 end
+
+OpenapiFirst.plugin(:default)
+OpenapiFirst.plugin(:jsonapi)

metadata

@@ -1,35 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: openapi_first
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.2
 platform: ruby
 authors:
 - Andreas Haller
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-31 00:00:00.000000000 Z
+date: 2024-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: json_refs
+  name: hana
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.1.7
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.1.7
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: json_schemer
   requirement: !ruby/object:Gem::Requirement
@@ -119,6 +113,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
 - lib/openapi_first.rb
 - lib/openapi_first/body_parser.rb
 - lib/openapi_first/configuration.rb
@@ -131,6 +128,7 @@ files:
 - lib/openapi_first/error_response.rb
 - lib/openapi_first/errors.rb
 - lib/openapi_first/failure.rb
+- lib/openapi_first/json_refs.rb
 - lib/openapi_first/middlewares/request_validation.rb
 - lib/openapi_first/middlewares/response_validation.rb
 - lib/openapi_first/plugins.rb
@@ -152,6 +150,7 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/ahx/openapi_first
+  documentation_uri: https://www.rubydoc.info/gems/openapi_first/
   source_code_uri: https://github.com/ahx/openapi_first
   changelog_uri: https://github.com/ahx/openapi_first/blob/main/CHANGELOG.md
   rubygems_mfa_required: 'true'