stitches 5.1.0.RC2 → 5.1.0.RC4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 74c049e2d66d366adce255f0fd8d41b6eb0e121669225b1fbce4dbd8ccb19b10
-  data.tar.gz: 8d8b6b8d5cc2e57b4e21a5a9097ccd14b462087c82ce6c30cfd2e6b4617c49c5
+  metadata.gz: 5e1a4aefc1d0249b7b5c8caf2eb06aa6e0866afef4f1d4564d63efa239ef80ce
+  data.tar.gz: 322ab581e74df9bb933d8a1e23d2dc3973c6e3494ebfac23424f16c25cbf589a
 SHA512:
-  metadata.gz: 343c659a9e37f29caadad39b2c0d66496f164efea60e9a499daec8bb156fd5e90801af304d2bc0ac307c00ee4934b400ea4f22db4e7a996b9d7d114751a5a55c
-  data.tar.gz: dfaa3c860b35fbbbd44ba3c99d4ac1a1ce820de42393ddaa9d93cb12fb0062ad03d14cfb2a7f0ab64dfe5fa83ecd72271c30aa222923ba9fc5cecb35501d8311
+  metadata.gz: 5da26d78de12b20c29f2cff453dae8b1b1712ab3f0bbcd373291082eeee1feae3f22dcfb841c512f6a351243f10894b1c91dbc6c5c58400c182be9c0e96ee93c
+  data.tar.gz: 1a2ef89f2e74dfd9478158dfa747c19989de5f32425363f77ae428058468e57d934e29decae0fb1b1bc39a60b1b18abb97c8c82bfd3dfde73ac0b449dc13c995

data/.circleci/config.yml

@@ -26,6 +26,9 @@ parameters:
     type: string
     default: "8.1.2"
 
+orbs:
+  stitchfix_build: stitchfix/build@dev:master
+
 jobs:
   generate-and-push-docs:
     docker:
@@ -45,29 +48,12 @@ jobs:
             docs:generate:custom ; elif [[ $(bundle exec rake -T docs:generate) ]];
             then echo "Generating docs using rake task docs:generate" ; bundle exec
             rake docs:generate ; else echo "Skipping doc generation" ; exit 0 ; fi '
+      - stitchfix_build/aws_cli_setup_eng
       - run:
           name: Push documentation to Unwritten
           command:
             if [[ $(bundle exec rake -T docs:push) ]]; then bundle exec rake
             docs:push; fi
-  release:
-    docker:
-      - image: cimg/ruby:3.3.7
-        auth:
-          username: "$DOCKERHUB_USERNAME"
-          password: "$DOCKERHUB_PASSWORD"
-    steps:
-      - checkout
-      - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
-      - run: bundle install
-      - run:
-          name: Artifactory login
-          command:
-            mkdir -p ~/.gem && curl -u$ARTIFACTORY_USER:$ARTIFACTORY_TOKEN https://stitchfix01.jfrog.io/stitchfix01/api/gems/eng-gems/api/v1/api_key.yaml
-            > ~/.gem/credentials && chmod 0600 ~/.gem/credentials
-      - run:
-          name: Build/release gem to artifactory
-          command: bundle exec rake push_artifactory
   test:
     parameters:
       ruby-version:
@@ -87,6 +73,7 @@ jobs:
         auth:
           username: "$DOCKERHUB_USERNAME"
           password: "$DOCKERHUB_PASSWORD"
+    resource_class: medium.gen2
     working_directory: "~/stitches"
     environment:
       DATABASE_URL: "postgres://postgres:@localhost:5432/stitches_fake_app_test"
@@ -136,19 +123,10 @@ workflows:
     unless:
       equal: ["schedule", << pipeline.parameters.GHA_Event >>]
     jobs:
-      - release:
-          context: org-global
-          requires:
-            - test
-          filters:
-            tags:
-              only: "/^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:(-|\\.)(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$/"
-            branches:
-              ignore: /.*/
       - generate-and-push-docs:
           context: org-global
           requires:
-            - release
+            - test
           filters:
             tags:
               only: "/^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:(-|\\.)(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$/"

