web-connect 0.4.10 → 0.4.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 993a6beae2974b8c68863a8de079026471cf22a5
-  data.tar.gz: a9eaf838e7f5a5d3e3392d80734f64f776513c08
+  metadata.gz: 57e9bb59d41e8a0c01c87c705f8025d1d232f4ac
+  data.tar.gz: 519a6611cddde1f5c82be9e983d4236eaaa028a3
 SHA512:
-  metadata.gz: 5a65c0e7fd57301c39cdd57d344fb00658120c0908f6819ec65651fd529c161f3dd6b1b882a2852d9125bbe27aacf80d9c727fade464c973124e0451ebb443eb
-  data.tar.gz: e2c02ad0fdbc4ac90208bcc026e68bfca2eb230a81ca876acaf24e73958d8486a131b9b443681a61ee04febdd9477d897bf2d03b9fa82ea896295f6b0551fac9
+  metadata.gz: 44e149eb63bb57f314fdd9b5a530aa969d2910aa506c6f719aef1c6f3e40d8c95214127a0d3f795a60025cdb5c41f3a3f2dcfa62bb914f86a4fa37993bf7ffe5
+  data.tar.gz: 62ec603899fc3a43d0c83424c0ff94b7b0c5c3420c92ac18fc2f681ccb63a6facd4230cf9a665cdd3e13b017f771f2e6b50f61b1154b336a04be0f614ddaae56

data/lib/netfira/web_connect/rack_app.rb

@@ -23,6 +23,20 @@ module Netfira::WebConnect
         ]
       rescue Exceptions::HttpException => e
         make_response e.code, e.body, e.headers, e.code
+      rescue => e
+        # TODO: provide a way to silence these (i.e. for prod environments)
+        # TODO: log errors
+        raise e if defined? DONT_CATCH_ALL_EXCEPTIONS
+        body = {
+            errorCode: 1,
+            errorMessage: 'Uncaught Exception',
+            exception: {
+                class: e.class.name,
+                message: e.message,
+                backtrace: e.backtrace
+            }
+        }
+        make_response 500, body
       end
     end
 
@@ -45,7 +59,11 @@ module Netfira::WebConnect
     end
 
     def make_response(status, body = {}, headers = {}, error_code = 0)
-      body_string = {errorCode: error_code}.merge(body).to_json
+      begin
+        body_string = {errorCode: error_code}.merge(body).to_json
+      rescue Encoding::UndefinedConversionError
+        body_string = {errorCode: error_code}.merge(sanitize_for_json body).to_json
+      end
       [
           status,
           {
@@ -57,6 +75,15 @@ module Netfira::WebConnect
       ]
     end
 
+    def sanitize_for_json(data)
+      case data
+        when String then data.encode Encoding::UTF_8 rescue '<Invalid UTF-8>'
+        when Hash then data.map { |k, v| [k, sanitize_for_json(v)] }.to_h
+        when Array then data.map { |v| sanitize_for_json v }
+        else data
+      end
+    end
+
   end
 end
 

data/lib/netfira/web_connect/rack_app/action_helpers/env_importer.rb

@@ -1,5 +1,8 @@
 module Netfira::WebConnect
   class RackApp::Action
+    include RackApp::Exceptions::HttpExceptions
+
+    VALID_BASE64 = %r`^([a-z\d+/]{4})*([a-z\d+/]{4}|[a-z\d+/]{3}=|[a-z\d+/]{2}==)$`i
 
     def import_env(env)
       @env = env
@@ -78,8 +81,20 @@ module Netfira::WebConnect
       # Input
       if put? or post?
         @input = request.body
-        @input = StringIO.new(@input.read.unpack('m').first) if env['CONTENT_ENCODING'] == 'base64'
-        @input = JSON.parse @input.read if request.media_type == 'application/json'
+
+        # Decode base64
+        if (env['HTTP_CONTENT_ENCODING'] || env['CONTENT_ENCODING'] || '').downcase == 'base64'
+          input = @input.read.gsub(/\s+/, '')
+          raise BadRequest, 'Invalid base64 in request body' unless input.length % 4 == 0 && input =~ VALID_BASE64
+          @input = StringIO.new(input.unpack('m').first)
+        end
+
+        # Unserialize JSON
+        begin
+          @input = JSON.parse @input.read, quirks_mode: true if request.media_type == 'application/json'
+        rescue JSON::ParserError => error
+          raise BadRequest.new('Invalid JSON in request body', details: error.message.sub(/^\d+:\s*/, ''))
+        end
       end
 
     end

data/lib/netfira/web_connect/rack_app/action_helpers/env_methods.rb

@@ -18,6 +18,21 @@ module Netfira::WebConnect
       define_method(:"#{verb}?") { self.verb.to_s == verb }
     end
 
