stitches 3.7.3 → 4.0.0.RC1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5fa18e703222c9f9f2cc2b750cbf06a1bf9ddac8d473e6c2775d3d0cd840e59e
-  data.tar.gz: 550563efbfc95a84ff7c9375cbd4cd6d45eff8621370780f90760ddecc4afa3e
+  metadata.gz: d181adb5b8ed9642468e2a8c75ab5ed2cbb01756458885410c8538c0b0a51890
+  data.tar.gz: 95a4105d911e4e4ebbf927d2bf87efb8bc6dfb1d2537e4f0ebc42caf8569c44d
 SHA512:
-  metadata.gz: 0d81db63050704736cc9aaaebc3ccc0f06bcb271a36b734c195f9b5298121c18fd43c529e32ec2ba2dcf2e76c8dda411fc245d8229a4a2df21889de87dded7d7
-  data.tar.gz: cd636756307dd9395860278f80f9fea1638ceef28105d91cc319c80db74de58809e7e6e396f1e706b123705c7905a46d0a5e3655c7c84cd077fe6eab9808c577
+  metadata.gz: 442b3c89184c500c7036bb06a355c0df478ea16089777d920aefc62c94dedb37ad0be40a4a46dc558509148b0f08feb335cece9e8e79ac732482977876931d99
+  data.tar.gz: aeaf701f19b4e8962227cccd7421f3452bf7e2dde77bfa2e7ecce735883adade7903a3392009d351e48258d2b6f231f36d36190a8e65c184e8ad5b9681d94f7f

data/.circleci/config.yml

@@ -5,9 +5,10 @@ version: 2
 jobs:
   release:
     docker:
-    - image: circleci/ruby:2.6.3
+    - image: circleci/ruby:2.7.1
     steps:
     - checkout
+    - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run:
         name: Artifactory login
@@ -16,14 +17,15 @@ jobs:
     - run:
         name: Build/release gem to artifactory
         command: bundle exec rake push_artifactory
-  ruby-2.6.3-rails-5.2:
+  ruby-2.7.1-rails-6.0:
     docker:
-    - image: circleci/ruby:2.6.3
+    - image: circleci/ruby:2.7.1
       environment:
-        BUNDLE_GEMFILE: Gemfile.rails-5.2
+        BUNDLE_GEMFILE: Gemfile.rails-6.0
     working_directory: "~/stitches"
     steps:
     - checkout
+    - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run: bundle exec rspec --format RspecJunitFormatter --out /tmp/test-results/rspec.xml
         --format=doc
@@ -33,18 +35,19 @@ jobs:
           fi
     - run:
         name: Notify Pager Duty
-        command: bundle exec y-notify "#eng-platform"
+        command: bundle exec y-notify "#devex-alerts"
         when: on_fail
     - store_test_results:
         path: "/tmp/test-results"
-  ruby-2.5.5-rails-5.2:
+  ruby-2.6.6-rails-6.0:
     docker:
-    - image: circleci/ruby:2.5.5
+    - image: circleci/ruby:2.6.6
       environment:
-        BUNDLE_GEMFILE: Gemfile.rails-5.2
+        BUNDLE_GEMFILE: Gemfile.rails-6.0
     working_directory: "~/stitches"
     steps:
     - checkout
+    - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run: bundle exec rspec --format RspecJunitFormatter --out /tmp/test-results/rspec.xml
         --format=doc
@@ -54,18 +57,19 @@ jobs:
           fi
     - run:
         name: Notify Pager Duty
-        command: bundle exec y-notify "#eng-platform"
+        command: bundle exec y-notify "#devex-alerts"
         when: on_fail
     - store_test_results:
         path: "/tmp/test-results"
-  ruby-2.6.3-rails-5.1:
+  ruby-2.7.1-rails-5.2:
     docker:
-    - image: circleci/ruby:2.6.3
+    - image: circleci/ruby:2.7.1
       environment:
-        BUNDLE_GEMFILE: Gemfile.rails-5.1
+        BUNDLE_GEMFILE: Gemfile.rails-5.2
     working_directory: "~/stitches"
     steps:
     - checkout
+    - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run: bundle exec rspec --format RspecJunitFormatter --out /tmp/test-results/rspec.xml
         --format=doc
@@ -75,18 +79,19 @@ jobs:
           fi
     - run:
         name: Notify Pager Duty
-        command: bundle exec y-notify "#eng-platform"
+        command: bundle exec y-notify "#devex-alerts"
         when: on_fail
     - store_test_results:
         path: "/tmp/test-results"
-  ruby-2.5.5-rails-5.1:
+  ruby-2.6.6-rails-5.2:
     docker:
-    - image: circleci/ruby:2.5.5
+    - image: circleci/ruby:2.6.6
       environment:
-        BUNDLE_GEMFILE: Gemfile.rails-5.1
+        BUNDLE_GEMFILE: Gemfile.rails-5.2
     working_directory: "~/stitches"
     steps:
     - checkout
+    - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run: bundle exec rspec --format RspecJunitFormatter --out /tmp/test-results/rspec.xml
         --format=doc
@@ -96,7 +101,7 @@ jobs:
           fi
     - run:
         name: Notify Pager Duty
-        command: bundle exec y-notify "#eng-platform"
+        command: bundle exec y-notify "#devex-alerts"
         when: on_fail
     - store_test_results:
         path: "/tmp/test-results"
@@ -107,31 +112,31 @@ workflows:
     - release:
         context: org-global
         requires:
-        - ruby-2.6.3-rails-5.2
-        - ruby-2.5.5-rails-5.2
-        - ruby-2.6.3-rails-5.1
-        - ruby-2.5.5-rails-5.1
+        - ruby-2.7.1-rails-6.0
+        - ruby-2.6.6-rails-6.0
+        - ruby-2.7.1-rails-5.2
+        - ruby-2.6.6-rails-5.2
         filters:
           tags:
-            only: /^[0-9]+\.[0-9]+\.[0-9](\.RC\d*)?$/
+            only: /^[0-9]+\.[0-9]+\.[0-9]+(\.?(RC|rc)[-\.]?\d*)?$/
           branches:
             ignore: /.*/
-    - ruby-2.6.3-rails-5.2:
+    - ruby-2.7.1-rails-6.0:
         context: org-global
         filters:
           tags:
             only: &1 /.*/
-    - ruby-2.5.5-rails-5.2:
+    - ruby-2.6.6-rails-6.0:
         context: org-global
         filters:
           tags:
             only: *1
-    - ruby-2.6.3-rails-5.1:
+    - ruby-2.7.1-rails-5.2:
         context: org-global
         filters:
           tags:
             only: *1
-    - ruby-2.5.5-rails-5.1:
+    - ruby-2.6.6-rails-5.2:
         context: org-global
         filters:
           tags:
@@ -145,11 +150,11 @@ workflows:
             only:
             - master
     jobs:
-    - ruby-2.6.3-rails-5.2:
+    - ruby-2.7.1-rails-6.0:
         context: org-global
-    - ruby-2.5.5-rails-5.2:
+    - ruby-2.6.6-rails-6.0:
         context: org-global
-    - ruby-2.6.3-rails-5.1:
+    - ruby-2.7.1-rails-5.2:
         context: org-global
-    - ruby-2.5.5-rails-5.1:
+    - ruby-2.6.6-rails-5.2:
         context: org-global

