shaf 1.6.0 → 3.0.0

data/lib/shaf/generator/templates/api/serializer.rb.erb

@@ -1,14 +1,14 @@
 require 'serializers/base_serializer'
-require 'policies/<%= policy_name %>'
+require '<%= policy_file %>'
 
 class <%= class_name %> < BaseSerializer
 
   model <%= model_class_name %>
   policy <%= policy_class_name %>
 
-  <%= print_nested(attributes_with_doc) %>
+  <%= print(profile_with_doc) %>
 
-  <%= print_nested(curies_with_doc) %>
+  <%= print_nested(attributes_with_doc) %>
 
   <%= print_nested(links_with_doc) %>
 

data/lib/shaf/generator/templates/spec/integration_spec.rb.erb

@@ -4,23 +4,22 @@ describe <%= model_class_name %>, type: :integration do
 
   it "returns a <%= name %>" do
     <%= name %> = <%= model_class_name %>.create
-    get <%= name %>_uri(<%= name %>)
+    get <%= resource_name %>_uri(<%= name %>)
     _(status).must_equal 200
     _(link_rels).must_include(:self)
-    _(links[:self][:href]).must_equal <%= name %>_uri(<%= name %>)
+    _(links[:self][:href]).must_equal <%= resource_name %>_uri(<%= name %>)
 <% params.each do |param| -%>
     _(attributes).must_include(:'<%= param[0] %>')
 <% end -%>
   end
 
   it "lists all <%= plural_name %>" do
-    <%= model_class_name %>.create
-    <%= model_class_name %>.create
+    2.times { <%= model_class_name %>.create }
 
-    get <%= plural_name %>_uri
+    get <%= collection_name %>_uri
     _(status).must_equal 200
     _(link_rels).must_include(:self)
-    _(links[:self][:href]).must_include <%= plural_name %>_uri
+    _(links[:self][:href]).must_include <%= collection_name %>_uri
     _(embedded(:'<%= plural_name %>').size).must_equal 2
 
     each_embedded :'<%= plural_name %>' do
@@ -32,12 +31,12 @@ describe <%= model_class_name %>, type: :integration do
   end
 <% if params.size > 0 %>
   it "can create <%= plural_name %>" do
-    get <%= plural_name %>_uri
+    get <%= collection_name %>_uri
 
     _(link_rels).must_include(:'create-form')
     follow_rel :'create-form'
-    _(links[:self][:href]).must_equal new_<%= name %>_uri
-    _(attributes[:href]).must_equal <%= plural_name %>_uri
+    _(links[:self][:href]).must_equal new_<%= resource_name %>_uri
+    _(attributes[:href]).must_equal <%= collection_name %>_uri
     _(attributes[:method]).must_equal "POST"
     _(attributes[:name]).must_equal "create-<%= name %>"
     _(attributes[:title]).must_equal "Create <%= model_class_name %>"
@@ -50,9 +49,9 @@ describe <%= model_class_name %>, type: :integration do
     _(link_rels).must_include(:self)
     _(headers["Location"]).must_equal links[:self][:href]
 
-    get <%= plural_name %>_uri
+    get <%= collection_name %>_uri
     _(status).must_equal 200
-    _(links[:self][:href]).must_include <%= plural_name %>_uri
+    _(links[:self][:href]).must_include <%= collection_name %>_uri
     _(embedded(:'<%= plural_name %>').size).must_equal 1
 
     embedded :'<%= plural_name %>' do
@@ -69,14 +68,14 @@ describe <%= model_class_name %>, type: :integration do
 
   it "<%= plural_name %> can be updated" do
     <%= name %> = <%= model_class_name %>.create
-    get <%= name %>_uri(<%= name %>)
+    get <%= resource_name %>_uri(<%= name %>)
     _(status).must_equal 200
 
     _(link_rels).must_include(:'edit-form')
     follow_rel :'edit-form'
 
-    _(links[:self][:href]).must_equal edit_<%= name %>_uri(<%= name %>)
-    _(attributes[:href]).must_equal <%= name %>_uri(<%= name %>)
+    _(links[:self][:href]).must_equal edit_<%= resource_name %>_uri(<%= name %>)
+    _(attributes[:href]).must_equal <%= resource_name %>_uri(<%= name %>)
     _(attributes[:method]).must_equal "PUT"
     _(attributes[:name]).must_equal "update-<%= name %>"
     _(attributes[:title]).must_equal "Update <%= model_class_name %>"
@@ -92,14 +91,14 @@ describe <%= model_class_name %>, type: :integration do
 
   it "<%= plural_name %> can be deleted" do
     <%= name %> = <%= model_class_name %>.create
-    get <%= name %>_uri(<%= name %>)
+    get <%= resource_name %>_uri(<%= name %>)
     _(status).must_equal 200
     _(link_rels).must_include(:'doc:delete')
 
     follow_rel(:'doc:delete', method: :delete)
     _(status).must_equal 204
 
-    get <%= name %>_uri(<%= name %>)
+    get <%= resource_name %>_uri(<%= name %>)
     _(status).must_equal 404
   end
 

data/lib/shaf/generator/templates/spec/serializer_spec.rb.erb

@@ -15,8 +15,8 @@ describe <%= class_name %> do
     end
 
     it "serializes attributes" do
-<% attributes.each do |attr| -%>
-      _(attributes.keys).must_include(<%= attr %>)
+<% attribute_names.each do |attr| -%>
+      _(attributes.keys).must_include(:<%= attr %>)
 <% end -%>
     end
 
@@ -33,13 +33,13 @@ describe <%= class_name %> do
     end
 
     it "serializes attributes" do
-<% attributes.each do |attr| -%>
-      _(attributes.keys).must_include(<%= attr %>)
+<% attribute_names.each do |attr| -%>
+      _(attributes.keys).must_include(:<%= attr %>)
 <% end -%>
     end
 
     it "serializes links" do
-<% links.each do |rel| -%>
+<% link_relations.each do |rel| -%>
       _(link_rels).must_include(:'<%= rel %>')
 <% end -%>
     end

data/lib/shaf/generator.rb

@@ -10,9 +10,11 @@ end
 
 require 'shaf/generator/base'
 require 'shaf/generator/controller'
+require 'shaf/generator/doc'
 require 'shaf/generator/forms'
 require 'shaf/generator/migration'
 require 'shaf/generator/model'
 require 'shaf/generator/policy'
 require 'shaf/generator/scaffold'
 require 'shaf/generator/serializer'
+require 'shaf/generator/profile'

data/lib/shaf/helpers/authentication.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require 'set'
+require 'shaf/authenticator'
+require 'shaf/errors'
+
+module Shaf
+  module Authentication
+    class NoChallengesError < Error
+      def initialize(realm)
+        super("No Authentication challenges for realm: #{realm.inspect}")
+      end
+    end
+
+    class RealmChangedError < Error
+      def initialize(from:, to:)
+        super <<~ERR
+          Realm was changed from "#{from}" to "#{to}". This is not allowed!
+          Each request corresponds to a certain realm and cannot be changed.
+          This is probably caused by a call to `current_user` using the
+          default realm (from `Shaf::Settings.default_authentication_realm`)
+          and then using `#authenticate realm: 'some_other_realm'
+        ERR
+      end
+    end
+
+    def www_authenticate(realm: Settings.default_authentication_realm)
+      challenges = Authenticator.challenges_for(realm: realm)
+      raise NoChallengesError.new(realm) if challenges.empty?
+
+      headers 'WWW-Authenticate' => challenges.map(&:to_s)
+    end
+
+    def authenticate(realm: Settings.default_authentication_realm)
+      if defined?(@current_realm) && @current_realm&.to_s != realm&.to_s
+        raise RealmChangedError.new(from: @current_realm , to: realm)
+      else
+        @current_realm = realm
+      end
+
+      current_user.tap do |user|
+        www_authenticate(realm: realm) unless user
+      end
+    end
+
+    def authenticate!(realm: Settings.default_authentication_realm)
+      user = authenticate(realm: realm)
+      return user if user
+
+      msg = +"Unauthorized action"
+      msg << " (Realm: #{realm})" if realm
+      raise Shaf::Errors::UnauthorizedError, msg
+    end
+    alias current_user! authenticate!
+
+    def authenticated?
+      !current_user.nil?
+    end
+
+    def current_user
+      unless defined? @current_realm
+        if Settings.key? :default_authentication_realm
+          @current_realm = Settings.default_authentication_realm
+        else
+          Shaf.logger.info <<~MSG
+            No realm has been provided!
+            Authentication/authorization cannot be performed. Did you perhaps
+            forget to configure a realm in
+            `Settings.default_authentication_realm` or provide it when calling
+            `#authenticate!` (or `#authenticate!`)
+          MSG
+          return
+        end
+      end
+
+      @current_user ||= Authenticator.user(request.env, realm: @current_realm)
+    end
+  end
+end

data/lib/shaf/helpers/paginate.rb

@@ -12,7 +12,7 @@ module Shaf
       unless collection.respond_to? :paginate
         log.warn "Trying to paginate a collection that doesn't " \
                     "support pagination: #{collection}"
-        return
+        return collection
       end
 
       per_page = params[:per_page].to_i if params[:per_page]

data/lib/shaf/helpers/payload.rb

@@ -2,50 +2,32 @@
 
 require 'set'
 require 'shaf/responder'
+require 'shaf/parser'
+require 'shaf/errors'
 
 module Shaf
   module Payload
-    EXCLUDED_FORM_PARAMS = ['captures', 'splat'].freeze
     NO_VALUE = Object.new.freeze
 
     private
 
     def payload
-      @payload ||= parse_payload
-    end
-
-    def read_input
-      request.body.rewind unless request.body.pos.zero?
-      request.body.read
-    ensure
-      request.body.rewind
+      return @payload if defined? @payload
+      @payload = parse_payload
     end
 
     def parse_payload
-      if request.env['CONTENT_TYPE'] == 'application/x-www-form-urlencoded'
-        return params.reject { |key, _| EXCLUDED_FORM_PARAMS.include? key }
-      end
+      return unless Parser.input? request
 
-      input = read_input
-      return {} if input.empty?
+      parser = Parser.for(request)
+      raise Errors::UnsupportedMediaTypeError.new(request: request) unless parser
 
-      raise raise_unsupported_media_type_error(request) unless suported_media_type?
-
-      JSON.parse(input, symbolize_names: true)
-    rescue Errors::UnsupportedMediaTypeError
-      raise
-    rescue StandardError => e
+      log.debug "Parsing input using: #{parser.class}"
+      parser.call
+    rescue Parser::Error => e
       raise Errors::BadRequestError, "Failed to parse input payload: #{e.message}"
     end
 
-    def suported_media_type?
-      request.env['CONTENT_TYPE'].match? %r{\Aapplication/(hal\+)?json}
-    end
-
-    def raise_unsupported_media_type_error(request)
-      raise Errors::UnsupportedMediaTypeError.new(request: request)
-    end
-
     def safe_params(*fields)
       return {} unless payload
 
@@ -58,10 +40,6 @@ module Shaf
       end
     end
 
-    def ignore_form_input?(name)
-      name == '_method'
-    end
-
     def profile(value = NO_VALUE)
       return @profile if value == NO_VALUE
       @profile = value
@@ -86,15 +64,17 @@ module Shaf
       kwargs[:profile] ||= profile
 
       log.info "#{request.request_method} #{request.path_info} => #{status}"
-      payload = Responder.for(request, resource).call(self, resource, preload: preload, **kwargs)
+      responder = Responder.for(request, resource)
+      payload = responder.call(self, resource, preload: preload, **kwargs)
       add_cache_headers(payload, kwargs)
-
       payload
     rescue StandardError => err
       log.error "Failure: #{err.message}\n#{err.backtrace}"
       if status == 500
         content_type mime_type(:json)
         body JSON.generate(failure: err.message)
+      elsif err.is_a? Errors::ServerError
+        respond_with(err)
       else
         respond_with(Errors::ServerError.new(err.message))
       end

data/lib/shaf/helpers/vary.rb

@@ -0,0 +1,8 @@
+module Shaf
+  module Vary
+    def vary(*varying)
+      current = headers['Vary']
+      headers('Vary' => [current, *varying].compact.join(','))
+    end
+  end
+end

data/lib/shaf/helpers.rb

@@ -3,6 +3,8 @@ require 'shaf/helpers/json_html'
 require 'shaf/helpers/paginate'
 require 'shaf/helpers/payload'
 require 'shaf/helpers/http_header'
+require 'shaf/helpers/authentication'
+require 'shaf/helpers/vary'
 
 module Shaf
   def self.helpers
@@ -12,6 +14,8 @@ module Shaf
       Paginate,
       Payload,
       HttpHeader,
+      Authentication,
+      Vary,
     ]
   end
 end

data/lib/shaf/logger.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Shaf
+  class << self
+    attr_writer :logger
+
+    def log
+      @logger ||= Logger.new('/dev/null')
+    end
+    alias logger log
+  end
+end

data/lib/shaf/parser/base.rb

@@ -0,0 +1,44 @@
+module Shaf
+  module Parser
+    class Base
+      class << self
+        def inherited(child)
+          Parser.register(child)
+          super
+        end
+
+        def mime_type(type = nil, value = nil)
+          if type
+            @mime_type = type
+            @mime_type = Sinatra::Base.mime_type(type, value) if type.is_a? Symbol
+          end
+
+          @mime_type if defined? @mime_type
+        end
+
+        def can_handle?(request)
+          mime_type == request.content_type
+        end
+
+      end
+
+      attr_reader :request, :body
+
+      def initialize(request:, body:)
+        @request = request
+        @body = body
+      end
+
+      def call
+        raise NotImplementedError, "#{self.class} must implement #call"
+      end
+
+      private
+
+      def mime_type
+        self.class.mime_type
+      end
+    end
+  end
+end
+

data/lib/shaf/parser/form_data.rb

@@ -0,0 +1,15 @@
+module Shaf
+  module Parser
+    class FormData < Base
+      def self.can_handle?(request)
+        request.form_data? || request.parseable_data?
+      end
+
+      def call
+        request.POST.tap do |data| # Returns form params from Rack::Request
+          data.delete '_method' # If the method override hack is used remove the _method key
+        end
+      end
+    end
+  end
+end

data/lib/shaf/parser/json.rb

@@ -0,0 +1,26 @@
+module Shaf
+  module Parser
+    class Json < Base
+
+      mime_type :json, 'application/json'
+
+      def self.can_handle?(request)
+        request.content_type&.match? %r{application/(.*\+)?json}
+      end
+
+      def call
+        @payload ||= parse_json
+      end
+
+      private
+
+      def parse_json
+        return {} if body.empty?
+
+        JSON.parse(body, symbolize_names: true)
+      rescue JSON::ParserError => e
+        raise Error, e.message
+      end
+    end
+  end
+end

data/lib/shaf/parser.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'set'
+
+module Shaf
+  module Parser
+    class Error < StandardError; end
+
+    INPUT_BODY = 'shaf.input_body'
+
+    class << self
+      def register(parser)
+        parsers << parser
+      end
+
+      def unregister(parser)
+        parsers.delete(parser)
+      end
+
+      def input?(request)
+        !!input(request)
+      end
+
+      def for(request)
+        clazz = parser_for(request)
+        return unless clazz
+
+        body = input(request)
+        clazz.new(request: request, body: body)
+      end
+
+      private
+
+      def parser_for(request)
+        parsers.find do |parser|
+          parser.can_handle? request
+        end
+      end
+
+      def parsers
+        @parsers ||= Set.new
+      end
+
+      def input(request)
+        body = request.get_header(INPUT_BODY)
+        body ||= read_input(request).tap do |b|
+          request.set_header(INPUT_BODY, b)
+        end
+
+        body unless String(body).strip.empty?
+      end
+
+      def read_input(request)
+        request.body.rewind
+        request.body.read
+      ensure
+        request.body.rewind
+      end
+    end
+  end
+end
+
+require 'shaf/parser/base'
+require 'shaf/parser/json'
+require 'shaf/parser/form_data'

data/lib/shaf/profile/attribute.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'shaf/profile/unique_id'
+
+module Shaf
+  class Profile
+    class Attribute
+      include UniqueId
+
+      attr_reader :name, :doc, :href, :type, :parent
+
+      def initialize(name, **opts)
+        @name = name.to_sym
+        @doc = opts[:doc].freeze
+        @href = opts[:href].freeze
+        @type = opts[:type]&.to_s
+        @parent = opts[:parent]
+      end
+
+      def attributes
+        @attributes ||= []
+      end
+
+      def relations
+        @relations ||= []
+      end
+    end
+  end
+end

data/lib/shaf/profile/evaluator.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'shaf/profile/attribute'
+require 'shaf/profile/relation'
+
+module Shaf
+  class Profile
+    class Evaluator
+      attr_reader :parent, :allowed
+
+      def initialize(parent:, allowed: nil)
+        @parent = parent
+        @allowed = allowed && Array(allowed).map(&:to_sym)
+      end
+
+      def attribute(name, doc:, type: :string, &block)
+        return unless allow? :attribute
+
+        attr = Attribute.new(name, doc: doc, type: type, parent: parent)
+        self.class.new(parent: attr, allowed: allowed).instance_exec(&block) if block
+        parent.attributes << attr
+      end
+
+      def relation(name, **kwargs, &block)
+        return unless allow? :rel
+
+        rel = Relation.new(name, parent: parent, **kwargs)
+        self.class.new(parent: rel, allowed: [:attribute]).instance_exec(&block) if block
+        parent.relations << rel
+      end
+      alias rel relation
+
+      private
+
+      def allow?(name)
+        return true unless allowed
+        return true if allowed.include? name
+
+        Shaf.log.warn "#{name} is not allowed to be nested inside #{parent.class} " \
+          "(or parent object containing #{parent.class})"
+
+        false
+      end
+    end
+  end
+end

data/lib/shaf/profile/relation.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'shaf/profile/unique_id'
+
+module Shaf
+  class Profile
+    class Relation
+      include UniqueId
+
+      attr_reader :name, :doc, :href, :http_methods, :payload_type, :content_type, :parent
+
+      def initialize(name, **opts)
+        @name = name.to_sym
+        @doc = opts[:doc].freeze
+        @href = opts[:href].freeze
+        http_methods = Array(opts[:http_method]) + Array(opts[:http_methods])
+        http_methods  << 'GET' if http_methods.empty?
+        @http_methods = http_methods.map { |m| m.to_s.upcase }.uniq.freeze
+        @payload_type = opts[:payload_type].freeze
+        @content_type = opts[:content_type].freeze
+        @parent = opts[:parent]
+      end
+
+      def attributes
+        @attributes ||= []
+      end
+    end
+  end
+end