Class: HaveAPI::Server

Inherits:

Object

• Object
• HaveAPI::Server

Includes:

Hookable

Defined in:

lib/haveapi/server.rb

Defined Under Namespace

Modules: DocHelpers, ServerHelpers

Instance Attribute Summary

• #action_state ⇒ Object

  Returns the value of attribute action_state.

• #action_state_auth ⇒ Object

  Returns the value of attribute action_state_auth.

• #auth_chain ⇒ Object readonly

  Returns the value of attribute auth_chain.

• #default_version ⇒ Object

  Returns the value of attribute default_version.

• #extensions ⇒ Object readonly

  Returns the value of attribute extensions.

• #module_name ⇒ Object readonly

  Returns the value of attribute module_name.

• #root ⇒ Object readonly

  Returns the value of attribute root.

• #routes ⇒ Object readonly

  Returns the value of attribute routes.

• #validation_error_http_status ⇒ Object

  Returns the value of attribute validation_error_http_status.

• #versions ⇒ Object readonly

  Returns the value of attribute versions.

Instance Method Summary

• #action_state_auth_required?(route) ⇒ Boolean
• #add_auth_module(v, name, mod, prefix: '', global: false) ⇒ Object
• #add_auth_routes(v, provider, prefix: '', global: false) ⇒ Object
• #allow_header(name) ⇒ Object
• #allowed_headers ⇒ Object
• #app ⇒ Object
• #auth_prefix(v, prefix, global:) ⇒ Object
• #describe(context) ⇒ Object
• #describe_resource(r, hash, context) ⇒ Object
• #describe_version(context) ⇒ Object
• #initialize(module_name = HaveAPI.module_name) ⇒ Server constructor

  A new instance of Server.

• #json_content_type?(request) ⇒ Boolean
• #mount(prefix = '/') ⇒ Object

  Load routes for all resource from included API versions.

• #mount_action(v, route) ⇒ Object
• #mount_nested_resource(v, routes) ⇒ Object
• #mount_resource(prefix, v, resource, hash) ⇒ Object
• #mount_version(prefix, v) ⇒ Object
• #path_for_action(version, action) ⇒ Object
• #path_params(route, params) ⇒ Object
• #start! ⇒ Object
• #use_version(v, default: false) ⇒ Object

  Include specific version ‘v` of API.

• #validate_resources(resources) ⇒ Object
• #version_prefix(v) ⇒ Object

Methods included from Hookable

included

Constructor Details

#initialize(module_name = HaveAPI.module_name) ⇒ Server

Returns a new instance of Server.

# File 'lib/haveapi/server.rb', line 219

def initialize(module_name = HaveAPI.module_name)
  @module_name = module_name
  @allowed_headers = ['Content-Type']
  @auth_chain = HaveAPI::Authentication::Chain.new(self)
  @extensions = []
  @action_state_auth = :backend
  @validation_error_http_status = nil
end

Instance Attribute Details

#action_state ⇒ Object

Returns the value of attribute action_state.

# File 'lib/haveapi/server.rb', line 9

def action_state
  @action_state
end

#action_state_auth ⇒ Object

Returns the value of attribute action_state_auth.

# File 'lib/haveapi/server.rb', line 10

def action_state_auth
  @action_state_auth
end

#auth_chain ⇒ Object (readonly)

Returns the value of attribute auth_chain.

# File 'lib/haveapi/server.rb', line 10

def auth_chain
  @auth_chain
end

#default_version ⇒ Object

Returns the value of attribute default_version.

# File 'lib/haveapi/server.rb', line 9

def default_version
  @default_version
end

#extensions ⇒ Object (readonly)

Returns the value of attribute extensions.

# File 'lib/haveapi/server.rb', line 10

def extensions
  @extensions
end

#module_name ⇒ Object (readonly)

Returns the value of attribute module_name.

# File 'lib/haveapi/server.rb', line 10

def module_name
  @module_name
end

#root ⇒ Object (readonly)

Returns the value of attribute root.

