paramoid 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f528551c46f70a5d476cb1ddbbeb9e59687a7153112c8962a026ed896b6ba343
+  data.tar.gz: ebd4e70f7a7987afcc282db3ef47fbda33841be91e97d98e85874bc039c8047d
+SHA512:
+  metadata.gz: d4ab2dfeb44387a4c6bcf7de2aa05832d8efd792e4cefdf867039bc51b1c044554575b005f2b7c10b7fe82d7bfc1e5db0dab6dda4d34fd59256ea52c7721fff8
+  data.tar.gz: 43ab66b64849be0b6b5879705f58ed4a337729c15d0aa7313d8db9e6671356fa936b6f06d1e0e955b17d9b4386ef9382aabd386adfd839847aff5df886d2d64a

data/lib/paramoid/base.rb

@@ -0,0 +1,84 @@
+module Paramoid
+  class Base
+    # @param [ActionController::Parameters] params
+    def sanitize(params)
+      params = params.permit(*permitted_params)
+      scalar_params.transform_params!(params)
+      params = default_params.merge(params)
+      ensure_required_params!(params)
+    end
+
+    protected
+
+    # @param [Symbol] name
+    # @param [Symbol] as
+    # @param [Lambda | NilClass] transformer
+    def group!(name, as: nil, transformer: nil)
+      key = as || name
+      data = Object.new(name, key, nested: List.new, transformer: transformer)
+      context << data
+      return unless block_given?
+
+      old_context = context
+      @context = data
+      yield
+      @context = old_context
+    end
+
+    alias list! group!
+    alias array! group!
+
+    # @param [Array<Symbol>] names
+    def params!(*names, required: false)
+      names.each { |name| param! name, required: required }
+    end
+
+    def param!(name, as: nil, transformer: nil, default: nil, required: false)
+      key = as || name
+      data = Object.new(name, key, nested: nil, default: default, transformer: transformer, required: required)
+      context << data
+    end
+
+    def default!(name, value)
+      data = Object.new(name, name, nested: nil, default: value)
+      context << data
+    end
+
+    private
+
+    def context
+      @context ||= scalar_params
+    end
+
+    def default_params
+      scalar_params.to_defaults
+      # @default_params ||= {}.with_indifferent_access
+    end
+
+    def scalar_params
+      @scalar_params ||= List.new
+    end
+
+    def ensure_required_params!(params)
+      scalar_params.ensure_required_params!(params)
+      params
+    end
+
+    def transformers
+      @transformers ||= {}.with_indifferent_access
+    end
+
+    def permitted_params
+      scalar_params.to_params
+    end
+
+    def transformed_keys
+      @transformed_keys ||= scalar_params
+    end
+
+    # @param [ActionController::Parameters] params
+    def run_transformers!(params)
+      @transformers.each { |key, t| params[key] = t.call(params[key]) }
+    end
+  end
+end

data/lib/paramoid/controller.rb

@@ -0,0 +1,27 @@
+require 'action_controller'
+
+module Paramoid
+  module Controller
+    extend ActiveSupport::Concern
+
+    def sanitize_params!(&block)
+      if block_given?
+        sanitized = Paramoid::Base.new
+        sanitized.instance_exec(_paramoid_safe_current_user, &block)
+        sanitized.sanitize(params)
+      else
+        base_class_name = self.class.name.demodulize.gsub('Controller', '').singularize
+
+        "#{base_class_name}ParamsSanitizer".safe_constantize&.new(_paramoid_safe_current_user)&.sanitize(params)
+      end
+    end
+
+    private
+
+    def _paramoid_safe_current_user
+      respond_to?(:current_user, true) ? current_user : nil
+    end
+  end
+end
+
+ActionController::Base.include Paramoid::Controller if defined?(ActionController::Base)

data/lib/paramoid/list.rb

@@ -0,0 +1,25 @@
+module Paramoid
+  class List < Array
+    def to_params
+      list = reject(&:nested?).map(&:to_params)
+      nested = select(&:nested?).inject({}) { |a, b| a.merge!(b.to_params) }
+      nested.present? ? list << nested : list
+    end
+
+    def transform_params!(params)
+      each do |params_data|
+        params_data.transform_params! params
+      end
+    end
+
+    def to_defaults
+      inject({}) { |a, b| a.merge!(b.to_defaults) }
+    end
+
+    def ensure_required_params!(params)
+      each do |params_data|
+        params_data.ensure_required_params! params
+      end
+    end
+  end
+end

