Use of third party wrappers like file:// - ruby

With the aim of setting up a lab, I am in the process of doing tests with Sinatra :
require 'sinatra'
require 'open-uri'
get '/' do
format 'RESPONSE: %s', open(params[:url]).read
end
It works if I use the HTTP wrapper like http://localhost:4567/?url=https://www.google.com but I'm surprised that it doesn't work with other wrappers like file:// to try for example http://localhost:4567/?url=file:///etc/passwd.
On my system I can of course do curl file:///etc/passwd and it works.
Any idea ?
Thank's

Related

Passing headers (or other settings) from Sinatra through Puma

I am trying to learn how to develop a simple web app using pure Ruby. I have a simple backend service which I created as a Sinatra app. While developing it, I noticed the frontend (a simple HTML/JS static site) would not communicate with it because of CORS policies. So I looked into how to pass headers from Sinatra.
I came across sinatra-cors. I set it up as instructed and my app looks like this (abbreviated):
require 'sinatra'
require 'sinatra/cors'
set :allow_origin, '*'
set :allow_methods, 'GET,HEAD,POST'
set :allow_headers, 'content-type,if-modified-since,access-control-allow-methods,access-control-allow-origin'
set :expose_headers, 'content-disposition'
set :allow_credentials, true
post '/' do
[...]
end
When I run it with ruby app.rb, it works perfectly. Frontend can communicate and CORS policies are observed.
Now, I want to set up the service for a production environment. For that, I want to use Puma. So with Puma, I have a config.ru which looks like this:
require File.expand_path('app', File.dirname(__FILE__))
run WebApp
and I modified my app.rb to look like this (again abbreviated):
require 'sinatra'
require 'sinatra/cors'
class WebApp < Sinatra::Application
set :allow_origin, '*'
set :allow_methods, 'GET,HEAD,POST'
set :allow_headers, 'content-type,if-modified-since,access-control-allow-methods,access-control-allow-origin'
set :expose_headers, 'content-disposition'
set :allow_credentials, true
post '/' do
[...]
end
end
basically, wrapped the app in a class, and call it from the config.ru. When I run this by running puma in the directory, the service comes up, but headers are no longer passed back. Whenever I try to hit the backend, I get:
Access to XMLHttpRequest at 'http://localhost:4567/' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
This was the error I was getting before I originally set up the headers. So it seems pretty clear to me that the set parameters are being ignored.
So, this seems like a simple matter, but I have not been able to find a proper answer: How do I make Puma respect the 'set' parameters? Or alternatively, how do I achieve the same desired result?
It seems clear to me that I am missing a very simple thing, but I cannot figure out what exactly it is.
Thanks in advance!
It looks like you are just missing register Sinatra::Cors in your class.
class WebApp < Sinatra::Application
register Sinatra::Cors # Add this line.
set :allow_origin, '*'
# etc.

Strange issue in Sinatra

ok so this is very strange (well is to me), everything in my master branch works fine, I then created a new branch called twitter to conduct some twitter feed implementation. I have done this and was working yesterday on my linux machine.. I have pulled the branch today in a windows environment but when i load the app i now get the regular Sinatra 404 Sinatra doesn’t know this ditty.
This is my profile.rb file
require 'bundler/setup'
Bundler.require(:default)
require 'rubygems'
require 'sinatra'
require './config/config.rb' if File.exists?('./config/config.rb')
require 'sinatra/jsonp'
require 'twitter'
require 'sinatra/static_assets'
class Profile < Sinatra::Base
helpers Sinatra::Jsonp
enable :json_pretty
register Sinatra::StaticAssets
##twitter_client = Twitter::Client.new(
:consumer_key => ENV["CONSUMER_KEY"],
:consumer_secret => ENV["CONSUMER_SECRET"],
:oauth_token => ENV["OAUTH_TOKEN"],
:oauth_token_secret => ENV["OAUTH_SECRET"],
)
get '/' do
erb :index
end
get '/feed' do
jsonp ##twitter_client.user_timeline('richl14').map(&:attrs)
end
end
Config.ru
require './profile'
run Profile
Does anyone have any ideas of what i need to be looking at to solve this? Can anyone speak from experience with this?
Thanks
When you use the classic Sinatra style you use require 'sinatra' and then add routes to the top level. These routes get added to the Sinatra::Application. When you directly run this file, e.g. with ruby my_app.rb, Sinatra runs a built in web server, which will serve the Sinatra::Application app.
When you use the modular style, you use require 'sinatra/base', and then add routes to your Sinatra::Base subclass. In this case directly executing the file doesn’t start the built in server.
In your case you are using the modular style, but have used require 'sinatra'. You create your Profile app, but when you run the file directly Sinatra launches the built in server and serves the Sinatra::Application app. Since you haven’t added any routes to this (they’ve all been added to Profile) it runs but all requests return 404.
One way to get your app to launch you is to use rackup. This will launch the Profile app that you have explicitly set in your config.ru. (Explicitly starting your webserver will also work, e.g. using thin start).
Another possibility would be to add a line like this to the end of your Profile class:
run! if app_file == $0
This tells Sinatra to start the build in server running the Profile app if the file is the same as the Ruby file being executed, in a similar way to how the classic style app is launched. If you use this method you should change require 'sinatra' to require 'sinatra/base' otherwise you will get two servers launched, one after the other (in fact you should probably make that change anyway).
See the Sinatra docs for more info about the difference between classic and modular style.

