taro 2.2.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d73348290387aeef3de0558f6557af6572326043dff427ee295386a12e8bf6a6
-  data.tar.gz: 89b0a6c8efae50665d43385b0b4182fba6b07e5f97e933d3add5d0e1ba19f421
+  metadata.gz: c96d6fd71ad22df31d5ab4cefb09389fd7ed5b41b5dd8821132fa2c5fa322837
+  data.tar.gz: f56362229e93f2f8c51a5490245d4a37e224015fecd42bb86a35926a01e8d776
 SHA512:
-  metadata.gz: 67a0d0a5d2464c7ec6954143c95311b92b1a4a78041b298449815b1e57340de7091ac89235fd9e674ee1d3e99ed531049e99207ec62498fa94687b7c91956edd
-  data.tar.gz: '0768d75380ee9b18de093bebf1952b4eeac1e7965fea8c3a0cb5fbec3ef84ec6a27d5e141a837bf6a0f9d698e5b2ceff9ba2e30a33143edd434ebd25812a933a'
+  metadata.gz: 34ad2aedee3c3a21973420ca5e1185024c7d6b127ee9ca914b847134939bcd136e70f10130607b8392ce8044dfcb7c8014fa306d00d81b81266d68fcdad19b95
+  data.tar.gz: 1bec2fbada3a23267f87195323b2b112297c21e78c22281071bd2ec84a7359f78836ed250e85ae3f3d1765f428dd7ff1bdaaf92f5df2bd17883abed11b7a39eb

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ## [Unreleased]
 
+## [2.3.0] - 2025-02-24
+
+### Added
+
+- `Taro.config.raise_for_undeclared_params`
+
 ## [2.2.0] - 2025-02-22
 
 ### Added

data/README.md

@@ -140,6 +140,14 @@ Requests are automatically validated to match the declared input schema, unless
 Taro.config.parse_params = false
 ```
 
+There is also an option to raise an error if any undeclared params are submitted:
+
+```ruby
+Taro.config.raise_for_undeclared_params = true
+```
+
+This option is similar to `action_on_unpermitted_parameters = :raise` in Rails and is most useful in dev and test environments. The railtie enables it automatically in these environments.
+
 #### Response validation
 
 Responses are automatically validated to have used the correct type for rendering, which guarantees that they match the declaration. This means you have to use the types to render complex responses, and manually building a Hash that conforms to the schema will raise an error. Primitive/scalar types are an exception, e.g. you *can* do:
@@ -367,7 +375,6 @@ end
 
 ## Possible future features
 
-- warning/raising for undeclared input params (currently they are ignored)
 - usage without rails is possible but not convenient yet
 - rspec matchers for testing
 - sum types

data/lib/taro/config.rb

@@ -5,6 +5,7 @@ module Taro::Config
     :export_format,
     :export_path,
     :parse_params,
+    :raise_for_undeclared_params,
     :validate_response,
   )
 
@@ -14,6 +15,7 @@ module Taro::Config
   self.export_format = :yaml
   self.export_path = 'api.yml'
   self.parse_params = true
+  self.raise_for_undeclared_params = false # may be overridden by railtie
   self.validate_response = true
 end
 

data/lib/taro/declaration.rb

@@ -5,7 +5,7 @@ class Taro::Declaration
   attr_reader :desc, :summary, :params, :return_defs, :return_descriptions, :tags
 
   def initialize(for_klass = nil)
-    @params = Class.new(Taro::Types::InputType)
+    @params = Class.new(Taro::Types::RailsParamsType)
     @return_defs = {}
     @return_descriptions = {}
 

data/lib/taro/rails/railtie.rb

@@ -1,5 +1,7 @@
 class Taro::Rails::Railtie < ::Rails::Railtie
   initializer("taro") do |app|
+    Taro.config.raise_for_undeclared_params = %w[development test].include?(Rails.env)
+
     # The `:action_controller` hook fires for both ActionController::API
     # and ActionController::Base, executing the block in their context.
     ActiveSupport.on_load(:action_controller) do

data/lib/taro/types/rails_params_type.rb

@@ -0,0 +1,10 @@
+require_relative 'object_type'
+
+# Abstract base class for rails declaration params. Internal use only.
+class Taro::Types::RailsParamsType < Taro::Types::InputType
+  # Skip validation of base params because they contain rails "additions"
+  # like controller, action, routing-related stuff, de-nested values, etc.
+  def validate_no_undeclared_params?
+    false
+  end
+end

data/lib/taro/types/shared/object_coercion.rb

@@ -1,6 +1,7 @@
 # Provides input and response handling for types with fields.
 module Taro::Types::Shared::ObjectCoercion
   def coerce_input
+    validate_no_undeclared_params
     self.class.fields.transform_values do |field|
       field.value_for_input(object)
     end
@@ -13,4 +14,17 @@ module Taro::Types::Shared::ObjectCoercion
       field.value_for_response(object, context: self, object_is_hash:)
     end
   end
+
+  private
+
+  def validate_no_undeclared_params
+    return unless validate_no_undeclared_params?
+
+    undeclared = object.to_h.keys.map(&:to_sym) - self.class.send(:field_defs).keys
+    undeclared.any? && input_error("Undeclared params: #{undeclared.join(', ')}")
+  end
+
+  def validate_no_undeclared_params?
+    Taro.config.raise_for_undeclared_params
+  end
 end

data/lib/taro/types/shared/rendering.rb

@@ -1,10 +1,8 @@
 module Taro::Types::Shared::Rendering
   # The `::render` method is intended for use in controllers.
   # Overrides of this method must call super.
-  def render(object, cache_attrs = {})
-    result = Taro::Cache.call(object, **cache_attrs) do
-      new(object).cached_coerce_response
-    end
+  def render(object)
+    result = new(object).cached_coerce_response
     self.last_render = [type_class, result.__id__]
     result
   end

data/lib/taro/version.rb

@@ -1,4 +1,4 @@
 # :nocov:
 module Taro
-  VERSION = "2.2.0"
+  VERSION = "2.3.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: taro
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.0
 platform: ruby
 authors:
 - Janosch Müller
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-02-22 00:00:00.000000000 Z
+date: 2025-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -89,6 +89,7 @@ files:
 - lib/taro/types/object_types/no_content_type.rb
 - lib/taro/types/object_types/page_info_type.rb
 - lib/taro/types/object_types/page_type.rb
+- lib/taro/types/rails_params_type.rb
 - lib/taro/types/response_type.rb
 - lib/taro/types/scalar/boolean_type.rb
 - lib/taro/types/scalar/float_type.rb