Class: Hoodoo::Services::Middleware

Inherits:

Object

• Object
• Hoodoo::Services::Middleware

Defined in:

lib/hoodoo/services/middleware/middleware.rb,
lib/hoodoo/services/middleware/interaction.rb,
lib/hoodoo/services/middleware/amqp_log_writer.rb,
lib/hoodoo/services/middleware/endpoints/inter_resource_local.rb,
lib/hoodoo/services/middleware/endpoints/inter_resource_remote.rb,
lib/hoodoo/services/middleware/exception_reporting/base_reporter.rb,
lib/hoodoo/services/middleware/exception_reporting/exception_reporting.rb,
lib/hoodoo/services/middleware/exception_reporting/reporters/raygun_reporter.rb,
lib/hoodoo/services/middleware/exception_reporting/reporters/airbrake_reporter.rb

Overview

Just used as a namespace here

Defined Under Namespace

Classes: AMQPLogWriter, ExceptionReporting, InterResourceLocal, InterResourceRemote, Interaction

Constant Summary

ALLOWED_ACTIONS =

:category: Public constants

All allowed action names in implementations, used for internal checks. This is also the default supported set of actions. Symbols.

[
  :list,
  :show,
  :create,
  :update,
  :delete,
]

ALLOWED_HTTP_METHODS =

All allowed HTTP methods, related to ALLOWED_ACTIONS.

Set.new( %w( GET POST PATCH DELETE ) )

ALLOWED_QUERIES_LIST =

Allowed common fields in query strings (list actions only). Strings.

Only ever add to this list. As the API evolves, legacy clients will be calling with previously documented query strings and removing any entries from the list below could cause their requests to be rejected with a ‘platform.malformed’ error.

[
  'offset',
  'limit',
  'sort',
  'direction',
  'search',
  'filter'
]

ALLOWED_QUERIES_ALL =

Allowed common fields in query strings (all actions). Strings. Adds to the ::ALLOWED_QUERIES_LIST for list actions.

Only ever add to this list. As the API evolves, legacy clients will be calling with previously documented query strings and removing any entries from the list below could cause their requests to be rejected with a ‘platform.malformed’ error.

[
  '_embed',
  '_reference'
]

SUPPORTED_MEDIA_TYPES =

Allowed media types in Content-Type headers.

[ 'application/json' ]

SUPPORTED_ENCODINGS =

Allowed (required) charsets in Content-Type headers.

[ 'utf-8' ]

PROHIBITED_INBOUND_FIELDS =

Prohibited fields in creations or updates - these are the common fields specified in the API, which are emergent in the platform or are set via other routes (e.g. “language” comes from HTTP headers in requests). This is obtained via the Hoodoo::Presenters::CommonResourceFields class and its described field schema, so see that for details.

Hoodoo::Presenters::CommonResourceFields.get_schema().properties.keys

MAXIMUM_PAYLOAD_SIZE =

Somewhat arbitrary maximum incoming payload size to prevent ham-fisted DOS attempts to consume RAM.

1048576

MAXIMUM_LOGGED_PAYLOAD_SIZE =

Maximum logged payload (inbound data) size. Keep consistent with max payload size so data is not lost from the logs.

MAXIMUM_PAYLOAD_SIZE

MAXIMUM_LOGGED_RESPONSE_SIZE =

Maximum logged response (outbound data) size. Keep consistent with max payload size so data is not lost from the logs.

MAXIMUM_PAYLOAD_SIZE

DEFAULT_TEST_SESSION =

The default test session; a Hoodoo::Services::Session instance with the following characteristics:

Session ID

01234567890123456789012345678901

Caller ID

c5ea12fb7f414a46850e73ee1bf6d95e

Caller Version

1

Permissions

Default/else/“allow” to allow all actions

Identity

Has caller_id as its only field

Scoping

All secured HTTP headers are allowed

Expires at: Now plus 2 days

See also ::test_session and ::set_test_session.

Hoodoo::Services::Session.new

FRAMEWORK_QUERY_VALUE_DATE_PROC =

A validation Proc for FRAMEWORK_QUERY_DATA - see that for details. This one ensures that the value is a valid ISO 8601 subset date/time string and evaluates to the parsed version of that string if so.

-> ( value ) {
  Hoodoo::Utilities.valid_iso8601_subset_datetime?( value ) ?
  Hoodoo::Utilities.rationalise_datetime( value )           :
  nil
}

FRAMEWORK_QUERY_VALUE_UUID_PROC =

A validation Proc for FRAMEWORK_QUERY_DATA - see that for details. This one ensures that the value is a valid UUID and evaluates to that UUID string if so.

-> ( value ) {
  value = Hoodoo::UUID.valid?( value ) && value
  value || nil # => 'value' if 'value' is truthy, 'nil' if 'value' falsy
}

FRAMEWORK_QUERY_DATA =

Out-of-box search and filter query keys. Interfaces can override the support for these inside the Hoodoo::Services::Interface.to_list block using Hoodoo::Services::Interface::ToListDSL.do_not_search and Hoodoo::Services::Interface::ToListDSL.do_not_filter.

Keys, in order, are:

• Query key to detect records with a created_at date that is after the given value, in supporting resource; if used as a filter instead of a search string, would find records on-or-before the date.

• Query key to detect records with a created_at date that is before the given value, in supporting resource; if used as a filter instead of a search string, would find records on-or-after the date.

Values are either a validation Proc or nil for no validation. The Proc takes the search query value as its sole input paraeter and must evaluate to the input value either unmodified or in some canonicalised form if it is valid, else to nil if the input value is invalid. The canonicalisation is typically used to coerce a URI query string based String type into a more useful comparable entity such as an Integer or DateTime.

IMPORTANT - if this list is changed, any database support modules - e.g. in Hoodoo::ActiveRecord::Support - will need any internal mapping of “framework query keys to module-appropriate query code” updating.

{
  'created_after'  => FRAMEWORK_QUERY_VALUE_DATE_PROC,
  'created_before' => FRAMEWORK_QUERY_VALUE_DATE_PROC,
  'created_by'     => FRAMEWORK_QUERY_VALUE_UUID_PROC
}

Class Method Summary

• .clear_memcached_configuration_cache! ⇒ Object

  This method is intended really just for testing purposes; it clears the internal cache of Memcached data read from environment variables.

• .clear_queue_configuration_cache! ⇒ Object

  This method is intended really just for testing purposes; it clears the internal cache of AMQP queue data read from environment variables.

• .clear_session_store_configuration_cache! ⇒ Object

  This method is intended really just for testing purposes; it clears the internal cache of session storage engine data read from environment variables.

• .de_facto_path_for(resource, version) ⇒ Object

  For a given resource name and version, return the de facto routing path based on version and name with no modifications.

• .environment ⇒ Object

  Utility - returns the execution environment as a Rails-like environment object which answers queries like production? or staging? with true or false according to the RACK_ENV environment variable setting.

• .flush_services_for_test ⇒ Object

  For test purposes, dump the internal service records and flush the DRb service, if it is running.

• .has_memcached? ⇒ Boolean

  This method is deprecated.

• .has_session_store? ⇒ Boolean

  Return a boolean value for whether an environment variable declaring Hoodoo::TransientStore engine URI(s) have been defined by service author.

• .logger ⇒ Object

  Access the middleware’s logging instance.

• .memcached_host ⇒ Object

  This method is deprecated.

• .on_queue? ⇒ Boolean

  Are we running on the queue, else (implied) a local HTTP server?.

• .record_host_and_port(options = {}) ⇒ Object

  Record internally the HTTP host and port during local development via e.g rackup or testing with rspec.

• .service_name ⇒ Object

  Return a service ‘name’ derived from the service’s collection of declared resources.

• .session_store_engine ⇒ Object

  Return a symbolised key for the transient storage engine as defined in the environment variable SESSION_STORE_ENGINE (with :memcached as a legacy fallback if ::has_memcached? is true, else default is nil).

• .session_store_uri ⇒ Object

  Return configuration for the selected Hoodoo::TransientStore engine, as a flat String (IP address/ port combination) or a serialised JSON string with symbolised keys, defining a URI for each supported storage engine defined (required if <tt>ENV[ ‘SESSION_STORE_ENGINE’ ]</yy> defines a multi-engine strategy).

• .set_log_folder(base_path) ⇒ Object

  If using the middleware logger (see ::logger) with no external custom logger set up (see ::set_logger), call here to configure the folder used for logs when file output is active.

• .set_logger(logger) ⇒ Object

  The middleware sets up a logger itself (see ::logger) with various log mechanisms set up (mostly) without service author intervention.

• .set_test_session(session) ⇒ Object

  Set the test session instance.

• .set_verbose_logging(verbose) ⇒ Object

  Set verbose logging.

• .test_session ⇒ Object

  A Hoodoo::Services::Session instance to use for tests or when no local Hoodoo::TransientStore instance is known about (environment variable SESSION_STORE_ENGINE and SESSION_STORE_URI are not set).

• .verbose_logging? ⇒ Boolean

  Returns true if verbose logging is enabled, else false.

Instance Method Summary

• #call(env) ⇒ Object

  Run a Rack request, returning the [status, headers, body-array] data as per the Rack protocol requirements.

• #initialize(app) ⇒ Middleware constructor

  Initialize the middleware instance.

• #inter_resource_endpoint_for(resource, version, interaction) ⇒ Object

  Return something that behaves like a Hoodoo::Client::Endpoint subclass instance which can be used for inter-resource communication, whether the target endpoint implementation is local or remote.

• #inter_resource_local(source_interaction:, discovery_result:, endpoint:, action:, ident: nil, body_hash: nil, query_hash: nil) ⇒ Object

  Make a local (non-HTTP local Ruby method call) inter-resource call.

• #monkey_log_inbound_request(interaction) ⇒ Object

  Make an “inbound” call log based on the given interaction.

