strelka 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9917d0f2aa0af3e703673e52fa232213ca6c1ecd
-  data.tar.gz: 33663b826ca6419b795bb01272c4d89bea9f1944
+  metadata.gz: d0b5c7ba99043fe79888689e95d555001a5ea70f
+  data.tar.gz: 2f113c4c3820c8b8fbf607dccc3e70e312899c55
 SHA512:
-  metadata.gz: 0e9d6bc816de257d09d2f96135cec0f4e167e18657e458d172cf51fde131ba58f5f8e761adec8a4709cc4a3849e8a8c067539993ee9e01cca98ebaacd71818c4
-  data.tar.gz: ebfb61a89a233bba657937877bf1eb61ade3b907bda55ba2d188ce397358e52e5cc6a762a04c13664baa45867c8640967903acb63f095a979a011e87d3139c27
+  metadata.gz: e164cf5a1ad00a8093263ff9138f2a87d64998ac3f9154fb323237a922bf78c88f4f54f70d282c1847c642ae3ec1eec3d32ec6b0a9bc5ad43a55d3a1b950cd36
+  data.tar.gz: f141b866194eb71af3344a09f1b9ecfee65a1d8f6a48c989166e57a6e1024698b4aed3beb7fd642b9a284d4f422d21c760cf7b02588e5e50e264f984c2080ea9

data.tar.gz.sig

@@ -1,3 +1 @@
-���["*?(���7�P�qΤļ�L �:��6�raa��]����T�s0��8�^�������
���P��$��/[� R�! \��>�g_�u�����Y@k��G��A
-Fs;۬�q����p��j/@x_?�0�}��)ҍ�槦���c9*��5�pi��ƮjZ�j�/w��X5<G[�	F�莝���Ԑt�e�q����@�\��
-7|Mg�����n�^�l�/�!�-t�b�1|�_
+�9u�*_`�&k18���=>HA���

data/History.rdoc

@@ -1,3 +1,22 @@
+== v0.8.0 [2014-02-05] Michael Granger <ged@FaerieMUD.org>
+
+Make malformed headers and data consistently error with 400 status rather than
+ignored by default.
+
+- Fix PUT/POST routes in restresources to be more REST-y; i.e., POST
+  for non-idempotent methods, PUT for idempotent ones.
+- Make Strelka::Cookie raise on malformed cookies
+- Fix some API docs for sessions
+- Remove config keys that moved to Discovery
+- Restore access to request parameters from the authentication plugin.
+- Merge improvements to the AbstractClass mixin from elsewhere.
+- Fix use of deprecated RSpec syntax.
+- Don't modify the original request URI object when calling
+  HttpRequest#base_uri.
+- Add a convenience method for fetching a default app instance to
+  Strelka::App
+
+
 == v0.7.0 [2013-10-21] Michael Granger <ged@FaerieMUD.org>
 
 - Make response filters always receive a response even if the handler

data/Rakefile

@@ -23,20 +23,21 @@ hoespec = Hoe.spec 'strelka' do
 	self.developer 'Mahlon E. Smith', 'mahlon@martini.nu'
 	self.developer 'Michael Granger', 'ged@FaerieMUD.org'
 
-	self.dependency 'configurability', '~> 2.0'
+	self.dependency 'configurability', '~> 2.1'
 	self.dependency 'foreman',         '~> 0.62'
 	self.dependency 'highline',        '~> 1.6'
 	self.dependency 'inversion',       '~> 0.12'
-	self.dependency 'loggability',     '~> 0.6'
-	self.dependency 'mongrel2',        '~> 0.40'
-	self.dependency 'pluggability',    '~> 0.2'
+	self.dependency 'loggability',     '~> 0.9'
+	self.dependency 'mongrel2',        '~> 0.41'
+	self.dependency 'pluggability',    '~> 0.4'
 	self.dependency 'sysexits',        '~> 1.1'
 	self.dependency 'trollop',         '~> 2.0'
 	self.dependency 'uuidtools',       '~> 2.1'
-	self.dependency 'safe_yaml',       '~> 0.9'
+	self.dependency 'safe_yaml',       '~> 1.0'
 
 	self.dependency 'hoe-deveiate',            '~> 0.3',  :developer
 	self.dependency 'hoe-bundler',             '~> 1.2',  :developer
+	self.dependency 'rspec',                   '~> 2.99.0.beta1',    :developer
 	self.dependency 'simplecov',               '~> 0.7',  :developer
 	self.dependency 'rdoc-generator-fivefish', '~> 0.2',  :developer
 

data/lib/strelka.rb

@@ -24,10 +24,10 @@ module Strelka
 	log_as :strelka
 
 	# Library version constant
-	VERSION = '0.7.0'
+	VERSION = '0.8.0'
 
 	# Version-control revision constant
-	REVISION = %q$Revision: 2caa91898658 $
+	REVISION = %q$Revision: 140055f6ee81 $
 
 	require 'strelka/constants'
 	require 'strelka/exceptions'

data/lib/strelka/app.rb

@@ -30,19 +30,9 @@ class Strelka::App < Mongrel2::Handler
 	config_key :app
 
 
-	# Glob for matching Strelka apps relative to a gem's data directory
-	APP_GLOB_PATTERN = '{apps,handlers}/**/*'
-	APP_GLOB_PATTERN.freeze
-
-	# The glob for matching data directories relative to the PWD
-	LOCAL_DATA_DIRS = 'data/*'
-	LOCAL_DATA_DIRS.freeze
-
 	# Default config
 	CONFIG_DEFAULTS = {
 		devmode: false,
-		app_glob_pattern: APP_GLOB_PATTERN,
-		local_data_dirs: LOCAL_DATA_DIRS,
 	}.freeze
 
 
@@ -51,8 +41,6 @@ class Strelka::App < Mongrel2::Handler
 	@default_type     = nil
 	@loading_file     = nil
 	@subclasses       = Hash.new {|h,k| h[k] = [] }
-	@app_glob_pattern = APP_GLOB_PATTERN
-	@local_data_dirs  = LOCAL_DATA_DIRS
 
 
 	##
@@ -64,15 +52,6 @@ class Strelka::App < Mongrel2::Handler
 	# 'Developer mode' flag.
 	singleton_attr_writer :devmode
 
-	##
-	# The glob(3) pattern for matching Apps during discovery
-	singleton_attr_accessor :app_glob_pattern
-
-	##
-	# The glob(3) pattern for matching local data directories during discovery. Local
-	# data directories are evaluated relative to the CWD.
-	singleton_attr_accessor :local_data_dirs
-
 
 	### Returns +true+ if the application has been configured to run in 'developer mode'.
 	### Developer mode is mostly informational by default (it just makes logging more
@@ -121,6 +100,14 @@ class Strelka::App < Mongrel2::Handler
 	end
 
 
+	### Return an instance of the App configured for the handler in the currently-loaded
+	### Mongrel2 config that corresponds to the #default_appid.
+	def self::default_app_instance
+		appid = self.default_appid
+		return self.app_instance_for( appid )
+	end
+
+
 	#
 	# :section: Application declarative methods
 	#

data/lib/strelka/app/auth.rb

@@ -235,7 +235,7 @@ module Strelka::App::Auth
 
 	# Plugins API -- Set up load order
 	run_outside :routing, :restresources
-	run_inside  :templating, :errors, :sessions
+	run_inside  :templating, :errors, :sessions, :parameters
 
 
 	# The name of the default plugin to use for authentication

data/lib/strelka/app/restresources.rb

@@ -33,6 +33,7 @@ require 'strelka/app' unless defined?( Strelka::App )
 #     get 'customers'
 #     get 'customers/:id'
 #     post 'customers'
+#     post 'customers/:id'
 #     put 'customers'
 #     put 'customers/:id'
 #     delete 'customers'
@@ -176,9 +177,10 @@ module Strelka::App::RestResources
 			else
 				self.add_collection_create_handler( route, rsrcobj, options )
 				self.add_update_handler( route, rsrcobj, options )
-				self.add_collection_update_handler( route, rsrcobj, options )
-				self.add_delete_handler( route, rsrcobj, options )
+				self.add_collection_replace_handler( route, rsrcobj, options )
+				self.add_replace_handler( route, rsrcobj, options )
 				self.add_collection_deletion_handler( route, rsrcobj, options )
+				self.add_delete_handler( route, rsrcobj, options )
 			end
 
 			# Add any composite resources based on the +rsrcobj+'s associations
@@ -302,13 +304,13 @@ module Strelka::App::RestResources
 				[ rsrcobj, route ]
 
 			self.add_route( :POST, route, options ) do |req|
-				add_resource_params( req, rsrcobj )
+				add_resource_params( req.params, rsrcobj )
 				finish_with( HTTP::BAD_REQUEST, req.params.error_messages.join(", ") ) unless
 					req.params.okay?
 
 				resource = rsrcobj.new( req.params.valid )
 
-				# Save it in a transaction, erroring if any of 'em fail validations
+				# Save it in a transaction, erroring if any validations fail
 				begin
 					resource.save
 				rescue Sequel::ValidationFailed => err
@@ -333,15 +335,15 @@ module Strelka::App::RestResources
 
 
 		### Add a handler method for updating an instance of +rsrcobj+.
-		### PUT /resources/{id}
+		### POST /resources/{id}
 		def add_update_handler( route_prefix, rsrcobj, options )
 			pkey = rsrcobj.primary_key
 			route = "#{route_prefix}/:#{pkey}"
 
-			self.log.debug "Creating handler for creating %p resources: POST %s" %
+			self.log.debug "Creating handler for updating a single %p resource: POST %s" %
 				[ rsrcobj, route ]
-			self.add_route( :PUT, route, options ) do |req|
-				add_resource_params( req, rsrcobj )
+			self.add_route( :POST, route, options ) do |req|
+				add_resource_params( req.params, rsrcobj )
 				finish_with( HTTP::BAD_REQUEST, req.params.error_messages.join(", ") ) unless
 					req.params.okay?
 
@@ -365,31 +367,81 @@ module Strelka::App::RestResources
 				return res
 			end
 
+			self.resource_verbs[ route_prefix ] << :POST
+		end
+
+
+		### Add a handler method for replacing an instance of +rsrcobj+.
+		### PUT /resources/{id}
+		def add_replace_handler( route_prefix, rsrcobj, options )
+			pkey = rsrcobj.primary_key
+			route = "#{route_prefix}/:#{pkey}"
+
+			self.log.debug "Creating handler for replacing %p a resource: PUT %s" %
+				[ rsrcobj, route ]
+			self.add_route( :PUT, route, options ) do |req|
+				add_resource_params( req.params, rsrcobj )
+				finish_with( HTTP::BAD_REQUEST, req.params.error_messages.join(", ") ) unless
+					req.params.okay?
+
+				id = req.params[ pkey ]
+				resource = rsrcobj[ id ] or
+					finish_with( HTTP::NOT_FOUND, "no such %s [%p]" % [ rsrcobj.name, id ] )
+
+				newvals = req.params.valid
+				self.log.debug "Replacing %p: %p" % [ resource, newvals ]
+
+				begin
+					resource.values.clear
+					resource[ pkey ] = newvals.delete( pkey.to_sym )
+					resource.set( newvals )
+					resource.save
+				rescue Sequel::Error => err
+					finish_with( HTTP::BAD_REQUEST, err.message )
+				end
+
+				res = req.response
+				res.status = HTTP::NO_CONTENT
+
+				return res
+			end
+
 			self.resource_verbs[ route_prefix ] << :PUT
 		end
 
 
 		### Add a handler method for replacing all instances of +rsrcobj+ collection.
 		### PUT /resources
-		def add_collection_update_handler( route, rsrcobj, options )
+		def add_collection_replace_handler( route, rsrcobj, options )
 			pkey = rsrcobj.primary_key
-			self.log.debug "Creating handler for updating every %p resources: PUT %s" %
+			self.log.debug "Creating handler for replacing all %p resources: PUT %s" %
 				[ rsrcobj, route ]
 
 			self.add_route( :PUT, route, options ) do |req|
-				add_resource_params( req, rsrcobj )
-				finish_with( HTTP::BAD_REQUEST, req.params.error_messages.join(", ") ) unless
-					req.params.okay?
 
-				newvals = req.params.valid
-				newvals.delete( pkey.to_s )
-				self.log.debug "Updating %p with new values: %p" % [ rsrcobj, newvals ]
+				# Make a validator that can be reused to validate each resource's attributes
+				validator = self.class.paramvalidator.dup
+				add_resource_params( validator, rsrcobj )
+				body = req.parse_body
+				body = [ body ] unless body.is_a?( Array )
+
+				# Create resource objects out of the incoming data
+				new_resources = []
+				body.each do |attributes|
+					validator.validate( attributes )
+					finish_with( HTTP::BAD_REQUEST, validator.error_messages.join(", ") ) unless
+						validator.okay?
+
+					new_resources << rsrcobj.new( validator.valid )
+				end
+				self.log.debug "Replacing %p collection with new values: %p" %
+					[ rsrcobj, new_resources ]
 
 				# Save it in a transaction, erroring if any of 'em fail validations
 				begin
 					rsrcobj.db.transaction do
 						rsrcobj.truncate
-						rsrcobj.create( newvals )
+						new_resources.each( &:save )
 					end
 				rescue Sequel::ValidationFailed => err
 					finish_with( HTTP::BAD_REQUEST, err.message )
@@ -632,14 +684,14 @@ module Strelka::App::RestResources
 	#######
 
 	### Add parameter validations for the given +columns+ of the specified resource object +rsrcobj+
-	### to the specified +req+uest.
-	def add_resource_params( req, rsrcobj, *columns )
+	### to the specified parameter +validator+.
+	def add_resource_params( validator, rsrcobj, *columns )
 		columns = rsrcobj.allowed_columns || rsrcobj.columns if columns.empty?
 
 		columns.each do |col|
 			config = rsrcobj.db_schema[ col ] or
 				raise ArgumentError, "no such column %p for %p" % [ col, rsrcobj ]
-			req.params.add( col, config[:type] ) unless req.params.param_names.include?( col.to_s )
+			validator.add( col, config[:type] ) unless validator.param_names.include?( col.to_s )
 		end
 
 	end

data/lib/strelka/app/sessions.rb

@@ -58,7 +58,8 @@ require 'strelka/httpresponse/session'
 # == Configuration
 #
 # To specify which Session class to use with your application, add a
-# ':sessions' section with at least the 'type' key to your config.yml:
+# ':sessions' section with at least the 'session_class' key to your
+# config.yml:
 #
 #   # Use the default session class, but change the name of the cookie
 #   # it uses
@@ -77,9 +78,10 @@ require 'strelka/httpresponse/session'
 #       connect: "postgres://pg.example.com/db01"
 #       table_name: sessions
 #
-# The +type+ value will be used to look up the class (see Strelka::Session
-# for more information about how this works), and the +options+ section
-# is passed to the session class's ::configure method (if it has one).
+# The +session_class+ value will be used to look up the class (see
+# Strelka::Session for more information about how this works), and the
+# +options+ section is passed to the session class's ::configure method
+# (if it has one).
 #
 module Strelka::App::Sessions
 	extend Strelka::Plugin,

data/lib/strelka/authprovider.rb

@@ -30,9 +30,9 @@ require 'strelka/mixins'
 class Strelka::AuthProvider
 	extend Loggability,
 	       Pluggability,
+	       Strelka::AbstractClass,
 	       Strelka::Delegation
 	include Strelka::Constants,
-	        Strelka::AbstractClass,
 	        Strelka::ResponseHelpers
 
 	# Loggability API -- set up logging under the 'strelka' log host

data/lib/strelka/cookie.rb

@@ -75,7 +75,8 @@ class Strelka::Cookie
 		# cookie-string = cookie-pair *( ";" SP cookie-pair )
 		header.split( /;\x20/ ).each do |cookie_pair|
 			# self.log.debug "  parsing cookie-pair: %p" % [ cookie_pair ]
-			next unless match = cookie_pair.match( COOKIE_PAIR )
+			match = cookie_pair.match( COOKIE_PAIR ) or
+				raise Strelka::ParseError, "malformed cookie pair: %p" % [ cookie_pair ]
 
 			# self.log.debug "  matched cookie: %p" % [ match ]
 			name = match[:cookie_name].untaint

data/lib/strelka/httprequest.rb

@@ -144,11 +144,11 @@ class Strelka::HTTPRequest < Mongrel2::HTTPRequest
 			when :GET, :HEAD
 				value = self.parse_query_args
 			when :POST, :PUT
-				value = self.parse_form_data
+				value = self.parse_body
 			when :TRACE
 				self.log.debug "No parameters for a TRACE request."
 			else
-				value = self.parse_form_data if self.content_type
+				value = self.parse_body if self.content_type
 			end
 
 			value = Hash.new( value ) unless value.is_a?( Hash )
@@ -156,56 +156,26 @@ class Strelka::HTTPRequest < Mongrel2::HTTPRequest
 		end
 
 		return @params
-	end
-
+	rescue => err
+		self.log.error "%p while parsing the request body: %s" % [ err.class, err.message ]
+		self.log.debug "  %s" % [ err.backtrace.join("\n  ") ]
 
-	### Fetch any cookies that accompanied the request as a Strelka::CookieSet, creating
-	### it if necessary.
-	def cookies
-		@cookies = Strelka::CookieSet.parse( self ) unless @cookies
-		return @cookies
-	end
-
-
-	### A convenience method for redirecting a request to another URI.
-	def redirect( uri, perm=false )
-		code = perm ? HTTP::MOVED_PERMANENTLY : HTTP::MOVED_TEMPORARILY
-		finish_with( code, "redirect from #{self.uri.path} to #{uri}", :location => uri )
-	end
-
-
-	#########
-	protected
-	#########
-
-	### Return a Hash of request query arguments.
-	### ?arg1=yes&arg2=no&arg3  #=> {'arg1' => 'yes', 'arg2' => 'no', 'arg3' => nil}
-	def parse_query_args
-		return {} if self.uri.query.nil?
-		query_args = begin
-			URI.decode_www_form( self.uri.query )
-		rescue => err
-			self.log.error "%p while parsing query %p: %s" %
-				[ err.class, self.uri.query, err.message ]
-			{}
-		end
-
-		return merge_query_args( query_args )
+		finish_with( HTTP::BAD_REQUEST, "Malformed request body or missing content type." )
 	end
 
 
 	# multipart/form-data: http://tools.ietf.org/html/rfc2388
 	# Content-disposition header: http://tools.ietf.org/html/rfc2183
 
-	### Return a Hash of request form data.
-	def parse_form_data
-		unless self.content_type
-			finish_with( HTTP::BAD_REQUEST, "Malformed request (no content type?)" )
-		end
+	### Parse the request body if it's a representation of a complex data
+	### structure.
+	def parse_body
+		mimetype = self.content_type or
+			raise ArgumentError, "Malformed request (no content type?)"
 
 		self.body.rewind
 
-		case self.content_type.split( ';' ).first
+		case mimetype.split( ';' ).first
 		when 'application/x-www-form-urlencoded'
 			return merge_query_args( URI.decode_www_form(self.body.read) )
 		when 'application/json', 'text/javascript'
@@ -222,12 +192,46 @@ class Strelka::HTTPRequest < Mongrel2::HTTPRequest
 			parser = Strelka::MultipartParser.new( self.body, boundary )
 			return parser.parse
 		else
-			self.log.debug "no form data in a %p request" % [ self.content_type ]
+			self.log.debug "don't know how to parse a %p request" % [ self.content_type ]
 			return {}
 		end
 	end
 
 
+	### Fetch any cookies that accompanied the request as a Strelka::CookieSet, creating
+	### it if necessary.
+	def cookies
+		@cookies = Strelka::CookieSet.parse( self ) unless @cookies
+		return @cookies
+	rescue => err
+		self.log.error "%p while parsing cookies: %s" % [ err.class, err.message ]
+		self.log.debug "  %s" % [ err.backtrace.join("\n  ") ]
+
+		finish_with( HTTP::BAD_REQUEST, "Malformed cookie header." )
+	end
+
+
+	### A convenience method for redirecting a request to another URI.
+	def redirect( uri, perm=false )
+		code = perm ? HTTP::MOVED_PERMANENTLY : HTTP::MOVED_TEMPORARILY
+		finish_with( code, "redirect from #{self.uri.path} to #{uri}", :location => uri )
+	end
+
+
+	#########
+	protected
+	#########
+
+	### Return a Hash of request query arguments.
+	### ?arg1=yes&arg2=no&arg3  #=> {'arg1' => 'yes', 'arg2' => 'no', 'arg3' => nil}
+	def parse_query_args
+		return {} if self.uri.query.nil?
+
+		query_args = URI.decode_www_form( self.uri.query )
+		return merge_query_args( query_args )
+	end
+
+
 	#######
 	private
 	#######