data/{CODEOWNERS → .github/CODEOWNERS}

@@ -8,4 +8,4 @@
 # This file uses the GitHub CODEOWNERS convention to assign PR reviewers:
 # https://help.github.com/articles/about-codeowners/
 
-* @brettfishman @bwebster
+* @brettfishman @bwebster @stitchfix/devex

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,7 @@
+## Problem
+
+«Brief overview of the problem»
+
+## Solution
+
+«Brief description of how you solved the problem»

data/.gitignore

@@ -9,4 +9,5 @@ config/database.yml
 .jhw-cache
 **.orig
 Gemfile.lock
+Gemfile.*.lock
 .projections.json

data/.ruby-version

@@ -1 +1 @@
-2.5.3
+2.7.1

data/.travis.yml

@@ -1,7 +1,10 @@
 language: ruby
 rvm:
-  - 2.4.4
-  - 2.5.1
+  - 2.6
+  - 2.7
   - ruby-head
 notifications:
   email: false
+jobs:
+  allow_failures:
+    - rvm: ruby-head

data/Gemfile.rails-5.1

@@ -1,7 +1,6 @@
 # DO NOT MODIFY - this is managed by Git Reduce in goro
 #
-source 'https://gem.fury.io/me/'
-source 'https://www.rubygems.org'
+source 'https://stitchfix01.jfrog.io/stitchfix01/api/gems/eng-gems/'
 
 gemspec
 

data/Gemfile.rails-5.2

@@ -1,7 +1,6 @@
 # DO NOT MODIFY - this is managed by Git Reduce in goro
 #
-source 'https://gem.fury.io/me/'
-source 'https://www.rubygems.org'
+source 'https://stitchfix01.jfrog.io/stitchfix01/api/gems/eng-gems/'
 
 gemspec
 

data/Gemfile.rails-6.0

@@ -0,0 +1,7 @@
+# DO NOT MODIFY - this is managed by Git Reduce in goro
+#
+source 'https://stitchfix01.jfrog.io/stitchfix01/api/gems/eng-gems/'
+
+gemspec
+
+gem 'rails', '~> 6.0.0'

data/README.md

@@ -4,13 +4,13 @@ Create Microservices in Rails by pretty much just writing regular Rails code.
 
 This gem provides:
 
-* transparent API key authentication.
-* router-level API version based on headers.
-* a way to document your microservice endpoints via acceptance tests.
-* structured errors, buildable from invalid Active Records, Exceptions, or by hand.
+- transparent API key authentication.
+- router-level API version based on headers.
+- a way to document your microservice endpoints via acceptance tests.
+- structured errors, buildable from invalid Active Records, Exceptions, or by hand.
 
 This, plus much of what you get from Rails already, means you can create a microservice Rails application by just writing the
-same Rails code you write today.  Instead of rendering web views, you render JSON (which is built into Rails).
+same Rails code you write today. Instead of rendering web views, you render JSON (which is built into Rails).
 
 ## To install
 
@@ -29,22 +29,32 @@ bundle install
 Then, set it up:
 
 ```
-> bin/rails generate rspec:install
-> bin/rails generate apitome:install
 > bin/rails generate stitches:api
 > bundle exec rake db:migrate
 ```
 
 ### Upgrading from an older version
 
-* If you have a version lower than 3.3.0, you need to run two generators, one of which creates a new database migration on your
-`api_clients` table:
+- When upgrading to version 4.0.0 you may now take advantage of an in-memory cache
+
+You can enabled it like so
+
+```ruby
+Stitches.configure do |config|
+  config.max_cache_ttl = 5  # seconds
+  config.max_cache_size = 100  # how many keys to cache
+end
+```
+
+- If you have a version lower than 3.3.0, you need to run two generators, one of which creates a new database migration on your
+  `api_clients` table:
 
   ```
   > bin/rails generate stitches:add_enabled_to_api_clients
   > bin/rails generate stitches:add_deprecation
   ```
-* If you have a version lower than 3.6.0, you need to run one generator:
+
+- If you have a version lower than 3.6.0, you need to run one generator:
 
   ```
   > bin/rails generate stitches:add_deprecation
@@ -61,8 +71,8 @@ class Api::V1::WidgetsController < ApiController
     if widget.valid?
       head 201
     else
-      render json: { 
-        errors: Stitches::Errors.from_active_record_object(widget) 
+      render json: {
+        errors: Stitches::Errors.from_active_record_object(widget)
       }, status: 422
     end
   end
@@ -75,44 +85,44 @@ private
 end
 ```
 
-If you think there's nothing special about this—you are correct.  This is the vanillaest of vanilla Rails controllers, with a few
+If you think there's nothing special about this—you are correct. This is the vanillaest of vanilla Rails controllers, with a few
 notable exceptions:
 
-* We aren't checking content type.  A stitches-based microservice always uses JSON and refuses to route requests for non-JSON to
-you, so there's zero need to use `respond_to` and friends.
-* The error-building is structured and reliable.
-* This is an authenticated request.  No request without proper authentication will be routed here, so you don't have to worry
-about it in your code.
-* This is a versioned request.  While the URL will *not* contain `v1` in it, the `Accept` header will require a version and get
-routed here.  If you make a V2, it's just a new controller and this concern is handled at the routing layer.
+- We aren't checking content type. A stitches-based microservice always uses JSON and refuses to route requests for non-JSON to
+  you, so there's zero need to use `respond_to` and friends.
+- The error-building is structured and reliable.
+- This is an authenticated request. No request without proper authentication will be routed here, so you don't have to worry
+  about it in your code.
+- This is a versioned request. While the URL will _not_ contain `v1` in it, the `Accept` header will require a version and get
+  routed here. If you make a V2, it's just a new controller and this concern is handled at the routing layer.
 
-All this means that the Rails skills of you and your team can be directly applied to building microservices.  You don't have to make a bunch of boring decisions about auth, versioning, or content-types.  It also means you can start deploying and creating microservices with little friction.  No need to deal with a complex DSL or new programming language to get yourselves going with Microservices.
+All this means that the Rails skills of you and your team can be directly applied to building microservices. You don't have to make a bunch of boring decisions about auth, versioning, or content-types. It also means you can start deploying and creating microservices with little friction. No need to deal with a complex DSL or new programming language to get yourselves going with Microservices.
 
 ## More Info
 
 See [the wiki](https://github.com/stitchfix/stitches/wiki/Setup) for how to setup stitches.
 
-* [Stitches Features](https://github.com/stitchfix/stitches/wiki/Features-of-Stitches) include:
+- [Stitches Features](https://github.com/stitchfix/stitches/wiki/Features-of-Stitches) include:
   - Authorization via API key
   - Versioned requests via HTTP content types
   - Structured Errors
   - ISO 8601-formatted dates
   - Deprecation using the `Sunset` header
-* The [Generator](https://github.com/stitchfix/stitches/wiki/Generator) sets up some code in your app, so you can start writing
-APIs using vanilla Rails idioms:
+  - An optional ApiKey cache to allow mostly DB free APIs
+- The [Generator](https://github.com/stitchfix/stitches/wiki/Generator) sets up some code in your app, so you can start writing
+  APIs using vanilla Rails idioms:
   - a "ping" controller that can validate your app is working
   - version routing based on content-type (requests for V2 use the same URL, but are serviced by a different controller)
   - An ApiClient Active Record
   - Acceptance tests that can produce API documentation as they test your app.
-* Stitches provides [testing support](https://github.com/stitchfix/stitches/wiki/Testing)
-
+- Stitches provides [testing support](https://github.com/stitchfix/stitches/wiki/Testing)
 
 ## Developing
 
-Although `Stitches.configuration` is global, do not depend directly on that in your logic.  Instead, allow all classes to receive a configuration object in their constructor.  This makes the classes easier to deal with and change, without incurring much of a real cost to development.  Global symbols suck, but are convenient.  This is how you make the most of it.
+Although `Stitches.configuration` is global, do not depend directly on that in your logic. Instead, allow all classes to receive a configuration object in their constructor. This makes the classes easier to deal with and change, without incurring much of a real cost to development. Global symbols suck, but are convenient. This is how you make the most of it.
 
 Also, the integration test does a lot of "testing the implementation", but since Rails generators are notorious for silently
-failing with a successful result, we have to make sure that the various `inject_into_file` calls are actually working.  Do not do
+failing with a successful result, we have to make sure that the various `inject_into_file` calls are actually working. Do not do
 any fancy refactors here, just keep it up to date.
 
 ---

data/lib/stitches.rb

@@ -1,4 +1,2 @@
 require 'stitches_norailtie'
 require 'stitches/railtie'
-# Add new stitches ruby files to the stitches_norailtie file instead of here
-require 'apitome'

data/lib/stitches/allowlist_middleware.rb

@@ -2,7 +2,6 @@ module Stitches
   # A middleware that will skip its behavior if the path matches an allowed URL
   class AllowlistMiddleware
     def initialize(app, options={})
-
       @app           = app
       @configuration = options[:configuration] ||  Stitches.configuration
       @except        = options[:except]        || @configuration.allowlist_regexp

data/lib/stitches/api_client_access_wrapper.rb

@@ -0,0 +1,42 @@
+require 'lru_redux'
+
+module Stitches::ApiClientAccessWrapper
+
+  def self.fetch_for_key(key)
+    if cache_enabled
+      fetch_for_key_from_cache(key)
+    else
+      fetch_for_key_from_db(key)
+    end
+  end
+
+  def self.fetch_for_key_from_cache(key)
+    api_key_cache.getset(key) do
+      fetch_for_key_from_db(key)
+    end
+  end
+
+  def self.fetch_for_key_from_db(key)
+    if ::ApiClient.column_names.include?("enabled")
+      ::ApiClient.find_by(key: key, enabled: true)
+    else
+      ActiveSupport::Deprecation.warn('api_keys is missing "enabled" column.  Run "rails g stitches:add_enabled_to_api_clients"')
+      ::ApiClient.find_by(key: key)
+    end
+  end
+
+  def self.clear_api_cache
+    api_key_cache.clear if cache_enabled
+  end
+
+  def self.api_key_cache
+    @api_key_cache ||= LruRedux::TTL::ThreadSafeCache.new(
+      Stitches.configuration.max_cache_size,
+      Stitches.configuration.max_cache_ttl,
+    )
+  end
+
+  def self.cache_enabled
+    Stitches.configuration.max_cache_ttl.positive?
+  end
+end

data/lib/stitches/api_generator.rb

@@ -4,7 +4,7 @@ module Stitches
   class ApiGenerator < Rails::Generators::Base
     include Rails::Generators::Migration
 
-    source_root(File.expand_path(File.join(File.dirname(__FILE__),"generator_files")))
+    source_root(File.expand_path(File.join(File.dirname(__FILE__), "generator_files")))
 
     def self.next_migration_number(path)
       Time.now.utc.strftime("%Y%m%d%H%M%S")
@@ -12,14 +12,22 @@ module Stitches
 
     desc "Bootstraps your API service with a basic ping controller and spec to ensure everything is setup properly"
     def bootstrap_api
-      inject_into_file "Gemfile", after: /^gem ['"]rails['"].*$/ do<<-GEM
+      gem "apitome"
+      gem_group :development, :test do
+        gem "rspec"
+        gem "rspec-rails"
+        gem "rspec_api_documentation"
+      end
 
-gem "apitome"
-gem "responders"
-gem "rspec_api_documentation", group: [ :development, :test ]
-gem "capybara", group: [ :development, :test ]
-      GEM
+      Bundler.with_clean_env do
+        run "bundle install"
       end
+      generate "apitome:install"
+      generate "rspec:install"
+
+      gsub_file 'config/initializers/apitome.rb', /config.mount_at = .*$/, "config.mount_at = nil"
+      gsub_file 'config/initializers/apitome.rb', /config.title = .*$/, "config.title = 'Service Documentation'"
+
       inject_into_file "config/routes.rb", before: /^end/ do<<-ROUTES
 namespace :api do
   scope module: :v1, constraints: Stitches::ApiVersionConstraint.new(1) do
@@ -32,15 +40,14 @@ namespace :api do
     # as well as for your client to be able to validate this as well.
   end
 end
-api_docs = Rack::Auth::Basic.new(Apitome::Engine ) do |_,password|
+
+api_docs = Rack::Auth::Basic.new(Apitome::Engine) do |_, password|
   password == ENV['HTTP_AUTH_PASSWORD']
 end
 mount api_docs, at: "docs"
       ROUTES
       end
 
-      run 'bundle install'
-
       copy_file "app/controllers/api.rb"
       copy_file "app/controllers/api/api_controller.rb"
       copy_file "app/controllers/api/v1.rb"
@@ -53,8 +60,6 @@ mount api_docs, at: "docs"
       template "spec/features/api_spec.rb.erb", "spec/features/api_spec.rb"
       copy_file "spec/acceptance/ping_v1_spec.rb", "spec/acceptance/ping_v1_spec.rb"
 
-      run 'bundle install'
-
       migration_template "db/migrate/enable_uuid_ossp_extension.rb", "db/migrate/enable_uuid_ossp_extension.rb"
       sleep 1 # allow clock to tick so we get different numbers
       migration_template "db/migrate/create_api_clients.rb", "db/migrate/create_api_clients.rb"
@@ -70,26 +75,23 @@ require 'stitches/spec'
 
       append_to_file 'spec/rails_helper.rb' do<<-RSPEC_API
 require 'rspec_api_documentation'
+
 RspecApiDocumentation.configure do |config|
-config.format = :json
-config.request_headers_to_include = %w(
-  Accept
-  Content-Type
-  Authorization
-  If-Modified-Since
-)
-config.response_headers_to_include = %w(
-  Last-Modified
-  ETag
-)
-config.api_name = "YOUR SERVICE NAME HERE"
+  config.format = :json
+  config.request_headers_to_include = %w(
+    Accept
+    Content-Type
+    Authorization
+    If-Modified-Since
+  )
+  config.response_headers_to_include = %w(
+    Last-Modified
+    ETag
+  )
+  config.api_name = "YOUR SERVICE NAME HERE"
 end
-      RSPEC_API
+RSPEC_API
       end
-      run "rails g apitome:install"
-      gsub_file 'config/initializers/apitome.rb', /config.mount_at = .*$/, "config.mount_at = nil"
-      gsub_file 'config/initializers/apitome.rb', /config.title = .*$/, "config.title = 'Service Documentation'"
-
     end
   end
 end

data/lib/stitches/api_key.rb

@@ -20,11 +20,6 @@ module Stitches
   # ApiClient that it maps to.
   class ApiKey < Stitches::AllowlistMiddleware
 
-    def initialize(app,options = {})
-      super(app,options)
-      @realm = Rails.application.class.parent.to_s
-    end
-
   protected
 
     def do_call(env)
@@ -32,35 +27,40 @@ module Stitches
       if authorization
         if authorization =~ /#{@configuration.custom_http_auth_scheme}\s+key=(.*)\s*$/
           key = $1
-
-          if ApiClient.column_names.include?("enabled")
-            client = ApiClient.where(key: key, enabled: true).first
-          else
-            ActiveSupport::Deprecation.warn('api_keys is missing "enabled" column.  Run "rails g stitches:add_enabled_to_api_clients"')
-            client = ApiClient.where(key: key).first
-          end
-
+          client = Stitches::ApiClientAccessWrapper.fetch_for_key(key)
           if client.present?
             env[@configuration.env_var_to_hold_api_client_primary_key] = client.id
             env[@configuration.env_var_to_hold_api_client] = client
             @app.call(env)
           else
-            UnauthorizedResponse.new("key invalid",@realm,@configuration.custom_http_auth_scheme)
+            unauthorized_response("key invalid")
           end
         else
-          UnauthorizedResponse.new("bad authorization type",@realm,@configuration.custom_http_auth_scheme)
+          unauthorized_response("bad authorization type")
         end
       else
-        UnauthorizedResponse.new("no authorization header",@realm,@configuration.custom_http_auth_scheme)
+        unauthorized_response("no authorization header")
       end
     end
 
   private
 
-    class UnauthorizedResponse < Rack::Response
-      def initialize(reason,realm,custom_http_auth_scheme)
-        super("Unauthorized - #{reason}", 401, { "WWW-Authenticate" => "#{custom_http_auth_scheme} realm=#{realm}" })
-      end
+    # TODO: (jdlubrano)
+    # Once Rails 5 support is no longer necessary, we can simply call
+    # Rails.application.class.module_parent.  The module_parent method
+    # does not exist in Rails <= 5, though, so we need to gracefully fallback
+    # Rails.application.class.parent for Rails versions predating Rails 6.0.0.
+    def rails_app_module
+      application_class = Rails.application.class
+      parent = application_class.try(:module_parent) || application_class.parent
+      parent.to_s
+    end
+
+    def unauthorized_response(reason)
+      status = 401
+      body = "Unauthorized - #{reason}"
+      header = { "WWW-Authenticate" => "#{@configuration.custom_http_auth_scheme} realm=#{rails_app_module}" }
+      Rack::Response.new(body, status, header).finish
     end
 
   end

data/lib/stitches/configuration.rb

@@ -13,6 +13,8 @@ class Stitches::Configuration
     @custom_http_auth_scheme = UnsetString.new("custom_http_auth_scheme")
     @env_var_to_hold_api_client_primary_key = NonNullString.new("env_var_to_hold_api_client_primary_key","STITCHES_API_CLIENT_ID")
     @env_var_to_hold_api_client= NonNullString.new("env_var_to_hold_api_client","STITCHES_API_CLIENT")
+    @max_cache_ttl = NonNullInteger.new("max_cache_ttl", 0)
+    @max_cache_size = NonNullInteger.new("max_cache_size", 0)
   end
 
   # A RegExp that allows URLS around the mime type and api key requirements.
@@ -39,7 +41,7 @@ class Stitches::Configuration
     @custom_http_auth_scheme = NonNullString.new("custom_http_auth_scheme",new_custom_http_auth_scheme)
   end
 
-  # The name of the environment variable that the ApiKey middleware should use to 
+  # The name of the environment variable that the ApiKey middleware should use to
   # place the primary key of the authenticated ApiKey.  For example, if a user provides
   # the api key 1234-1234-1234-1234, and that maps to the primary key 42 in your database,
   # the environment will contain "42" in the key provided here.
@@ -59,8 +61,40 @@ class Stitches::Configuration
     @env_var_to_hold_api_client= NonNullString.new("env_var_to_hold_api_client",new_env_var_to_hold_api_client)
   end
 
+  def max_cache_ttl
+    @max_cache_ttl.to_i
+  end
+
+  def max_cache_ttl=(new_max_cache_ttl)
+    @max_cache_ttl = NonNullInteger.new("max_cache_ttl", new_max_cache_ttl)
+  end
+
+  def max_cache_size
+    @max_cache_size.to_i
+  end
+
+  def max_cache_size=(new_max_cache_size)
+    @max_cache_size = NonNullInteger.new("max_cache_size", new_max_cache_size)
+  end
+
 private
 
+  class NonNullInteger
+    def initialize(name, value)
+      unless value.is_a?(Integer)
+        raise "#{name} must be an Integer, not a #{value.class}"
+      end
+
+      @value = value
+    end
+
+    def to_i
+      @value
+    end
+
+    alias to_integer to_i
+  end
+
   class NonNullString
     def initialize(name,string)
       unless string.nil? || string.is_a?(String)

data/lib/stitches/generator_files/config/initializers/stitches.rb

@@ -11,4 +11,14 @@ Stitches.configure do |configuration|
   # Env var that gets the primary key of the authenticated ApiKey
   # for access in your controllers, so they don't need to re-parse the header
   # configuration.env_var_to_hold_api_client_primary_key = "YOUR_ENV_VAR"
+
+  # Configures how long to cache ApiKeys in memory (In Seconds)
+  # A value of 0 will disable the cache entierly
+  # Default is 0
+  # configuration.max_cache_ttl = 5
+
+  # Configures how many ApiKeys to cache at one time
+  # This should be larger then the number of clients
+  # Default is 0
+  # configuration.max_cache_size = 100
 end

data/lib/stitches/generator_files/spec/features/api_spec.rb.erb

@@ -123,14 +123,22 @@ feature "general API stuff" do
     failure_message do
       correct_code,_ = evaluate_response(response)
       if correct_code
-        "Expected WWW-Authenticate header to be 'CustomKeyAuth realm=#{Rails.application.class.parent.to_s}', but was #{response['WWW-Authenticate']}"
+        "Expected WWW-Authenticate header to be 'CustomKeyAuth realm=#{realm}', but was #{response['WWW-Authenticate']}"
       else
         "Expected response to be 401, but was #{response.response_code}"
       end
     end
 