Constructor Details

#initialize(app) ⇒ Middleware

Initialize the middleware instance.

app Rack app instance to which calls should be passed.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 562

def initialize( app )

  service_container = app

  if defined?( NewRelic ) &&
     defined?( NewRelic::Agent ) &&
     defined?( NewRelic::Agent::Instrumentation ) &&
     defined?( NewRelic::Agent::Instrumentation::MiddlewareProxy ) &&
     service_container.is_a?( NewRelic::Agent::Instrumentation::MiddlewareProxy )

    if service_container.respond_to?( :target )
      service_container = service_container.target()
    else
      raise "Hoodoo::Services::Middleware instance created with NewRelic-wrapped Service entity, but NewRelic API is not as expected by Hoodoo; incompatible NewRelic version."
    end
  end

  unless service_container.is_a?( Hoodoo::Services::Service )
    raise "Hoodoo::Services::Middleware instance created with non-Service entity of class '#{ service_container.class }' - is this the last middleware in the chain via 'use()' and is Rack 'run()'-ing the correct thing?"
  end

  # Collect together the implementation instances and the matching regexps
  # for endpoints. An array of hashes.
  #
  # Key              Value
  # =======================================================================
  # regexp           Regexp for +String#match+ on the URI path component
  # interface        Hoodoo::Services::Interface subclass associated with
  #                  the endpoint regular expression in +regexp+
  # actions          Set of symbols naming allowed actions
  # implementation   Hoodoo::Services::Implementation subclass *instance* to
  #                  use on match
  #
  @@services = service_container.component_interfaces.map do | interface |

    if interface.nil? || interface.endpoint.nil? || interface.implementation.nil?
      raise "Hoodoo::Services::Middleware encountered invalid interface class #{ interface } via service class #{ service_container.class }"
    end

    # If anything uses a public interface, we need to tell ourselves that
    # the early exit session check can't be done.
    #
    interfaces_have_public_methods() unless interface.public_actions.empty?

    # There are two routes to an implementation - one via the custom path
    # given through its 'endpoint' declaration, the other a de facto path
    # determined from the unmodified version and resource name. Both lead
    # to the same implementation instance.
    #
    implementation_instance = interface.implementation.new

    # Regexp explanation:
    #
    # Match "/", the version text, "/", the endpoint text, then either
    # another "/", a "." or the end of the string, followed by capturing
    # everything else. Match data index 1 will be whatever character (if
    # any) followed after the endpoint ("/" or ".") while index 2 contains
    # everything else.
    #
    custom_path   = "/v#{ interface.version }/#{ interface.endpoint }"
    custom_regexp = /^\/v#{ interface.version }\/#{ interface.endpoint }(\.|\/|$)(.*)/

    # Same as above, but for the de facto routing.
    #
    de_facto_path   = self.class.de_facto_path_for( interface.resource, interface.version )
    de_facto_regexp = /^\/#{ interface.version }\/#{ interface.resource }(\.|\/|$)(.*)/

    Hoodoo::Services::Discovery::ForLocal.new(
      :resource                => interface.resource,
      :version                 => interface.version,
      :base_path               => custom_path,
      :routing_regexp          => custom_regexp,
      :de_facto_base_path      => de_facto_path,
      :de_facto_routing_regexp => de_facto_regexp,
      :interface_class         => interface,
      :implementation_instance => implementation_instance
    )

  end

  # Determine the service name from the resources above then announce
  # the whole collection to any interested discovery engines.

  sorted_resources = @@services.map() { | service | service.resource }.sort()
  @@service_name   = "service.#{ sorted_resources.join( '_' ) }"

  announce_presence_of( @@services )
end

Class Method Details

.clear_memcached_configuration_cache! ⇒ Object

This method is intended really just for testing purposes; it clears the internal cache of Memcached data read from environment variables.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 290

def self.clear_memcached_configuration_cache!
  @@memcached_host = nil
end

.clear_queue_configuration_cache! ⇒ Object

This method is intended really just for testing purposes; it clears the internal cache of AMQP queue data read from environment variables.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 371

def self.clear_queue_configuration_cache!
  @@amq_uri = nil
end

.clear_session_store_configuration_cache! ⇒ Object

This method is intended really just for testing purposes; it clears the internal cache of session storage engine data read from environment variables.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 352

def self.clear_session_store_configuration_cache!
  @@session_store_engine = nil
  @@session_store_uri    = nil
end

.de_facto_path_for(resource, version) ⇒ Object

For a given resource name and version, return the de facto routing path based on version and name with no modifications.

resource

Resource name for the endpoint, e.g. :Purchase. String or symbol.

version

Implemented version of the endpoint. Integer.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 398

def self.de_facto_path_for( resource, version )
  "/#{ version }/#{ resource }"
end

.environment ⇒ Object

Utility - returns the execution environment as a Rails-like environment object which answers queries like production? or staging? with true or false according to the RACK_ENV environment variable setting.

Example:

if Hoodoo::Services::Middleware.environment.production?
  # ...do something only if RACK_ENV="production"
end

# File 'lib/hoodoo/services/middleware/middleware.rb', line 244

def self.environment
  @@environment ||= Hoodoo::StringInquirer.new( ENV[ 'RACK_ENV' ] || 'development' )
end

.flush_services_for_test ⇒ Object

For test purposes, dump the internal service records and flush the DRb service, if it is running. Existing middleware instances will be invalidated. New instances must be created to re-scan their services internally and (where required) inform the DRb process of the endpoints.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 548

def self.flush_services_for_test
  @@services     = []
  @@service_name = nil

  ObjectSpace.each_object( self ) do | middleware_instance |
    discoverer = middleware_instance.instance_variable_get( '@discoverer' )
    discoverer.flush_services_for_test() if discoverer.respond_to?( :flush_services_for_test )
  end
end

.has_memcached? ⇒ Boolean

This method is deprecated. Use ::has_session_store? instead.

Return a boolean value for whether Memcached is explicitly defined as the Hoodoo::TransientStore engine. In previous versions, a nil response used to indicate local development without a queue available, but that is not a valid assumption in modern code.

Returns:

• (Boolean)

# File 'lib/hoodoo/services/middleware/middleware.rb', line 255

def self.has_memcached?
  $stderr.puts( 'Hoodoo::Services::Middleware::Middleware#has_memcached? is deprecated - use #has_session_store?' )

  m = self.memcached_host()
  m.nil? == false && m.empty? == false
end

.has_session_store? ⇒ Boolean

Return a boolean value for whether an environment variable declaring Hoodoo::TransientStore engine URI(s) have been defined by service author.

Returns:

• (Boolean)

# File 'lib/hoodoo/services/middleware/middleware.rb', line 265

def self.has_session_store?
  config = self.session_store_uri()
  config.nil? == false && config.empty? == false
end

.logger ⇒ Object

Access the middleware’s logging instance. Call report on this to make structured log entries. See Hoodoo::Logger::WriterMixin#report along with Hoodoo::Logger for other calls you can use.

The logging system ‘wakes up’ in stages. Initially, only console based output is added, as the Middleware Ruby code is parsed and configures a basic logger. If you call ::set_log_folder, file-based logging may be available. In AMQP based environments, queue based logging will become automatically available via Rack and the Alchemy gem once the middleware starts handling its very first request, but not before.

With this in mind, the logger is ultimately configured with a set of writers as follows:

• If off queue:

  • All RACK_ENV values (including “test”):

    • File “log/environment.log”

  • RACK_ENV “development”

    • Also to $stdout

• If on queue:

  • RACK ENV “test”

    • File “log/test.log”

  • All other RACK_ENV values

    • AMQP writer (see below)

  • RACK_ENV “development”

    • Also to $stdout

Or to put it another way, in test mode only file output to ‘test.log’ happens; in development mode $stdout always happens; and in addition for non-test environment, you’ll get a queue-based or file-based logger depending on whether or not a queue is available.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 438

def self.logger
  @@logger # See self.set_up_basic_logging and self.set_logger
end

.memcached_host ⇒ Object

This method is deprecated. Use ::session_store_uri instead.

Return a Memcached host (IP address/port combination) as a String if defined in environment variable MEMCACHED_HOST (with MEMCACHE_URL also accepted as a legacy fallback).

If this returns nil or an empty string, there’s no defined Memcached host available.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 279

def self.memcached_host

  # See also ::clear_memcached_configuration_cache!.
  #
  @@memcached_host ||= ENV[ 'MEMCACHED_HOST' ] || ENV[ 'MEMCACHE_URL' ]

end

.on_queue? ⇒ Boolean

Are we running on the queue, else (implied) a local HTTP server?

Returns:

• (Boolean)

# File 'lib/hoodoo/services/middleware/middleware.rb', line 359

def self.on_queue?

  # See also ::clear_queue_configuration_cache!.
  #
  @@amq_uri ||= ENV[ 'AMQ_URI' ]
  @@amq_uri.nil? == false && @@amq_uri.empty? == false

end

.record_host_and_port(options = {}) ⇒ Object

Record internally the HTTP host and port during local development via e.g rackup or testing with rspec. This is usually not called directly except via the Rack startup monkey patch code in rack_monkey_patch.rb.

Options hash :Host and :Port entries are recorded.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 537

def self.record_host_and_port( options = {} )
  @@recorded_host = options[ :Host ]
  @@recorded_port = options[ :Port ]
end

.service_name ⇒ Object

Return a service ‘name’ derived from the service’s collection of declared resources. The name will be the same across any instances of the service that implement the same resources. This can be used for e.g. AMQP-based queue-named operations, that want to target the same resource collection regardless of instance.

This method will not work unless the middleware has parsed the set of service interface declarations (during instance initialisation). If a least one middleware instance has already been created, it is safe to call.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 386

def self.service_name
  @@service_name
end

.session_store_engine ⇒ Object

Return a symbolised key for the transient storage engine as defined in the environment variable SESSION_STORE_ENGINE (with :memcached as a legacy fallback if ::has_memcached? is true, else default is nil).