data/lib/stitches/calling_service_client.rb

@@ -0,0 +1,15 @@
+module Stitches
+  # Lightweight stand-in for ApiClient when the caller is identified by
+  # the X-StitchFix-Calling-Service header rather than an API key lookup.
+  # Implements the same interface (.name, .id, .key) so existing code
+  # that reads api_client.name continues to work.
+  CallingServiceClient = Struct.new(:name) do
+    def id
+      nil
+    end
+
+    def key
+      nil
+    end
+  end
+end

data/lib/stitches/calling_service_middleware.rb

@@ -0,0 +1,29 @@
+require_relative 'calling_service_client'
+
+module Stitches
+  # Rack middleware that populates the api_client env var from the
+  # X-StitchFix-Calling-Service header when no other auth middleware
+  # has already set it. This allows existing code that reads
+  # api_client.name to work transparently after API keys are disabled.
+  class CallingServiceMiddleware
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      client_key = Stitches.configuration.env_var_to_hold_api_client
+
+      unless env[client_key]
+        header_name = Stitches.configuration.calling_service_header
+        header_name = CallingServiceName::DEFAULT_CALLING_SERVICE_HEADER unless header_name.present?
+        rack_key = "HTTP_#{header_name.upcase.tr('-', '_')}"
+
+        if (name = env[rack_key]).present?
+          env[client_key] = CallingServiceClient.new(name)
+        end
+      end
+
+      @app.call(env)
+    end
+  end
+end

data/lib/stitches/calling_service_name.rb

@@ -1,12 +1,17 @@
 module Stitches
   module CallingServiceName
-    HEADER = "X-StitchFix-Calling-Service"
+    DEFAULT_CALLING_SERVICE_HEADER = "X-StitchFix-Calling-Service"
 
     def calling_service_name
       @calling_service_name ||=
-        request.headers[HEADER].presence ||
-        (respond_to?(:api_client, true) && api_client&.name) ||
-        ""
+        request.headers[calling_service_header_name].presence || ""
+    end
+
+    private
+
+    def calling_service_header_name
+      configured = Stitches.configuration.calling_service_header
+      configured.present? ? configured : DEFAULT_CALLING_SERVICE_HEADER
     end
   end
 end

data/lib/stitches/configuration.rb

@@ -13,6 +13,7 @@ class Stitches::Configuration
     @custom_http_auth_scheme = UnsetString.new("custom_http_auth_scheme")
     @env_var_to_hold_api_client_primary_key = NonNullString.new("env_var_to_hold_api_client_primary_key","STITCHES_API_CLIENT_ID")
     @env_var_to_hold_api_client= NonNullString.new("env_var_to_hold_api_client","STITCHES_API_CLIENT")
+    @calling_service_header = NonNullString.new("calling_service_header", "X-StitchFix-Calling-Service")
     @max_cache_ttl = NonNullInteger.new("max_cache_ttl", 0)
     @max_cache_size = NonNullInteger.new("max_cache_size", 0)
     @disabled_key_leniency_in_seconds = ActiveSupport::Duration.days(3)
@@ -61,6 +62,16 @@ class Stitches::Configuration
     @env_var_to_hold_api_client= NonNullString.new("env_var_to_hold_api_client",new_env_var_to_hold_api_client)
   end
 
+  # The name of the HTTP header used to identify the calling service.
+  # Clients send this header; servers read it via CallingServiceName.
+  def calling_service_header
+    @calling_service_header.to_s
+  end
+
+  def calling_service_header=(new_calling_service_header)
+    @calling_service_header = NonNullString.new("calling_service_header", new_calling_service_header)
+  end
+
   def max_cache_ttl
     @max_cache_ttl.to_i
   end

data/lib/stitches/railtie.rb

@@ -1,10 +1,12 @@
 require 'stitches/api_key'
 require 'stitches/valid_mime_type'
 require 'stitches/api_client_access_wrapper'
+require 'stitches/calling_service_middleware'
 
