sinja 0.2.0.beta2 → 1.0.0.pre1

data/demo-app/test.rb

@@ -0,0 +1,17 @@
+require 'sinatra/base'
+
+class MyApp < Sinatra::Base
+  get '/raise' do
+    raise Sinatra::BadRequest
+  end
+
+  get '/halt' do
+    halt 400
+  end
+
+  error Sinatra::BadRequest, 400 do
+    body "received error"
+  end
+
+  run!
+end

data/lib/sinja.rb

@@ -1,33 +1,78 @@
 # frozen_string_literal: true
+require 'active_support/inflector'
+require 'mustermann'
 require 'sinatra/base'
 require 'sinatra/namespace'
 
-require 'role_list'
 require 'sinja/config'
+require 'sinja/errors'
 require 'sinja/helpers/serializers'
 require 'sinja/resource'
+require 'sinja/version'
 
 module Sinja
   MIME_TYPE = 'application/vnd.api+json'
-
-  SinjaError = Class.new(StandardError)
-  ActionHelperError = Class.new(SinjaError)
+  ERROR_CODES = [
+    BadRequestError,
+    ForbiddenError,
+    NotFoundError,
+    MethodNotAllowedError,
+    NotAcceptibleError,
+    ConflictError,
+    UnsupportedTypeError
+  ].map! { |c| [c.new.http_status, c] }.to_h.tap do |h|
+    h[422] = UnprocessibleEntityError
+  end.freeze
 
   def resource(resource_name, konst=nil, &block)
     abort "Must supply proc constant or block for `resource'" \
       unless block = (konst if konst.is_a?(Proc)) || block
 
-    _sinja.resource_roles[resource_name.to_sym] # trigger default proc
+    resource_name = resource_name.to_s
+      .pluralize
+      .dasherize
+      .to_sym
+
+    # trigger default procs
+    _sinja.resource_roles[resource_name]
+    _sinja.resource_sideload[resource_name]
+
+    namespace "/#{resource_name}" do
+      define_singleton_method(:_resource_roles) do
+        _sinja.resource_roles[resource_name]
+      end
+
+      define_singleton_method(:resource_roles) do
+        _resource_roles[:resource]
+      end
 
-    namespace "/#{resource_name.to_s.tr('_', '-')}" do
-      define_singleton_method(:can) do |action, roles|
-        _sinja.resource_roles[resource_name.to_sym].merge!(action=>roles)
+      define_singleton_method(:resource_sideload) do
+        _sinja.resource_sideload[resource_name]
       end
 
       helpers do
         define_method(:can?) do |*args|
-          super(resource_name.to_sym, *args)
+          super(resource_name, *args)
         end
+
+        define_method(:sanity_check!) do |*args|
+          super(resource_name, *args)
+        end
+
+        define_method(:sideload?) do |*args|
+          super(resource_name, *args)
+        end
+      end
+
+      before %r{/(?<id>[^/]+)(?:/.*)?} do |id|
+        self.resource =
+          if env.key?('sinja.resource')
+            env['sinja.resource']
+          elsif respond_to?(:find)
+            find(id)
+          end
+
+        raise NotFoundError, "Resource '#{id}' not found" unless resource
       end
 
       register Resource
@@ -36,6 +81,8 @@ module Sinja
     end
   end
 
+  alias_method :resources, :resource
+
   def sinja
     if block_given?
       yield _sinja
@@ -50,19 +97,20 @@ module Sinja
   end
 
   def self.registered(app)
+    app.register Mustermann if Sinatra::VERSION[/^\d+/].to_i < 2
     app.register Sinatra::Namespace
 
-    app.disable :protection, :static
+    app.disable :protection, :show_exceptions, :static
     app.set :_sinja, Sinja::Config.new
-    app.configure(:development) do |c|
-      c.set :show_exceptions, :after_handler
-    end
+    app.set :_resource_roles, nil # dummy value overridden in each resource
 
     app.set :actions do |*actions|
       condition do
         actions.each do |action|
-          halt 403, 'You are not authorized to perform this action' unless can?(action)
-          halt 405, 'Action or method not implemented or supported' unless respond_to?(action)
+          raise ForbiddenError, 'You are not authorized to perform this action' \
+            unless can?(action) || sideload?(action)
+          raise MethodNotAllowedError, 'Action or method not implemented or supported' \
+            unless respond_to?(action)
         end
         true
       end
@@ -83,9 +131,30 @@ module Sinja
     app.mime_type :api_json, MIME_TYPE
 
     app.helpers Helpers::Serializers do
-      def can?(resource_name, action)
-        roles = settings._sinja.resource_roles[resource_name][action]
-        roles.nil? || roles.empty? || roles === role
+      def allow(h={})
+        s = Set.new
+        h.each do |method, actions|
+          s << method if [*actions].all? { |action| respond_to?(action) }
+        end
+        headers 'Allow'=>s.map(&:upcase).join(',')
+      end
+
+      def attributes
+        dedasherize_names(data.fetch(:attributes, {}))
+      end
+
+      if method_defined?(:bad_request?)
+        # This screws up our error-handling logic in Sinatra 2.0, so monkeypatch it.
+        def bad_request?
+          false
+        end
+      end
+
+      def can?(resource_name, action, rel_type=nil, rel=nil)
+        lookup = settings._sinja.resource_roles[resource_name]
+        # TODO: This is... problematic.
+        roles = (lookup[rel_type][rel][action] if rel_type && rel) || lookup[:resource][action]
+        roles.nil? || roles.empty? || roles === memoized_role
       end
 
       def content?
@@ -93,7 +162,26 @@ module Sinja
       end
 
       def data
-        @data ||= deserialized_request_body[:data]
+        @data ||= {}
+        @data[request.path] ||= begin
+          deserialize_request_body.fetch(:data)
+        rescue NoMethodError, KeyError
+          raise BadRequestError, 'Malformed JSON:API request payload'
+        end
+      end
+
+      def halt(code, body=nil)
+        if exception_class = ERROR_CODES[code]
+          raise exception_class, body
+        elsif (400...600).include?(code.to_i)
+          raise HttpError.new(code.to_i, body)
+        else
+          super
+        end
+      end
+
+      def memoized_role
+        @role ||= role
       end
 
       def normalize_params!
@@ -107,34 +195,74 @@ module Sinja
         }.each { |k, v| params[k] ||= v }
       end
 
+      def sideload?(resource_name, child)
+        return unless sideloaded?
+        parent = env.fetch('sinja.passthru', 'unknown').to_sym
+        settings._sinja.resource_sideload[resource_name][child]&.
+          include?(parent) && can?(parent)
+      end
+
+      def sideloaded?
+        env.key?('sinja.passthru')
+      end
+
       def role
         nil
       end
 
+      def role?(*roles)
+        Roles[*roles] === memoized_role
+      end
+
+      def sanity_check!(resource_name, id=nil)
+        raise ConflictError, 'Resource type in payload does not match endpoint' \
+          if data[:type].to_sym != resource_name
+
+        raise ConflictError, 'Resource ID in payload does not match endpoint' \
+          if id && data[:id].to_s != id.to_s
+      end
+
       def transaction
         yield
       end
     end
 
     app.before do
-      halt 406 unless request.preferred_type.entry == MIME_TYPE
-
-      if content?
-        halt 415 unless request.media_type == MIME_TYPE
-        halt 415 if request.media_type_params.keys.any? { |k| k != 'charset' }
+      unless sideloaded?
+        raise NotAcceptibleError unless request.preferred_type.entry == MIME_TYPE
+        raise UnsupportedTypeError if content? && (
+          request.media_type != MIME_TYPE || request.media_type_params.keys.any? { |k| k != 'charset' }
+        )
       end
 
-      content_type :api_json
-
       normalize_params!
+
+      content_type :api_json
     end
 
     app.after do
-      body serialized_response_body if response.ok?
+      body serialize_response_body if response.ok? || response.created?
+    end
+
+    app.error 400...600 do
+      serialize_errors(&settings._sinja.error_logger)
     end
 
-    app.error 400...600, nil do
-      serialized_error
+    app.error StandardError do
+      env['sinatra.error'].tap do |e|
+        boom =
+          if settings._sinja.not_found_exceptions.any? { |c| c === e }
+            NotFoundError.new(e.message) unless NotFoundError === e
+          elsif settings._sinja.conflict_exceptions.any? { |c| c === e }
+            ConflictError.new(e.message) unless ConflictError === e
+          elsif settings._sinja.validation_exceptions.any? { |c| c === e }
+            UnprocessibleEntityError.new(settings._sinja.validation_formatter.(e)) unless UnprocessibleEntityError === e
+          end
+
+        handle_exception!(boom) if boom # re-throw the re-packaged exception
+      end
+
+      serialize_errors(&settings._sinja.error_logger)
     end
   end
 end

data/lib/sinja/config.rb

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 require 'forwardable'
 require 'set'
+require 'sinatra/base'
 
-require 'role_list'
+require 'sinja/resource'
 require 'sinja/relationship_routes/has_many'
 require 'sinja/relationship_routes/has_one'
 require 'sinja/resource_routes'
@@ -27,50 +28,87 @@ module Sinja
     }.freeze
 
     DEFAULT_OPTS = {
-      :logger_progname=>'sinja',
       :json_generator=>(Sinatra::Base.development? ? :pretty_generate : :generate),
-      :json_error_generator=>(Sinatra::Base.development? ? :pretty_generate : :fast_generate)
+      :json_error_generator=>(Sinatra::Base.development? ? :pretty_generate : :generate)
     }.freeze
 
     attr_reader \
+      :error_logger,
       :default_roles,
+      :default_has_many_roles,
+      :default_has_one_roles,
       :resource_roles,
-      :conflict_actions,
+      :resource_sideload,
       :conflict_exceptions,
+      :not_found_exceptions,
+      :validation_exceptions,
+      :validation_formatter,
       :serializer_opts
 
     def initialize
-      @default_roles = RolesConfig.new
-      @resource_roles = Hash.new { |h, k| h[k] = @default_roles.dup }
+      @error_logger = ->(eh) { logger.error('sinja') { eh } }
 
-      self.conflict_actions = [
-        ResourceRoutes::CONFLICT_ACTIONS,
-        RelationshipRoutes::HasMany::CONFLICT_ACTIONS,
-        RelationshipRoutes::HasOne::CONFLICT_ACTIONS
-      ].reduce([], :concat)
-      self.conflict_exceptions = []
+      @default_roles = RolesConfig.new(ResourceRoutes::ACTIONS)
+      @default_has_many_roles = RolesConfig.new(RelationshipRoutes::HasMany::ACTIONS)
+      @default_has_one_roles = RolesConfig.new(RelationshipRoutes::HasOne::ACTIONS)
+
+      @resource_roles = Hash.new { |h, k| h[k] = {
+        :resource=>@default_roles.dup,
+        :has_many=>Hash.new { |rh, rk| rh[rk] = @default_has_many_roles.dup },
+        :has_one=>Hash.new { |rh, rk| rh[rk] = @default_has_one_roles.dup }
+      }}
+
+      @resource_sideload = Hash.new do |h, k|
+        h[k] = SideloadConfig.new(Resource::SIDELOAD_ACTIONS)
+      end
+
+      @conflict_exceptions = Set.new
+      @not_found_exceptions = Set.new
+      @validation_exceptions = Set.new
+      @validation_formatter = ->{ Array.new }
 
       @opts = deep_copy(DEFAULT_OPTS)
-      self.serializer_opts = {}
+      @serializer_opts = deep_copy(DEFAULT_SERIALIZER_OPTS)
     end
 
-    def conflict_actions=(e=[])
-      @conflict_actions = Set[*e]
+    def error_logger=(f)
+      fail "Invalid error formatter #{f}" \
+        unless f.respond_to?(:call)
+
+      fail "Can't modify frozen proc" \
+        if @error_logger.frozen?
+
+      @error_logger = f
     end
 
     def conflict_exceptions=(e=[])
-      @conflict_exceptions = Set[*e]
+      @conflict_exceptions.replace(Set[*e])
     end
 