The SESSION_STORE_ENGINE environment variable must contain an entry from Hoodoo::TransientStore::supported_storage_engines. This collection is initialised by either requiring the top-level hoodoo file to pull in everything, requiring hoodoo/transient_store to pull in all currently defined transient store engines or requiring the following in order to pull in a specific engine - in this example, redis:

require 'hoodoo/transient_store/transient_store'
require 'hoodoo/transient_store/transient_store/base'
require 'hoodoo/transient_store/transient_store/redis'

If the engine requested appears to be unsupported, this method returns nil.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 329

def self.session_store_engine
  if (
    ! defined?( @@session_store_engine ) ||
    @@session_store_engine.nil?          ||
    @@session_store_engine.empty?
  )
    default = self.has_memcached? ? 'memcached' : ''
    engine = ( ENV[ 'SESSION_STORE_ENGINE' ] || default ).to_sym()

    if Hoodoo::TransientStore::supported_storage_engines.include?( engine )
      @@session_store_engine = engine
    else
      @@session_store_engine = nil
    end
  end

  @@session_store_engine
end

.session_store_uri ⇒ Object

Return configuration for the selected Hoodoo::TransientStore engine, as a flat String (IP address/ port combination) or a serialised JSON string with symbolised keys, defining a URI for each supported storage engine defined (required if <tt>ENV[ ‘SESSION_STORE_ENGINE’ ]</yy> defines a multi-engine strategy).

Checks for the engine agnostic environment variable SESSION_STORE_URI first then uses #memcached_host as a legacy fallback.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 303

def self.session_store_uri

  # See also ::clear_session_store_configuration_cache!
  #
  @@session_store_uri ||= ( ENV[ 'SESSION_STORE_URI' ] || self.memcached_host() )

end

.set_log_folder(base_path) ⇒ Object

If using the middleware logger (see ::logger) with no external custom logger set up (see ::set_logger), call here to configure the folder used for logs when file output is active.

If you don’t do this at least once, no log file output can occur.

You can call more than once to output to more than one log folder.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.

base_path

Path to folder to use for logs; file “#environment.log” may be written inside (see ::environment).

# File 'lib/hoodoo/services/middleware/middleware.rb', line 478

def self.set_log_folder( base_path )
  self.send( :add_file_logging, base_path )
end

.set_logger(logger) ⇒ Object

The middleware sets up a logger itself (see ::logger) with various log mechanisms set up (mostly) without service author intervention.

If you want to completely override the middleware’s logger and replace it with your own at any time (not recommended), call here.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.

logger

Alternative Hoodoo::Logger instance to use for all middleware logging from this point onwards. The value will subsequently be returned by the ::logger class method.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 455

def self.set_logger( logger )
  unless logger.is_a?( Hoodoo::Logger )
    raise "Hoodoo::Communicators::set_logger must be called with an instance of Hoodoo::Logger only"
  end

  @@external_logger = true
  @@logger          = logger
end

.set_test_session(session) ⇒ Object

Set the test session instance. See ::test_session for details.

session

A Hoodoo::Services::Session instance to use as the test session instance for any subsequently-made requests. If nil, the test session system acts as if an invalid or missing session ID had been supplied.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 524

def self.set_test_session( session )
  @@test_session = session
end

.set_verbose_logging(verbose) ⇒ Object

Set verbose logging. With verbose logging enabled, additional payload data is added - most notably, full session details (where possible) are included in each log message. These can increase log data size considerably, but may be useful if you encounter session-related errors or general operational issues and need log data to provide more insights.

Verbose logging is disabled by default.

verbose

true to enable verbose logging, false to disable it. The default is false.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 494

def self.set_verbose_logging( verbose )
  @@verbose_logging = verbose
end

.test_session ⇒ Object

A Hoodoo::Services::Session instance to use for tests or when no local Hoodoo::TransientStore instance is known about (environment variable SESSION_STORE_ENGINE and SESSION_STORE_URI are not set). The session is (eventually) read each time a request is made via Rack (through #call).

“Out of the box”, DEFAULT_TEST_SESSION is used.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 513

def self.test_session
  @@test_session
end

.verbose_logging? ⇒ Boolean

Returns true if verbose logging is enabled, else false. For more, see ::set_verbose_logging.

Returns:

• (Boolean)

# File 'lib/hoodoo/services/middleware/middleware.rb', line 501

def self.verbose_logging?
  defined?( @@verbose_logging ) ? @@verbose_logging : false
end

Instance Method Details

#call(env) ⇒ Object

Run a Rack request, returning the [status, headers, body-array] data as per the Rack protocol requirements.

env Rack environment.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 656

def call( env )

  # Global exception handler - catch problems in service implementations
  # and send back a 500 response as per API documentation (if possible).
  #
  begin

    enable_alchemy_logging_from( env )

    interaction = Hoodoo::Services::Middleware::Interaction.new( env, self )
    debug_log( interaction )

    early_response = preprocess( interaction )
    return early_response unless early_response.nil?