 module Stitches
   class Railtie < Rails::Railtie
     config.app_middleware.use Stitches::ApiKey
+    config.app_middleware.use Stitches::CallingServiceMiddleware
     config.app_middleware.use Stitches::ValidMimeType
   end
 end

data/lib/stitches/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stitches
-  VERSION = '5.1.0.RC2'
+  VERSION = '5.1.0.RC4'
 end

data/spec/calling_service_middleware_spec.rb

@@ -0,0 +1,72 @@
+require 'rails_helper'
+
+describe Stitches::CallingServiceMiddleware do
+  let(:app) { ->(env) { [200, env, "OK"] } }
+  let(:middleware) { described_class.new(app) }
+  let(:env) { Rack::MockRequest.env_for("/api/test", method: "POST") }
+
+  let(:client_key) { Stitches.configuration.env_var_to_hold_api_client }
+
+  describe "#call" do
+    context "when the header is present and env var is not set" do
+      before { env["HTTP_X_STITCHFIX_CALLING_SERVICE"] = "kingmob" }
+
+      it "populates the env var with a CallingServiceClient" do
+        _status, result_env, _body = middleware.call(env)
+        client = result_env[client_key]
+
+        expect(client).to be_a(Stitches::CallingServiceClient)
+        expect(client.name).to eq("kingmob")
+        expect(client.id).to be_nil
+        expect(client.key).to be_nil
+      end
+    end
+
+    context "when the env var is already set (API key or JWT auth ran)" do
+      let(:existing_client) { double("ApiClient", name: "existing-client", id: 42) }
+
+      before do
+        env[client_key] = existing_client
+        env["HTTP_X_STITCHFIX_CALLING_SERVICE"] = "some-service"
+      end
+
+      it "does not overwrite the existing value" do
+        _status, result_env, _body = middleware.call(env)
+        expect(result_env[client_key]).to eq(existing_client)
+      end
+    end
+
+    context "when the header is absent and env var is not set" do
+      it "leaves the env var nil" do
+        _status, result_env, _body = middleware.call(env)
+        expect(result_env[client_key]).to be_nil
+      end
+    end
+
+    context "when the header is blank" do
+      before { env["HTTP_X_STITCHFIX_CALLING_SERVICE"] = "" }
+
+      it "leaves the env var nil" do
+        _status, result_env, _body = middleware.call(env)
+        expect(result_env[client_key]).to be_nil
+      end
+    end
+
+    context "with a custom configured header" do
+      before do
+        Stitches.configuration.calling_service_header = "X-Custom-Caller"
+        env["HTTP_X_CUSTOM_CALLER"] = "custom-service"
+      end
+
+      after { Stitches.configuration.reset_to_defaults! }
+
+      it "reads from the configured header" do
+        _status, result_env, _body = middleware.call(env)
+        client = result_env[client_key]
+
+        expect(client).to be_a(Stitches::CallingServiceClient)
+        expect(client.name).to eq("custom-service")
+      end
+    end
+  end
+end

data/spec/calling_service_name_spec.rb

@@ -3,91 +3,52 @@ require 'rails_helper'
 describe Stitches::CallingServiceName do
   let(:headers) { {} }
   let(:fake_request) { double("request", headers: headers) }
-  let(:fake_api_client) { nil }
   let(:fake_controller) {
     req = fake_request
-    client = fake_api_client
     Object.new.tap { |c|
       c.extend(described_class)
       c.define_singleton_method(:request) { req }
-      c.define_singleton_method(:api_client) { client }
     }
   }
 
   describe "#calling_service_name" do
-    context "when X-StitchFix-Calling-Service header is present" do
+    context "when the header is present" do
       let(:headers) { {"X-StitchFix-Calling-Service" => "kingmob"} }
 
       it "returns the header value" do
         expect(fake_controller.calling_service_name).to eq("kingmob")
       end
-
-      context "and api_client is also present" do
-        let(:fake_api_client) { double("ApiClient", name: "other-service") }
-
-        it "prefers the header" do
-          expect(fake_controller.calling_service_name).to eq("kingmob")
-        end
-      end
-    end
-
-    context "when header is absent but api_client is present" do
-      let(:fake_api_client) { double("ApiClient", name: "mobile-service") }
-
-      it "returns the api_client name" do
-        expect(fake_controller.calling_service_name).to eq("mobile-service")
-      end
-    end
-
-    context "when header is blank" do
-      let(:headers) { {"X-StitchFix-Calling-Service" => ""} }
-      let(:fake_api_client) { double("ApiClient", name: "fallback-service") }
-
-      it "treats blank as absent and falls through to api_client" do
-        expect(fake_controller.calling_service_name).to eq("fallback-service")
-      end
     end
 
-    context "when neither header nor api_client is present" do
-      it "returns 'unknown'" do
+    context "when the header is absent" do
+      it "returns empty string" do
         expect(fake_controller.calling_service_name).to eq("")
       end
     end
 
-    context "when api_client is nil" do
-      let(:fake_api_client) { nil }
+    context "when the header is blank" do
+      let(:headers) { {"X-StitchFix-Calling-Service" => ""} }
 
       it "returns empty string" do
         expect(fake_controller.calling_service_name).to eq("")
       end
     end
+  end
 
-    context "when api_client method is not defined" do
-      let(:fake_controller) {
-        req = fake_request
-        Object.new.tap { |c|
-          c.extend(described_class)
-          c.define_singleton_method(:request) { req }
-        }
-      }
+  describe "configurable header" do
+    it "defaults to X-StitchFix-Calling-Service" do
+      expect(Stitches.configuration.calling_service_header).to eq("X-StitchFix-Calling-Service")
+    end
 
-      it "returns empty string" do
-        expect(fake_controller.calling_service_name).to eq("")
-      end
+    context "when configured to a custom header" do
+      let(:headers) { {"X-Custom-Caller" => "my-service"} }
 
-      context "and header is present" do
-        let(:headers) { {"X-StitchFix-Calling-Service" => "fixops"} }
+      before { Stitches.configuration.calling_service_header = "X-Custom-Caller" }
+      after { Stitches.configuration.reset_to_defaults! }
 
-        it "returns the header value" do
-          expect(fake_controller.calling_service_name).to eq("fixops")
-        end
+      it "reads from the configured header" do
+        expect(fake_controller.calling_service_name).to eq("my-service")
       end
     end
   end
-
-  describe "::HEADER" do
-    it "is the expected header name" do
-      expect(described_class::HEADER).to eq("X-StitchFix-Calling-Service")
-    end
-  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: stitches
 version: !ruby/object:Gem::Version
-  version: 5.1.0.RC2
+  version: 5.1.0.RC4
 platform: ruby
 authors:
 - Stitch Fix Engineering
@@ -174,6 +174,8 @@ files:
 - lib/stitches/api_key.rb
 - lib/stitches/api_migration_generator.rb
 - lib/stitches/api_version_constraint.rb
+- lib/stitches/calling_service_client.rb
+- lib/stitches/calling_service_middleware.rb
 - lib/stitches/calling_service_name.rb
 - lib/stitches/configuration.rb
 - lib/stitches/deprecation.rb
@@ -209,6 +211,7 @@ files:
 - owners.json
 - spec/api_key_middleware_spec.rb
 - spec/api_version_constraint_middleware_spec.rb
+- spec/calling_service_middleware_spec.rb
 - spec/calling_service_name_spec.rb
 - spec/configuration_spec.rb
 - spec/deprecation_spec.rb
@@ -306,6 +309,7 @@ summary: You'll be in stitches at how easy it is to create a service at Stitch F
 test_files:
 - spec/api_key_middleware_spec.rb
 - spec/api_version_constraint_middleware_spec.rb
+- spec/calling_service_middleware_spec.rb
 - spec/calling_service_name_spec.rb
 - spec/configuration_spec.rb
 - spec/deprecation_spec.rb