# File 'lib/haveapi/server.rb', line 10

def root
  @root
end

#routes ⇒ Object (readonly)

Returns the value of attribute routes.

# File 'lib/haveapi/server.rb', line 10

def routes
  @routes
end

#validation_error_http_status ⇒ Object

Returns the value of attribute validation_error_http_status.

# File 'lib/haveapi/server.rb', line 9

def validation_error_http_status
  @validation_error_http_status
end

#versions ⇒ Object (readonly)

Returns the value of attribute versions.

# File 'lib/haveapi/server.rb', line 10

def versions
  @versions
end

Instance Method Details

#action_state_auth_required?(route) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/haveapi/server.rb', line 699

def action_state_auth_required?(route)
  return false unless route.action.resource == HaveAPI::Resources::ActionState
  return false if @auth_chain.empty?

  @action_state_auth == :required
end

#add_auth_module(v, name, mod, prefix: '', global: false) ⇒ Object

# File 'lib/haveapi/server.rb', line 717

def add_auth_module(v, name, mod, prefix: '', global: false)
  @routes[v] ||= { authentication: { name => { resources: {} } } }

  HaveAPI.get_version_resources(mod, v).each do |r|
    mount_resource("#{auth_prefix(v, prefix, global:)}/", v, r, @routes[v][:authentication][name][:resources])
  end
end

#add_auth_routes(v, provider, prefix: '', global: false) ⇒ Object

Parameters:

• v (String) —

  API version

• provider (Authentication::Base)
• prefix (String) (defaults to: '')

# File 'lib/haveapi/server.rb', line 713

def add_auth_routes(v, provider, prefix: '', global: false)
  provider.register_routes(@sinatra, auth_prefix(v, prefix, global:))
end

#allow_header(name) ⇒ Object

# File 'lib/haveapi/server.rb', line 755

def allow_header(name)
  @allowed_headers << name unless @allowed_headers.include?(name)
  @allowed_headers_str = nil
end

#allowed_headers ⇒ Object

# File 'lib/haveapi/server.rb', line 760

def allowed_headers
  return @allowed_headers_str if @allowed_headers_str

  @allowed_headers_str = @allowed_headers.join(',')
end

#app ⇒ Object

# File 'lib/haveapi/server.rb', line 766

def app
  @sinatra
end

#auth_prefix(v, prefix, global:) ⇒ Object

# File 'lib/haveapi/server.rb', line 725

def auth_prefix(v, prefix, global:)
  root = global ? "#{@root}_auth" : "#{version_prefix(v)}_auth"
  "#{root}/#{prefix}"
end

#describe(context) ⇒ Object

# File 'lib/haveapi/server.rb', line 641

def describe(context)
  original_user = context.current_user
  auth_users_by_version = context.auth_users_by_version
  authenticated_description = auth_users_by_version&.values&.any?

  ret = { default_version: @default_version, versions: {} }

  context.version = @default_version
  context.current_user = auth_users_by_version ? auth_users_by_version[@default_version] : original_user
  ret[:versions][:default] = describe_version(context) unless authenticated_description && context.current_user.nil?

  @versions.each do |v|
    user = auth_users_by_version ? auth_users_by_version[v] : original_user
    next if authenticated_description && user.nil?

    context.version = v
    context.current_user = user
    ret[:versions][v] = describe_version(context)
  end

  ret
ensure
  context.current_user = original_user
end

#describe_resource(r, hash, context) ⇒ Object

# File 'lib/haveapi/server.rb', line 688

def describe_resource(r, hash, context)
  r.describe(hash, context)
end

#describe_version(context) ⇒ Object

# File 'lib/haveapi/server.rb', line 666

def describe_version(context)
  ret = {
    authentication: @auth_chain.describe(context),
    resources: {},
    meta: Metadata.describe,
    help: version_prefix(context.version)
  }

  # puts JSON.pretty_generate(@routes)

  @routes[context.version][:resources].each do |resource, children|
    r_name = resource.resource_name.underscore
    r_desc = describe_resource(resource, children, context)

    unless r_desc[:actions].empty? && r_desc[:resources].empty?
      ret[:resources][r_name] = r_desc
    end
  end

  ret
end

#json_content_type?(request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/haveapi/server.rb', line 730

def json_content_type?(request)
  media_type = if request.respond_to?(:media_type)
                 request.media_type
               else
                 request.content_type.to_s.split(';').first
               end

  media_type == 'application/json' || media_type.to_s.end_with?('+json')
end

#mount(prefix = '/') ⇒ Object

Load routes for all resource from included API versions. All routes are mounted under prefix ‘path`. If no default version is set, the last included version is used.

# File 'lib/haveapi/server.rb', line 264

def mount(prefix = '/')
  @root = prefix

  @sinatra = Sinatra.new do
    # Preload template engine for .md -- without this, tilt will not search
    # for markdown files with extension .md, only .markdown
    Tilt[:md]

    set :views, "#{settings.root}/views"
    set :public_folder, "#{settings.root}/public"
    set :bind, '0.0.0.0'

    if settings.development?
      set :dump_errors, true
      set :raise_errors, true
      set :show_exceptions, false
    end

    helpers Sinatra::Cookies
    helpers ServerHelpers
    helpers DocHelpers

    before do
      if request.env['HTTP_ORIGIN']
        headers 'access-control-allow-origin' => '*',
                'access-control-allow-credentials' => 'false'
      end
    end

    not_found do
      setup_formatter
      report_error(404, {}, 'Action not found') unless @halted
    end

    after do
      if Object.const_defined?(:ActiveRecord)
        ActiveRecord::Base.connection_handler.clear_active_connections!
      end
    end
  end

  @sinatra.set(:api_server, self)

  @routes = {}
  @default_version ||= @versions.last

  # Mount root
  @sinatra.get @root do
    auth_users_by_version = authenticated_versions

    @api = settings.api_server.describe(Context.new(
                                          settings.api_server,
                                          user: auth_users_by_version[settings.api_server.default_version],
                                          params:,
                                          auth_users_by_version:
                                        ))

    content_type 'text/html'
    erb :index, layout: :main_layout
  end

  @sinatra.options @root do
    setup_formatter
    access_control
    ret = nil

    ret = case params[:describe]
          when 'versions'
            {
              versions: settings.api_server.versions,
              default: settings.api_server.default_version
            }

          when 'default'
            auth_users_by_version = authenticated_versions

            settings.api_server.describe_version(Context.new(
                                                   settings.api_server,
                                                   version: settings.api_server.default_version,
                                                   user: auth_users_by_version[settings.api_server.default_version],
                                                   doc: true,
                                                   params:,
                                                   auth_users_by_version:
                                                 ))

          else
            auth_users_by_version = authenticated_versions

            settings.api_server.describe(Context.new(
                                           settings.api_server,
                                           user: auth_users_by_version[settings.api_server.default_version],
                                           doc: true,
                                           params:,
                                           auth_users_by_version:
                                         ))
          end

    @formatter.format(true, ret)
  end

  # Doc
  @sinatra.get "#{@root}doc" do
    content_type 'text/html'
    erb :main_layout do
      doc(:index)
    end
  end

  @sinatra.get "#{@root}doc/readme" do
    content_type 'text/html'

    erb :main_layout do
      markdown File.new("#{settings.views}/../../../README.md").read
    end
  end

  @sinatra.get "#{@root}doc/json-schema" do
    content_type 'text/html'
    erb :doc_layout, layout: :main_layout do
      @content = File.read(File.join(settings.root, '../../doc/json-schema.html'))
      @sidebar = erb :'doc_sidebars/json-schema'
    end
  end

  @sinatra.get %r{#{@root}doc/([^.]+)(\.md)?} do |f, _|
    content_type 'text/html'
    erb :doc_layout, layout: :main_layout do
      begin
        @content = doc(f)
      rescue Errno::ENOENT
        halt 404
      end

      begin
        @sidebar = erb :"doc_sidebars/#{f}"
      rescue Errno::ENOENT
        @sidebar = ''
      end
    end
  end

  # Login/logout links
  @sinatra.get "#{root}_login" do
    if current_user
      redirect back
    else
      authenticate!(settings.api_server.default_version) # FIXME
    end
  end

  @sinatra.get "#{root}_logout" do
    require_auth!
  end

  @auth_chain << HaveAPI.default_authenticate if @auth_chain.empty?
  @auth_chain.setup(@versions)

  @extensions.each { |e| e.enabled(self) }

  call_hooks_for(:pre_mount, args: [self, @sinatra])

  # Mount default version first
  mount_version(@root, @default_version)

  @versions.each do |v|
    mount_version(version_prefix(v), v)
  end

  call_hooks_for(:post_mount, args: [self, @sinatra])
end

#mount_action(v, route) ⇒ Object

# File 'lib/haveapi/server.rb', line 529

def mount_action(v, route)
  @sinatra.method(route.http_method).call(route.sinatra_path) do
    setup_formatter

    if route.action.auth || settings.api_server.action_state_auth_required?(route)
      authenticate!(v)
    else
      authenticated?(v)
    end

    raw_body = request.body.read
    body_method = !%i[get head options].include?(route.http_method.to_sym)

    if body_method && !raw_body.empty? && !settings.api_server.send(:json_content_type?, request)
      report_error(415, {}, 'Unsupported Content-Type')
    end

    begin
      body = raw_body.empty? ? nil : JSON.parse(raw_body)
    rescue JSON::ParserError
      report_error(400, {}, 'Bad JSON syntax')
    end

    if !raw_body.empty? && !body.is_a?(Hash)
      report_error(400, {}, 'JSON body must be an object')
    end

    action_params = settings.api_server.send(:path_params, route, params)
    action_input = body_method ? (body || {}) : request.GET

    context = Context.new(
      settings.api_server,
      version: v,
      request: self,
      action: route.action,
      path: route.path,
      path_params: action_params,
      input: action_input,
      user: current_user,
      endpoint: true,
      resource_path: route.resource_path
    )

    action = route.action.new(request, v, action_params, action_input, context)

    unless action.authorized?(current_user)
      report_error(403, {}, 'Access denied. Insufficient permissions.')
    end

    status, reply, errors, http_status = action.safe_exec
    @halted = true

    [
      http_status || 200,
      @formatter.format(
        status,
        status ? reply : nil,
        status ? nil : reply,
        errors,
        version: false
      )
    ]
  end

  @sinatra.options route.sinatra_path do |*args|
    setup_formatter
    access_control
    route_method = route.http_method.to_s.upcase

    pass if params[:method] && params[:method] != route_method

    if route.action.auth || settings.api_server.action_state_auth_required?(route)
      authenticate!(v)
    else
      authenticated?(v)
    end

    ctx = Context.new(
      settings.api_server,
      version: v,
      request: self,
      action: route.action,
      path: route.path,
      args:,
      params:,
      user: current_user,
      endpoint: true,
      resource_path: route.resource_path,
      doc: true
    )

    begin
      desc = route.action.describe(ctx)

      unless desc
        report_error(403, {}, 'Access denied. Insufficient permissions.')
      end
    rescue ValidationError => e
      report_error(400, e.to_hash, e.message)
    rescue StandardError => e
      tmp = settings.api_server.call_hooks_for(:description_exception, args: [ctx, e])
      report_error(
        tmp[:http_status] || 500,
        {},
        tmp[:message] || 'Server error occured'
      )
    end

