@toa.io/extensions.exposition 1.0.0-alpha.6 → 1.0.0-alpha.60

package/features/introspection.feature

@@ -0,0 +1,153 @@
+Feature: Introspection
+
+  Scenario: Resource introspection
+    Given the `pots` is running with the following manifest:
+      """yaml
+      exposition:
+        /:
+          io:output: true
+          GET: enumerate
+          POST: create
+      """
+    When the following request is received:
+      """
+      OPTIONS /pots/ HTTP/1.1
+      host: nex.toa.io
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      Allow: GET, POST
+
+      GET:
+        type: array
+        items:
+          type: object
+          properties:
+            id:
+              type: string
+              pattern: ^[a-fA-F0-9]{32}$
+            title:
+              type: string
+              maxLength: 64
+            volume:
+              type: number
+              exclusiveMinimum: 0
+              maximum: 1000
+            temperature:
+              type: number
+              exclusiveMinimum: 0
+              maximum: 300
+          additionalProperties: false
+          required:
+            - id
+            - title
+            - volume
+      POST:
+        input:
+          type: object
+          properties:
+            title:
+              type: string
+              maxLength: 64
+            temperature:
+              type: number
+              exclusiveMinimum: 0
+              maximum: 300
+            volume:
+              type: number
+              exclusiveMinimum: 0
+              maximum: 1000
+          additionalProperties: false
+          required:
+            - title
+            - volume
+        output:
+          type: object
+          properties:
+            id:
+              type: string
+              pattern: ^[a-fA-F0-9]{32}$
+          additionalProperties: false
+        errors:
+          - NO_WAY
+          - WONT_CREATE
+      """
+
+  Scenario: Introspection with route parameters
+    Given the `echo` is running with the following manifest:
+      """yaml
+      exposition:
+        /:a:
+          io:output: true
+          PATCH: parameters
+      """
+    When the following request is received:
+      """
+      OPTIONS /echo/:a/ HTTP/1.1
+      host: nex.toa.io
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      Allow: PATCH
+
+      PATCH:
+        route:
+          a:
+            type: string
+        input:
+          type: object
+          properties:
+            b:
+              type: string
+        output:
+          type: object
+          properties:
+            a:
+              type: string
+            b:
+              type: string
+      """
+
+  Scenario: Introspection with query parameters
+    Given the `echo` is running with the following manifest:
+      """yaml
+      exposition:
+        /:
+          io:output: true
+          PATCH:
+            query:
+              parameters: [a]
+            endpoint: parameters
+      """
+    When the following request is received:
+      """
+      OPTIONS /echo/ HTTP/1.1
+      host: nex.toa.io
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      Allow: PATCH
+
+      PATCH:
+        query:
+          a:
+            type: string
+        input:
+          type: object
+          properties:
+            b:
+              type: string
+        output:
+          type: object
+          properties:
+            a:
+              type: string
+            b:
+              type: string
+      """

package/features/io.feature

@@ -1,3 +1,4 @@
+@security
 Feature: IO restrictions
 
   Background:
@@ -18,6 +19,7 @@ Feature: IO restrictions
     When the following request is received:
       """
       GET /pots/4c4759e6f9c74da989d64511df42d6f4/ HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
@@ -27,6 +29,7 @@ Feature: IO restrictions
     When the following request is received:
       """
       GET /pots/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -46,7 +49,7 @@ Feature: IO restrictions
     When the following request is received:
       """
       GET /pots/4c4759e6f9c74da989d64511df42d6f4/ HTTP/1.1
-      accept: application/yaml
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
@@ -67,6 +70,7 @@ Feature: IO restrictions
     When the following request is received:
       """
       GET /pots/4c4759e6f9c74da989d64511df42d6f4/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -84,6 +88,7 @@ Feature: IO restrictions
     When the following request is received:
       """
       GET /pots/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -113,6 +118,7 @@ Feature: IO restrictions
     When the following request is received:
       """
       POST /pots/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       content-type: application/yaml
 
@@ -135,11 +141,13 @@ Feature: IO restrictions
       exposition:
         /:
           io:input: [title, volume]
+          io:output: [id]
           POST: create
       """
     When the following request is received:
       """
       POST /pots/ HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       content-type: application/yaml
 