    response = interaction.context.response

    process( interaction )     unless response.halt_processing?
    postprocess( interaction ) unless response.halt_processing?

    return respond_for( interaction )

  rescue => exception
    begin
      if interaction && interaction.context
        ExceptionReporting.contextual_report( exception, interaction.context )
      else
        ExceptionReporting.report( exception, env )
      end

      record_exception( interaction, exception )

      return respond_for( interaction )

    rescue => inner_exception
      begin
        backtrace       = ''
        inner_backtrace = ''

        if self.class.environment.test? || self.class.environment.development?
          backtrace       = exception.backtrace
          inner_backtrace = inner_exception.backtrace
        else
          ''
        end

        @@logger.error(
          'Hoodoo::Services::Middleware#call',
          'Middleware exception in exception handler',
          inner_exception.to_s,
          inner_backtrace.to_s,
          '...while handling...',
          exception.to_s,
          backtrace.to_s
        )
      rescue
        # Ignore logger exceptions. Can't do anything about them. Just
        # try and get the response back to the client now.
      end

      # An exception in the exception handler! Oh dear.
      #
      rack_response = Rack::Response.new
      rack_response.status = 500
      rack_response.write( 'Middleware exception in exception handler' )
      return rack_response.finish

    end
  end
end

#inter_resource_endpoint_for(resource, version, interaction) ⇒ Object

Return something that behaves like a Hoodoo::Client::Endpoint subclass instance which can be used for inter-resource communication, whether the target endpoint implementation is local or remote.

resource

Resource name for the endpoint, e.g. :Purchase. String or symbol.

version

Required implemented version for the endpoint. Integer.

interaction

The Hoodoo::Services::Middleware::Interaction instance describing the inbound call, the processing of which is leading to a request for an inter-resource call by an endpoint implementation.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 741

def inter_resource_endpoint_for( resource, version, interaction )
  resource = resource.to_sym
  version  = version.to_i

  # Build a Hash of any options which should be transferred from one
  # endpoint to another for inter-resource calls, along with other
  # options common to local and remote endpoints.

  endpoint_options = {
    :interaction => interaction,
    :locale      => interaction.context.request.locale,
  }

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |
    property = description[ :property ]

    if description[ :auto_transfer ] == true
      endpoint_options[ property ] = interaction.context.request.send( property )
    end
  end

  if @discoverer.is_local?( resource, version )

    # For local inter-resource calls, return the middleware's endpoint
    # for that. In turn, if used this calls into #inter_resource_local.

    discovery_result = @@services.find do | entry |
      interface = entry.interface_class
      interface.resource == resource && interface.version == version
    end

    if discovery_result.nil?
      raise "Hoodoo::Services::Middleware\#inter_resource_endpoint_for: Internal error - version #{ version } of resource #{ resource } endpoint is local according to the discovery engine, but no local service discovery record can be found"
    end

    endpoint_options[ :discovery_result ] = discovery_result

    return Hoodoo::Services::Middleware::InterResourceLocal.new(
      resource,
      version,
      endpoint_options
    )

  else

    # For remote inter-resource calls, use Hoodoo::Client's endpoint
    # factory to get a (say) HTTP or AMQP contact endpoint, but then
    # wrap it with the middleware's remote call endpoint, since the
    # request requires extra processing before it goes to the Client
    # (e.g. session permission augmentation) and the result needs
    # extra processing before it is returned to the caller (e.g.
    # delete an augmented session, annotate any errors from call).

    endpoint_options[ :discoverer ] = @discoverer
    endpoint_options[ :session    ] = interaction.context.session

    wrapped_endpoint = Hoodoo::Client::Endpoint.endpoint_for(
      resource,
      version,
      endpoint_options
    )

    if wrapped_endpoint.is_a?( Hoodoo::Client::Endpoint::AMQP ) && defined?( @@alchemy )
      wrapped_endpoint.alchemy = @@alchemy
    end

    # Using "ForRemote" here is redundant - we could just as well
    # pass wrapped_endpoint directly to an option in the
    # InterResourceRemote class - but keeping "with the pattern"
    # just sort of 'seems right' and might be useful in future.

    discovery_result = Hoodoo::Services::Discovery::ForRemote.new(
      :resource         => resource,
      :version          => version,
      :wrapped_endpoint => wrapped_endpoint
    )

    return Hoodoo::Services::Middleware::InterResourceRemote.new(
      resource,
      version,
      {
        :interaction      => interaction,
        :discovery_result => discovery_result
      }
    )
  end
end

#inter_resource_local(source_interaction:, discovery_result:, endpoint:, action:, ident: nil, body_hash: nil, query_hash: nil) ⇒ Object

Make a local (non-HTTP local Ruby method call) inter-resource call. This is fast compared to any remote resource call, even though there is still a lot of overhead involved in setting up data so that the target resource “sees” the call in the same way as any other.

Named parameters are as follows:

source_interaction

A Hoodoo::Services::Middleware::Interaction instance for the inbound call which is being processed right now by some resource endpoint implementation and this implementation is now making an inter-resource call as part of its processing;

discovery_result

A Hoodoo::Services::Discovery::ForLocal instance describing the target of the inter-resource call;

endpoint

The calling Hoodoo::Client::Endpoint subclass instance (used for e.g. locale, dated-at);

action

A Hoodoo::Services::Middleware::ALLOWED_ACTIONS entry;

ident

UUID or other unique identifier of a resource instance. Required for show, update and delete actions, ignored for others;

query_hash

Optional Hash of query data to be turned into a query string - applicable to any action;

body_hash

Hash of data to convert to a body string using the source interaction’s described content type. Required for create and update actions, ignored for others.

A Hoodoo::Client::AugmentedArray or Hoodoo::Client::AugmentedHash is returned from these methods; @response or the wider processing context is not automatically modified. Callers MUST use the methods provided by Hoodoo::Client::AugmentedBase to detect and handle error conditions, unless for some reason they wish to ignore inter-resource call errors.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 870

def inter_resource_local( source_interaction:,
                          discovery_result:,
                          endpoint:,
                          action:,
                          ident:      nil,
                          body_hash:  nil,
                          query_hash: nil )

  # We must construct a call context for the local service. This means
  # a local request object which we fill in with data just as if we'd
  # parsed an inbound HTTP request and a response object that contains
  # the usual default data.

  interface      = discovery_result.interface_class
  implementation = discovery_result.implementation_instance

  # Need to possibly augment the caller's session - same rationale
  # as #local_service_remote, so see that for details.

  session = source_interaction.context.session

  unless session.nil? || source_interaction.using_test_session?
    session = session.augment_with_permissions_for( source_interaction )
  end

  if session == false
    hash = Hoodoo::Client::AugmentedHash.new
    hash.platform_errors.add_error( 'platform.invalid_session' )
    return hash
  end

  mock_rack_env = {
    'HTTP_X_INTERACTION_ID' => source_interaction.interaction_id
  }

  local_interaction = Hoodoo::Services::Middleware::Interaction.new(
    mock_rack_env,
    self,
    session
  )

  local_interaction.target_interface           = interface
  local_interaction.target_implementation      = implementation
  local_interaction.requested_content_type     = source_interaction.requested_content_type
  local_interaction.requested_content_encoding = source_interaction.requested_content_encoding

  # For convenience...

  local_request  = local_interaction.context.request
  local_response = local_interaction.context.response

  # Carry through any endpoint-specified request orientated attributes.

  local_request.locale = endpoint.locale

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |
    property        = description[ :property        ]
    property_writer = description[ :property_writer ]

    value = endpoint.send( property )

    local_request.send( property_writer, value ) unless value.nil?
  end

  # Initialise the response data.

  set_common_response_headers( local_interaction )
  update_response_for( local_response, interface )

  # Work out what kind of result the caller is expecting.

  result_class = if action == :list
    Hoodoo::Client::AugmentedArray
  else
    Hoodoo::Client::AugmentedHash
  end

  # Add errors from the local service response into an augmented object
  # for responding early (via a Proc for internal reuse later).

  add_local_errors = Proc.new {
    result                  = result_class.new
    result.response_options = Hoodoo::Client::Headers.x_header_to_options(
      local_response.headers
    )

    result.platform_errors.merge!( local_response.errors )
    result
  }

  # Figure out initial action / authorisation results for this request.
  # We may still have to construct a context and ask the service after.

  upc  = []
  upc << ident unless ident.nil? || ident.empty?

  local_interaction.requested_action = action
  authorisation                      = determine_authorisation( local_interaction )

  # In addition, check security on any would-have-been-a-secured-header
  # property.

  return add_local_errors.call() if local_response.halt_processing?

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |

    next if description[ :secured ] != true
    next if endpoint.send( description[ :property ] ).nil?

    real_header = description[ :header ]

    if (
         session.respond_to?( :scoping ) == false ||
         session.scoping.respond_to?( :authorised_http_headers ) == false ||
         session.scoping.authorised_http_headers.respond_to?( :include? ) == false ||
         (
           session.scoping.authorised_http_headers.include?( rack_header ) == false &&
           session.scoping.authorised_http_headers.include?( real_header ) == false
         )
       )

      local_response.errors.add_error( 'platform.forbidden' )
      break
    end
  end

  return add_local_errors.call() if local_response.halt_processing?

  deal_with_x_assume_identity_of( local_interaction )

  return add_local_errors.call() if local_response.halt_processing?

  # Construct the local request details.

  local_request.uri_path_components = upc
  local_request.uri_path_extension  = ''

  unless query_hash.nil?
    query_hash = Hoodoo::Utilities.stringify( query_hash )

    # This is for inter-resource local calls where a service author
    # specifies ":_embed => 'foo'" accidentally, forgetting that it
    # should be a single element array. It's such a common mistake
    # that we tolerate it here. Same for "_reference".

    data = query_hash[ '_embed' ]
    query_hash[ '_embed' ] = [ data ] if data.is_a?( ::String ) || data.is_a?( ::Symbol )

    data = query_hash[ '_reference' ]
    query_hash[ '_reference' ] = [ data ] if data.is_a?( ::String ) || data.is_a?( ::Symbol )

    # Regardless, make sure embed/reference array data contains strings.

    query_hash[ '_embed'     ].map!( &:to_s ) unless query_hash[ '_embed'     ].nil?
    query_hash[ '_reference' ].map!( &:to_s ) unless query_hash[ '_reference' ].nil?

    process_query_hash( local_interaction, query_hash )
  end

  local_request.body = body_hash

  # The inter-resource local backend does not accept or process the
  # equivalent of the X-Resource-UUID "set the ID to <this>" HTTP
  # header, so we do not call "maybe_update_body_data_for()" here;
  # we only need to validate it.
  #
  if ( action == :create || action == :update )
    validate_body_data_for( local_interaction )
  end

  return add_local_errors.call() if local_response.halt_processing?

  # Can now, if necessary, do a final check with the target endpoint
  # for authorisation.

  if authorisation == Hoodoo::Services::Permissions::ASK
    ask_for_authorisation( local_interaction )
    return add_local_errors.call() if local_response.halt_processing?
  end

  # Dispatch the call.

  debug_log( local_interaction, 'Dispatching local inter-resource call', local_request.body )
  dispatch( local_interaction )

  # If we get this far the interim session isn't needed. We might have
  # exited early due to errors above and left this behind, but that's not
  # the end of the world - it'll expire out of the Hoodoo::TransientStore
  # eventually.
  #
  if session &&
     source_interaction.context &&
     source_interaction.context.session &&
     session.session_id != source_interaction.context.session.session_id

    # Ignore errors, there's nothing much we can do about them and in
    # the worst case we just have to wait for this to expire naturally.

    session.delete_from_store()
  end

  # Extract the returned data, handling error conditions.

  if local_response.halt_processing?
    result = result_class.new
    result.set_platform_errors(
      annotate_errors_from_other_resource( local_response.errors )
    )

  else
    body = local_response.body

    if action == :list && body.is_a?( ::Array )
      result                        = Hoodoo::Client::AugmentedArray.new( body )
      result.dataset_size           = local_response.dataset_size
      result.estimated_dataset_size = local_response.estimated_dataset_size

    elsif action != :list && body.is_a?( ::Hash )
      result = Hoodoo::Client::AugmentedHash[ body ]

    elsif local_request.deja_vu && body == ''
      result = result_class.new

    else
      raise "Hoodoo::Services::Middleware: Unexpected response type '#{ body.class.name }' received from a local inter-resource call for action '#{ action }'"

    end

  end

  result.response_options = Hoodoo::Client::Headers.x_header_to_options(
    local_response.headers
  )

  return result
end

#monkey_log_inbound_request(interaction) ⇒ Object

Make an “inbound” call log based on the given interaction.

interaction

Hoodoo::Services::Middleware::Interaction describing the inbound request. The interaction_id, rack_request and session data is used (the latter being optional). If target_interface and requested_action are available, body data might be logged according to secure log settings in the interface; if these values are unset, body data is not logged.

# File 'lib/hoodoo/services/middleware/middleware.rb', line 1117

def monkey_log_inbound_request( interaction )

  data = build_common_log_data_for( interaction )

  # Annoying dance required to extract all HTTP header data from Rack.

  env     = interaction.rack_request.env
  headers = env.select do | key, value |
    key.to_s.match( /^HTTP_/ )
  end

  headers[ 'CONTENT_TYPE'   ] = env[ 'CONTENT_TYPE'   ]
  headers[ 'CONTENT_LENGTH' ] = env[ 'CONTENT_LENGTH' ]

  data[ :payload ] = {
    :method  => env[ 'REQUEST_METHOD', ],
    :scheme  => env[ 'rack.url_scheme' ],
    :host    => env[ 'SERVER_NAME'     ],
    :port    => env[ 'SERVER_PORT'     ],
    :script  => env[ 'SCRIPT_NAME'     ],
    :path    => env[ 'PATH_INFO'       ],
    :query   => env[ 'QUERY_STRING'    ],
    :headers => headers
  }

  # Deal with body data and security issues.

  secure    = true
  interface = interaction.target_interface
  action    = interaction.requested_action

  unless interface.nil? || action.nil?
    secure_log_actions = interface.secure_log_for()
    secure_type        = secure_log_actions[ action ]

    # Allow body logging if there's no security specified for this action
    # or the security is specified for the response only (since we log the
    # request here).
    #
    # This means values of :both or :request will leave "secure" unchanged,
    # as will any other unexpected value that might get specified.

    secure = false if secure_type.nil? || secure_type == :response
  end

  # Compile the remaining log payload and send it.

  unless secure
    body = interaction.rack_request.body.read( MAXIMUM_LOGGED_PAYLOAD_SIZE )
           interaction.rack_request.body.rewind()

    data[ :payload ][ :body ] = body
  end

  @@logger.report(
    :info,
    :Middleware,
    :inbound,
    data
  )

  return nil
end