toast 0.9.5 → 1.0.0

data/lib/toast/plural_assoc_request.rb

@@ -0,0 +1,285 @@
+require 'toast/request_helpers'
+require 'toast/http_range'
+require 'link_header'
+
+class Toast::PluralAssocRequest
+  include Toast::RequestHelpers
+  include Toast::Errors
+
+  def initialize  id, config, base_config, auth, request
+    @id          = id
+    @config      = config
+    @base_config = base_config
+    @selected_attributes = request.query_parameters.delete(:toast_select).try(:split,',')
+    @uri_params  = request.query_parameters
+    @base_uri    = base_uri(request)
+    @verb        = request.request_method.downcase
+    @auth        = auth
+    @request     = request
+  end
+
+  def respond
+    if @verb.in? %w(get post link unlink)
+      self.send(@verb)
+    else
+      response :method_not_allowed,
+               headers: {'Allow' => allowed_methods(@config)},
+               msg: "method #{@verb.upcase} not supported for association URIs"
+    end
+  end
+
+  private
+
+  def get
+
+    if @config.via_get.nil?
+      response :method_not_allowed,
+               headers: {'Allow' => allowed_methods(@config)},
+               msg: "GET not configured"
+    else
+      begin
+
+        target_config = get_config(@config.target_model_class)
+
+        requested_range = Toast::HttpRange.new(@request.env['HTTP_RANGE'])
+
+        range_start = requested_range.start
+        window      = if (requested_range.size.nil? || requested_range.size > @config.max_window)
+                        @config.max_window
+                      else
+                        requested_range.size
+                      end
+
+        source = @base_config.model_class.find(@id) # may raise ActiveRecord::RecordNotFound
+        relation = call_handler(@config.via_get.handler, source, @uri_params) # may raise HandlerError
+
+        unless relation.is_a? ActiveRecord::Relation and relation.model == @config.target_model_class
+          return response :internal_server_error,
+                          msg: "plural association handler returned `#{relation.class}', expected `ActiveRecord::Relation' (#{@config.target_model_class})"
+        end
+
+        call_allow(@config.via_get.permissions, @auth, source, @uri_params) # may raise NotAllowed, AllowError
+
+
+        # count = relation.count doesn't always work
+        # fix problematic select extensions for counting (-> { select(...) })
+        # this fails if the where clause depends on the the extended select
+        count = relation.count_by_sql relation.to_sql.sub(/SELECT.+FROM/,'SELECT COUNT(*) FROM')
+        headers = {"Content-Type" => @config.media_type}
+
+        if count > 0
+          range_end = if (range_start + window - 1) > (count - 1) # behind last
+                      count - 1
+                    else
+                      (range_start + window - 1)
+                    end
+
+          headers[ "Content-Range"] = "items=#{range_start}-#{range_end}/#{count}"
+        end
+
+        response :ok,
+                 headers: headers,
+                 body: represent(relation.limit(window).offset(range_start), target_config),
+                 msg: "sent #{count} of #{target_config.model_class}"
+
+
+      rescue  ActiveRecord::RecordNotFound
+        return response :not_found,
+                        msg: "#{@config.model_class.name}##{@config.assoc_name} not found"
+
+      rescue AllowError => error
+        return response :internal_server_error,
+                        msg: "exception raised in allow block: `#{error.orig_error.message}' in #{error.source_location}"
+
+      rescue BadRequest => error
+        response :bad_request, msg: "`#{error.message}' in: #{error.source_location}"
+
+      rescue HandlerError => error
+        return response :internal_server_error,
+                        msg: "exception raised in via_get handler: `#{error.orig_error.message}' in #{error.source_location}"
+      rescue NotAllowed => error
+        return response :unauthorized, msg: "not authorized by allow block in: #{error.source_location}"
+
+      rescue ConfigNotFound => error
+        return response :internal_server_error,
+                        msg: "no API configuration found for model `#{@config.target_model_class.name}'"
+
+      rescue => error
+        return response :internal_server_error,
+                        msg: "exception raised: #{error} \n#{error.backtrace[0..5].join("\n")}"
+      end
+    end
+  end
+
+  def post
+    if @config.via_post.nil?