@@ -156,6 +164,31 @@ Feature: IO restrictions
     When the following request is received:
       """
       POST /pots/ HTTP/1.1
+      host: nex.toa.io
+      content-type: application/yaml
+
+      title: Hello
+      volume: 1.5
+      """
+    Then the following reply is sent:
+      """
+      201 Created
+      """
+
+  Scenario: IO shortcuts
+    Given the `pots` is running with the following manifest:
+      """yaml
+      exposition:
+        /:
+          input: [title, volume]
+          output: [id, title, volume]
+          POST: create
+      """
+    When the following request is received:
+      """
+      POST /pots/ HTTP/1.1
+      host: nex.toa.io
+      accept: application/yaml
       content-type: application/yaml
 
       title: Hello
@@ -164,4 +197,8 @@ Feature: IO restrictions
     Then the following reply is sent:
       """
       201 Created
+
+      id:
+      title: Hello
+      volume: 1.5
       """

package/features/octets.download.feature

@@ -0,0 +1,117 @@
+Feature: Download and store
+
+  Scenario Outline: Download from trusted location defined as <type>
+    Given the annotation:
+      """yaml
+      /:
+        io:output: true
+        auth:anonymous: true
+        octets:context: octets
+        POST:
+          octets:store:
+            trust:
+              - <location> # <type>
+              - https://github.com
+        /*:
+          GET:
+            octets:fetch: ~
+      """
+
+    When the following request is received:
+      """
+      POST / HTTP/1.1
+      host: nex.toa.io
+      content-location: https://avatars.githubusercontent.com/u/92763022?s=48&v=4
+      content-length: 0
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      201 Created
+
+      id: ${{ id }}
+      type: image/png
+      """
+
+    When the following request is received:
+      """
+      GET /${{ id }} HTTP/1.1
+      host: nex.toa.io
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      content-type: image/png
+      content-length: 1288
+      """
+
+    # untrusted location
+    When the following request is received:
+      """
+      POST / HTTP/1.1
+      host: nex.toa.io
+      content-location: https://github.githubassets.com/assets/yolo-default-be0bbff04951.png
+      content-length: 0
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      403 Forbidden
+
+      Location is not trusted
+      """
+
+    # content-length must be 0
+    When the following request is received:
+      """
+      POST / HTTP/1.1
+      host: nex.toa.io
+      content-location: https://avatars.githubusercontent.com/u/92763022?s=48&v=4
+      content-length: 1
+      accept: application/yaml
+
+      1
+      """
+    Then the following reply is sent:
+      """
+      400 Bad Request
+
+      Content-Length must be 0 when Content-Location is used
+      """
+
+    # invalid content-location
+    When the following request is received:
+      """
+      POST / HTTP/1.1
+      host: nex.toa.io
+      content-location: Hello there!
+      content-length: 0
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      403 Forbidden
+
+      Location is not trusted
+      """
+
+    # unavailable location
+    When the following request is received:
+      """
+      POST / HTTP/1.1
+      host: nex.toa.io
+      content-location: https://github.com/toa-io/no
+      content-length: 0
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      404 Not Found
+
+      Location is not available
+      """
+
+    Examples:
+      | type       | location                                   |
+      | origin     | https://avatars.githubusercontent.com      |
+      | expression | /^https://avatars\.githubusercontent\.com/ |

package/features/octets.entries.feature

@@ -18,6 +18,7 @@ Feature: Accessing entries
     When the stream of `lenna.ascii` is received with the following headers:
       """
       POST / HTTP/1.1
+      host: nex.toa.io
       content-type: application/octet-stream
       """
     Then the following reply is sent:
@@ -27,6 +28,7 @@ Feature: Accessing entries
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: application/vnd.toa.octets.entries+yaml
       """
     Then the following reply is sent:
@@ -38,6 +40,7 @@ Feature: Accessing entries
     When the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      host: nex.toa.io
       accept: text/vnd.toa.octets.entry+plain
       """
     Then the following reply is sent:
@@ -67,18 +70,21 @@ Feature: Accessing entries
     When the stream of `lenna.ascii` is received with the following headers:
       """
       POST / HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       content-type: application/octet-stream
       """
     And the stream of `lenna.png` is received with the following headers:
       """
       POST / HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       content-type: application/octet-stream
       """
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -92,6 +98,7 @@ Feature: Accessing entries
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: application/vnd.toa.octets.entries+yaml
       """
     Then the following reply is sent:
@@ -109,13 +116,13 @@ Feature: Accessing entries
     When the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      host: nex.toa.io
       accept: application/vnd.toa.octets.entry+yaml
       """
     Then the following reply is sent:
       """
       200 OK
       content-type: application/yaml
-      content-length: 124
 
       id: 10cf16b458f759e0d617f2f3d83599ff
       type: application/octet-stream

package/features/octets.feature

@@ -11,8 +11,6 @@ Feature: Octets directive family
           octets:store: ~
         GET:
           octets:list: ~
-        PUT:
-          octets:permute: ~
         /*:
           GET:
             octets:fetch: ~
@@ -33,12 +31,16 @@ Feature: Octets directive family
             POST:
               octets:store:
                 accept: image/*
+            /*:
+              GET:
+                octets:fetch: ~
       """
 