+    def realm
+<% if ::Rails::VERSION::MAJOR >= 6 -%>
+     Rails.application.class.module_parent.to_s
+<% else %>
+     Rails.application.class.parent.to_s
+<% end %>
+    end
+
     def evaluate_response(response)
-      [response.response_code == 401, response.headers["WWW-Authenticate"] == "CustomKeyAuth realm=#{Rails.application.class.parent.to_s}" ]
+      [response.response_code == 401, response.headers["WWW-Authenticate"] == "CustomKeyAuth realm=#{realm}"]
     end
   end
 end

data/lib/stitches/railtie.rb

@@ -1,9 +1,11 @@
 require 'stitches/api_key'
 require 'stitches/valid_mime_type'
+require 'stitches/api_client_access_wrapper'
 
 module Stitches
   class Railtie < Rails::Railtie
     config.app_middleware.use Stitches::ApiKey
     config.app_middleware.use Stitches::ValidMimeType
+
   end
 end

data/lib/stitches/valid_mime_type.rb

@@ -16,16 +16,17 @@ module Stitches
       if accept =~ %r{application/json} && accept =~ %r{version=\d+}
         @app.call(env)
       else
-        NotAcceptableResponse.new(accept)
+        not_acceptable_response(accept)
       end
     end
 
     private
 
-    class NotAcceptableResponse < Rack::Response
-      def initialize(accept_header)
-        super("Not Acceptable - '#{accept_header}' didn't have the right mime type or version number. We only accept application/json with a version", 406)
-      end
+    def not_acceptable_response(accept_header)
+      status = 406
+      body = "Not Acceptable - '#{accept_header}' didn't have the right mime type or version number. We only accept application/json with a version"
+      header = { "WWW-Authenticate" => accept_header }
+      Rack::Response.new(body, status, header).finish
     end
 
   end

data/lib/stitches/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Stitches
-  VERSION = '3.7.3'
+  VERSION = '4.0.0.RC1'
 end

data/owners.json

@@ -1,7 +1,7 @@
 {
   "owners": [
     {
-      "team": "platform"
+      "team": "devex"
     }
   ]
 }

data/spec/api_client_access_wrapper_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper.rb'
+
+module MyApp
+  class Application
+  end
+end
+
+unless defined? ApiClient
+  class ApiClient
+    def self.column_names
+      ["enabled"]
+    end
+  end
+end
+
+describe Stitches::ApiClientAccessWrapper do
+  let(:api_client) {
+    double(ApiClient, id: 42)
+  }
+  before do
+    Stitches.configuration.reset_to_defaults!
+  end
+  describe '#fetch_by_key' do
+    context "cache is disabled" do
+      before do
+        expect(ApiClient).to receive(:find_by).and_return(api_client).twice
+      end
+
+      it "fetchs object from db twice" do
+        expect(described_class.fetch_for_key("123").id).to eq(42)
+        expect(described_class.fetch_for_key("123").id).to eq(42)
+      end
+    end
+
+    context "cache is configured" do
+      before do
+        Stitches.configure do |config|
+          config.max_cache_ttl  = 5
+          config.max_cache_size = 10
+        end
+
+        expect(ApiClient).to receive(:find_by).and_return(api_client).once
+      end
+
+      it "fetchs object from cache" do
+        expect(described_class.fetch_for_key("123").id).to eq(42)
+        # This should hit the cache
+        expect(described_class.fetch_for_key("123").id).to eq(42)
+      end
+    end
+  end
+end

data/spec/api_key_spec.rb

@@ -15,10 +15,8 @@ end
 
 describe Stitches::ApiKey do
   let(:app) { double("rack app") }
-  let(:api_clients) {
-    [
-      double(ApiClient, id: 42)
-    ]
+  let(:api_client) {
+    double(ApiClient, id: 42)
   }
 
   before do
@@ -27,23 +25,27 @@ describe Stitches::ApiKey do
     fake_rails_app = MyApp::Application.new
     allow(Rails).to receive(:application).and_return(fake_rails_app)
     allow(app).to receive(:call).with(env)
-    allow(ApiClient).to receive(:where).and_return(api_clients)
+    allow(ApiClient).to receive(:find_by).and_return(api_client)
+    Stitches::ApiClientAccessWrapper.clear_api_cache
   end
 
   subject(:middleware) { described_class.new(app, namespace: "/api") }
 
   shared_examples "an unauthorized response" do
     it "returns a 401" do
-      expect(@response.status).to eq(401)
+      status, _headers, _body = @response
+      expect(status).to eq(401)
     end
     it "sets the proper header" do
-      expect(@response.headers["WWW-Authenticate"]).to eq("MyAwesomeInternalScheme realm=MyApp")
+      _status, headers, _body = @response
+      expect(headers["WWW-Authenticate"]).to eq("MyAwesomeInternalScheme realm=MyApp")
     end
     it "stops the call chain preventing anything from happening" do
       expect(app).not_to have_received(:call)
     end
     it "sends a reasonable message" do
-      expect(@response.body).to eq([expected_body])
+      _status, _headers, body = @response
+      expect(body).to eq([expected_body])
     end
   end
 
@@ -155,18 +157,17 @@ describe Stitches::ApiKey do
       end
 
       it "sets the api_client's ID in the environment" do
-        expect(env[Stitches.configuration.env_var_to_hold_api_client_primary_key]).to eq(api_clients.first.id)
+        expect(env[Stitches.configuration.env_var_to_hold_api_client_primary_key]).to eq(api_client.id)
       end
 
       it "sets the api_client itself in the environment" do
-        expect(env[Stitches.configuration.env_var_to_hold_api_client]).to eq(api_clients.first)
+        expect(env[Stitches.configuration.env_var_to_hold_api_client]).to eq(api_client)
       end
     end
 
     context "unauthorized responses" do
       before do
         @response = middleware.call(env)
-        @response.finish
       end
       context "invalid key" do
         let(:env) {
@@ -175,7 +176,7 @@ describe Stitches::ApiKey do
             "HTTP_AUTHORIZATION" => "MyAwesomeInternalScheme key=foobar",
           }
         }
-        let(:api_clients) { [] }
+        let(:api_client) { nil }
 
         it_behaves_like "an unauthorized response" do
           let(:expected_body) { "Unauthorized - key invalid" }

data/spec/configuration_spec.rb

@@ -9,17 +9,23 @@ describe Stitches::Configuration do
     let(:allowlist_regexp) { %r{foo} }
     let(:custom_http_auth_scheme) { "Blah" }
     let(:env_var_to_hold_api_client_primary_key) { "FOOBAR" }
+    let(:max_cache_ttl) { 11 }
+    let(:max_cache_size) { 111 }
 
     it "can be configured globally" do
       Stitches.configure do |config|
         config.allowlist_regexp                       = allowlist_regexp
         config.custom_http_auth_scheme                = custom_http_auth_scheme
         config.env_var_to_hold_api_client_primary_key = env_var_to_hold_api_client_primary_key
+        config.max_cache_ttl                          = max_cache_ttl
+        config.max_cache_size                         = max_cache_size
       end
 
       expect(Stitches.configuration.allowlist_regexp).to                       eq(allowlist_regexp)
       expect(Stitches.configuration.custom_http_auth_scheme).to                eq(custom_http_auth_scheme)
       expect(Stitches.configuration.env_var_to_hold_api_client_primary_key).to eq(env_var_to_hold_api_client_primary_key)
+      expect(Stitches.configuration.max_cache_ttl).to                          eq(max_cache_ttl)
+      expect(Stitches.configuration.max_cache_size).to                         eq(max_cache_size)
     end
 
     it "defaults to nil for allowlist_regexp" do
@@ -30,6 +36,14 @@ describe Stitches::Configuration do
       expect(Stitches.configuration.env_var_to_hold_api_client_primary_key).to eq("STITCHES_API_CLIENT_ID")
     end
 
+    it "defaults to 0 for max_cache_ttl" do
+      expect(Stitches.configuration.max_cache_ttl).to eq(0)
+    end
+
+    it "sets a default for max_cache_size" do
+      expect(Stitches.configuration.max_cache_size).to eq(0)
+    end
+
     it "blows up if you try to use custom_http_auth_scheme without having set it" do
       expect {
         Stitches.configuration.custom_http_auth_scheme
@@ -102,6 +116,37 @@ describe Stitches::Configuration do
       }.not_to raise_error
     end
   end
+
+  describe "max_cache_ttl" do
+    let(:config) { Stitches::Configuration.new }
+    it "must be an integer" do
+      expect {
+        config.max_cache_ttl = ""
+      }.to raise_error(/max_cache_ttl must be an Integer, not a String/)
+    end
+
+    it "may not be nil" do
+      expect {
+        config.max_cache_ttl = nil
+      }.to raise_error(/max_cache_ttl must be an Integer, not a NilClass/)
+    end
+  end
+
+  describe "max_cache_size" do
+    let(:config) { Stitches::Configuration.new }
+    it "must be an integer" do
+      expect {
+        config.max_cache_size = ""
+      }.to raise_error(/max_cache_size must be an Integer, not a String/)
+    end
+
+    it "may not be nil" do
+      expect {
+        config.max_cache_size = nil
+      }.to raise_error(/max_cache_size must be an Integer, not a NilClass/)
+    end
+  end
+
   context "deprecated options we want to support for backwards compatibility" do
 
     let(:logger) { double("logger") }

data/spec/integration/add_to_rails_app_spec.rb

@@ -5,9 +5,10 @@ require "open3"
 RSpec.describe "Adding Stitches to a New Rails App", :integration do
   let(:work_dir) { Dir.mktmpdir }
   let(:rails_app_name) { "swamp-thing" }
+  let(:rails_root) { Pathname(work_dir) / rails_app_name }
 
   def run(command)
-    stdout, stderr, stat = Open3.capture3(command)
+    stdout, stderr, stat = Open3.capture3({ 'BUNDLE_GEMFILE' => rails_root.join('Gemfile').to_path }, command)
     success = stat.success? && stdout !~ /Could not find generator/im
 
     if ENV["DEBUG"] == 'true' || !success
@@ -37,21 +38,30 @@ RSpec.describe "Adding Stitches to a New Rails App", :integration do
       "--no-rc",
       "--skip-bundle",
     ].join(" ")
-    FileUtils.chdir work_dir do
-      run rails_new
-      FileUtils.chdir rails_app_name do
-        example.run
+
+    # Use this local version of stitches rather than the one on Rubygems
+    gem_path = File.expand_path("../..", File.dirname(__FILE__))
+    use_local_stitches = %{echo "gem 'stitches', path: '#{gem_path}'" >> Gemfile}
+
+    Bundler.with_clean_env do
+      FileUtils.chdir work_dir do
+        run rails_new
+
+        FileUtils.chdir rails_app_name do
+          run use_local_stitches
+          # It's unclear why, but on CI the gems are not found when installed
+          # through bundler however installing them explicitly first fixes it.
+          run "gem install apitome rspec-rails rspec_api_documentation"
+          run "bundle install"
+          example.run
+        end
       end
     end
   end
 
   it "works as described in the README" do
-    run "bin/rails generate rspec:install"
-    run "bin/rails generate apitome:install"
     run "bin/rails generate stitches:api"
 
