Rack middleware, declared in (e.g.) a config.ru file in the usual way:

use( Hoodoo::Services::Middleware )

This is the core of the common service implementation on the Rack client-request-handling side. It is run in the context of an Hoodoo::Services::Service subclass that's been given to Rack as the Rack endpoint application; it looks at the component interfaces supported by the service and routes requests to the correct one (or raises a 404).

Lots of preprocessing and postprocessing gets done to set up things like locale information, enforce content types and so-forth. Request data is assembled in a parsed, structured format for passing to service implementations and a response object built so that services have a consistent way to return results, which can be post-processed further by the middleware before returning the data to Rack.

The middleware supports structured logging through Hoodoo::Logger via the custom Hoodoo::Services::Middleware::AMQPLogWriter class. Access the logger instance with ::logger. Call report on this (see Hoodoo::Logger::WriterMixin#report) to make structured log entries. The middleware's own entries use component Middleware for general data. It also logs essential essential information about successful and failed interactions with resource endpoints using the resource name as the component. In such cases, the codes it uses are always prefixed by middleware_ and service applications must consider codes with this prefix reserved - do not use such codes yourself.

The middleware adds a STDERR stream writer logger by default and an AMQP log writer on the first Rack call should the Rack environment provide an Alchemy endpoint (see the Alchemy Flux gem).

Sections
Namespace
Methods
C
D
E
F
H
I
L
M
N
O
R
S
T
V
Included Modules
Constants
ALLOWED_ACTIONS =
[
:list,
:show,
:create,
:update,
:delete,
]
 

All allowed action names in implementations, used for internal checks. This is also the default supported set of actions. Symbols.

ALLOWED_HTTP_METHODS =
Set.new( %w( GET POST PATCH DELETE ) )
 

All allowed HTTP methods, related to ALLOWED_ACTIONS.

ALLOWED_QUERIES_LIST =
[
'offset',
'limit',
'sort',
'direction',
'search',
'filter'
]
 

Allowed common fields in query strings (list actions only). Strings.

Only ever add to this list. As the API evolves, legacy clients will be calling with previously documented query strings and removing any entries from the list below could cause their requests to be rejected with a 'platform.malformed' error.

ALLOWED_QUERIES_ALL =
[
'_embed',
'_reference'
]
 

Allowed common fields in query strings (all actions). Strings. Adds to the ::ALLOWED_QUERIES_LIST for list actions.

Only ever add to this list. As the API evolves, legacy clients will be calling with previously documented query strings and removing any entries from the list below could cause their requests to be rejected with a 'platform.malformed' error.

SUPPORTED_MEDIA_TYPES =
[ 'application/json' ]
 

Allowed media types in Content-Type headers.

SUPPORTED_ENCODINGS =
[ 'utf-8' ]
 

Allowed (required) charsets in Content-Type headers.

PROHIBITED_INBOUND_FIELDS =
Hoodoo::Presenters::CommonResourceFields.get_schema().properties.keys
 

Prohibited fields in creations or updates - these are the common fields specified in the API, which are emergent in the platform or are set via other routes (e.g. “language” comes from HTTP headers in requests). This is obtained via the Hoodoo::Presenters::CommonResourceFields class and its described field schema, so see that for details.

MAXIMUM_PAYLOAD_SIZE =
1048576
 

Somewhat arbitrary maximum incoming payload size to prevent ham-fisted DOS attempts to consume RAM.

MAXIMUM_LOGGED_PAYLOAD_SIZE =
1024
 

Maximum logged payload (inbound data) size.

MAXIMUM_LOGGED_RESPONSE_SIZE =
1024
 

Maximum logged response (outbound data) size.

DEFAULT_TEST_SESSION =
Hoodoo::Services::Session.new
 

The default test session; a Hoodoo::Services::Session instance with the following characteristics:

Session ID

01234567890123456789012345678901

Caller ID

c5ea12fb7f414a46850e73ee1bf6d95e

Caller Version

1

Permissions

Default/else/“allow” to allow all actions

Identity

Has caller_id as its only field

Scoping

All secured HTTP headers are allowed

Expires at: Now plus 2 days

See also ::test_session and ::set_test_session.

FRAMEWORK_QUERY_VALUE_DATE_PROC =
-> ( value ) {
Hoodoo::Utilities.valid_iso8601_subset_datetime?( value ) ?
Hoodoo::Utilities.rationalise_datetime( value )           :
nil
}
 

A validation Proc for FRAMEWORK_QUERY_DATA - see that for details. This one ensures that the value is a valid ISO 8601 subset date/time string and evaluates to the parsed version of that string if so.

FRAMEWORK_QUERY_VALUE_UUID_PROC =
-> ( value ) {
value = Hoodoo::UUID.valid?( value ) && value
value || nil # => 'value' if 'value' is truthy, 'nil' if 'value' falsy
}
 

A validation Proc for FRAMEWORK_QUERY_DATA - see that for details. This one ensures that the value is a valid UUID and evaluates to that UUID string if so.

FRAMEWORK_QUERY_DATA =
{
'created_after'  => FRAMEWORK_QUERY_VALUE_DATE_PROC,
'created_before' => FRAMEWORK_QUERY_VALUE_DATE_PROC,
'created_by'     => FRAMEWORK_QUERY_VALUE_UUID_PROC
}
 

Out-of-box search and filter query keys. Interfaces can override the support for these inside the Hoodoo::Services::Interface#to_list block using Hoodoo::Services::Interface::ToListDSL#do_not_search and Hoodoo::Services::Interface::ToListDSL#do_not_filter.

Keys, in order, are:

  • Query key to detect records with a created_at date that is after the given value, in supporting resource; if used as a filter instead of a search string, would find records on-or-before the date.

  • Query key to detect records with a created_at date that is before the given value, in supporting resource; if used as a filter instead of a search string, would find records on-or-after the date.

Values are either a validation Proc or nil for no validation. The Proc takes the search query value as its sole input paraeter and must evaluate to the input value either unmodified or in some canonicalised form if it is valid, else to nil if the input value is invalid. The canonicalisation is typically used to coerce a URI query string based String type into a more useful comparable entity such as an Integer or DateTime.

IMPORTANT - if this list is changed, any database support modules - e.g. in Hoodoo::ActiveRecord::Support - will need any internal mapping of “framework query keys to module-appropriate query code” updating.

Class Public methods
clear_memcached_configuration_cache!()

This method is intended really just for testing purposes; it clears the internal cache of Memcached data read from environment variables.

# File lib/hoodoo/services/middleware/middleware.rb, line 288
def self.clear_memcached_configuration_cache!
  @@memcached_host = nil
end
clear_queue_configuration_cache!()

This method is intended really just for testing purposes; it clears the internal cache of AMQP queue data read from environment variables.

# File lib/hoodoo/services/middleware/middleware.rb, line 369
def self.clear_queue_configuration_cache!
  @@amq_uri = nil
end
clear_session_store_configuration_cache!()

This method is intended really just for testing purposes; it clears the internal cache of session storage engine data read from environment variables.

# File lib/hoodoo/services/middleware/middleware.rb, line 350
def self.clear_session_store_configuration_cache!
  @@session_store_engine = nil
  @@session_store_uri    = nil
end
de_facto_path_for( resource, version )

For a given resource name and version, return the de facto routing path based on version and name with no modifications.

resource

Resource name for the endpoint, e.g. :Purchase. String or symbol.

version

Implemented version of the endpoint. Integer.

# File lib/hoodoo/services/middleware/middleware.rb, line 396
def self.de_facto_path_for( resource, version )
  "/#{ version }/#{ resource }"
end
environment()

Utility - returns the execution environment as a Rails-like environment object which answers queries like production? or staging? with true or false according to the RACK_ENV environment variable setting.

Example:

if Hoodoo::Services::Middleware.environment.production?
  # ...do something only if RACK_ENV="production"
end
# File lib/hoodoo/services/middleware/middleware.rb, line 242
def self.environment
  @@environment ||= Hoodoo::StringInquirer.new( ENV[ 'RACK_ENV' ] || 'development' )
end
flush_services_for_test()

For test purposes, dump the internal service records and flush the DRb service, if it is running. Existing middleware instances will be invalidated. New instances must be created to re-scan their services internally and (where required) inform the DRb process of the endpoints.

# File lib/hoodoo/services/middleware/middleware.rb, line 546
def self.flush_services_for_test
  @@services     = []
  @@service_name = nil

  ObjectSpace.each_object( self ) do | middleware_instance |
    discoverer = middleware_instance.instance_variable_get( '@discoverer' )
    discoverer.flush_services_for_test() if discoverer.respond_to?( :flush_services_for_test )
  end
end
has_memcached?()

This method is deprecated. Use ::has_session_store? instead.

Return a boolean value for whether Memcached is explicitly defined as the Hoodoo::TransientStore engine. In previous versions, a nil response used to indicate local development without a queue available, but that is not a valid assumption in modern code.

# File lib/hoodoo/services/middleware/middleware.rb, line 253
def self.has_memcached?
  $stderr.puts( 'Hoodoo::Services::Middleware::Middleware#has_memcached? is deprecated - use #has_session_store?' )

  m = self.memcached_host()
  m.nil? == false && m.empty? == false
end
has_session_store?()

Return a boolean value for whether an environment variable declaring Hoodoo::TransientStore engine URI(s) have been defined by service author.

# File lib/hoodoo/services/middleware/middleware.rb, line 263
def self.has_session_store?
  config = self.session_store_uri()
  config.nil? == false && config.empty? == false
end
logger()

Access the middleware's logging instance. Call report on this to make structured log entries. See Hoodoo::Logger::WriterMixin#report along with Hoodoo::Logger for other calls you can use.

The logging system 'wakes up' in stages. Initially, only console based output is added, as the Middleware Ruby code is parsed and configures a basic logger. If you call ::set_log_folder, file-based logging may be available. In AMQP based environments, queue based logging will become automatically available via Rack and the Alchemy gem once the middleware starts handling its very first request, but not before.

With this in mind, the logger is ultimately configured with a set of writers as follows:

  • If off queue:

    • All RACK_ENV values (including “test”):

      • File “log/{environment}.log”

    • RACK_ENV “development”

      • Also to $stdout

  • If on queue:

    • RACK ENV “test”

      • File “log/test.log”

    • All other RACK_ENV values

      • AMQP writer (see below)

    • RACK_ENV “development”

      • Also to $stdout

Or to put it another way, in test mode only file output to 'test.log' happens; in development mode $stdout always happens; and in addition for non-test environment, you'll get a queue-based or file-based logger depending on whether or not a queue is available.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.

# File lib/hoodoo/services/middleware/middleware.rb, line 436
def self.logger
  @@logger # See self.set_up_basic_logging and self.set_logger
end
memcached_host()

This method is deprecated. Use ::session_store_uri instead.

Return a Memcached host (IP address/port combination) as a String if defined in environment variable MEMCACHED_HOST (with MEMCACHE_URL also accepted as a legacy fallback).

If this returns nil or an empty string, there's no defined Memcached host available.

# File lib/hoodoo/services/middleware/middleware.rb, line 277
def self.memcached_host

  # See also ::clear_memcached_configuration_cache!.
  #
  @@memcached_host ||= ENV[ 'MEMCACHED_HOST' ] || ENV[ 'MEMCACHE_URL' ]

end
new( app )

Initialize the middleware instance.

app Rack app instance to which calls should be passed.

# File lib/hoodoo/services/middleware/middleware.rb, line 560
def initialize( app )

  service_container = app

  if defined?( NewRelic ) &&
     defined?( NewRelic::Agent ) &&
     defined?( NewRelic::Agent::Instrumentation ) &&
     defined?( NewRelic::Agent::Instrumentation::MiddlewareProxy ) &&
     service_container.is_a?( NewRelic::Agent::Instrumentation::MiddlewareProxy )

    if service_container.respond_to?( :target )
      service_container = service_container.target()
    else
      raise "Hoodoo::Services::Middleware instance created with NewRelic-wrapped Service entity, but NewRelic API is not as expected by Hoodoo; incompatible NewRelic version."
    end
  end

  unless service_container.is_a?( Hoodoo::Services::Service )
    raise "Hoodoo::Services::Middleware instance created with non-Service entity of class '#{ service_container.class }' - is this the last middleware in the chain via 'use()' and is Rack 'run()'-ing the correct thing?"
  end

  # Collect together the implementation instances and the matching regexps
  # for endpoints. An array of hashes.
  #
  # Key              Value
  # =======================================================================
  # regexp           Regexp for +String#match+ on the URI path component
  # interface        Hoodoo::Services::Interface subclass associated with
  #                  the endpoint regular expression in +regexp+
  # actions          Set of symbols naming allowed actions
  # implementation   Hoodoo::Services::Implementation subclass *instance* to
  #                  use on match
  #
  @@services = service_container.component_interfaces.map do | interface |

    if interface.nil? || interface.endpoint.nil? || interface.implementation.nil?
      raise "Hoodoo::Services::Middleware encountered invalid interface class #{ interface } via service class #{ service_container.class }"
    end

    # If anything uses a public interface, we need to tell ourselves that
    # the early exit session check can't be done.
    #
    interfaces_have_public_methods() unless interface.public_actions.empty?

    # There are two routes to an implementation - one via the custom path
    # given through its 'endpoint' declaration, the other a de facto path
    # determined from the unmodified version and resource name. Both lead
    # to the same implementation instance.
    #
    implementation_instance = interface.implementation.new

    # Regexp explanation:
    #
    # Match "/", the version text, "/", the endpoint text, then either
    # another "/", a "." or the end of the string, followed by capturing
    # everything else. Match data index 1 will be whatever character (if
    # any) followed after the endpoint ("/" or ".") while index 2 contains
    # everything else.
    #
    custom_path   = "/v#{ interface.version }/#{ interface.endpoint }"
    custom_regexp = /^\/v#{ interface.version }\/#{ interface.endpoint }(\.|\/|$)(.*)/

    # Same as above, but for the de facto routing.
    #
    de_facto_path   = self.class.de_facto_path_for( interface.resource, interface.version )
    de_facto_regexp = /^\/#{ interface.version }\/#{ interface.resource }(\.|\/|$)(.*)/

    Hoodoo::Services::Discovery::ForLocal.new(
      :resource                => interface.resource,
      :version                 => interface.version,
      :base_path               => custom_path,
      :routing_regexp          => custom_regexp,
      :de_facto_base_path      => de_facto_path,
      :de_facto_routing_regexp => de_facto_regexp,
      :interface_class         => interface,
      :implementation_instance => implementation_instance
    )

  end

  # Determine the service name from the resources above then announce
  # the whole collection to any interested discovery engines.

  sorted_resources = @@services.map() { | service | service.resource }.sort()
  @@service_name   = "service.#{ sorted_resources.join( '_' ) }"

  announce_presence_of( @@services )
end
on_queue?()

Are we running on the queue, else (implied) a local HTTP server?

# File lib/hoodoo/services/middleware/middleware.rb, line 357
def self.on_queue?

  # See also ::clear_queue_configuration_cache!.
  #
  @@amq_uri ||= ENV[ 'AMQ_URI' ]
  @@amq_uri.nil? == false && @@amq_uri.empty? == false

end
record_host_and_port( options = {} )

Record internally the HTTP host and port during local development via e.g rackup or testing with rspec. This is usually not called directly except via the Rack startup monkey patch code in rack_monkey_patch.rb.

Options hash :Host and :Port entries are recorded.

# File lib/hoodoo/services/middleware/middleware.rb, line 535
def self.record_host_and_port( options = {} )
  @@recorded_host = options[ :Host ]
  @@recorded_port = options[ :Port ]
end
service_name()

Return a service 'name' derived from the service's collection of declared resources. The name will be the same across any instances of the service that implement the same resources. This can be used for e.g. AMQP-based queue-named operations, that want to target the same resource collection regardless of instance.

This method will not work unless the middleware has parsed the set of service interface declarations (during instance initialisation). If a least one middleware instance has already been created, it is safe to call.

# File lib/hoodoo/services/middleware/middleware.rb, line 384
def self.service_name
  @@service_name
end
session_store_engine()

Return a symbolised key for the transient storage engine as defined in the environment variable SESSION_STORE_ENGINE (with :memcached as a legacy fallback if ::has_memcached? is true, else default is nil).

The SESSION_STORE_ENGINE environment variable must contain an entry from Hoodoo::TransientStore.supported_storage_engines. This collection is initialised by either requiring the top-level hoodoo file to pull in everything, requiring hoodoo/transient_store to pull in all currently defined transient store engines or requiring the following in order to pull in a specific engine - in this example, redis:

require 'hoodoo/transient_store/transient_store'
require 'hoodoo/transient_store/transient_store/base'
require 'hoodoo/transient_store/transient_store/redis'

If the engine requested appears to be unsupported, this method returns nil.

# File lib/hoodoo/services/middleware/middleware.rb, line 327
def self.session_store_engine
  if (
    ! defined?( @@session_store_engine ) ||
    @@session_store_engine.nil?          ||
    @@session_store_engine.empty?
  )
    default = self.has_memcached? ? 'memcached' : ''
    engine = ( ENV[ 'SESSION_STORE_ENGINE' ] || default ).to_sym()

    if Hoodoo::TransientStore::supported_storage_engines.include?( engine )
      @@session_store_engine = engine
    else
      @@session_store_engine = nil
    end
  end

  @@session_store_engine
end
session_store_uri()

Return configuration for the selected Hoodoo::TransientStore engine, as a flat String (IP address/ port combination) or a serialised JSON string with symbolised keys, defining a URI for each supported storage engine defined (required if <tt>ENV[ 'SESSION_STORE_ENGINE' ]</yy> defines a multi-engine strategy).

Checks for the engine agnostic environment variable SESSION_STORE_URI first then uses memcached_host as a legacy fallback.

# File lib/hoodoo/services/middleware/middleware.rb, line 301
def self.session_store_uri

  # See also ::clear_session_store_configuration_cache!
  #
  @@session_store_uri ||= ( ENV[ 'SESSION_STORE_URI' ] || self.memcached_host() )

end
set_log_folder( base_path )

If using the middleware logger (see ::logger) with no external custom logger set up (see ::set_logger), call here to configure the folder used for logs when file output is active.

If you don't do this at least once, no log file output can occur.

You can call more than once to output to more than one log folder.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.

base_path

Path to folder to use for logs; file “#{environment}.log” may be written inside (see ::environment).

# File lib/hoodoo/services/middleware/middleware.rb, line 476
def self.set_log_folder( base_path )
  self.send( :add_file_logging, base_path )
end
set_logger( logger )

The middleware sets up a logger itself (see ::logger) with various log mechanisms set up (mostly) without service author intervention.

If you want to completely override the middleware's logger and replace it with your own at any time (not recommended), call here.

See Hoodoo::Services::Interface#secure_logs_for for information about security considerations when using logs.

logger

Alternative Hoodoo::Logger instance to use for all middleware logging from this point onwards. The value will subsequently be returned by the ::logger class method.

# File lib/hoodoo/services/middleware/middleware.rb, line 453
def self.set_logger( logger )
  unless logger.is_a?( Hoodoo::Logger )
    raise "Hoodoo::Communicators::set_logger must be called with an instance of Hoodoo::Logger only"
  end

  @@external_logger = true
  @@logger          = logger
end
set_test_session( session )

Set the test session instance. See ::test_session for details.

session

A Hoodoo::Services::Session instance to use as the test session instance for any subsequently-made requests. If nil, the test session system acts as if an invalid or missing session ID had been supplied.

# File lib/hoodoo/services/middleware/middleware.rb, line 522
def self.set_test_session( session )
  @@test_session = session
end
set_verbose_logging( verbose )

Set verbose logging. With verbose logging enabled, additional payload data is added - most notably, full session details (where possible) are included in each log message. These can increase log data size considerably, but may be useful if you encounter session-related errors or general operational issues and need log data to provide more insights.

Verbose logging is disabled by default.

verbose

true to enable verbose logging, false to disable it. The default is false.

# File lib/hoodoo/services/middleware/middleware.rb, line 492
def self.set_verbose_logging( verbose )
  @@verbose_logging = verbose
end
test_session()

A Hoodoo::Services::Session instance to use for tests or when no local Hoodoo::TransientStore instance is known about (environment variable SESSION_STORE_ENGINE and SESSION_STORE_URI are not set). The session is (eventually) read each time a request is made via Rack (through call).

“Out of the box”, DEFAULT_TEST_SESSION is used.

# File lib/hoodoo/services/middleware/middleware.rb, line 511
def self.test_session
  @@test_session
end
verbose_logging?()

Returns true if verbose logging is enabled, else false. For more, see ::set_verbose_logging.

# File lib/hoodoo/services/middleware/middleware.rb, line 499
def self.verbose_logging?
  defined?( @@verbose_logging ) ? @@verbose_logging : false
end
Instance Public methods
call( env )

Run a Rack request, returning the [status, headers, body-array] data as per the Rack protocol requirements.

env Rack environment.

# File lib/hoodoo/services/middleware/middleware.rb, line 654
def call( env )

  # Global exception handler - catch problems in service implementations
  # and send back a 500 response as per API documentation (if possible).
  #
  begin

    enable_alchemy_logging_from( env )

    interaction = Hoodoo::Services::Middleware::Interaction.new( env, self )
    debug_log( interaction )

    early_response = preprocess( interaction )
    return early_response unless early_response.nil?

    response = interaction.context.response

    process( interaction )     unless response.halt_processing?
    postprocess( interaction ) unless response.halt_processing?

    return respond_for( interaction )

  rescue => exception
    begin
      if interaction && interaction.context
        ExceptionReporting.contextual_report( exception, interaction.context )
      else
        ExceptionReporting.report( exception, env )
      end

      record_exception( interaction, exception )

      return respond_for( interaction )

    rescue => inner_exception
      begin
        backtrace       = ''
        inner_backtrace = ''

        if self.class.environment.test? || self.class.environment.development?
          backtrace       = exception.backtrace
          inner_backtrace = inner_exception.backtrace
        else
          ''
        end

        @@logger.error(
          'Hoodoo::Services::Middleware#call',
          'Middleware exception in exception handler',
          inner_exception.to_s,
          inner_backtrace.to_s,
          '...while handling...',
          exception.to_s,
          backtrace.to_s
        )
      rescue
        # Ignore logger exceptions. Can't do anything about them. Just
        # try and get the response back to the client now.
      end

      # An exception in the exception handler! Oh dear.
      #
      rack_response = Rack::Response.new
      rack_response.status = 500
      rack_response.write( 'Middleware exception in exception handler' )
      return rack_response.finish

    end
  end
end
inter_resource_endpoint_for( resource, version, interaction )

Return something that behaves like a Hoodoo::Client::Endpoint subclass instance which can be used for inter-resource communication, whether the target endpoint implementation is local or remote.

resource

Resource name for the endpoint, e.g. :Purchase. String or symbol.

version

Required implemented version for the endpoint. Integer.

interaction

The Hoodoo::Services::Middleware::Interaction instance describing the inbound call, the processing of which is leading to a request for an inter-resource call by an endpoint implementation.

# File lib/hoodoo/services/middleware/middleware.rb, line 739
def inter_resource_endpoint_for( resource, version, interaction )
  resource = resource.to_sym
  version  = version.to_i

  # Build a Hash of any options which should be transferred from one
  # endpoint to another for inter-resource calls, along with other
  # options common to local and remote endpoints.

  endpoint_options = {
    :interaction => interaction,
    :locale      => interaction.context.request.locale,
  }

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |
    property = description[ :property ]

    if description[ :auto_transfer ] == true
      endpoint_options[ property ] = interaction.context.request.send( property )
    end
  end

  if @discoverer.is_local?( resource, version )

    # For local inter-resource calls, return the middleware's endpoint
    # for that. In turn, if used this calls into #inter_resource_local.

    discovery_result = @@services.find do | entry |
      interface = entry.interface_class
      interface.resource == resource && interface.version == version
    end

    if discovery_result.nil?
      raise "Hoodoo::Services::Middleware\#inter_resource_endpoint_for: Internal error - version #{ version } of resource #{ resource } endpoint is local according to the discovery engine, but no local service discovery record can be found"
    end

    endpoint_options[ :discovery_result ] = discovery_result

    return Hoodoo::Services::Middleware::InterResourceLocal.new(
      resource,
      version,
      endpoint_options
    )

  else

    # For remote inter-resource calls, use Hoodoo::Client's endpoint
    # factory to get a (say) HTTP or AMQP contact endpoint, but then
    # wrap it with the middleware's remote call endpoint, since the
    # request requires extra processing before it goes to the Client
    # (e.g. session permission augmentation) and the result needs
    # extra processing before it is returned to the caller (e.g.
    # delete an augmented session, annotate any errors from call).

    endpoint_options[ :discoverer ] = @discoverer
    endpoint_options[ :session    ] = interaction.context.session

    wrapped_endpoint = Hoodoo::Client::Endpoint.endpoint_for(
      resource,
      version,
      endpoint_options
    )

    if wrapped_endpoint.is_a?( Hoodoo::Client::Endpoint::AMQP ) && defined?( @@alchemy )
      wrapped_endpoint.alchemy = @@alchemy
    end

    # Using "ForRemote" here is redundant - we could just as well
    # pass wrapped_endpoint directly to an option in the
    # InterResourceRemote class - but keeping "with the pattern"
    # just sort of 'seems right' and might be useful in future.

    discovery_result = Hoodoo::Services::Discovery::ForRemote.new(
      :resource         => resource,
      :version          => version,
      :wrapped_endpoint => wrapped_endpoint
    )

    return Hoodoo::Services::Middleware::InterResourceRemote.new(
      resource,
      version,
      {
        :interaction      => interaction,
        :discovery_result => discovery_result
      }
    )
  end
end
inter_resource_local( source_interaction:, discovery_result:, endpoint:, action:, ident: nil, body_hash: nil, query_hash: nil )

Make a local (non-HTTP local Ruby method call) inter-resource call. This is fast compared to any remote resource call, even though there is still a lot of overhead involved in setting up data so that the target resource “sees” the call in the same way as any other.

Named parameters are as follows:

source_interaction

A Hoodoo::Services::Middleware::Interaction instance for the inbound call which is being processed right now by some resource endpoint implementation and this implementation is now making an inter-resource call as part of its processing;

discovery_result

A Hoodoo::Services::Discovery::ForLocal instance describing the target of the inter-resource call;

endpoint

The calling Hoodoo::Client::Endpoint subclass instance (used for e.g. locale, dated-at);

action

A Hoodoo::Services::Middleware::ALLOWED_ACTIONS entry;

ident

UUID or other unique identifier of a resource instance. Required for show, update and delete actions, ignored for others;

query_hash

Optional Hash of query data to be turned into a query string - applicable to any action;

body_hash

Hash of data to convert to a body string using the source interaction's described content type. Required for create and update actions, ignored for others.

A Hoodoo::Client::AugmentedArray or Hoodoo::Client::AugmentedHash is returned from these methods; @response or the wider processing context is not automatically modified. Callers MUST use the methods provided by Hoodoo::Client::AugmentedBase to detect and handle error conditions, unless for some reason they wish to ignore inter-resource call errors.

# File lib/hoodoo/services/middleware/middleware.rb, line 868
def inter_resource_local( source_interaction:,
                          discovery_result:,
                          endpoint:,
                          action:,
                          ident:      nil,
                          body_hash:  nil,
                          query_hash: nil )

  # We must construct a call context for the local service. This means
  # a local request object which we fill in with data just as if we'd
  # parsed an inbound HTTP request and a response object that contains
  # the usual default data.

  interface      = discovery_result.interface_class
  implementation = discovery_result.implementation_instance

  # Need to possibly augment the caller's session - same rationale
  # as #local_service_remote, so see that for details.

  session = source_interaction.context.session

  unless session.nil? || source_interaction.using_test_session?
    session = session.augment_with_permissions_for( source_interaction )
  end

  if session == false
    hash = Hoodoo::Client::AugmentedHash.new
    hash.platform_errors.add_error( 'platform.invalid_session' )
    return hash
  end

  mock_rack_env = {
    'HTTP_X_INTERACTION_ID' => source_interaction.interaction_id
  }

  local_interaction = Hoodoo::Services::Middleware::Interaction.new(
    mock_rack_env,
    self,
    session
  )

  local_interaction.target_interface           = interface
  local_interaction.target_implementation      = implementation
  local_interaction.requested_content_type     = source_interaction.requested_content_type
  local_interaction.requested_content_encoding = source_interaction.requested_content_encoding

  # For convenience...

  local_request  = local_interaction.context.request
  local_response = local_interaction.context.response

  # Carry through any endpoint-specified request orientated attributes.

  local_request.locale = endpoint.locale

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |
    property        = description[ :property        ]
    property_writer = description[ :property_writer ]

    value = endpoint.send( property )

    local_request.send( property_writer, value ) unless value.nil?
  end

  # Initialise the response data.

  set_common_response_headers( local_interaction )
  update_response_for( local_response, interface )

  # Work out what kind of result the caller is expecting.

  result_class = if action == :list
    Hoodoo::Client::AugmentedArray
  else
    Hoodoo::Client::AugmentedHash
  end

  # Add errors from the local service response into an augmented object
  # for responding early (via a Proc for internal reuse later).

  add_local_errors = Proc.new {
    result                  = result_class.new
    result.response_options = Hoodoo::Client::Headers.x_header_to_options(
      local_response.headers
    )

    result.platform_errors.merge!( local_response.errors )
    result
  }

  # Figure out initial action / authorisation results for this request.
  # We may still have to construct a context and ask the service after.

  upc  = []
  upc << ident unless ident.nil? || ident.empty?

  local_interaction.requested_action = action
  authorisation                      = determine_authorisation( local_interaction )

  # In addition, check security on any would-have-been-a-secured-header
  # property.

  return add_local_errors.call() if local_response.halt_processing?

  Hoodoo::Client::Headers::HEADER_TO_PROPERTY.each do | rack_header, description |

    next if description[ :secured ] != true
    next if endpoint.send( description[ :property ] ).nil?

    real_header = description[ :header ]

    if (
         session.respond_to?( :scoping ) == false ||
         session.scoping.respond_to?( :authorised_http_headers ) == false ||
         session.scoping.authorised_http_headers.respond_to?( :include? ) == false ||
         (
           session.scoping.authorised_http_headers.include?( rack_header ) == false &&
           session.scoping.authorised_http_headers.include?( real_header ) == false
         )
       )

      local_response.errors.add_error( 'platform.forbidden' )
      break
    end
  end

  return add_local_errors.call() if local_response.halt_processing?

  deal_with_x_assume_identity_of( local_interaction )

  return add_local_errors.call() if local_response.halt_processing?

  # Construct the local request details.

  local_request.uri_path_components = upc
  local_request.uri_path_extension  = ''

  unless query_hash.nil?
    query_hash = Hoodoo::Utilities.stringify( query_hash )

    # This is for inter-resource local calls where a service author
    # specifies ":_embed => 'foo'" accidentally, forgetting that it
    # should be a single element array. It's such a common mistake
    # that we tolerate it here. Same for "_reference".

    data = query_hash[ '_embed' ]
    query_hash[ '_embed' ] = [ data ] if data.is_a?( ::String ) || data.is_a?( ::Symbol )

    data = query_hash[ '_reference' ]
    query_hash[ '_reference' ] = [ data ] if data.is_a?( ::String ) || data.is_a?( ::Symbol )

    # Regardless, make sure embed/reference array data contains strings.

    query_hash[ '_embed'     ].map!( &:to_s ) unless query_hash[ '_embed'     ].nil?
    query_hash[ '_reference' ].map!( &:to_s ) unless query_hash[ '_reference' ].nil?

    process_query_hash( local_interaction, query_hash )
  end

  local_request.body = body_hash

  # The inter-resource local backend does not accept or process the
  # equivalent of the X-Resource-UUID "set the ID to <this>" HTTP
  # header, so we do not call "maybe_update_body_data_for()" here;
  # we only need to validate it.
  #
  if ( action == :create || action == :update )
    validate_body_data_for( local_interaction )
  end

  return add_local_errors.call() if local_response.halt_processing?

  # Can now, if necessary, do a final check with the target endpoint
  # for authorisation.

  if authorisation == Hoodoo::Services::Permissions::ASK
    ask_for_authorisation( local_interaction )
    return add_local_errors.call() if local_response.halt_processing?
  end

  # Dispatch the call.

  debug_log( local_interaction, 'Dispatching local inter-resource call', local_request.body )
  dispatch( local_interaction )

  # If we get this far the interim session isn't needed. We might have
  # exited early due to errors above and left this behind, but that's not
  # the end of the world - it'll expire out of the Hoodoo::TransientStore
  # eventually.
  #
  if session &&
     source_interaction.context &&
     source_interaction.context.session &&
     session.session_id != source_interaction.context.session.session_id

    # Ignore errors, there's nothing much we can do about them and in
    # the worst case we just have to wait for this to expire naturally.

    session.delete_from_store()
  end

  # Extract the returned data, handling error conditions.

  if local_response.halt_processing?
    result = result_class.new
    result.set_platform_errors(
      annotate_errors_from_other_resource( local_response.errors )
    )

  else
    body = local_response.body

    if action == :list && body.is_a?( ::Array )
      result                        = Hoodoo::Client::AugmentedArray.new( body )
      result.dataset_size           = local_response.dataset_size
      result.estimated_dataset_size = local_response.estimated_dataset_size

    elsif action != :list && body.is_a?( ::Hash )
      result = Hoodoo::Client::AugmentedHash[ body ]

    elsif local_request.deja_vu && body == ''
      result = result_class.new

    else
      raise "Hoodoo::Services::Middleware: Unexpected response type '#{ body.class.name }' received from a local inter-resource call for action '#{ action }'"

    end

  end

  result.response_options = Hoodoo::Client::Headers.x_header_to_options(
    local_response.headers
  )

  return result
end
monkey_log_inbound_request( interaction )

Make an “inbound” call log based on the given interaction.

interaction

Hoodoo::Services::Middleware::Interaction describing the inbound request. The interaction_id, rack_request and session data is used (the latter being optional). If target_interface and requested_action are available, body data might be logged according to secure log settings in the interface; if these values are unset, body data is not logged.

# File lib/hoodoo/services/middleware/middleware.rb, line 1115
def monkey_log_inbound_request( interaction )

  data = build_common_log_data_for( interaction )

  # Annoying dance required to extract all HTTP header data from Rack.

  env     = interaction.rack_request.env
  headers = env.select do | key, value |
    key.to_s.match( /^HTTP_/ )
  end

  headers[ 'CONTENT_TYPE'   ] = env[ 'CONTENT_TYPE'   ]
  headers[ 'CONTENT_LENGTH' ] = env[ 'CONTENT_LENGTH' ]

  data[ :payload ] = {
    :method  => env[ 'REQUEST_METHOD', ],
    :scheme  => env[ 'rack.url_scheme' ],
    :host    => env[ 'SERVER_NAME'     ],
    :port    => env[ 'SERVER_PORT'     ],
    :script  => env[ 'SCRIPT_NAME'     ],
    :path    => env[ 'PATH_INFO'       ],
    :query   => env[ 'QUERY_STRING'    ],
    :headers => headers
  }

  # Deal with body data and security issues.

  secure    = true
  interface = interaction.target_interface
  action    = interaction.requested_action

  unless interface.nil? || action.nil?
    secure_log_actions = interface.secure_log_for()
    secure_type        = secure_log_actions[ action ]

    # Allow body logging if there's no security specified for this action
    # or the security is specified for the response only (since we log the
    # request here).
    #
    # This means values of :both or :request will leave "secure" unchanged,
    # as will any other unexpected value that might get specified.

    secure = false if secure_type.nil? || secure_type == :response
  end

  # Compile the remaining log payload and send it.

  unless secure
    body = interaction.rack_request.body.read( MAXIMUM_LOGGED_PAYLOAD_SIZE )
           interaction.rack_request.body.rewind()

    data[ :payload ][ :body ] = body
  end

  @@logger.report(
    :info,
    :Middleware,
    :inbound,
    data
  )

  return nil
end
Public constants
Constants
ALLOWED_ACTIONS =
[
:list,
:show,
:create,
:update,
:delete,
]
 

All allowed action names in implementations, used for internal checks. This is also the default supported set of actions. Symbols.

ALLOWED_HTTP_METHODS =
Set.new( %w( GET POST PATCH DELETE ) )
 

All allowed HTTP methods, related to ALLOWED_ACTIONS.

ALLOWED_QUERIES_LIST =
[
'offset',
'limit',
'sort',
'direction',
'search',
'filter'
]
 

Allowed common fields in query strings (list actions only). Strings.

Only ever add to this list. As the API evolves, legacy clients will be calling with previously documented query strings and removing any entries from the list below could cause their requests to be rejected with a 'platform.malformed' error.

ALLOWED_QUERIES_ALL =
[
'_embed',
'_reference'
]
 

Allowed common fields in query strings (all actions). Strings. Adds to the ::ALLOWED_QUERIES_LIST for list actions.

Only ever add to this list. As the API evolves, legacy clients will be calling with previously documented query strings and removing any entries from the list below could cause their requests to be rejected with a 'platform.malformed' error.

SUPPORTED_MEDIA_TYPES =
[ 'application/json' ]
 

Allowed media types in Content-Type headers.

SUPPORTED_ENCODINGS =
[ 'utf-8' ]
 

Allowed (required) charsets in Content-Type headers.

PROHIBITED_INBOUND_FIELDS =
Hoodoo::Presenters::CommonResourceFields.get_schema().properties.keys
 

Prohibited fields in creations or updates - these are the common fields specified in the API, which are emergent in the platform or are set via other routes (e.g. “language” comes from HTTP headers in requests). This is obtained via the Hoodoo::Presenters::CommonResourceFields class and its described field schema, so see that for details.

MAXIMUM_PAYLOAD_SIZE =
1048576
 

Somewhat arbitrary maximum incoming payload size to prevent ham-fisted DOS attempts to consume RAM.

MAXIMUM_LOGGED_PAYLOAD_SIZE =
1024
 

Maximum logged payload (inbound data) size.

MAXIMUM_LOGGED_RESPONSE_SIZE =
1024
 

Maximum logged response (outbound data) size.

DEFAULT_TEST_SESSION =
Hoodoo::Services::Session.new
 

The default test session; a Hoodoo::Services::Session instance with the following characteristics:

Session ID

01234567890123456789012345678901

Caller ID

c5ea12fb7f414a46850e73ee1bf6d95e

Caller Version

1

Permissions

Default/else/“allow” to allow all actions

Identity

Has caller_id as its only field

Scoping

All secured HTTP headers are allowed

Expires at: Now plus 2 days

See also ::test_session and ::set_test_session.

FRAMEWORK_QUERY_VALUE_DATE_PROC =
-> ( value ) {
Hoodoo::Utilities.valid_iso8601_subset_datetime?( value ) ?
Hoodoo::Utilities.rationalise_datetime( value )           :
nil
}
 

A validation Proc for FRAMEWORK_QUERY_DATA - see that for details. This one ensures that the value is a valid ISO 8601 subset date/time string and evaluates to the parsed version of that string if so.

FRAMEWORK_QUERY_VALUE_UUID_PROC =
-> ( value ) {
value = Hoodoo::UUID.valid?( value ) && value
value || nil # => 'value' if 'value' is truthy, 'nil' if 'value' falsy
}
 

A validation Proc for FRAMEWORK_QUERY_DATA - see that for details. This one ensures that the value is a valid UUID and evaluates to that UUID string if so.

FRAMEWORK_QUERY_DATA =
{
'created_after'  => FRAMEWORK_QUERY_VALUE_DATE_PROC,
'created_before' => FRAMEWORK_QUERY_VALUE_DATE_PROC,
'created_by'     => FRAMEWORK_QUERY_VALUE_UUID_PROC
}
 

Out-of-box search and filter query keys. Interfaces can override the support for these inside the Hoodoo::Services::Interface#to_list block using Hoodoo::Services::Interface::ToListDSL#do_not_search and Hoodoo::Services::Interface::ToListDSL#do_not_filter.

Keys, in order, are:

  • Query key to detect records with a created_at date that is after the given value, in supporting resource; if used as a filter instead of a search string, would find records on-or-before the date.

  • Query key to detect records with a created_at date that is before the given value, in supporting resource; if used as a filter instead of a search string, would find records on-or-after the date.

Values are either a validation Proc or nil for no validation. The Proc takes the search query value as its sole input paraeter and must evaluate to the input value either unmodified or in some canonicalised form if it is valid, else to nil if the input value is invalid. The canonicalisation is typically used to coerce a URI query string based String type into a more useful comparable entity such as an Integer or DateTime.

IMPORTANT - if this list is changed, any database support modules - e.g. in Hoodoo::ActiveRecord::Support - will need any internal mapping of “framework query keys to module-appropriate query code” updating.