+      response :method_not_allowed,
+               headers: {'Allow' => allowed_methods(@config)},
+               msg: "POST not configured"
+    else
+      begin
+        payload  = JSON.parse(@request.body.read)
+        target_config = get_config(@config.target_model_class)
+
+        # remove all attributes not in writables from payload
+        payload.delete_if do |attr,val|
+          unless attr.to_sym.in?(target_config.writables)
+            Toast.logger.warn "<POST #{@request.fullpath}> received attribute `#{attr}' is not writable or unknown"
+            true
+          end
+        end
+
+        source = @config.base_model_class.find(@id)
+
+        call_allow(@config.via_post.permissions,
+                   @auth, source, @uri_params)
+
+        new_instance = call_handler(@config.via_post.handler,
+                                    source, payload, @uri_params)
+
+        if new_instance.persisted?
+          response :created,
+                   headers: {"Content-Type" => target_config.media_type},
+                   body: represent(new_instance, target_config ),
+                   msg: "created #{new_instance.class}##{new_instance.id}"
+        else
+          message = new_instance.errors.count > 0 ?
+                      ": " + new_instance.errors.full_messages.join(',') : ''
+
+          response :conflict,
+                   msg: "creation of #{new_instance.class} aborted#{message}"
+        end
+
+      rescue ActiveRecord::RecordNotFound
+        response :not_found, msg: "#{@config.base_model_class.name}##{@id} not found"
+
+      rescue JSON::ParserError => error
+        return response :internal_server_error, msg: "expect JSON body"
+
+      rescue AllowError => error
+        return response :internal_server_error,
+                        msg: "exception raised in allow block: `#{error.orig_error.message}' in #{error.source_location}"
+
+      rescue BadRequest => error
+        response :bad_request, msg: "`#{error.message}' in: #{error.source_location}"
+
+      rescue HandlerError => error
+        return response :internal_server_error,
+                        msg: "exception raised in via_post handler: `#{error.orig_error.message}' in #{error.source_location}"
+      rescue NotAllowed => error
+        return response :unauthorized,
+                        msg: "not authorized by allow block in: #{error.source_location}"
+
+      rescue ConfigNotFound => error
+        return response :internal_server_error,
+                        msg: "no API configuration found for model `#{@config.target_model_class.name}'"
+
+      rescue => error
+        return response :internal_server_error,
+                        msg: "exception raised: #{error} \n#{error.backtrace[0..5].join("\n")}"
+      end
+    end
+  end
+
+  def link
+    if @config.via_link.nil?
+      response :method_not_allowed,
+               headers: {'Allow' => allowed_methods(@config)},
+               msg: "LINK not configured"
+    else
+      begin
+        source = @base_config.model_class.find(@id)
+        link = LinkHeader.parse(@request.headers['Link']).find_link(['rel','related'])
+
+        if link.nil? or URI(link.href).path.nil?
+          return response :bad_request, msg: "Link header missing or invalid"
+        end
+
+        name, target_id = URI(link.href).path.split('/')[1..-1]
+        target_model_class = name.singularize.classify.constantize
+
+        unless is_active_record? target_model_class
+          return response :not_found, msg: "target class `#{target_model_class.name}' is not an `ActiveRecord'"
+        end
+
+        target = target_model_class.find(target_id)
+
+        call_allow(@config.via_link.permissions, @auth, source, @uri_params)
+        call_handler(@config.via_link.handler, source, target, @uri_params)
+
+        response :ok,
+                 msg: "linked #{target_model_class.name}##{@id} with #{source.class}##{source.id}.#{@config.assoc_name}"
+
+      rescue ActiveRecord::RecordNotFound => error
+        response :not_found, msg: error.message
+
+      rescue BadRequest => error
+        response :bad_request, msg: "`#{error.message}' in: #{error.source_location}"
+
+      rescue AllowError => error
+        return response :internal_server_error,
+                        msg: "exception raised in allow block: `#{error.orig_error.message}' in #{error.source_location}"
+      rescue HandlerError => error
+        return response :internal_server_error,
+                        msg: "exception raised in via_link handler: `#{error.orig_error.message}' in #{error.source_location}"
+      rescue NotAllowed => error
+        return response :unauthorized, msg: "not authorized by allow block in: #{error.source_location}"
+
+      rescue => error
+        response :internal_server_error,
+                 msg: "exception from via_link handler #{error.message}"
+      end
+    end
+  end
+
+  def unlink
+    if @config.via_unlink.nil?
+      response :method_not_allowed,
+               headers: {'Allow' => allowed_methods(@config)},
+               msg: "UNLINK not configured"
+    else
+      begin
+        source = @base_config.model_class.find(@id)
+        link = LinkHeader.parse(@request.headers['Link']).find_link(['rel','related'])
+
+        if link.nil? or URI(link.href).nil?
+          return response :bad_request, msg: "Link header missing or invalid"
+        end
+
+        name, id = URI(link.href).path.split('/')[1..-1]
+        target_model_class = name.singularize.classify.constantize
+
+        unless is_active_record? target_model_class
+          return response :not_found, msg: "target class `#{target_model_class.name}' is not an `ActiveRecord'"
+        end
+
+        call_allow(@config.via_unlink.permissions, @auth, source, @uri_params)
+        call_handler(@config.via_unlink.handler, source, target_model_class.find(id), @uri_params)
+
+        response :ok,
+                 msg: "unlinked #{target_model_class.name}##{id} from #{source.class}##{source.id}.#{@config.assoc_name}"
+
+      rescue ActiveRecord::RecordNotFound => error
+        response :not_found, msg: error.message
+
+      rescue AllowError => error
+        return response :internal_server_error,
+                        msg: "exception raised in allow block: `#{error.orig_error.message}' in #{error.source_location}"
+
+      rescue BadRequest => error
+        response :bad_request, msg: "`#{error.message}' in: #{error.source_location}"
+
+      rescue HandlerError => error
+        return response :internal_server_error,
+                        msg: "exception raised in via_unlink handler: `#{error.orig_error.message}' in #{error.source_location}"
+      rescue NotAllowed => error
+        return response :unauthorized, msg: "not authorized by allow block in: #{error.source_location}"
+
+      rescue => error
+        response :internal_server_error,
+                 msg: "exception from via_unlink handler: " + error.message
+
+      end
+    end
+  end
+end

data/lib/toast/rack_app.rb

@@ -0,0 +1,133 @@
+require 'toast/collection_request'
+require 'toast/canonical_request'
+require 'toast/single_request'
+require 'toast/singular_assoc_request'
+require 'toast/plural_assoc_request'
+require 'toast/errors'
+
+class Toast::RackApp
+  # NOTE: the RackApp object is shared in threads of concurrent requests 
+  #       (e.g. when using Puma server, but not in Passenger (single-threded, multi-process)).
+  #       Anyays, don't use any instance vars (@ variables in #call).
+  #       It causes chaos
+
+  include Toast::RequestHelpers
+
+  def call(env)
+
+    request = ActionDispatch::Request.new(env)
+    
+    Toast.logger.info "[#{Thread.current.object_id}] processing: <#{URI.decode(request.fullpath)}>"
+
+    # Authentication: respond with 401 on exception or falsy return value: 
+    begin
+      unless (auth = Toast::ConfigDSL::Settings::AuthenticateContext.new.
+                      instance_exec(request, &Toast.settings.authenticate))
+         return response :unauthorized, msg: "authentication failed"
+      end
+    rescue Toast::Errors::CustomAuthFailure => caf   
+      return response(caf.response_data[:status] || :unauthorized, 
+               msg: caf.response_data[:body],
+               headers: caf.response_data[:headers])
+    rescue => error
+      return response :unauthorized, msg: "authentication failed: `#{error.message}'"
+    end
+
+    path       = request.path_parameters[:toast_path].split('/')
+
+    # strip path prefixes
+    # get  model class
+    begin
+      if path.first.singularize == path.first # not in plural form?
+        raise NameError
+      end
+      model_class = path.first.singularize.classify.constantize
+      raise NameError unless is_active_record?(model_class)
+    rescue NameError
+      return response :not_found,
+                      msg: "resource at /#{path.join('/')} not found"
+    end
+
+    # select base configuration
+
+    ## This is unused. Do we need it at all?
+    # preferred_type = Rack::AcceptMediaTypes.new(env['HTTP_ACCEPT']).prefered || "application/json"
+
+    # the base_config is the configuration for the model corresponding to the first part of the URI path
+    begin
+      base_config = get_config(model_class)
+    rescue Toast::Errors::ConfigNotFound => error
+      return response :internal_server_error,
+                      msg: "no API configuration found for model `#{model_class.name}'"
+    end
+
+    toast_request =
+      case path.length
+      when 1 # root collection: /apples
+
+        if base_config.collections[:all].nil?
+          return response :not_found, msg: "collection `/#{path[0]}' not configured"
+        else
+          # root collection
+          Toast::CollectionRequest.new( base_config.collections[:all],
+                                        base_config,
+                                        auth,
+                                        request)
+        end
+      when 2 # canonical, single or collection: /apples/10 , /apples/first, /apples/red_ones
+        if path.second =~ /\A\d+\z/
+          Toast::CanonicalRequest.new( path.second.to_i,
+                                       base_config,
+                                       auth,
+                                       request )
+        else
+          if col_config = base_config.collections[path.second.to_sym]
+            Toast::CollectionRequest.new(col_config,
+                                         base_config,
+                                         auth,
+                                         request)
+
+          elsif sin_config = base_config.singles[path.second.to_sym]
+            Toast::SingleRequest.new(sin_config,
+                                     base_config,
+                                     auth,
+                                     request)
+          else
+            return response :not_found,
+                            msg: "collection or single `#{path.second}' not configured in: #{base_config.source_location}"
+          end
+        end
+
+      when 3 # association: /apples/10/tree, /tree/5/apples
+
+        if assoc_config = base_config.associations[path.third.to_sym]
+          if assoc_config.singular
+
+            Toast::SingularAssocRequest.new( path.second.to_i,
+                                             assoc_config,
+                                             base_config,
+                                             auth,
+                                             request )
+
+          else
+            # process_plural_association assoc_config, path.second.to_i
+            Toast::PluralAssocRequest.new( path.second.to_i,
+                                           assoc_config,
+                                           base_config,
+                                           auth,
+                                           request )
+          end
+        else
+          return response :not_found,
+                          msg: "association `#{model_class.name}##{path.third}' not configured"
+        end
+
+      else
+        return response :not_found,
+                        msg: "#{request.url} not found (invalid path)"
+      end
+
+    toast_request.respond
+
+  end
+end

data/lib/toast/request_helpers.rb

@@ -0,0 +1,134 @@
+require 'toast/errors'
+
+module Toast::RequestHelpers
+
+  def get_config model_class
+    Toast.expositions.detect do |exp|
+      exp.model_class == model_class
+    end || raise(Toast::Errors::ConfigNotFound)
+  end
+
+  # this is hard when behind a proxy
+  # relies on HTTP_X_FORWARDED* headers
+  def base_uri request
+    port  = ":#{request.port}" unless request.port.in?([80,443])
+    path  = request.path.sub(request.path_parameters[:toast_path]+'/','')
+    (request.protocol + request.host + port.to_s + path).chomp('/')
+  end
+
+  def represent_one record, config
+    result = {}
+
+    (config.readables + config.writables).each do |attr|
+      result[attr.to_s] = record.send(attr) if attr_selected?(attr)
+    end
+
+    model_uri =  "#{@base_uri}/#{record.class.name.underscore.pluralize}"    
+    result['self'] = "#{model_uri}/#{record.id}" if attr_selected?('self')
+
+    # add associations, collections and singles
+    config.associations.each do |name, config|
+      result[name.to_s] = "#{model_uri}/#{record.id}/#{name}" if attr_selected?(name)
+    end
+
+    config.singles.each do |name, config|
+      result[name.to_s] = "#{model_uri}/#{name}" if attr_selected?(name)
+    end
+
+    config.collections.each do |name, config|
+      if attr_selected?(name)
+        result[name.to_s] = if name == :all
+                         "#{model_uri}"
+                       else
+                         "#{model_uri}/#{name}"
+                       end
+      end
+    end
+
+    result
+  end
+
+  def represent record_or_enum, config
+    result = if record_or_enum.is_a? Enumerable
+               record_or_enum.map do |record|
+                 represent_one(record, config)
+               end
+             else
+               represent_one(record_or_enum, config)
+             end
+
+    result.to_json
+  end
+
+  def allowed_methods(config)
+    ["DELETE", "GET", "LINK", "PATCH", "POST", "UNLINK"].select{|m|
+      !config.send("via_#{m.downcase}").nil?
+    }.join(", ")
+  end
+
+  # Builds a Rack conform response tripel. Should be called at the end of the
+  # request processing.
+  #
+  # Params:
+  # - status_sym [Symbol] A status code name like :ok, :unauthorized, etc.
+  # - headers:   [Hash]   HTTP headers, defaults to empty Hash
+  # - msg:       [String] A Message for Toast log file, will be included in the body,
+  #                       if body is no set and app is in non-production modes
+  # - body:      [String] The repsosne body text, default to nil
+  #
+  # Return: Rack conform response
+  def response status_sym, headers: {}, msg: nil, body: nil
+    Toast.logger.info "[#{Thread.current.object_id}] done:  #{msg}"
+
+    unless Rails.env == 'production'
+      # put message in body, too, if body is free
+      body ||= msg
+    end
+
+    [ Rack::Utils::SYMBOL_TO_STATUS_CODE[status_sym],
+      headers,
+      [body] ]
+  end
+
+  def call_allow procs, *args
+    procs.each do |proc|
+      # call all procs, break if proc returns false and raise
+      begin
+        result = Object.new.instance_exec *args, &proc
+      rescue => error
+        raise Toast::Errors::AllowError.new(error, proc.source_location.join(':'))
+      end
+
+      if result == false
+        raise Toast::Errors::NotAllowed.new(proc.source_location.join(':'))
+      end
+    end
+  end
+
+  def call_handler proc, *args
+    result = nil
+
+    begin
+      context = Object.new
+      context.define_singleton_method(:bad_request) do |message|
+        raise Toast::Errors::BadRequest.new message, caller.first.sub(/:in.*/,'')
+      end
+
+      result = context.instance_exec *args, &proc
+
+    rescue Toast::Errors::BadRequest
+      raise # re-raise
+    rescue => error
+      raise Toast::Errors::HandlerError.new(error, error.backtrace.first.sub(/:in.*/,''))
+    end
+    result
+  end
+
+  def is_active_record? klass
+    klass.include? ActiveRecord::Core
+  end
+
+  def attr_selected? name
+    (@selected_attributes.nil? or @selected_attributes.include?(name.to_s))
+  end
+end

data/lib/toast/single_request.rb

@@ -0,0 +1,66 @@
+require 'toast/request_helpers'
+
+class Toast::SingleRequest
+  include Toast::RequestHelpers
+  include Toast::Errors
+
+  def initialize  config, base_config, auth, request
+    @config      = config
+    @base_config = base_config
+    @selected_attributes = request.query_parameters.delete(:toast_select).try(:split,',')
+    @uri_params  = request.query_parameters
+    @base_uri    = base_uri(request)
+    @verb        = request.request_method.downcase
+    @auth        = auth
+    @path        = request.path_parameters[:toast_path]#.split('/')
+    @request     = request
+  end
+
+  def respond
+
+    if @config.via_get.nil?
+      # not declared
+      response :method_not_allowed,
+               headers: {'Allow' => allowed_methods(@config)},
+               msg: "GET not configured"
+    else
+      begin
+        model = call_handler(@config.via_get.handler, @uri_params)
+        call_allow(@config.via_get.permissions, @auth, model, @uri_params)
+
+        case model
+        when @base_config.model_class
+          response :ok,
+                   headers: {"Content-Type" => @base_config.media_type},
+                   body:    represent(model, @base_config)
+        when nil
+          response :not_found, msg: "resource not found at /#{@path}"
+        else
+          # wrong class/model_class
+          response :internal_server_error,
+                   msg: "single method returned `#{model.class}', expected `#{@base_config.model_class}'"
+        end
+
+      rescue ActiveRecord::RecordNotFound => error
+        response :not_found, msg: error.message
+
+      rescue AllowError => error
+        return response :internal_server_error,
+                        msg: "exception raised in allow block: `#{error.orig_error.message}' in #{error.source_location}"
+
+      rescue BadRequest => error
+        response :bad_request, msg: "`#{error.message}' in: #{error.source_location}"
+
+      rescue HandlerError => error
+        return response :internal_server_error,
+                        msg: "exception raised in handler: `#{error.orig_error.message}' in #{error.source_location}"
+      rescue NotAllowed => error
+        return response :unauthorized, msg: "not authorized by allow block in: #{error.source_location}"
+
+      rescue => error
+        return response :internal_server_error,
+                        msg: "exception raised: #{error} \n#{error.backtrace[0..5].join("\n")}"
+      end
+    end
+  end
+end