data/lib/paramoid/object.rb

@@ -0,0 +1,94 @@
+module Paramoid
+  class Object
+    # @return [Symbol] the parameter name
+    attr_reader :name
+    # @return [Symbol] the parameter alias
+    attr_reader :alias_name
+    # @return [Object] the parameter nested
+    attr_reader :nested
+    # @return [Object] the parameter default value
+    attr_reader :default
+    # @return [Lambda, NilClass] the transformer
+    attr_reader :transformer
+    # @return [TrueClass, FalseClass] required
+    attr_reader :required
+
+    # @param [Symbol] name
+    # @param [Symbol] alias_name
+    # @param [Object, NilClass] nested
+    # @param [Object] default
+    # @param [Lambda, NilClass] transformer
+    # @param [TrueClass, FalseClass] required
+    def initialize(name, alias_name, nested: nil, transformer: nil, default: nil, required: false)
+      @name = name
+      @alias = alias_name
+      @nested = nested
+      @default = default
+      @transformer = transformer
+      @required = required
+    end
+
+    # @param [Array, Hash] params
+    def transform_params!(params)
+      return if @alias == @name
+
+      if params.is_a?(Array)
+        params.each { |param| transform_params!(param) }
+        return
+      end
+
+      return unless params.key?(@name)
+
+      @nested.transform_params!(params[@name]) if nested?
+      params[@alias] = params.delete(@name) unless @alias == @name
+    end
+
+    def to_params
+      if nested?
+        { @name.to_sym => @nested.to_params }
+      else
+        @name
+      end
+    end
+
+    def to_required_params
+      if nested?
+        @nested.to_required_params
+      else
+        @required ? [@name] : []
+      end
+    end
+
+    def ensure_required_params!(params)
+      if @required
+        raise ActionController::ParameterMissing, output_key unless params&.key?(output_key)
+        raise ActionController::ParameterMissing, output_key if params[output_key].nil?
+      end
+
+      @nested.ensure_required_params!(params[output_key]) if nested?
+
+      params
+    end
+
+    def to_defaults
+      if nested?
+        nested_defaults = @nested.to_defaults
+        (nested_defaults.present? ? { output_key => @nested.to_defaults } : {}).with_indifferent_access
+      else
+        (@default ? { output_key => @default } : {}).with_indifferent_access
+      end
+    end
+
+    def output_key
+      @output_key ||= (@alias || @name).to_s
+    end
+
+    def <<(value)
+      @nested << value
+    end
+
+    def nested?
+      !@nested.nil?
+    end
+  end
+end

data/lib/paramoid/version.rb

@@ -0,0 +1,3 @@
+module Paramoid
+  VERSION = '1.0.0'
+end

data/lib/paramoid.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Paramoid
+  extend ActiveSupport::Autoload
+
+  autoload :Object
+  autoload :List
+  autoload :Base
+  # autoload :Controller
+end
+
+require 'paramoid/controller'

data/spec/paramoid/base_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+describe PersonParamsSanitizer, type: :controller do
+  let(:params) do
+    ActionController::Parameters.new(params_hash)
+  end
+
+  subject { described_class.new(user) }
+  let(:sanitized) { subject.sanitize(params) }
+
+  describe 'when params are valid' do
+    let(:user) { double(admin?: false) }
+    let(:params_hash) do
+      {
+        current_user_id: 2,
+        first_name: 'John',
+        last_name: 'Doe',
+        # TODO: Implement transformers
+        # email: 'Hello@MyCustomMAIL.COM',
+        role: 'some_role',
+        unwanted: 'hello',
+        an_object_filtered: { name: 'value' },
+        an_array_filtered: [{ name: 'value' }],
+        an_array_unfiltered: [1, 2, 3, 4, 5]
+      }
+    end
+
+    it 'filters out unwanted params' do
+      expect(sanitized).not_to have_key(:unwanted)
+    end
+
+    it 'filters out object values if it\'s not a group' do
+      expect(sanitized).not_to have_key('an_object_filtered')
+    end
+
+    it 'filters out object values if it\'s not an array' do
+      expect(sanitized).not_to have_key('an_array_filtered')
+    end
+
+    it 'keeps only allowed params' do
+      expect(sanitized).to eq(
+        {
+          'current_user_id' => 2,
+          'first_name' => 'John',
+          'last_name' => 'Doe',
+          # TODO: Implement transformers
+          # 'email' => 'hello@mycustommail.com',
+          'some_default' => 1,
+          'an_array_unfiltered' => [1, 2, 3, 4, 5]
+        }
+      )
+    end
+
+    context 'when the required value is not set' do
+      let(:params_hash) do
+        {}
+      end
+      it 'raises an error' do
+        expect { sanitized }.to raise_error(ActionController::ParameterMissing)
+      end
+    end
+
+    context 'when the default is set' do
+      let(:params_hash) do
+        { some_default: 2, current_user_id: 1 }
+      end
+      let 'it replaces the default value' do
+        expect(sanitized['some_default']).to eq(2)
+      end
+    end
+
+    context 'when the user is an admin' do
+      let(:user) { double(admin?: true) }
+
+      it 'keeps role param' do
+        expect(sanitized).to have_key('role')
+      end
+    end
+  end
+end

data/spec/paramoid/controller_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe 'controllers' do
+  let(:params_hash) do
+    {
+      current_user_id: 2,
+      first_name: 'John',
+      last_name: 'Doe',
+      # TODO: Implement transformers
+      # email: 'Hello@MyCustomMAIL.COM',
+      role: 'some_role',
+      unwanted: 'hello',
+      an_object_filtered: { name: 'value' },
+      an_array_filtered: [{ name: 'value' }],
+      an_array_unfiltered: [1, 2, 3, 4, 5]
+    }
+  end
+
+  describe PeopleInlineController, type: :controller do
+    let(:params) do
+      ActionController::Parameters.new(params_hash)
+    end
+
+    it 'sanitizes params in a block' do
+      allow_any_instance_of(described_class).to receive(:params).and_return(params)
+      expect_any_instance_of(Paramoid::Base).to receive(:instance_exec).and_call_original
+
+      subject.index
+    end
+  end
+
+  describe PeopleController, type: :controller do
+    let(:params) do
+      ActionController::Parameters.new(params_hash)
+    end
+
+    it 'sanitizes params in a block' do
+      allow_any_instance_of(described_class).to receive(:params).and_return(params)
+      expect_any_instance_of(PersonParamsSanitizer).to receive(:sanitize)
+      subject.index
+    end
+  end
+end

data/spec/paramoid/object_spec.rb

@@ -0,0 +1,123 @@
+require 'spec_helper'
+
+describe Paramoid::Object do
+  let(:name) { :some_param }
+  let(:alias_name) { :some_param }
+  let(:required) { false }
+  let(:default) { nil }
+  let(:transformer) { nil }
+  let(:nested) { nil }
+  subject do
+    described_class.new(name, alias_name, nested: nested, transformer: transformer, default: default,
+                                          required: required)
+  end
+  let(:sanitized) { subject.sanitize(params) }
+
+  describe '#to_params' do
+    it 'returns the name' do
+      expect(subject.to_params).to eq(name)
+    end
+
+    context 'when it\'s nested' do
+      let(:nested) { described_class.new(:nested, nil) }
+
+      it 'returns the child' do
+        expect(subject.to_params).to eq({ name => nested.to_params })
+      end
+    end
+  end
+
+  describe '#to_defaults' do
+    it 'returns an empty value' do
+      expect(subject.to_defaults).to eq({})
+    end
+
+    context 'when there\'s a default' do
+      let(:default) { 'some_default' }
+
+      it 'returns the default value' do
+        expect(subject.to_defaults).to eq({ name.to_s => default })
+      end
+
+      context 'when there\'s an alias' do
+        let(:alias_name) { :alias_name }
+
+        it 'returns the default value with the alias' do
+          expect(subject.to_defaults).to eq({ alias_name.to_s => default })
+        end
+      end
+    end
+
+    context 'when it\'s nested' do
+      let(:nested) { described_class.new(:nested, :nested, default: 'my_child_default') }
+
+      it 'returns the child' do
+        expect(subject.to_defaults).to eq({ name.to_s => nested.to_defaults })
+      end
+    end
+  end
+
+  describe '#to_required_params' do
+    it 'returns an empty list' do
+      expect(subject.to_required_params).to eq([])
+    end
+
+    context 'when it\'s required' do
+      let(:required) { true }
+
+      it 'returns the name' do
+        expect(subject.to_required_params).to eq([name])
+      end
+    end
+
+    context 'when it\'s nested' do
+      let(:nested) { described_class.new(:nested, nil, required: true) }
+
+      it 'returns the child' do
+        expect(subject.to_params).to eq({ name => nested.to_params })
+      end
+    end
+  end
+
+  describe '#ensure_required_params!' do
+    let(:params_hash) { { 'not_this_param' => 'some_value' } }
+    let(:params) { ActionController::Parameters.new(params_hash) }
+
+    it 'returns the params' do
+      expect(subject.ensure_required_params!(params)).to eq(params)
+    end
+
+    context 'when it\'s required' do
+      let(:required) { true }
+
+      it 'raises an error' do
+        expect do
+          subject.ensure_required_params!(params)
+        end.to raise_error(ActionController::ParameterMissing,
+                           'param is missing or the value is empty: some_param')
+      end
+    end
+
+    context 'when it\'s nested' do
+      let(:nested) { described_class.new(:nested, nil, required: true) }
+
+      it 'raises an error' do
+        expect do
+          subject.ensure_required_params!(params)
+        end.to raise_error(ActionController::ParameterMissing,
+                           'param is missing or the value is empty: nested')
+      end
+
+      context 'and it\'s required' do
+        let(:required) { true }
+
+        it 'raises an error on the parent param' do
+          expect do
+            subject.ensure_required_params!(params)
+          end.to raise_error(ActionController::ParameterMissing,
+                             'param is missing or the value is empty: some_param')
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require 'action_controller'
+require 'rspec'
+require 'paramoid'
+
+I18n.enforce_available_locales = false
+RSpec::Expectations.configuration.warn_about_potential_false_positives = false
+
+Dir[File.expand_path('support/*.rb', __dir__)].each { |f| require f }
+
+RSpec.configure do |config|
+end

data/spec/support/controllers.rb

@@ -0,0 +1,32 @@
+require 'ostruct'
+
+class PeopleInlineController < ActionController::Base
+  def index
+    create_params
+  end
+
+  protected
+
+  def create_params
+    sanitize_params! do
+      params! :first_name, :last_name
+      param! :email, transformer: ->(data) { data&.downcase }
+    end
+  end
+end
+
+class PeopleController < ActionController::Base
+  def index
+    create_params
+  end
+
+  protected
+
+  def current_user
+    OpenStruct.new(admin?: true)
+  end
+
+  def create_params
+    sanitize_params!
+  end
+end

data/spec/support/params.rb

@@ -0,0 +1,23 @@
+class PersonParamsSanitizer < Paramoid::Base
+  # @param [User] user
+  def initialize(user = nil)
+    params! :first_name, :last_name, :gender
+
+    param! :email, transformer: ->(data) { data&.downcase }
+
+    param! :current_user_id, required: true
+
+    param! :an_object_filtered
+    param! :an_array_filtered
+
+    array! :an_array_unfiltered
+
+    param! :role if user.admin?
+
+    default! :some_default, 1
+
+    group! :contact, as: :contact_attributes do
+      params! :id, :first_name, :last_name, :birth_date, :birth_place, :phone, :role, :fiscal_code
+    end
+  end
+end

metadata

@@ -0,0 +1,130 @@
+--- !ruby/object:Gem::Specification
+name: paramoid
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Mònade
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2022-05-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Paramoid is a gem that extends Rails Strong Parameters, allowing to declare
+  complex params structures with a super cool DSL, supporting required params, default
+  values, groups, arrays and more.
+email: team@monade.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/paramoid.rb
+- lib/paramoid/base.rb
+- lib/paramoid/controller.rb
+- lib/paramoid/list.rb
+- lib/paramoid/object.rb
+- lib/paramoid/version.rb
+- spec/paramoid/base_spec.rb
+- spec/paramoid/controller_spec.rb
+- spec/paramoid/object_spec.rb
+- spec/spec_helper.rb
+- spec/support/controllers.rb
+- spec/support/params.rb
+homepage: https://rubygems.org/gems/paramoid
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.33
+signing_key: 
+specification_version: 4
+summary: Getting paranoid about your Rails application params? Try paramoid!
+test_files:
+- spec/paramoid/base_spec.rb
+- spec/paramoid/controller_spec.rb
+- spec/paramoid/object_spec.rb
+- spec/spec_helper.rb
+- spec/support/controllers.rb
+- spec/support/params.rb