Class: Hoodoo::Services::Middleware

Inherits:
Object
  • Object
show all
Defined in:
lib/hoodoo/services/middleware/middleware.rb,
lib/hoodoo/services/middleware/interaction.rb,
lib/hoodoo/services/middleware/amqp_log_writer.rb,
lib/hoodoo/services/middleware/endpoints/inter_resource_local.rb,
lib/hoodoo/services/middleware/endpoints/inter_resource_remote.rb,
lib/hoodoo/services/middleware/exception_reporting/base_reporter.rb,
lib/hoodoo/services/middleware/exception_reporting/exception_reporting.rb,
lib/hoodoo/services/middleware/exception_reporting/reporters/airbrake_reporter.rb

Overview

Just used as a namespace here

Defined Under Namespace

Classes: AMQPLogWriter, ExceptionReporting, InterResourceLocal, InterResourceRemote, Interaction

Constant Summary collapse

ALLOWED_ACTIONS =

:category: Public constants

All allowed action names in implementations, used for internal checks. This is also the default supported set of actions. Symbols.

[
  :list,
  :show,
  :create,
  :update,
  :delete,
]
ALLOWED_HTTP_METHODS =

All allowed HTTP methods, related to ALLOWED_ACTIONS.

Set.new( %w( GET POST PATCH DELETE ) )
ALLOWED_QUERIES_LIST =

Allowed common fields in query strings (list actions only). Strings.

Only ever add to this list. As the API evolves, legacy clients will be calling with previously documented query strings and removing any entries from the list below could cause their requests to be rejected with a ‘platform.malformed’ error.

[
  'offset',
  'limit',
  'sort',
  'direction',
  'search',
  'filter'
]
ALLOWED_QUERIES_ALL =

Allowed common fields in query strings (all actions). Strings. Adds to the ::ALLOWED_QUERIES_LIST for list actions.

Only ever add to this list. As the API evolves, legacy clients will be calling with previously documented query strings and removing any entries from the list below could cause their requests to be rejected with a ‘platform.malformed’ error.

[
  '_embed',
  '_reference'
]
SUPPORTED_MEDIA_TYPES =

Allowed media types in Content-Type headers.

[ 'application/json' ]
SUPPORTED_ENCODINGS =

Allowed (required) charsets in Content-Type headers.

[ 'utf-8' ]
PROHIBITED_INBOUND_FIELDS =

Prohibited fields in creations or updates - these are the common fields specified in the API, which are emergent in the platform or are set via other routes (e.g. “language” comes from HTTP headers in requests). This is obtained via the Hoodoo::Presenters::CommonResourceFields class and its described field schema, so see that for details.

Hoodoo::Presenters::CommonResourceFields.get_schema().properties.keys
MAXIMUM_PAYLOAD_SIZE =

Somewhat arbitrary maximum incoming payload size to prevent ham-fisted DOS attempts to consume RAM.

1048576
MAXIMUM_LOGGED_PAYLOAD_SIZE =

Maximum logged payload (inbound data) size. Keep consistent with max payload size so data is not lost from the logs.

MAXIMUM_PAYLOAD_SIZE
MAXIMUM_LOGGED_RESPONSE_SIZE =

Maximum logged response (outbound data) size. Keep consistent with max payload size so data is not lost from the logs.

MAXIMUM_PAYLOAD_SIZE
DEFAULT_TEST_SESSION =

The default test session; a Hoodoo::Services::Session instance with the following characteristics:

Session ID

01234567890123456789012345678901

Caller ID

c5ea12fb7f414a46850e73ee1bf6d95e

Caller Version

1

Permissions

Default/else/“allow” to allow all actions

Identity

Has caller_id as its only field

Scoping

All secured HTTP headers are allowed

Expires at: Now plus 2 days

See also ::test_session and ::set_test_session.

Hoodoo::Services::Session.new
FRAMEWORK_QUERY_VALUE_DATE_PROC =

A validation Proc for FRAMEWORK_QUERY_DATA - see that for details. This one ensures that the value is a valid ISO 8601 subset date/time string and evaluates to the parsed version of that string if so.

-> ( value ) {
  Hoodoo::Utilities.valid_iso8601_subset_datetime?( value ) ?
  Hoodoo::Utilities.rationalise_datetime( value )           :
  nil
}
FRAMEWORK_QUERY_VALUE_UUID_PROC =

A validation Proc for FRAMEWORK_QUERY_DATA - see that for details. This one ensures that the value is a valid UUID and evaluates to that UUID string if so.

-> ( value ) {
  value = Hoodoo::UUID.valid?( value ) && value
  value || nil # => 'value' if 'value' is truthy, 'nil' if 'value' falsy
}
FRAMEWORK_QUERY_DATA =

Out-of-box search and filter query keys. Interfaces can override the support for these inside the Hoodoo::Services::Interface.to_list block using Hoodoo::Services::Interface::ToListDSL.do_not_search and Hoodoo::Services::Interface::ToListDSL.do_not_filter.

Keys, in order, are:

  • Query key to detect records with a created_at date that is after the given value, in supporting resource; if used as a filter instead of a search string, would find records on-or-before the date.

  • Query key to detect records with a created_at date that is before the given value, in supporting resource; if used as a filter instead of a search string, would find records on-or-after the date.

Values are either a validation Proc or nil for no validation. The Proc takes the search query value as its sole input parameter and must evaluate to the input value either unmodified or in some canonicalised form if it is valid, else to nil if the input value is invalid. The canonicalisation is typically used to coerce a URI query string based String type into a more useful comparable entity such as an Integer or DateTime.

IMPORTANT - if this list is changed, any database support modules - e.g. in Hoodoo::ActiveRecord::Support - will need any internal mapping of “framework query keys to module-appropriate query code” updating.

{
  'created_after'  => FRAMEWORK_QUERY_VALUE_DATE_PROC,
  'created_before' => FRAMEWORK_QUERY_VALUE_DATE_PROC,
  'created_by'     => FRAMEWORK_QUERY_VALUE_UUID_PROC
}

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Middleware

Initialize the middleware instance.

app Rack app instance to which calls should be passed.



560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
# File 'lib/hoodoo/services/middleware/middleware.rb', line 560

def initialize( app )

  service_container = app

  if defined?( NewRelic ) &&
     defined?( NewRelic::Agent ) &&
     defined?( NewRelic::Agent::Instrumentation ) &&
     defined?( NewRelic::Agent::Instrumentation::MiddlewareProxy ) &&
     service_container.is_a?( NewRelic::Agent::Instrumentation::MiddlewareProxy )

    if service_container.respond_to?( :target )
      service_container = service_container.target()
    else
      raise "Hoodoo::Services::Middleware instance created with NewRelic-wrapped Service entity, but NewRelic API is not as expected by Hoodoo; incompatible NewRelic version."
    end
  end

  unless service_container.is_a?( Hoodoo::Services::Service )
    raise "Hoodoo::Services::Middleware instance created with non-Service entity of class '#{ service_container.class }' - is this the last middleware in the chain via 'use()' and is Rack 'run()'-ing the correct thing?"
  end

  # Collect together the implementation instances and the matching regexps
  # for endpoints. An array of hashes.
  #
  # Key              Value
  # =======================================================================
  # regexp           Regexp for +String#match+ on the URI path component
  # interface        Hoodoo::Services::Interface subclass associated with
  #                  the endpoint regular expression in +regexp+
  # actions          Set of symbols naming allowed actions
  # implementation   Hoodoo::Services::Implementation subclass *instance* to
  #                  use on match
  #
  @@services = service_container.component_interfaces.map do | interface |

    if interface.nil? || interface.endpoint.nil? || interface.implementation.nil?
      raise "Hoodoo::Services::Middleware encountered invalid interface class #{ interface } via service class #{ service_container.class }"
    end

    # If anything uses a public interface, we need to tell ourselves that
    # the early exit session check can't be done.
    #
    interfaces_have_public_methods() unless interface.public_actions.empty?

    # There are two routes to an implementation - one via the custom path
    # given through its 'endpoint' declaration, the other a de facto path
    # determined from the unmodified version and resource name. Both lead
    # to the same implementation instance.
    #
    implementation_instance = interface.implementation.new

    # Regexp explanation:
    #
    # Match "/", the version text, "/", the endpoint text, then either
    # another "/", a "." or the end of the string, followed by capturing
    # everything else. Match data index 1 will be whatever character (if
    # any) followed after the endpoint ("/" or ".") while index 2 contains
    # everything else.
    #
    custom_path   = "/v#{ interface.version }/#{ interface.endpoint }"
    custom_regexp = /^\/v#{ interface.version }\/#{ interface.endpoint }(\.|\/|$)(.*)/

    # Same as above, but for the de facto routing.
    #
    de_facto_path   = self.class.de_facto_path_for( interface.resource, interface.version )
    de_facto_regexp = /^\/#{ interface.version }\/#{ interface.resource }(\.|\/|$)(.*)/

    Hoodoo::Services::Discovery::ForLocal.new(
      :resource                => interface.resource,
      :version                 => interface.version,
      :base_path               => custom_path,
      :routing_regexp          => custom_regexp,
      :de_facto_base_path      => de_facto_path,
      :de_facto_routing_regexp => de_facto_regexp,
      :interface_class         => interface,
      :implementation_instance => implementation_instance
    )

  end

  # Determine the service name from the resources above then announce
  # the whole collection to any interested discovery engines.

  sorted_resources = @@services.map() { | service | service.resource }.sort()
  @@service_name   = "service.#{ sorted_resources.join( '_' ) }"

  announce_presence_of( @@services )
end

Class Method Details

.clear_memcached_configuration_cache!Object

This method is intended really just for testing purposes; it clears the internal cache of Memcached data read from environment variables.



288
289
290
# File 'lib/hoodoo/services/middleware/middleware.rb', line 288

def self.clear_memcached_configuration_cache!
  @@memcached_host = nil
end

.clear_queue_configuration_cache!Object

This method is intended really just for testing purposes; it clears the internal cache of AMQP queue data read from environment variables.



369
370
371
# File 'lib/hoodoo/services/middleware/middleware.rb', line 369

def self.clear_queue_configuration_cache!
  @@amq_uri = nil
end

.clear_session_store_configuration_cache!Object

This method is intended really just for testing purposes; it clears the internal cache of session storage engine data read from environment variables.



350
351
352
353
# File 'lib/hoodoo/services/middleware/middleware.rb', line 350

def self.clear_session_store_configuration_cache!
  @@session_store_engine = nil
  @@session_store_uri    = nil
end

.de_facto_path_for(resource, version) ⇒ Object

For a given resource name and version, return the de facto routing path based on version and name with no modifications.

resource

Resource name for the endpoint, e.g. :Purchase. String or symbol.

version

Implemented version of the endpoint. Integer.



396
397
398
# File 'lib/hoodoo/services/middleware/middleware.rb', line 396

def self.de_facto_path_for( resource, version )
  "/#{ version }/#{ resource }"
end

.environmentObject

Utility - returns the execution environment as a Rails-like environment object which answers queries like production? or staging? with true or false according to the RACK_ENV environment variable setting.

Example:

if Hoodoo::Services::Middleware.environment.production?
  # ...do something only if RACK_ENV="production"
end


244
245
246
# File 'lib/hoodoo/services/middleware/middleware.rb', line 244

def self.environment
  @@environment ||= Hoodoo::StringInquirer.new( ENV[ 'RACK_ENV' ] || 'development' )
end

.flush_services_for_testObject

For test purposes, dump the internal service records and flush the DRb service, if it is running. Existing middleware instances will be invalidated. New instances must be created to re-scan their services internally and (where required) inform the DRb process of the endpoints.



546
547
548
549
550
551
552
553
554
# File 'lib/hoodoo/services/middleware/middleware.rb', line 546

def self.flush_services_for_test
  @@services     = []
  @@service_name = nil

  ObjectSpace.each_object( self ) do | middleware_instance |
    discoverer = middleware_instance.instance_variable_get( '@discoverer' )
    discoverer.flush_services_for_test() if discoverer.respond_to?( :flush_services_for_test )
  end
end

.has_memcached?Boolean

This method is deprecated. Use ::has_session_store? instead.

Return a boolean value for whether Memcached is explicitly defined as the Hoodoo::TransientStore engine. In previous versions, a nil response used to indicate local development without a queue available, but that is not a valid assumption in modern code.

Returns:

  • (Boolean)


255
256
257
258
# File 'lib/hoodoo/services/middleware/middleware.rb', line 255

def self.has_memcached?
  m = self.memcached_host()
  m.nil? == false && m.empty? == false
end

.has_session_store?Boolean

Return a boolean value for whether an environment variable declaring Hoodoo::TransientStore engine URI(s) have been defined by service author.

Returns:

  • (Boolean)


263
264
265
266
# File 'lib/hoodoo/services/middleware/middleware.rb', line 263

def self.has_session_store?
  config = self.session_store_uri()
  config.nil? == false && config.empty? == false
end

.loggerObject

Access the middleware’s logging instance. Call report on this to make structured log entries. See Hoodoo::Logger::WriterMixin#report along with Hoodoo::Logger for other calls you can use.

The logging system ‘wakes up’ in stages. Initially, only console based output is added, as the Middleware Ruby code is parsed and configures a basic logger. If you call ::set_log_folder, file-based logging may be available. In AMQP based environments, queue based logging will become automatically available via Rack and the Alchemy gem once the middleware starts handling its very first request, but not before.

With this in mind, the logger is ultimately configured with a set of writers as follows:

  • If off queue:

    • All RACK_ENV values (including “test”):

    • RACK_ENV “development”

      • Also to $stdout

  • If on queue:

    • RACK ENV “test”

      • File “log/test.log”

    • All other RACK_ENV values

      • AMQP writer (see below)

    • RACK_ENV “development”

      • Also to $stdout

Or to put it another way, in test mode only file output to ‘test.log’ happens; in development mode $stdout always happens; and in addition for non-test environment, you’ll get a queue-based or file-based logger depending on whether or not a queue is available.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.



436
437
438
# File 'lib/hoodoo/services/middleware/middleware.rb', line 436

def self.logger
  @@logger # See self.set_up_basic_logging and self.set_logger
end

.memcached_hostObject

This method is deprecated. Use ::session_store_uri instead.

Return a Memcached host (IP address/port combination) as a String if defined in environment variable MEMCACHED_HOST (with MEMCACHE_URL also accepted as a legacy fallback).

If this returns nil or an empty string, there’s no defined Memcached host available.



277
278
279
280
281
282
283
# File 'lib/hoodoo/services/middleware/middleware.rb', line 277

def self.memcached_host

  # See also ::clear_memcached_configuration_cache!.
  #
  @@memcached_host ||= ENV[ 'MEMCACHED_HOST' ] || ENV[ 'MEMCACHE_URL' ]

end

.on_queue?Boolean

Are we running on the queue, else (implied) a local HTTP server?

Returns:

  • (Boolean)


357
358
359
360
361
362
363
364
# File 'lib/hoodoo/services/middleware/middleware.rb', line 357

def self.on_queue?

  # See also ::clear_queue_configuration_cache!.
  #
  @@amq_uri ||= ENV[ 'AMQ_URI' ]
  @@amq_uri.nil? == false && @@amq_uri.empty? == false

end

.record_host_and_port(options = {}) ⇒ Object

Record internally the HTTP host and port during local development via e.g rackup or testing with rspec. This is usually not called directly except via the Rack startup monkey patch code in rack_monkey_patch.rb.

Options hash :Host and :Port entries are recorded.



535
536
537
538
# File 'lib/hoodoo/services/middleware/middleware.rb', line 535

def self.record_host_and_port( options = {} )
  @@recorded_host = options[ :Host ]
  @@recorded_port = options[ :Port ]
end

.service_nameObject

Return a service ‘name’ derived from the service’s collection of declared resources. The name will be the same across any instances of the service that implement the same resources. This can be used for e.g. AMQP-based queue-named operations, that want to target the same resource collection regardless of instance.

This method will not work unless the middleware has parsed the set of service interface declarations (during instance initialisation). If a least one middleware instance has already been created, it is safe to call.



384
385
386
# File 'lib/hoodoo/services/middleware/middleware.rb', line 384

def self.service_name
  @@service_name
end

.session_store_engineObject

Return a symbolised key for the transient storage engine as defined in the environment variable SESSION_STORE_ENGINE (with :memcached as a legacy fallback if ::has_memcached? is true, else default is nil).

The SESSION_STORE_ENGINE environment variable must contain an entry from Hoodoo::TransientStore::supported_storage_engines. This collection is initialised by either requiring the top-level hoodoo file to pull in everything, requiring hoodoo/transient_store to pull in all currently defined transient store engines or requiring the following in order to pull in a specific engine - in this example, redis:

require 'hoodoo/transient_store/transient_store'
require 'hoodoo/transient_store/transient_store/base'
require 'hoodoo/transient_store/transient_store/redis'

If the engine requested appears to be unsupported, this method returns nil.



327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
# File 'lib/hoodoo/services/middleware/middleware.rb', line 327

def self.session_store_engine
  if (
    ! defined?( @@session_store_engine ) ||
    @@session_store_engine.nil?          ||
    @@session_store_engine.empty?
  )
    default = self.has_memcached? ? 'memcached' : ''
    engine = ( ENV[ 'SESSION_STORE_ENGINE' ] || default ).to_sym()

    if Hoodoo::TransientStore::supported_storage_engines.include?( engine )
      @@session_store_engine = engine
    else
      @@session_store_engine = nil
    end
  end

  @@session_store_engine
end

.session_store_uriObject

Return configuration for the selected Hoodoo::TransientStore engine, as a flat String (IP address/ port combination) or a serialised JSON string with symbolised keys, defining a URI for each supported storage engine defined (required if <tt>ENV[ ‘SESSION_STORE_ENGINE’ ]</yy> defines a multi-engine strategy).

Checks for the engine agnostic environment variable SESSION_STORE_URI first then uses #memcached_host as a legacy fallback.



301
302
303
304
305
306
307
# File 'lib/hoodoo/services/middleware/middleware.rb', line 301

def self.session_store_uri

  # See also ::clear_session_store_configuration_cache!
  #
  @@session_store_uri ||= ( ENV[ 'SESSION_STORE_URI' ] || self.memcached_host() )

end

.set_log_folder(base_path) ⇒ Object

If using the middleware logger (see ::logger) with no external custom logger set up (see ::set_logger), call here to configure the folder used for logs when file output is active.

If you don’t do this at least once, no log file output can occur.

You can call more than once to output to more than one log folder.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.

base_path

Path to folder to use for logs; file “#environment.log” may be written inside (see ::environment).



476
477
478
# File 'lib/hoodoo/services/middleware/middleware.rb', line 476

def self.set_log_folder( base_path )
  self.send( :add_file_logging, base_path )
end

.set_logger(logger) ⇒ Object

The middleware sets up a logger itself (see ::logger) with various log mechanisms set up (mostly) without service author intervention.

If you want to completely override the middleware’s logger and replace it with your own at any time (not recommended), call here.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.

logger

Alternative Hoodoo::Logger instance to use for all middleware logging from this point onwards. The value will subsequently be returned by the ::logger class method.



453
454
455
456
457
458
459
460
# File 'lib/hoodoo/services/middleware/middleware.rb', line 453

def self.set_logger( logger )
  unless logger.is_a?( Hoodoo::Logger )
    raise "Hoodoo::Communicators::set_logger must be called with an instance of Hoodoo::Logger only"
  end

  @@external_logger = true
  @@logger          = logger
end

.set_test_session(session) ⇒ Object

Set the test session instance. See ::test_session for details.

session

A Hoodoo::Services::Session instance to use as the test session instance for any subsequently-made requests. If nil, the test session system acts as if an invalid or missing session ID had been supplied.



522
523
524
# File 'lib/hoodoo/services/middleware/middleware.rb', line 522

def self.set_test_session( session )
  @@test_session = session
end

.set_verbose_logging(verbose) ⇒ Object

Set verbose logging. With verbose logging enabled, additional payload data is added - most notably, full session details (where possible) are included in each log message. These can increase log data size considerably, but may be useful if you encounter session-related errors or general operational issues and need log data to provide more insights.

Verbose logging is disabled by default.

verbose

true to enable verbose logging, false to disable it. The default is false.



492
493
494
# File 'lib/hoodoo/services/middleware/middleware.rb', line 492

def self.set_verbose_logging( verbose )
  @@verbose_logging = verbose
end

.test_sessionObject

A Hoodoo::Services::Session instance to use for tests or when no local Hoodoo::TransientStore instance is known about (environment variable SESSION_STORE_ENGINE and SESSION_STORE_URI are not set). The session is (eventually) read each time a request is made via Rack (through #call).

“Out of the box”, DEFAULT_TEST_SESSION is used.



511
512
513
# File 'lib/hoodoo/services/middleware/middleware.rb', line 511

def self.test_session
  @@test_session
end

.verbose_logging?Boolean

Returns true if verbose logging is enabled, else false. For more, see ::set_verbose_logging.

Returns:

  • (Boolean)


499
500
501
# File 'lib/hoodoo/services/middleware/middleware.rb', line 499

def self.verbose_logging?
  defined?( @@verbose_logging ) ? @@verbose_logging : false
end

Instance Method Details

#call(env) ⇒ Object

Run a Rack request, returning the [status, headers, body-array] data as per the Rack protocol requirements.

env Rack environment.



654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
# File 'lib/hoodoo/services/middleware/middleware.rb', line 654

def call( env )

  # Global exception handler - catch problems in service implementations
  # and send back a 500 response as per API documentation (if possible).
  #
  begin

    enable_alchemy_logging_from( env )

    interaction = Hoodoo::Services::Middleware::Interaction.new( env, self )
    debug_log( interaction )

    early_response = preprocess( interaction )
    return early_response unless early_response.nil?

    response = interaction.context.response

    process( interaction )     unless response.halt_processing?
    postprocess( interaction ) unless response.halt_processing?

    return respond_for( interaction )

  rescue => exception
    begin
      if interaction && interaction.context
        ExceptionReporting.contextual_report( exception, interaction.context )
      else
        ExceptionReporting.report( exception, env )
      end

      record_exception( interaction, exception )

      return respond_for( interaction )

    rescue => inner_exception
      begin
        backtrace       = ''
        inner_backtrace = ''

        if self.class.environment.test? || self.class.environment.development?
          backtrace       = exception.backtrace
          inner_backtrace = inner_exception.backtrace
        else
          ''
        end

        @@logger.error(
          'Hoodoo::Services::Middleware#call',
          'Middleware exception in exception handler',
          inner_exception.to_s,
          inner_backtrace.to_s,
          '...while handling...',
          exception.to_s,
          backtrace.to_s
        )
      rescue
        # Ignore logger exceptions. Can't do anything about them. Just
        # try and get the response back to the client now.
      end

      # An exception in the exception handler! Oh dear.
      #
      rack_response = Rack::Response.new
      rack_response.status = 500
      rack_response.write( 'Middleware exception in exception handler' )
      return rack_response.finish

    end
  end
end

#inter_resource_endpoint_for(resource, version, interaction) ⇒ Object

Return something that behaves like a Hoodoo::Client::Endpoint subclass instance which can be used for inter-resource communication, whether the target endpoint implementation is local or remote.

resource

Resource name for the endpoint, e.g. :Purchase. String or symbol.

version

Required implemented version for the endpoint. Integer.

interaction

The Hoodoo::Services::Middleware::Interaction instance describing the inbound call, the processing of which is leading to a request for an inter-resource call by an endpoint implementation.



739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
# File 'lib/hoodoo/services/middleware/middleware.rb', line 739

def inter_resource_endpoint_for( resource, version, interaction )
  resource = resource.to_sym
  version  = version.to_i

  # Build a Hash of any options which should be transferred from one
  # endpoint to another for inter-resource calls, along with other
  # options common to local and remote endpoints.

  endpoint_options = {
    :interaction => interaction,
    :locale      => interaction.context.request.locale,
  }

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |
    property = description[ :property ]

    if description[ :auto_transfer ] == true
      endpoint_options[ property ] = interaction.context.request.send( property )
    end
  end

  if @discoverer.is_local?( resource, version )

    # For local inter-resource calls, return the middleware's endpoint
    # for that. In turn, if used this calls into #inter_resource_local.

    discovery_result = @@services.find do | entry |
      interface = entry.interface_class
      interface.resource == resource && interface.version == version
    end

    if discovery_result.nil?
      raise "Hoodoo::Services::Middleware\#inter_resource_endpoint_for: Internal error - version #{ version } of resource #{ resource } endpoint is local according to the discovery engine, but no local service discovery record can be found"
    end

    endpoint_options[ :discovery_result ] = discovery_result

    return Hoodoo::Services::Middleware::InterResourceLocal.new(
      resource,
      version,
      endpoint_options
    )

  else

    # For remote inter-resource calls, use Hoodoo::Client's endpoint
    # factory to get a (say) HTTP or AMQP contact endpoint, but then
    # wrap it with the middleware's remote call endpoint, since the
    # request requires extra processing before it goes to the Client
    # (e.g. session permission augmentation) and the result needs
    # extra processing before it is returned to the caller (e.g.
    # delete an augmented session, annotate any errors from call).

    endpoint_options[ :discoverer ] = @discoverer
    endpoint_options[ :session    ] = interaction.context.session

    wrapped_endpoint = Hoodoo::Client::Endpoint.endpoint_for(
      resource,
      version,
      endpoint_options
    )

    if wrapped_endpoint.is_a?( Hoodoo::Client::Endpoint::AMQP ) && defined?( @@alchemy )
      wrapped_endpoint.alchemy = @@alchemy
    end

    # Using "ForRemote" here is redundant - we could just as well
    # pass wrapped_endpoint directly to an option in the
    # InterResourceRemote class - but keeping "with the pattern"
    # just sort of 'seems right' and might be useful in future.

    discovery_result = Hoodoo::Services::Discovery::ForRemote.new(
      :resource         => resource,
      :version          => version,
      :wrapped_endpoint => wrapped_endpoint
    )

    return Hoodoo::Services::Middleware::InterResourceRemote.new(
      resource,
      version,
      {
        :interaction      => interaction,
        :discovery_result => discovery_result
      }
    )
  end
end

#inter_resource_local(source_interaction:, discovery_result:, endpoint:, action:, ident: nil, body_hash: nil, query_hash: nil) ⇒ Object

Make a local (non-HTTP local Ruby method call) inter-resource call. This is fast compared to any remote resource call, even though there is still a lot of overhead involved in setting up data so that the target resource “sees” the call in the same way as any other.

Named parameters are as follows:

source_interaction

A Hoodoo::Services::Middleware::Interaction instance for the inbound call which is being processed right now by some resource endpoint implementation and this implementation is now making an inter-resource call as part of its processing;

discovery_result

A Hoodoo::Services::Discovery::ForLocal instance describing the target of the inter-resource call;

endpoint

The calling Hoodoo::Client::Endpoint subclass instance (used for e.g. locale, dated-at);

action

A Hoodoo::Services::Middleware::ALLOWED_ACTIONS entry;

ident

UUID or other unique identifier of a resource instance. Required for show, update and delete actions, ignored for others;

query_hash

Optional Hash of query data to be turned into a query string - applicable to any action;

body_hash

Hash of data to convert to a body string using the source interaction’s described content type. Required for create and update actions, ignored for others.

A Hoodoo::Client::AugmentedArray or Hoodoo::Client::AugmentedHash is returned from these methods; @response or the wider processing context is not automatically modified. Callers MUST use the methods provided by Hoodoo::Client::AugmentedBase to detect and handle error conditions, unless for some reason they wish to ignore inter-resource call errors.



868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
# File 'lib/hoodoo/services/middleware/middleware.rb', line 868

def inter_resource_local( source_interaction:,
                          discovery_result:,
                          endpoint:,
                          action:,
                          ident:      nil,
                          body_hash:  nil,
                          query_hash: nil )

  # We must construct a call context for the local service. This means
  # a local request object which we fill in with data just as if we'd
  # parsed an inbound HTTP request and a response object that contains
  # the usual default data.

  interface      = discovery_result.interface_class
  implementation = discovery_result.implementation_instance

  # Need to possibly augment the caller's session - same rationale
  # as #local_service_remote, so see that for details.

  session = source_interaction.context.session

  unless session.nil? || source_interaction.using_test_session?
    session = session.augment_with_permissions_for( source_interaction )
  end

  if session == false
    hash = Hoodoo::Client::AugmentedHash.new
    hash.platform_errors.add_error( 'platform.invalid_session' )
    return hash
  end

  mock_rack_env = {
    'HTTP_X_INTERACTION_ID' => source_interaction.interaction_id
  }

  local_interaction = Hoodoo::Services::Middleware::Interaction.new(
    mock_rack_env,
    self,
    session
  )

  local_interaction.target_interface           = interface
  local_interaction.target_implementation      = implementation
  local_interaction.requested_content_type     = source_interaction.requested_content_type
  local_interaction.requested_content_encoding = source_interaction.requested_content_encoding

  # For convenience...

  local_request  = local_interaction.context.request
  local_response = local_interaction.context.response

  # Carry through any endpoint-specified request orientated attributes.

  local_request.locale = endpoint.locale

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |
    property        = description[ :property        ]
    property_writer = description[ :property_writer ]

    value = endpoint.send( property )

    local_request.send( property_writer, value ) unless value.nil?
  end

  # Initialise the response data.

  set_common_response_headers( local_interaction )
  update_response_for( local_response, interface )

  # Work out what kind of result the caller is expecting.

  result_class = if action == :list
    Hoodoo::Client::AugmentedArray
  else
    Hoodoo::Client::AugmentedHash
  end

  # Add errors from the local service response into an augmented object
  # for responding early (via a Proc for internal reuse later).

  add_local_errors = Proc.new {
    result                  = result_class.new
    result.response_options = Hoodoo::Client::Headers.x_header_to_options(
      local_response.headers
    )

    result.platform_errors.merge!( local_response.errors )
    result
  }

  # Figure out initial action / authorisation results for this request.
  # We may still have to construct a context and ask the service after.

  upc  = []
  upc << ident unless ident.nil? || ident.empty?

  local_interaction.requested_action = action
  authorisation                      = determine_authorisation( local_interaction )

  # In addition, check security on any would-have-been-a-secured-header
  # property.

  return add_local_errors.call() if local_response.halt_processing?

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |

    next if description[ :secured ] != true
    next if endpoint.send( description[ :property ] ).nil?

    real_header = description[ :header ]

    if (
         session.respond_to?( :scoping ) == false ||
         session.scoping.respond_to?( :authorised_http_headers ) == false ||
         session.scoping.authorised_http_headers.respond_to?( :include? ) == false ||
         (
           session.scoping.authorised_http_headers.include?( rack_header ) == false &&
           session.scoping.authorised_http_headers.include?( real_header ) == false
         )
       )

      local_response.errors.add_error( 'platform.forbidden' )
      break
    end
  end

  return add_local_errors.call() if local_response.halt_processing?

  deal_with_x_assume_identity_of( local_interaction )

  return add_local_errors.call() if local_response.halt_processing?

  # Construct the local request details.

  local_request.uri_path_components = upc
  local_request.uri_path_extension  = ''

  unless query_hash.nil?
    query_hash = Hoodoo::Utilities.stringify( query_hash )

    # This is for inter-resource local calls where a service author
    # specifies ":_embed => 'foo'" accidentally, forgetting that it
    # should be a single element array. It's such a common mistake
    # that we tolerate it here. Same for "_reference".

    data = query_hash[ '_embed' ]
    query_hash[ '_embed' ] = [ data ] if data.is_a?( ::String ) || data.is_a?( ::Symbol )

    data = query_hash[ '_reference' ]
    query_hash[ '_reference' ] = [ data ] if data.is_a?( ::String ) || data.is_a?( ::Symbol )

    # Regardless, make sure embed/reference array data contains strings.

    query_hash[ '_embed'     ].map!( &:to_s ) unless query_hash[ '_embed'     ].nil?
    query_hash[ '_reference' ].map!( &:to_s ) unless query_hash[ '_reference' ].nil?

    process_query_hash( local_interaction, query_hash )
  end

  local_request.body = body_hash

  # The inter-resource local backend does not accept or process the
  # equivalent of the X-Resource-UUID "set the ID to <this>" HTTP
  # header, so we do not call "maybe_update_body_data_for()" here;
  # we only need to validate it.
  #
  if ( action == :create || action == :update )
    validate_body_data_for( local_interaction )
  end

  return add_local_errors.call() if local_response.halt_processing?

  # Can now, if necessary, do a final check with the target endpoint
  # for authorisation.

  if authorisation == Hoodoo::Services::Permissions::ASK
    ask_for_authorisation( local_interaction )
    return add_local_errors.call() if local_response.halt_processing?
  end

  # Dispatch the call.

  debug_log( local_interaction, 'Dispatching local inter-resource call', local_request.body )
  dispatch( local_interaction )

  # If we get this far the interim session isn't needed. We might have
  # exited early due to errors above and left this behind, but that's not
  # the end of the world - it'll expire out of the Hoodoo::TransientStore
  # eventually.
  #
  if session &&
     source_interaction.context &&
     source_interaction.context.session &&
     session.session_id != source_interaction.context.session.session_id

    # Ignore errors, there's nothing much we can do about them and in
    # the worst case we just have to wait for this to expire naturally.

    session.delete_from_store()
  end

  # Extract the returned data, handling error conditions.

  if local_response.halt_processing?
    result = result_class.new
    result.set_platform_errors(
      annotate_errors_from_other_resource( local_response.errors )
    )

  else
    body = local_response.body

    if action == :list && body.is_a?( ::Array )
      result                        = Hoodoo::Client::AugmentedArray.new( body )
      result.dataset_size           = local_response.dataset_size
      result.estimated_dataset_size = local_response.estimated_dataset_size

    elsif action != :list && body.is_a?( ::Hash )
      result = Hoodoo::Client::AugmentedHash[ body ]

    elsif local_request.deja_vu && body == ''
      result = result_class.new

    else
      raise "Hoodoo::Services::Middleware: Unexpected response type '#{ body.class.name }' received from a local inter-resource call for action '#{ action }'"

    end

  end

  result.response_options = Hoodoo::Client::Headers.x_header_to_options(
    local_response.headers
  )

  return result
end

#monkey_log_inbound_request(interaction) ⇒ Object

Make an “inbound” call log based on the given interaction.

interaction

Hoodoo::Services::Middleware::Interaction describing the inbound request. The interaction_id, rack_request and session data is used (the latter being optional). If target_interface and requested_action are available, body data might be logged according to secure log settings in the interface; if these values are unset, body data is not logged.



1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
# File 'lib/hoodoo/services/middleware/middleware.rb', line 1115

def monkey_log_inbound_request( interaction )

  data = build_common_log_data_for( interaction )

  # Annoying dance required to extract all HTTP header data from Rack.

  env     = interaction.rack_request.env
  headers = env.select do | key, value |
    key.to_s.match( /^HTTP_/ )
  end

  headers[ 'CONTENT_TYPE'   ] = env[ 'CONTENT_TYPE'   ]
  headers[ 'CONTENT_LENGTH' ] = env[ 'CONTENT_LENGTH' ]

  data[ :payload ] = {
    :method  => env[ 'REQUEST_METHOD', ],
    :scheme  => env[ 'rack.url_scheme' ],
    :host    => env[ 'SERVER_NAME'     ],
    :port    => env[ 'SERVER_PORT'     ],
    :script  => env[ 'SCRIPT_NAME'     ],
    :path    => env[ 'PATH_INFO'       ],
    :query   => env[ 'QUERY_STRING'    ],
    :headers => headers
  }

  # Deal with body data and security issues.

  secure    = true
  interface = interaction.target_interface
  action    = interaction.requested_action

  unless interface.nil? || action.nil?
    secure_log_actions = interface.secure_log_for()
    secure_type        = secure_log_actions[ action ]

    # Allow body logging if there's no security specified for this action
    # or the security is specified for the response only (since we log the
    # request here).
    #
    # This means values of :both or :request will leave "secure" unchanged,
    # as will any other unexpected value that might get specified.

    secure = false if secure_type.nil? || secure_type == :response
  end

  # Compile the remaining log payload and send it.

  unless secure
    body = nil
    if !interaction.rack_request.body.nil?
      body = interaction.rack_request.body.read( MAXIMUM_LOGGED_PAYLOAD_SIZE )
             interaction.rack_request.body.rewind()
    end

    data[ :payload ][ :body ] = body
  end

  @@logger.report(
    :info,
    :Middleware,
    :inbound,
    data
  )

  return nil
end