+    # This method restricts request verbs (symbols) and input types (classes)
+    def allow(*args)
+
+      # Restrict verbs
+      verbs = args.select { |x| Symbol === x }
+      unless verbs.empty? || verbs.include?(verb)
+        raise MethodNotAllowed.new("The #{verb.to_s.upcase} verb is not allowed", allowed: verbs.map{ |v| v.to_s.upcase })
+      end
+
+      # Restrict input type
+      types = args.select { |x| Class === x }
+      unless types.empty? || types.find { |t| t === input }
+        raise BadRequest.new('Unexpected request body type', allowed: types.map { |t| t.name })
+      end
+    end
 
   end
 end

data/lib/netfira/web_connect/rack_app/actions/version_8/checksums.rb

@@ -2,7 +2,7 @@ class Netfira::WebConnect::RackApp
   module Action::Version8
     class Checksums < Action
       def call
-        raise MethodNotAllowed unless get?
+        allow :get
 
         klass = class_for_record_type(query_string['type'])
         checksums = klass.where(shop_id: shop.id).map{ |record| [record.origin_id, record.digest]}.to_h

data/lib/netfira/web_connect/rack_app/actions/version_8/commit.rb

@@ -3,7 +3,7 @@ class Netfira::WebConnect::RackApp
     class Commit < Action
 
       def call
-        raise MethodNotAllowed unless verb == :put
+        allow :put, Hash
         dispatch_event :before, :commit, shop
         dispatch_event :around, :commit, shop do
           commit_records input['records'] if input['records']

data/lib/netfira/web_connect/rack_app/actions/version_8/files.rb

@@ -2,7 +2,7 @@ class Netfira::WebConnect::RackApp
   module Action::Version8
     class Files < Action
       def call
-        raise MethodNotAllowed unless post?
+        allow :post
         klass = class_for_record_type(path[0])
         raise BadRequest, "You can't upload files for that data type" unless klass < Netfira::WebConnect::Model::Record::FileRecord
 

data/lib/netfira/web_connect/rack_app/actions/version_8/records.rb

@@ -4,10 +4,8 @@ module Netfira::WebConnect
       class Records < Action
 
         def call
-          case verb
-            when :delete then purge!
-            else raise MethodNotAllowed
-          end
+          allow :delete
+          purge!
         end
 
         private

data/lib/netfira/web_connect/rack_app/actions/version_8/settings.rb

@@ -2,6 +2,7 @@ class Netfira::WebConnect::RackApp
   module Action::Version8
     class Settings < Action
       def call
+        allow :put, :post, :get, :delete
         key = path && path.first
         if key
           handle_single key
@@ -55,6 +56,7 @@ class Netfira::WebConnect::RackApp
       end
 
       def update_multiple
+        allow Hash
         input.each do |key, value|
           shop.settings[key] = value.unpack('m').first
         end

data/lib/netfira/web_connect/rack_app/actions/version_8/web.rb

@@ -6,6 +6,7 @@ class Netfira::WebConnect::RackApp
       SEARCH_PATH = [:public, :protected].map { |x| [x, WEB_BASE + x.to_s] }.to_h
 
       def call
+        allow :get
         raise NotFound unless path
         path = self.path.join '/'
         options = SEARCH_PATH.map do |access, dir|

data/lib/netfira/web_connect/rack_app/exceptions/http_exception.rb

@@ -14,7 +14,7 @@ module Netfira::WebConnect::RackApp::Exceptions
     def_delegators :'self.class', :status, :code, :category
 
     def initialize(message = nil, details = nil)
-      super message
+      super message || self.class.name.demodulize.underscore.humanize
       @headers = self.class.headers.dup
       @details = details
     end

data/lib/netfira/web_connect/version.rb

@@ -1,6 +1,6 @@
 module Netfira
   module WebConnect
-    VERSION = '0.4.10'
+    VERSION = '0.4.11'
     PLATFORM_AND_VERSION = 'Rack/' << VERSION
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: web-connect
 version: !ruby/object:Gem::Version
-  version: 0.4.10
+  version: 0.4.11
 platform: ruby
 authors:
 - Neil E. Pearson
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-18 00:00:00.000000000 Z
+date: 2014-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord