shaf 1.5.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21af40642344c3526a2b34df81fe891ce407ac8ef822e125938d8ecc415fcba0
-  data.tar.gz: 8be6b04b3a460979d6494fda33a5a88797b23d6c3266bb51e5505184b70707da
+  metadata.gz: 87353c742213c291ee2def2d0cc55c6743ef429d52655824935eb131f43c4868
+  data.tar.gz: 7cec9186f28226651cbc07d0310d945bb901573e5d992cc980ff9863f36c6d09
 SHA512:
-  metadata.gz: 505ab287d131637d261d3391eeb58517cfe9aa6160d1e51bfb619544299bfea360b90a63ffb1ad0d2c70edaf4da7ca64c84f4de3d624a001c07d2eb0fdb27c10
-  data.tar.gz: 8dc0a97ed2b062b8bbb85cbcdce50a624e42ca010c12638a998deb33d9e7d1438d18a04d58ac8cdb5339286f9744a2948f8c63e0f739636b61940c35b0b8f0db
+  metadata.gz: 7fb1521b3f4eba94982da604cd42996f9c744bda53cb04ba22fd92af02c687be0a3c3a1c22bd02a9f1478e633ef9d05e2334f212bcdb4a4a5aacb2bd9b203e61
+  data.tar.gz: 05eba3ff47be63a14be932312465410186407974b523c108e3bf759ec72bc94eaed3452571f397009261a12025243c19071bc7dea8b09078e0053284a7cd5dfd

data/lib/shaf.rb

@@ -1,7 +1,11 @@
+# frozen_string_literal: true
+
 require 'shaf/version'
+require 'shaf/logger'
 require 'shaf/settings'
 require 'shaf/command'
 require 'shaf/app'
+require 'shaf/supported_http_methods'
 require 'shaf/router'
 require 'shaf/errors'
 require 'shaf/formable'
@@ -9,3 +13,5 @@ require 'shaf/extensions'
 require 'shaf/helpers'
 require 'shaf/resource_doc'
 require 'shaf/upgrade'
+require 'shaf/profiles'
+require 'shaf/serializer'

data/lib/shaf/alps/attribute_serializer.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Shaf
+  module ALPS
+    class AttributeSerializer
+      attr_reader :attribute
+
+      def self.call(arg)
+        new(arg).to_hash
+      end
+
+      def initialize(attribute)
+        @attribute = attribute
+      end
+
+      def to_hash
+        {
+          id: attribute.id,
+          type: 'semantic',
+        }.merge(optional_properties)
+      end
+
+      private
+
+      def optional_properties
+        descriptors = serialized_descriptors
+        hash = {}
+        hash[:href] = attribute.href if attribute.href
+        hash[:doc] = { value: attribute.doc } if attribute.doc
+        hash[:name] = attribute.name.to_s if attribute.name
+        hash[:descriptor] = descriptors unless descriptors.empty?
+        hash
+      end
+
+      def serialized_descriptors
+        descriptors = attribute.attributes.map { |attr| self.class.call(attr) }
+        descriptors += attribute.relations.map { |rel| RelationSerializer.call(rel) }
+      end
+    end
+  end
+end

data/lib/shaf/alps/json_serializer.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'shaf/alps/attribute_serializer'
+require 'shaf/alps/relation_serializer'
+
+module Shaf
+  module ALPS
+    class JsonSerializer
+      ALPS_VERSION = '1.0'
+
+      def self.call(profile)
+        new(profile).to_hash
+      end
+
+      attr_reader :profile
+
+      def initialize(profile)
+        @profile = profile
+      end
+
+      def to_hash
+        {
+          alps: {
+            version: ALPS_VERSION,
+            doc: profile.doc,
+            descriptor: descriptors,
+          }.compact
+        }
+      end
+
+      private
+
+      def descriptors
+        attribute_descriptors + relation_descriptors
+      end
+
+      def attribute_descriptors
+        profile.attributes.map do |desc|
+          AttributeSerializer.call(desc)
+        end
+      end
+
+      def relation_descriptors
+        profile.relations.map do |desc|
+          RelationSerializer.call(desc)
+        end
+      end
+    end
+  end
+end

data/lib/shaf/alps/relation_serializer.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module Shaf
+  module ALPS
+    class RelationSerializer
+      SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
+      IDEMPOTENT_METHODS = ['PUT', 'PATCH', 'DELETE']
+      UNSAFE_METHODS = ['POST']
+
+      attr_reader :rel
+
+      def self.call(arg)
+        new(arg).to_hash
+      end
+
+      def initialize(rel)
+        @rel = rel
+      end
+
+      def to_hash
+        {
+          id: rel.id,
+          type: type,
+        }.merge(optional_properties)
+      end
+
+      private
+
+      def optional_properties
+        descriptors = serialized_descriptors
+        hash = {}
+        hash[:href] = rel.href if rel.href
+        hash[:doc] = { value: rel.doc } if rel.doc
+        hash[:name] = rel.name.to_s if rel.name
+        hash[:rt] = rel.content_type if rel.content_type
+        hash[:descriptor] = descriptors unless descriptors.empty?
+        hash[:ext] = extension if extension
+        hash
+      end
+
+      def type
+        methods = rel.http_methods
+        if methods.all? { |m| SAFE_METHODS.include? m }
+          'safe'
+        elsif methods.all? { |m| (SAFE_METHODS + IDEMPOTENT_METHODS).include? m }
+          'idempotent'
+        else
+          'unsafe'
+        end
+      end
+
+      def extension
+        methods = rel.http_methods
+        return unless methods
+
+        [
+          {
+            id: :http_method,
+            href: 'https://gist.github.com/sammyhenningsson/2103d839eb79a7baf8854bfb96bda7ae',
+            value: methods,
+          }
+        ]
+      end
+
+      def serialized_descriptors
+        rel.attributes.map { |attr| AttributeSerializer.call(attr) }
+      end
+    end
+  end
+end

data/lib/shaf/api_doc/link_relations.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'tempfile'
+require 'uri'
+require 'csv'
+
+module Shaf
+  module ApiDoc
+    class LinkRelations
+      class LinkRelation
+        attr_reader :name, :description, :reference, :notes
+
+        def initialize(name, description, reference, notes)
+          @name = name.to_sym
+          @description = description.freeze
+          @reference = reference.freeze
+          @notes = notes.freeze
+        end
+      end
+
+      class << self
+        IANA_URL = URI('https://www.iana.org/assignments/link-relations/link-relations-1.csv')
+
+        def all
+          relations.values
+        end
+
+        def [](key)
+          relations[key]
+        end
+
+        def []=(key, value)
+          relations[key] = value
+        end
+
+        def add(link_relation)
+          relations[link_relation.name] = link_relation
+        end
+
+        def load_iana
+          csv.each do |name, desc, ref, notes|
+            next if name == 'Relation Name'
+            add LinkRelation.new(name, desc, ref, notes)
+          end
+        end
+
+        private
+
+        def relations
+          @relations ||= {}
+        end
+
+        def tmp_file_name
+          File.join(Dir.tmpdir, 'shaf_iana_link_relations')
+        end
+
+        def csv
+          if File.readable? tmp_file_name
+            content = File.read(tmp_file_name)
+            return CSV.new(content)
+          end
+
+          response = Net::HTTP.get_response(IANA_URL)
+
+          if response.code.to_i == 200
+            content = response.body
+            File.open(tmp_file_name, 'w') { |file| file.write(content) }
+            CSV.new(content)
+          else
+            Utils.iana_link_relations_csv
+          end
+        end
+      end
+    end
+  end
+end

data/lib/shaf/app.rb

@@ -3,16 +3,23 @@ require 'shaf/middleware'
 module Shaf
   class App
     class << self
+      # Either call `Shaf::App.run!`
       def run!
         app.run!
       end
 
+      # Or `run Shaf::App` (in config.ru)
+      def call(*args)
+        app.call(*args)
+      end
+
       def app
-        Sinatra.new.tap do |app|
-          app.set :port, Settings.port || 3000
-          app.use Middleware::RequestId
-          app.use Router
-        end
+        @app ||=
+          Sinatra.new.tap do |app|
+            app.set :port, Settings.port || 3000
+            app.use Middleware::RequestId
+            app.use Router
+          end
       end
     end
   end

data/lib/shaf/authenticator.rb

@@ -0,0 +1,56 @@
+require 'set'
+require 'digest'
+require 'shaf/authenticator/request'
+
+module Shaf
+  module Authenticator
+    class << self
+      def register(authenticator)
+        authenticators << authenticator
+      end
+
+      def unregister(authenticator)
+        authenticators.delete_if { |auth| auth == authenticator }
+      end
+
+      def challenges_for(realm: nil)
+        authenticators.each_with_object([]) do |authenticator, challenges|
+          challenges.concat Array(authenticator.challenges_for(realm))
+        end
+      end
+
+      def user(env, realm: nil)
+        request = Request.new(env)
+        return unless request.provided?
+
+        authenticator = authenticator_for(request)
+        authenticator&.user(request, realm: realm)
+      end
+
+      private
+
+      def authenticators
+        @authenticators ||= Set.new
+      end
+
+      def authenticator_for(request)
+        scheme = request.scheme
+        authenticator = authenticators.find { |auth| auth.scheme? scheme }
+
+        logger.warn(
+          "Client tried to authenticate with an unsupported " \
+          "authentication scheme: #{scheme}"
+        ) unless authenticator
+
+        authenticator
+      end
+
+      def logger
+        Shaf.logger
+      end
+    end
+  end
+end
+
+require 'shaf/authenticator/base'
+require 'shaf/authenticator/basic_auth'

data/lib/shaf/authenticator/base.rb

@@ -0,0 +1,161 @@
+require 'shaf/authenticator/challenge'
+require 'shaf/authenticator/parameter'
+require 'shaf/errors'
+
+module Shaf
+  module Authenticator
+    class Base
+      class MissingParametersError < Error
+        def initialize(authenticator, *args)
+          super("Missing required parameters: [#{args.join(', ')}] for #{authenticator}")
+        end
+      end
+
+      class InvalidParameterError < Error
+        def initialize(authenticator, *args)
+          str = args.map { |key, value| "#{key}: #{value}" }.join(', ')
+          super("Invalid parameters for #{authenticator}: #{str}")
+        end
+      end
+
+      class WrongCredentialsReturnTypeError < Error
+        def initialize(authenticator, clazz)
+          super <<~ERR
+            #{authenticator}.credentials return an instance of #{clazz}
+              It must return an instance of Hash.
+              Location: #{authenticator.method(:credentials).source_location})
+          ERR
+        end
+      end
+
+      class << self
+        def inherited(child)
+          Authenticator.register(child)
+        end
+
+        def scheme(scheme = nil)
+          if scheme
+            @scheme = scheme.to_s
+          elsif @scheme
+            @scheme
+          else
+            raise Error, "#{self} must specify a scheme!"
+          end
+        end
+
+        def scheme?(str)
+          return false unless scheme
+
+          str.to_s.downcase == scheme.downcase
+        end
+
+        def param(name, required: true, default: nil, values: nil)
+          params[name.to_sym] = Parameter.new(
+            name,
+            required: required,
+            default: default,
+            values: values
+          )
+        end
+
+        def restricted(**parameters, &block)
+          validate! parameters
+          add_defaults! parameters
+          challenges << Challenge.new(scheme, **parameters, &block)
+        end
+
+        def challenges_for(realm)
+          challenges.select do |challenge|
+            challenge.realm? realm
+          end
+        end
+
+        def user(request, realm: nil)
+          auth = authorization(request)
+          cred = credentials(auth, request) || {}
+          raise WrongCredentialsReturnTypeError.new(self, cred.class) unless cred.kind_of? Hash
+
+          return if cred.compact.empty?
+
+          challenges_for(realm).each do |challenge|
+            user = challenge.test(**cred)
+            return user if user
+          end
+
+          nil
+        end
+
+        def params
+          @params ||= superclass.respond_to?(:params) ? superclass.params.dup : {}
+        end
+
+        protected
+
+        # Subclasses should implement this method. The return value should be and array
+        # that will get passed as block arguments to the block passed to #restricted
+        def credentials(authorization, request); end
+
+        private
+
+        def challenges
+          @challenges ||= []
+        end
+
+        def validate!(parameters)
+          validate_required(parameters)
+          validate_params(parameters)
+        end
+
+        def validate_required(parameters)
+          errors = []
+
+          required_params.each do |param|
+            next if parameters.key? param.name
+            next if param.default
+            errors << param.name
+          end
+
+          raise MissingParametersError.new(self, *errors) unless errors.empty?
+        end
+
+        def validate_params(parameters)
+          errors = []
+
+          parameters.each do |key, value|
+            if params.key? key
+              errors << [key, value] unless params[key].valid? value
+            else
+              logger.warn "Unsupported authenticator parameter " \
+                          "for #{self}: #{key} = \"#{value}\""
+              parameters.delete(key)
+            end
+          end
+
+          raise InvalidParameterError.new(self, *errors) unless errors.empty?
+        end
+
+        def logger
+          Shaf.logger
+        end
+
+        def add_defaults!(parameters)
+          params.each do |key, param|
+            next unless param.default
+            parameters[key] ||= param.default
+          end
+        end
+
+        def required_params
+          params.values.select(&:required?)
+        end
+
+        def authorization(request)
+          return unless request.authorization
+
+          request.authorization.sub(/^#{scheme} /i, '')
+        end
+      end
+    end
+  end
+end
+