-    def conflict?(action, exception_class)
-      @conflict_actions.include?(action) &&
-      @conflict_exceptions.include?(exception_class)
+    def not_found_exceptions=(e=[])
+      @not_found_exceptions.replace(Set[*e])
+    end
+
+    def validation_exceptions=(e=[])
+      @validation_exceptions.replace(Set[*e])
+    end
+
+    def validation_formatter=(f)
+      fail "Invalid validation formatter #{f}" \
+        unless f.respond_to?(:call)
+
+      fail "Can't modify frozen proc" \
+        if @validation_formatter.frozen?
+
+      @validation_formatter = f
     end
 
     def_delegator :@default_roles, :merge!, :default_roles=
+    def_delegator :@default_has_many_roles, :merge!, :default_has_many_roles=
+    def_delegator :@default_has_one_roles, :merge!, :default_has_one_roles=
 
     def serializer_opts=(h={})
-      @serializer_opts = deep_copy(DEFAULT_SERIALIZER_OPTS).merge!(h)
+      @serializer_opts.replace(deep_copy(DEFAULT_SERIALIZER_OPTS).merge!(h))
     end
 
     DEFAULT_OPTS.keys.each do |k|
@@ -79,36 +117,63 @@ module Sinja
     end
 
     def freeze
+      @error_logger.freeze
+
       @default_roles.freeze
+      @default_has_many_roles.freeze
+      @default_has_one_roles.freeze
+
       @resource_roles.default_proc = nil
+      @resource_roles.values.each do |h|
+        h[:resource].freeze
+        h[:has_many].default_proc = nil
+        deep_freeze(h[:has_many])
+        h[:has_one].default_proc = nil
+        deep_freeze(h[:has_one])
+      end
       deep_freeze(@resource_roles)
-      @conflict_actions.freeze
+
+      @resource_sideload.default_proc = nil
+      deep_freeze(@resource_sideload)
+
       @conflict_exceptions.freeze
+      @not_found_exceptions.freeze
+      @validation_exceptions.freeze
+      @validation_formatter.freeze
+
       deep_freeze(@serializer_opts)
+
       @opts.freeze
+
       super
     end
   end
 
+  class Roles < Set
+    def ===(other)
+      self.intersect?(Set === other ? other : Set[*other])
+    end
+  end
+
   class RolesConfig
     include ConfigUtils
     extend Forwardable
 
-    def initialize
-      @data = [
-        ResourceRoutes::ACTIONS,
-        RelationshipRoutes::HasMany::ACTIONS,
-        RelationshipRoutes::HasOne::ACTIONS
-      ].reduce([], :concat).map { |action| [action, RoleList.new] }.to_h
+    def initialize(actions=[])
+      @data = actions.map { |action| [action, Roles.new] }.to_h
     end
 
-    def_delegator :@data, :[]
+    def_delegators :@data, :[], :dig
+
+    def ==(other)
+      @data == other.instance_variable_get(:@data)
+    end
 
     def merge!(h={})
       h.each do |action, roles|
         abort "Unknown or invalid action helper `#{action}' in configuration" \
           unless @data.key?(action)
-        @data[action].replace(RoleList[*roles])
+        @data[action].replace(Roles[*roles])
       end
       @data
     end
@@ -123,4 +188,33 @@ module Sinja
       super
     end
   end
+
+  class SideloadConfig
+    include ConfigUtils
+    extend Forwardable
+
+    def initialize(actions=[])
+      @data = actions.map { |child| [child, Set.new] }.to_h
+    end
+
+    def_delegators :@data, :[], :dig
+
+    def ==(other)
+      @data == other.instance_variable_get(:@data)
+    end
+
+    def merge!(h={})
+      h.each do |child, parents|
+        abort "Unknown or invalid action helper `#{child}' in configuration" \
+          unless @data.key?(child)
+        @data[child].replace(Set[*parents])
+      end
+      @data
+    end
+
+    def freeze
+      deep_freeze(@data)
+      super
+    end
+  end
 end