   Scenario: Basic storage operations
     When the stream of `lenna.ascii` is received with the following headers:
       """
       POST / HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       content-type: application/octet-stream
       """
@@ -54,6 +56,7 @@ Feature: Octets directive family
     When the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      host: nex.toa.io
       """
     Then the stream equals to `lenna.ascii` is sent with the following headers:
       """
@@ -65,6 +68,7 @@ Feature: Octets directive family
     When the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      host: nex.toa.io
       if-none-match: ${{ ETAG }}
       """
     Then the following reply is sent:
@@ -74,6 +78,7 @@ Feature: Octets directive family
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -86,6 +91,7 @@ Feature: Octets directive family
     When the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff?foo=bar HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
@@ -94,6 +100,7 @@ Feature: Octets directive family
     When the following request is received:
       """
       DELETE /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
@@ -102,68 +109,18 @@ Feature: Octets directive family
     When the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
       404 Not Found
       """
 
-  Scenario: Entries permutation
-    When the stream of `lenna.ascii` is received with the following headers:
-      """
-      POST / HTTP/1.1
-      accept: application/yaml
-      content-type: application/octet-stream
-      """
-    And the stream of `lenna.png` is received with the following headers:
-      """
-      POST / HTTP/1.1
-      accept: application/yaml
-      content-type: application/octet-stream
-      """
-    When the following request is received:
-      """
-      GET / HTTP/1.1
-      accept: application/yaml
-      """
-    Then the following reply is sent:
-      """
-      200 OK
-      content-type: application/yaml
-
-      - 10cf16b458f759e0d617f2f3d83599ff
-      - 814a0034f5549e957ee61360d87457e5
-      """
-    When the following request is received:
-      """
-      PUT / HTTP/1.1
-      content-type: application/yaml
-
-      - 814a0034f5549e957ee61360d87457e5
-      - 10cf16b458f759e0d617f2f3d83599ff
-      """
-    Then the following reply is sent:
-      """
-      204 No Content
-      """
-    When the following request is received:
-      """
-      GET / HTTP/1.1
-      accept: application/yaml
-      """
-    Then the following reply is sent:
-      """
-      200 OK
-      content-type: application/yaml
-
-      - 814a0034f5549e957ee61360d87457e5
-      - 10cf16b458f759e0d617f2f3d83599ff
-      """
-
   Scenario: Media type control
     When the stream of `lenna.png` is received with the following headers:
       """
       POST /media/jpeg-or-png/ HTTP/1.1
+      host: nex.toa.io
       content-type: image/jpeg
       """
     Then the following reply is sent:
@@ -173,6 +130,7 @@ Feature: Octets directive family
     When the stream of `lenna.png` is received with the following headers:
       """
       POST /media/jpeg/ HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
@@ -181,34 +139,66 @@ Feature: Octets directive family
     When the stream of `lenna.png` is received with the following headers:
       """
       POST /media/jpeg-or-png/ HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
       201 Created
       """
 
-  Scenario Outline: Receiving <format> images
-    When the stream of `sample.<format>` is received with the following headers:
+  Scenario Outline: Detecting `<type>`
+    When the stream of `sample.<ext>` is received with the following headers:
       """
       POST /media/images/ HTTP/1.1
+      host: nex.toa.io
+      accept: application/yaml
       """
     Then the following reply is sent:
       """
       201 Created
+
+      type: <type>
       """
     Examples:
-      | format |
-      | jpeg   |
-      | jxl    |
-      | gif    |
-      | heic   |
-      | avif   |
-      | webp   |
+      | ext  | type       |
+      | jpeg | image/jpeg |
+      | jxl  | image/jxl  |
+      | gif  | image/gif  |
+      | heic | image/heic |
+      | avif | image/avif |
+      | webp | image/webp |
+
+  Scenario: Accepting `image/svg+xml`
+    When the stream of `sample.svg` is received with the following headers:
+      """
+      POST /media/images/ HTTP/1.1
+      host: nex.toa.io
+      content-type: image/svg+xml
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      201 Created
+
+      type: image/svg+xml
+      """
+
+  Scenario: Rejection video/avi
+    When the stream of `sample.avi` is received with the following headers:
+      """
+      POST /media/images/ HTTP/1.1
+      host: nex.toa.io
+      """
+    Then the following reply is sent:
+      """
+      415 Unsupported Media Type
+      """
 
   Scenario: Fetching non-existent BLOB
     When the following request is received:
       """
       GET /whatever HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
@@ -219,12 +209,14 @@ Feature: Octets directive family
     When the stream of `lenna.ascii` is received with the following headers:
       """
       POST / HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       content-type: application/octet-stream
       """
     And the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff/ HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent:
@@ -235,7 +227,7 @@ Feature: Octets directive family
       Trailing slash is redundant.
       """
 
-  Scenario: Original BLOLB is not accessible
+  Scenario: Original BLOB is not accessible
     Given the annotation:
       """yaml
       /:
@@ -253,6 +245,7 @@ Feature: Octets directive family
     When the stream of `lenna.ascii` is received with the following headers:
       """
       POST / HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
@@ -261,6 +254,7 @@ Feature: Octets directive family
     When the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent: