sinatra-accept-params 0.1.0

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Nate Wiger
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,69 @@
+Sinatra::AcceptParams - Parameter whitelisting for Sinatra
+==========================================================
+
+This plugin adds parameter whitelisting, type checking, and validation at the routing level
+to a Sinatra application.  While model-level validations are good for CRUD operations, in many
+cases there are other input parameters which are either not part or a model, or which you want to
+verify before executing lots of (potentially unsafe) code just to have your model raise an
+error.  Examples include:
+
+* page numbers for pagination
+* search strings
+* routing prefixes such as region or language
+
+In addition, this plugin provides several extended capabilities which come in handy:
+
+* type checking of parameters (eg, integers vs strings)
+* automatic type casting of parameters (helps with plugins such as +will_paginate+)
+* default values and post-processing of params
+
+Example
+=======
+
+  # GET /channels
+  # GET /channels.xml
+  def index
+    accept_params do |p|
+      p.integer :page, :default => 1, :minvalue => 1
+      p.integer :per_page, :default => 50, :minvalue => 1
+    end
+  end
+
+
+  # POST /rating
+  # POST /rating.xml
+  def create
+    accept_params do |p|
+      p.namespace :rating do |p|
+        p.integer :user_id, :required => true, :minvalue => 1
+        p.integer :rating,  :required => true
+        p.string  :comments, :process => Proc.new(value){ my_value_cleaner(value) }
+      end
+    end
+
+    @rating = Rating.new(params[:rating])
+    @rating.save
+    
+    # format/response code
+  end
+
+
+  # GET /players/1
+  # GET /players/1.xml
+  def show
+    accept_only_id
+    @player = Player.find(params[:id])
+
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @player }
+    end
+  end
+
+
+Author
+======
+
+Copyright (c) 2008-2010 {Nate Wiger}[http://nateware.com].  All Rights Reserved.
+This code is released under the Artistic License.
+

data/Rakefile

@@ -0,0 +1,53 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "sinatra-accept-params"
+    gem.summary = %Q{Parameter whitelisting for Sinatra}
+    gem.description = %Q{Parameter whitelisting for Sinatra.  Provides validation, defaults, and post-processing.}
+    gem.email = "nate@wiger.org"
+    gem.homepage = "http://github.com/nateware/sinatra-accept-params"
+    gem.authors = ["Nate Wiger"]
+    gem.add_development_dependency "bacon", ">= 0"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |spec|
+    spec.libs << 'spec'
+    spec.pattern = 'spec/**/*_spec.rb'
+    spec.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :spec => :check_dependencies
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "sinatra-accept-params #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/sinatra/accept_params.rb

@@ -0,0 +1,95 @@
+
+module Sinatra
+  module AcceptParams
+    # Exceptions for AcceptParams
+    class ParamError < StandardError; end #:nodoc:
+    class NoParamsDefined   < ParamError; end #:nodoc:
+    class MissingParam      < ParamError; end  #:nodoc:
+    class UnexpectedParam   < ParamError; end  #:nodoc:
+    class InvalidParamType  < ParamError; end  #:nodoc:
+    class InvalidParamValue < ParamError; end  #:nodoc:
+    class SslRequired       < ParamError; end  #:nodoc:
+    class LoginRequired     < ParamError; end  #:nodoc:
+  
+    # Below here are settings that can be modified in environment.rb
+    # Whether or not to cache rules for performance.
+    def self.cache_rules=(val); @@cache_rules = val; end
+    def self.cache_rules; @@cache_rules; end
+    self.cache_rules = false
+
+    # The list of params that we should allow (but not require) by default. It's as if we
+    # said that all requests may_have these elements. By default this
+    # list is set to:
+    #
+    # * action
+    # * controller
+    # * commit
+    # * _method
+    #
+    # You can modify this list in your environment.rb if you need to. Always
+    # use strings, not symbols for the elements. Here's an example:
+    #
+    #   AcceptParams::ParamRules.ignore_params << "orientation"
+    #
+    def self.ignore_params=(val); @@ignore_params = val; end
+    def self.ignore_params; @@ignore_params; end
+    self.ignore_params = %w( action controller commit format _method authenticity_token )
+
+    # The columns in ActiveRecord models that we should ignore by
+    # default when expanding an is_a directive into a series of 
+    # must_have directives for each attribute. These are the 
+    # attributes that are almost never present in your forms (and hence your params).
+    # By default this list is set to:
+    #
+    # * id
+    # * created_at
+    # * updated_at
+    # * created_on
+    # * updated_on
+    # * lock_version
+    #
+    # You can modify this in your environment.rb if you have common attributes
+    # that should always be ignored. Here's an example:
+    #
+    #   AcceptParams::ParamRules.ignore_columns << "deleted_at"
+    #
+    def self.ignore_columns=(val); @@ignore_columns = val; end
+    def self.ignore_columns; @@ignore_columns; end
+    self.ignore_columns = %w( id created_at updated_at created_on updated_on lock_version )
+
+    # If unexpected params are encountered, default behavior is to raise an exception
+    # Setting this to true will instead just all them on through.  Note this defeats
+    # much of the purpose of the plugin. To mitigate security issues, try setting the
+    # next flag to "true" if you set this to true.
+    def self.ignore_unexpected=(val); @@ignore_unexpected = val; end
+    def self.ignore_unexpected; @@ignore_unexpected; end
+    self.ignore_unexpected = false
+
+    # If unexpected params are encountered, remove them to prevent injection attacks.
+    # Note: This is only relevant if you set ignore_unexpected to true, in which case
+    # you can have them removed (safer) by setting this. The basic idea is that then
+    # an exception won't be raised, but an attacker still won't be able to inject params.
+    def self.remove_unexpected=(val); @@remove_unexpected = val; end
+    def self.remove_unexpected; @@remove_unexpected; end
+    self.remove_unexpected = false
+  
+    # How to validate parameters, if the person doesn't specify :validate
+    def self.type_validations=(val); @@type_validations = val; end
+    def self.type_validations; @@type_validations; end
+    self.type_validations = {
+      :integer => /^-?\d+$/,
+      :float   => /^-?(\d*\.\d+|\d+)$/,
+      :decimal => /^-?(\d*\.\d+|\d+)$/,
+      :boolean => /^(1|true|TRUE|T|Y|0|false|FALSE|F|N)$/,
+      :datetime => /^[-\d:T\s]+$/,  # "T" is for ISO date format
+    }
+    
+    # Global on/off for SSL
+    def self.ssl_enabled=(val); @@ssl_enabled = val; end
+    def self.ssl_enabled; @@ssl_enabled; end
+    self.ssl_enabled = true
+  end
+end
+
+require 'sinatra/accept_params/param_rules'
+require 'sinatra/accept_params/helpers'  # DSL for Sinatra

data/lib/sinatra/accept_params/helpers.rb

@@ -0,0 +1,50 @@
+# See http://www.sinatrarb.com/extensions.html
+module Sinatra
+  module AcceptParams
+    module Helpers
+      def accept_params(opts={}, &block) #:yields: param
+        raise NoParamsDefined, "Missing block for accept_params" unless block_given?
+        rules = ParamRules.new(opts)
+        rules.validate_request(request, session)
+        yield rules
+        rules.validate(params)
+      end
+
+      # Shortcut functions to tighten up security further
+      def accept_no_params(opts={})
+        accept_params(opts) {}
+      end
+
+      def accept_only_id(opts={})
+        accept_params(opts) do |p|
+          p.integer :id, :required => true
+        end
+      end
+    end
+    
+    # Needed to register params handling with Sinatra
+    def self.registered(app)
+      app.helpers AcceptParams::Helpers
+
+      app.error Sinatra::AcceptParams::LoginRequired do
+        headers["WWW-Authenticate"] = %(Basic realm="Login required")
+        halt 401, "Authorization required"
+      end
+
+      # Have to enumerate errors, because Sinatra uses is_a? test, not inheritance
+      [ Sinatra::AcceptParams::ParamError,
+        Sinatra::AcceptParams::NoParamsDefined,
+        Sinatra::AcceptParams::MissingParam,
+        Sinatra::AcceptParams::UnexpectedParam,
+        Sinatra::AcceptParams::InvalidParamType,
+        Sinatra::AcceptParams::InvalidParamValue,
+        Sinatra::AcceptParams::SslRequired ].each do |cl|
+        app.error cl do
+          halt 400, request.env['sinatra.error'].message
+        end
+      end  
+    end
+  end
+
+  register AcceptParams
+end

data/lib/sinatra/accept_params/param.rb

@@ -0,0 +1,8 @@
+module Sinatra
+  module AcceptParams
+    # This class holds the definition of a single param
+    class Definition
+      
+    end
+  end
+end

data/lib/sinatra/accept_params/param_rules.rb

@@ -0,0 +1,386 @@
+module Sinatra
+  module AcceptParams
+    # This class is used to declare the structure of the params hash for this
+    # request.
+    class ParamRules
+      attr_reader :name, :parent, :children, :options, :type, :settings, :definition #:nodoc:
+
+      # TODO: Convert this to a hash of options.
+      def initialize(settings, type=nil, name=nil, options={}, parent=nil) # :nodoc:
+        if (name.nil? && !parent.nil?) || (parent.nil? && !name.nil?)
+          raise ArgumentError, "parent and name must both be either nil or not nil"
+        end
+        if (name.nil? && !type.nil?) || (type.nil? && !name.nil?)
+          raise ArgumentError, "type and name must both be either nil or not nil"
+        end
+        @type     = type
+        @parent   = parent
+        @children = []
+        @options  = options
+
+        # Set default options which control behavior
+        @settings = {
+          :ignore_unexpected => AcceptParams.ignore_unexpected,
+          :remove_unexpected => AcceptParams.remove_unexpected,
+          :ignore_params     => AcceptParams.ignore_params,
+          :ignore_columns    => AcceptParams.ignore_columns,
+          :ssl_enabled       => AcceptParams.ssl_enabled
+        }.merge(settings)
+
+        # This is needed for resource_definitions
+        @settings[:indent] ||= 0
+        @settings[:indent] += 2
+
+        if name.nil?
+          @name = nil
+        elsif is_model?(name)
+          klass = name
+          @name = klass.to_s.underscore
+          is_a klass
+        else
+          @name = name.to_s
+        end
+
+        # This is undocumented, and specific to SCEA
+        if @options.has_key? :to_id
+          klass = @options[:to_id]
+          @options[:process] = Proc.new{|v| klass.to_id(v)}
+          @options[:to] = "#{@name}_id"
+        end
+      end
+      
+      # Validate the request object, checking the :ssl and :login flags
+      # This needs a big refactor, this whole class is DOG SLOW
+      def validate_request(request, session)
+        unless @settings[:ssl_enabled] == false or ENV['RACK_ENV'] == 'development'
+          if @settings[:ssl]
+            # explicitly said :ssl => true
+            raise SslRequired unless request.secure?
+          elsif @settings.has_key?(:ssl)
+            # explicitly said :ssl => false or :ssl => nil, so skip
+          else
+            # require SSL on anything non-GET
+            raise SslRequired unless request.get?
+          end
+        end
+        
+        # Same thing for login_required, minus global flag
+        if @settings[:login]
+          # explicitly said :login => true
+          raise LoginRequired unless session[:username]
+        elsif @settings.has_key?(:login)
+          # explicitly said :login => false or :login => nil, so skip
+        else
+          # require login on anything non-GET
+          raise LoginRequired unless session[:username] || request.get?
+        end
+      end
+
+      # Allow nesting
+      def namespace(name, &block)
+        raise ArgumentError, "Missing block to param namespace declaration" unless block_given?
+        child = ParamRules.new(settings, :namespace, name, {:required => false}, self)  # block not required per se
+        yield child
+        @children << child
+      end
+
+      # Ala pretty migrations
+      def string(name, options={})
+        param(:string, name, options)
+      end
+      def integer(name, options={})
+        param(:integer, name, options)
+      end
+      def float(name, options={})
+        param(:float, name, options)
+      end
+      def decimal(name, options={})
+        param(:decimal, name, options)
+      end
+      def boolean(name, options={})
+        param(:boolean, name, options)
+      end
+      def datetime(name, options={})
+        param(:datetime, name, options)
+      end
+      def text(name, options={})
+        param(:text, name, options)
+      end
+      def binary(name, options={})
+        param(:binary, name, options)
+      end
+      def array(name, options={})
+        param(:array, name, options)
+      end
+      def file(name, options={})
+        param(:file, name, options)
+      end
+    
+      # This is a shortcut for declaring elements that represent ActiveRecord
+      # classes. Essentially, it creates a declaration for each
+      # attribute of the given model (excluding the ones in the class
+      # attribute ignore_columns, which is described at the top of this page).
+      def model(klass)
+        unless is_model?(klass)
+          raise ArgumentError, "Must supply an ActiveRecord class to the model method"
+        end
+        klass.columns.each do |c|
+          param(c.type, c.name, :required => !c.null, :limit => c.limit) unless ignore_column?(c)
+        end
+      end
+
+      # Is this a required params element? Implies "must_have".
+      def required? #:nodoc:
+        options[:required]
+      end
+    
+      def namespace?
+        type == :namespace
+      end
+    
+      # Returns the full name of this parameter as it would be accessed in the
+      # action. Example output might be "params[:person][:name]". 
+      def canonical_name #:nodoc:
+        if parent.nil?
+          ""
+        elsif parent.parent.nil?
+          name
+        else
+          parent.canonical_name + "[#{name}]" 
+        end
+      end
+    
+      # Validate the given parameters against our requirements, raising 
+      # exceptions for missing or unexpected parameters.
+      def validate(params) #:nodoc:
+        recognized_keys = validate_children(params)
+        unexpected_keys = params.keys - recognized_keys
+        if parent.nil?
+          # Only ignore the standard params at the top level.
+          unexpected_keys -= settings[:ignore_params]
+        end
+        unless unexpected_keys.empty?
+          # kinda hacky to get it to display correctly
+          unless settings[:ignore_unexpected]
+            basename   = canonical_name
+            canonicals = unexpected_keys.sort.collect{|k| basename.empty? ? k : basename + "[#{k}]"}.join(', ')
+            s = unexpected_keys.length == 1 ? '' : 's'
+            raise UnexpectedParam, "Request included unexpected parameter#{s}: #{canonicals}"
+          end
+          unexpected_keys.each{|k| params.delete(k)} if settings[:remove_unexpected]
+        end
+      end
+    
+      # Create a new param
+      def param(type, name, options)
+        @children << ParamRules.new(settings, type.to_sym, name, options, self)
+      end
+
+      private
+    
+      # Should we ignore this ActiveRecord column? 
+      def ignore_column?(column)
+        settings[:ignore_columns].detect { |name| name.to_s == column.name }
+      end
+    
+      # Determine if the given class is an ActiveRecord model.
+      def is_model?(klass)
+        klass.respond_to?(:ancestors) &&
+          klass.ancestors.detect {|a| a == ActiveRecord::Base}
+      end
+    
+      # Remove the given children. 
+      def remove_child(*names)
+        names.each do |name|
+          children.delete_if { |child| child.name == name.to_s }
+        end          
+      end
+   
+      # Validate our children against the given params, looking for missing 
+      # required elements. Returns a list of the keys that we were able to
+      # recognize.
+      def validate_children(params)
+        recognized_keys = []
+        children.each do |child|
+          #puts ">>>>>>>>>> child.name = #{child.canonical_name}"
+          if child.namespace?
+            recognized_keys << child.name
+            # NOTE: Can't get fancy and do this ||= w/i the below func call, due to 
+            # an apparent oddity of Ruby's scoping for method args
+            params[child.name] ||= HashWithIndifferentAccess.new   # create holder for subelements if missing
+            validate_child(child, params[child.name]) 
+          elsif params.has_key?(child.name)
+            recognized_keys << child.name
+            validate_child(child, params[child.name])
+            validate_value_and_type_cast!(child, params)
+          elsif child.required?
+            raise MissingParam, "Request params missing required parameter '#{child.canonical_name}'"
+          else
+            # For setting defaults on missing parameters
+            recognized_keys << child.name
+            validate_value_and_type_cast!(child, params)
+          end
+
+          # Finally, handle key renaming
+          if new_name = child.options[:to]
+            # Removed this because it causes havok with :to_id and will_paginate.
+            # Not needed anyways, since we just overwrite it right afterwards.
+            # if params.has_key? new_name
+            #   raise UnexpectedParam, "Request included destination parameter '#{new_name}'"
+            # end
+            params[new_name] = params.delete(child.name)
+            recognized_keys << new_name.to_s
+          end  
+        end
+        #puts "!!!!!!!!! DONE: params[:filters] = #{params[:filters].inspect}; #{params[:filters].object_id}"
+        recognized_keys
+      end
+    
+      # Validate this child against its matching value. In addition, manipulate the params
+      # hash as-needed to set any applicable default values.
+      def validate_child(child, value)
+        if child.children.empty?
+          if value.is_a?(Hash)
+            raise UnexpectedParam, "Request parameter '#{child.canonical_name}' is a hash, but wasn't expecting it"
+          end
+        else
+          if value.is_a?(Hash)
+            #puts "????????? NEST: #{value.inspect} (#{value.object_id})"
+            child.validate(value)  # recurse
+          else
+            raise InvalidParamValue, "Expected parameter '#{child.canonical_name}' to be a nested hash"
+          end
+        end
+      end
+
+      def validate_value_and_type_cast!(child, params)
+        return true if child.namespace?
+        value = params[child.name] # we may be recursive, eg, params[:filters][:player_creation_type]
+        #puts "@@@@@@@@@@@@ VALUE(#{child.canonical_name}) = #{value.inspect}"
+
+        # XXX Special catch for pagination with :to_id fields, since "player_creation_type"
+        # becomes player_creation_type_id (with the correct value) on subsequent pages
+        #puts "@@@ #{child.canonical_name}: if #{value.nil?} and #{options[:to]} and #{params[options[:to]]} (#{options.inspect})"
+        if value.nil? and to = child.options[:to] and params[to]
+          value = params[to]
+        elsif value.nil?
+          if child.options.has_key?(:default)
+            if child.options[:default].is_a? Proc
+              begin
+                value = child.options[:default].call
+              rescue Exception => e
+                # Rebrand exceptions so top-level can catch
+                raise InvalidParamValue, e.to_s
+              end
+            else
+              value = child.options[:default]
+            end
+          elsif child.required?
+            raise InvalidParamValue, "Value for parameter '#{child.canonical_name}' is null or missing"
+          else
+            # If no default, that means it's *really* optional
+            return true
+          end
+        elsif child.options.has_key?(:process)
+          # Only call the process method if we're *not* using a default value
+          # Must *NOT* type cast this value, or else it will be cast back to the
+          # input value type (eg, string), rather than the :to_id type (integer)
+          begin
+            #puts ">>>>>>> #{value.inspect}, #{params.inspect}"
+            value = child.options[:process].call(value)
+            #puts ">>>>>>> #{value.inspect}, #{params.inspect}"
+          rescue Exception => e
+            # Rebrand exceptions so top-level can catch
+            raise InvalidParamValue, e.to_s
+          end
+        elsif child.type == :array
+          value = value.split(',') if value.is_a? String  # accept comma,delimited,string also
+          unless value.is_a? Array
+            raise InvalidParamType, "Value for parameter '#{child.canonical_name}' (#{value}) is of the wrong type (expected #{child.type})"
+          end
+        else
+          # Should this be at a higher level?
+          if child.options[:validate] && value.to_s !~ child.options[:validate]
+            format_info = child.options[:format] and format_info = " (format: #{format_info})"
+            raise InvalidParamValue, "Invalid value for parameter '#{name}'#{format_info}"
+          elsif validation = AcceptParams.type_validations[child.type]
+            # Use built-in sanity check if we have it
+            unless value.to_s =~ validation
+              raise InvalidParamType, "Value for parameter '#{child.canonical_name}' (#{value}) is of the wrong type (expected #{child.type})"
+            end
+          end
+
+          # Typecast only NON-defaults; assume the programmer was smart enough
+          # to say :default => 4 rather than :default => "4" if using defaults
+          value = type_cast_value(child.type, value)
+          optional_extended_validations(child.canonical_name, value, child.options)
+        end
+
+        # Overwrite our original value, to make params safe
+        params[child.name] = value
+        #puts "+++++++++ #{child.canonical_name}: params[#{child.name}] = #{value.inspect} (#{params.object_id})"
+      end
+
+      def type_cast_value(type, value)
+        case type
+        when :integer
+          value.to_i
+        when :float, :decimal
+          value.to_f
+        when :string
+          value.to_s
+        when :boolean
+          if value.is_a? TrueClass
+            true
+          elsif value.is_a? FalseClass
+            false
+          else
+            case value.to_s
+            when /^(1|true|TRUE|T|Y)$/
+              true
+            when /^(0|false|FALSE|F|N)$/
+              false
+            else
+              raise InvalidParamValue, "Could not typecast boolean value '#{value.to_s}' to true or false"
+            end
+          end
+        when :binary, :array, :file
+          value
+        else
+          value.to_s
+        end
+      end
+
+      def optional_extended_validations(name, value, options)
+        # XXX This probably needs to go into integer/float-specific code somewhere
+        if options[:minvalue] && value.to_i < options[:minvalue]
+          raise InvalidParamValue, "Value for parameter '#{name}' (#{value}) is less than minimum value (#{options[:minvalue]})"
+        end
+        if options[:maxvalue] && value.to_i > options[:maxvalue]
+          raise InvalidParamValue, "Value for parameter '#{name}' (#{value}) is more than maximum value (#{options[:maxvalue]})"
+        end
+
+        # This is general-purpose, but still feels like it should be in a separate method
+        if options[:in] && !options[:in].include?(value)
+          raise InvalidParamValue, "Value for parameter '#{name}' (#{value}) is not in the allowed set of values"
+        end
+    
+        # XXX This probably needs to go into string-specific code somewhere
+        if options[:maxlength] && value.length > options[:maxlength]
+          raise InvalidParamValue, "Length of parameter '#{name}' (#{value.length}) is longer than maximum length (#{options[:maxlength]})"
+        end
+      
+         # XXX This probably needs to go into string-specific code somewhere
+        if options[:minlength] && value.length < options[:minlength]
+          raise InvalidParamValue, "Length of parameter '#{name}' (#{value.length}) is smaller than minimum length (#{options[:minlength]})"
+        end
+
+        # Finally, if :null => false, this is a special sanity check that it can't be empty
+        # This is designed to catch cases where the default/etc are null; it's a double-condom for programmers
+        if (value.nil? || value == "") && (options.has_key?(:null) && options[:null] == false)
+          raise InvalidParamValue, "Value for parameter '#{name}' is null or missing"
+        end
+      end
+    end
+  end
+end

data/spec/accept_params_spec.rb

@@ -0,0 +1,130 @@
+require File.expand_path 'spec_helper', File.dirname(__FILE__)
+
+class Application < Sinatra::Base
+  register Sinatra::AcceptParams
+
+  set :raise_errors, false
+  set :show_exceptions, false
+
+  get '/search' do
+    accept_params do |p|
+      p.integer :page, :default => 1, :minvalue => 1
+      p.integer :limit, :default => 20, :maxvalue => 100
+      p.boolean :wildcard, :default => false
+      p.string :search, :required => true
+      p.float :timeout, :default => 3.5
+    end
+    params_dump
+  end
+  
+  get '/users' do
+    accept_no_params
+  end
+  
+  get '/posts/:id' do
+    accept_only_id
+  end
+end
+
+class Bacon::Context
+  include Rack::Test::Methods
+  def app
+    Application  # our application
+  end
+end
+
+describe "Sinatra::AcceptParams" do
+  it "should provide settings to control the lib" do
+    Sinatra::AcceptParams.cache_rules.should == false
+    Sinatra::AcceptParams.cache_rules = true
+    Sinatra::AcceptParams.cache_rules.should == true
+    Sinatra::AcceptParams.cache_rules = false
+    Sinatra::AcceptParams.cache_rules.should == false
+
+    Sinatra::AcceptParams.ignore_params.should == %w( action controller commit format _method authenticity_token )
+    Sinatra::AcceptParams.ignore_params << 'ricky_bobby'
+    Sinatra::AcceptParams.ignore_params.should == %w( action controller commit format _method authenticity_token ricky_bobby )
+
+    Sinatra::AcceptParams.ignore_columns.should == %w( id created_at updated_at created_on updated_on lock_version )
+    Sinatra::AcceptParams.ignore_columns << 'shake_and_bake'
+    Sinatra::AcceptParams.ignore_columns.should == %w( id created_at updated_at created_on updated_on lock_version shake_and_bake )
+
+    Sinatra::AcceptParams.ignore_unexpected.should == false
+    Sinatra::AcceptParams.ignore_unexpected = true
+    Sinatra::AcceptParams.ignore_unexpected.should == true
+    Sinatra::AcceptParams.ignore_unexpected = false
+    Sinatra::AcceptParams.ignore_unexpected.should == false
+
+    Sinatra::AcceptParams.remove_unexpected.should == false
+    Sinatra::AcceptParams.remove_unexpected = true
+    Sinatra::AcceptParams.remove_unexpected.should == true
+    Sinatra::AcceptParams.remove_unexpected = false
+    Sinatra::AcceptParams.remove_unexpected.should == false
+
+    Sinatra::AcceptParams.type_validations[:cal_jr] = /ricky_bobby/
+    Sinatra::AcceptParams.type_validations[:cal_jr].should == /ricky_bobby/
+
+    Sinatra::AcceptParams.ssl_enabled.should == true
+    Sinatra::AcceptParams.ssl_enabled = false
+    Sinatra::AcceptParams.ssl_enabled.should == false
+    Sinatra::AcceptParams.ssl_enabled = true
+    Sinatra::AcceptParams.ssl_enabled.should == true
+  end
+  
+  it "should handle accept_params blocks" do
+    get '/search'
+    last_response.status.should == 400
+    last_response.body.should == %q(Request params missing required parameter 'search')
+
+    get '/search', :page => 'Yes'
+    last_response.status.should == 400
+    last_response.body.should == %q(Value for parameter 'page' (Yes) is of the wrong type (expected integer))
+
+    get '/search', :wildcard => 15
+    last_response.status.should == 400
+    last_response.body.should == %q(Value for parameter 'wildcard' (15) is of the wrong type (expected boolean))
+
+    get '/search', :page => 0
+    last_response.status.should == 400
+    last_response.body.should == %q(Value for parameter 'page' (0) is less than minimum value (1))
+
+    get '/search', :limit => 900000
+    last_response.status.should == 400
+    last_response.body.should == %q(Value for parameter 'limit' (900000) is more than maximum value (100))
+
+    get '/search', :search => 'foot'
+    last_response.status.should == 200
+    last_response.body.should == "limit=20; page=1; search=foot; timeout=3.5; wildcard=false"
+
+    get '/search', :search => 'taco grande', :wildcard => 'true'
+    last_response.status.should == 200
+    last_response.body.should == "limit=20; page=1; search=taco grande; timeout=3.5; wildcard=true"
+
+    get '/search', :limit => 100, :wildcard => 0, :search => 'string', :timeout => '19.2433'
+    last_response.status.should == 200
+    last_response.body.should == "limit=100; page=1; search=string; timeout=19.2433; wildcard=false"
+
+    get '/search', :a => 3, :b => 4, :search => 'bar'
+    last_response.status.should == 400
+    last_response.body.should == %q(Request included unexpected parameters: a, b)
+  end
+  
+  it "should handle accept_no_params call" do
+    get '/users', :limit => 1
+    last_response.status.should == 400
+    last_response.body.should == %q(Request included unexpected parameter: limit)
+
+    get '/users'
+    last_response.status.should == 200
+  end
+  
+
+  it "should handle accept_only_id call" do
+    get '/posts/blarp'
+    last_response.status.should == 400
+    last_response.body.should == %q(Value for parameter 'id' (blarp) is of the wrong type (expected integer))
+
+    get '/posts/1'
+    last_response.status.should == 200
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+require 'rubygems'
+require 'bacon'
+require 'rack/test'
+
+$LOAD_PATH.unshift(File.expand_path File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.expand_path File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'sinatra'
+require 'sinatra/accept_params'
+
+Bacon.summary_on_exit
+
+def params_dump
+  params.keys.sort.collect{|k| "#{k}=#{params[k]}"} * '; '
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification 
+name: sinatra-accept-params
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Nate Wiger
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-08-12 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: bacon
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+description: Parameter whitelisting for Sinatra.  Provides validation, defaults, and post-processing.
+email: nate@wiger.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.md
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.md
+- Rakefile
+- VERSION
+- lib/sinatra/accept_params.rb
+- lib/sinatra/accept_params/helpers.rb
+- lib/sinatra/accept_params/param.rb
+- lib/sinatra/accept_params/param_rules.rb
+- spec/accept_params_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/nateware/sinatra-accept-params
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: Parameter whitelisting for Sinatra
+test_files: 
+- spec/accept_params_spec.rb
+- spec/spec_helper.rb