    @formatter.format(true, desc)
  end
end

#mount_nested_resource(v, routes) ⇒ Object

# File 'lib/haveapi/server.rb', line 513

def mount_nested_resource(v, routes)
  ret = { resources: {}, actions: {} }

  routes.each do |route|
    if route.is_a?(Hash)
      ret[:resources][route.keys.first] = mount_nested_resource(v, route.values.first)

    else
      ret[:actions][route.action] = route.path
      mount_action(v, route)
    end
  end

  ret
end

#mount_resource(prefix, v, resource, hash) ⇒ Object

# File 'lib/haveapi/server.rb', line 496

def mount_resource(prefix, v, resource, hash)
  hash[resource] = { resources: {}, actions: {} }

  resource.routes(prefix).each do |route|
    if route.is_a?(Hash)
      hash[resource][:resources][route.keys.first] = mount_nested_resource(
        v,
        route.values.first
      )

    else
      hash[resource][:actions][route.action] = route.path
      mount_action(v, route)
    end
  end
end

#mount_version(prefix, v) ⇒ Object

# File 'lib/haveapi/server.rb', line 435

def mount_version(prefix, v)
  @routes[v] ||= {}
  @routes[v][:resources] = {}

  @sinatra.get prefix do
    authenticated?(v)

    @v = v
    @help = settings.api_server.describe_version(Context.new(
                                                   settings.api_server,
                                                   version: v,
                                                   user: current_user,
                                                   params:
                                                 ))

    content_type 'text/html'
    erb :doc_layout, layout: :main_layout do
      @content = erb :version_page
      @sidebar = erb :version_sidebar
    end
  end

  @sinatra.options prefix do
    setup_formatter
    access_control
    authenticated?(v)

    @formatter.format(true, settings.api_server.describe_version(Context.new(
                                                                   settings.api_server,
                                                                   version: v,
                                                                   user: current_user,
                                                                   doc: true,
                                                                   params:
                                                                 )))
  end

  # Register blocking resource
  HaveAPI.get_version_resources(@module_name, v).each do |resource|
    mount_resource(prefix, v, resource, @routes[v][:resources])
  end

  if action_state
    mount_resource(
      prefix,
      v,
      HaveAPI::Resources::ActionState,
      @routes[v][:resources]
    )
  end

  validate_resources(@routes[v][:resources])
end

#path_for_action(version, action) ⇒ Object

# File 'lib/haveapi/server.rb', line 692

def path_for_action(version, action)
  routes = @routes && @routes[version]
  return unless routes

  find_action_path(routes[:resources], action)
end

#path_params(route, params) ⇒ Object

# File 'lib/haveapi/server.rb', line 740

def path_params(route, params)
  route.action.path_param_names(route.path).each_with_object({}) do |name, ret|
    value = if params.has_key?(name.to_sym)
              params[name.to_sym]
            elsif params.has_key?(name)
              params[name]
            end

    next if value.nil?

    ret[name] = value
    ret[name.to_sym] = value
  end
end

#start! ⇒ Object

# File 'lib/haveapi/server.rb', line 770

def start!
  @sinatra.run!
end

#use_version(v, default: false) ⇒ Object

Include specific version ‘v` of API.

‘default` is set only when including concrete version. Use set_default_version otherwise.

Parameters:

• v (:all, Array<String>, String)

# File 'lib/haveapi/server.rb', line 245

def use_version(v, default: false)
  @versions ||= []

  if v == :all
    @versions = HaveAPI.versions(@module_name)
  elsif v.is_a?(Array)
    @versions += v
    @versions.uniq!
  else
    @versions << v
    @default_version = v if default
  end
end

#validate_resources(resources) ⇒ Object

# File 'lib/haveapi/server.rb', line 488

def validate_resources(resources)
  resources.each_value do |r|
    r[:actions].each_key(&:validate_build)

    validate_resources(r[:resources])
  end
end

#version_prefix(v) ⇒ Object

# File 'lib/haveapi/server.rb', line 706

def version_prefix(v)
  "#{@root}v#{v}/"
end