-    rails_root = Pathname(work_dir) / rails_app_name
-
     # Yuck!  So much duplication!  BUT: Rails app templates have a notoriously silent failure mode, so mostly
     # what this is doing is ensuring that the generator inserted stuff when asked and that the very basics of what happens 
     # during generation are there.  It's gross, and I'm sorry.
@@ -60,9 +70,7 @@ RSpec.describe "Adding Stitches to a New Rails App", :integration do
     aggregate_failures do
       expect(File.exist?(rails_root / "app" / "controllers" / "api" / "api_controller.rb")).to eq(true)
       expect(rails_root / "Gemfile").to contain_gem("apitome")
-      expect(rails_root / "Gemfile").to contain_gem("responders")
       expect(rails_root / "Gemfile").to contain_gem("rspec_api_documentation")
-      expect(rails_root / "Gemfile").to contain_gem("capybara")
       expect(rails_root / "config" / "routes.rb").to have_route(namespace: :api, module_scope: :v1, resource: 'ping')
       expect(rails_root / "config" / "routes.rb").to have_route(namespace: :api, module_scope: :v2, resource: 'ping')
       expect(rails_root / "config" / "routes.rb").to have_mounted_engine("Apitome::Engine")
@@ -81,11 +89,7 @@ RSpec.describe "Adding Stitches to a New Rails App", :integration do
   end
 
   it "inserts the deprecation module into ApiController" do
-    run "bin/rails generate rspec:install"
-    run "bin/rails generate apitome:install"
     run "bin/rails generate stitches:api"
-
-    rails_root = Pathname(work_dir) / rails_app_name
     api_controller = rails_root / "app" / "controllers" / "api" / "api_controller.rb"
 
     api_controller_contents = File.read(api_controller).split(/\n/)
@@ -106,11 +110,8 @@ RSpec.describe "Adding Stitches to a New Rails App", :integration do
   end
 
   it "inserts can update old configuration" do
-    run "bin/rails generate rspec:install"
-    run "bin/rails generate apitome:install"
     run "bin/rails generate stitches:api"
 
-    rails_root = Pathname(work_dir) / rails_app_name
     initializer = rails_root / "config" / "initializers" / "stitches.rb"
 
     initializer_contents = File.read(initializer).split(/\n/)

data/spec/valid_mime_type_spec.rb

@@ -11,13 +11,15 @@ describe Stitches::ValidMimeType do
 
   shared_examples "an unacceptable response" do
     it "returns a 406" do
-      expect(@response.status).to eq(406)
+      status, _headers, _body = @response
+      expect(status).to eq(406)
     end
     it "stops the call chain preventing anything from happening" do
       expect(app).not_to have_received(:call)
     end
     it "sends a reasonable message" do
-      expect(@response.body.first).to match(/didn't have the right mime type or version number. We only accept application\/json/)
+      _status, _headers, body = @response
+      expect(body.first).to match(/didn't have the right mime type or version number. We only accept application\/json/)
     end
   end
 
@@ -133,7 +135,6 @@ describe Stitches::ValidMimeType do
     context "unacceptable responses" do
       before do
         @response = middleware.call(env)
-        @response.finish
       end
       context "no header" do
         let(:env) {

data/stitches.gemspec

@@ -20,10 +20,9 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency("rails")
   s.add_runtime_dependency("pg")
-  s.add_runtime_dependency("rspec", ">= 3")
-  s.add_runtime_dependency("rspec-rails", "~> 3")
-  s.add_runtime_dependency("apitome")
+  s.add_runtime_dependency("lru_redux")
 
+  s.add_development_dependency("rspec", ">= 3")
   s.add_development_dependency("rake")
   s.add_development_dependency("rspec_junit_formatter")
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: stitches
 version: !ruby/object:Gem::Version
-  version: 3.7.3
+  version: 4.0.0.RC1
 platform: ruby
 authors:
 - Stitch Fix Engineering
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-16 00:00:00.000000000 Z
+date: 2020-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -42,47 +42,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: lru_redux
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3'
-- !ruby/object:Gem::Dependency
-  name: rspec-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: apitome
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
+        version: '3'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -123,11 +109,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".github/CODEOWNERS"
+- ".github/PULL_REQUEST_TEMPLATE.md"
 - ".gitignore"
 - ".ruby-gemset"
 - ".ruby-version"
 - ".travis.yml"
-- CODEOWNERS
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Gemfile
@@ -135,8 +122,8 @@ files:
 - Gemfile.rails-5.0
 - Gemfile.rails-5.1
 - Gemfile.rails-5.2
+- Gemfile.rails-6.0
 - LICENSE.txt
-- PULL_REQUEST_TEMPLATE.md
 - README.md
 - Rakefile
 - build-matrix.json
@@ -144,6 +131,7 @@ files:
 - lib/stitches/add_deprecation_generator.rb
 - lib/stitches/add_enabled_to_api_clients_generator.rb
 - lib/stitches/allowlist_middleware.rb
+- lib/stitches/api_client_access_wrapper.rb
 - lib/stitches/api_generator.rb
 - lib/stitches/api_key.rb
 - lib/stitches/api_version_constraint.rb
@@ -180,6 +168,7 @@ files:
 - lib/stitches/whitelisting_middleware.rb
 - lib/stitches_norailtie.rb
 - owners.json
+- spec/api_client_access_wrapper_spec.rb
 - spec/api_key_spec.rb
 - spec/api_version_constraint_spec.rb
 - spec/configuration_spec.rb
@@ -208,16 +197,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: You'll be in stitches at how easy it is to create a service at Stitch Fix
 test_files:
+- spec/api_client_access_wrapper_spec.rb
 - spec/api_key_spec.rb
 - spec/api_version_constraint_spec.rb
 - spec/configuration_spec.rb

data/PULL_REQUEST_TEMPLATE.md

@@ -1,21 +0,0 @@
-## Problem
-
-«Brief overview of the problem»
-
-## Solution
-
-«Brief description of how you solved the problem»
-
-## Checklist
-
-### Before Merging
-
-- [ ] If there is an RC on this branch, revert the version change in `version.rb`
-
-### After Merging
-
-See the [gem release process](https://github.com/stitchfix/eng-wiki/blob/master/technical-topics/updating-gem-versions.md) for a detailed list, but the gist of it is:
-
-- [ ] Fetch `master` locally and run the applicable `rake version:*` task **on `master`** to bump the version
-- [ ] Run `rake release` **on `master`** to release the new version on Gemfury
-- [ ] Add [release notes](https://github.com/stitchfix/messaging/releases) - **this is very important in helping other engineers understand what changed in the new version**