ruby multipart post image with digest auth

Given I have this, using Ruby 1.9.3p194
Authentication is digestauth
require 'json'
require 'httpclient'
API_URL= "https://api.somewhere.com/upload"
API_KEY='blahblah'
API_SECRET ='blahlbah'
IMAGE ='someimage.png'
h=HTTPClient.new
h.set_auth(API_URL, API_KEY, API_SECRET)
File.open(IMAGE) do |file|
body = { 'image' => file}
res = h.post(API_URL, body)
p res.inspect
end
I get errors
Ive tried Typheous, Patron, Mechanize, Curl but want to find a way that is simple and works
e.g.
curl --digest -u myusrname:password -F "image=#image.png" "https://api.somewhere.com/upload"
Curl posts nothing and doesnt work as expected. Ive been assured that the API accepts posts, I have a simple web page that does what I need to do via a simple form and it works fine
Any one know what the easiest way ahead is?
Thanks
Solved it, went back to Curb. It is a RESTful API, RestClient was doing something funky with the digest. HttpClient too was posting blank files. Curb did it.

Parse the callback URL from foursquare?

I am trying to parse the URL returned from the foursquare api (the callback URL) the problem is that the request comes in this format
0.0.0.0:4567/foursquare#access_token=KCZGA4JIR4N3QXXAASZTZRYWHU2TYJITM53LARSKHRVFPHQ
as you can see that hashtag is breaking havoc in my code because is nowhere to be found using request.url or the whole request object for that matter.
Has anyone solved this? I am not trying to authenticate, I already do that from inside the iOS app.
require 'sinatra'
require 'json'
require 'dm-core'
require 'dm-validations'
require 'dm-timestamps'
require 'dm-migrations'
require 'dm-ar-finders'
# where foursquare sent us after authorization
get "/foursquare" do
puts "Receiving ..." + request.url
end
Probably not what you want to hear, but a quick fix would be let your Sinatra (assuming that given your port number) do the authentication instead of the iOS app. This way you can take advantage of the omniauth-foursquare gem, https://github.com/arunagw/omniauth-foursquare/blob/master/lib/omniauth/strategies/foursquare.rb, which will do most of the parsing for you.
According to Foursquare's API page, https://developer.foursquare.com/resources/client, they recommend doing a web-based authentication too.

Writing unit tests in Ruby for a REST API

I've written a basic REST API using sinatra.
Does anyone know the best way to write tests for it? I would like to do so using Ruby.
I've done my initial testing using curl. But I'd like to do something more robust. This is my first API - is there anything specific I should be testing?
The best way is a matter of opinion :) Personally, I like simple and clean. With tools like minitest, Watir and rest-client, you can put together a very simple test of both your REST interface as well as testing your web service through actual browsers (all major browsers are supported).
#!/usr/bin/ruby
#
# Requires that you have installed the following gem packages:
# json, minitest, watir, watir-webdrive, rest-client
# To use Chrome, you need to install chromedriver on your path
require 'rubygems'
require 'rest-client'
require 'json'
require 'pp'
require 'minitest/autorun'
require 'watir'
require 'watir-webdriver'
class TestReportSystem < MiniTest::Unit::TestCase
def setup
#browser = Watir::Browser.new :chrome # Defaults to firefox. Can do Safari and IE too.
# Log in here.....
end
def teardown
#browser.close
end
def test_report_lists # For minitest, the method names need to start with test
response = RestClient.get 'http://localhost:8080/reporter/reports/getReportList'
assert_equal response.code,200
parsed = JSON.parse response.to_str
assert_equal parsed.length, 3 # There are 3 reports available on the test server
end
def test_on_browser
#browser.goto 'http://localhost:8080/reporter/exampleReport/simple/genReport?month=Aug&year=2012'
assert(#browser.text.include?('Report for Aug 2012'))
end
end
Run the test cases by simply executing the script. There are many other testing systems and REST clients for Ruby which can be put to work in a similar way.
You might have a look at this approach http://anthonyeden.com/2013/07/10/testing-rest-apis-with-cucumber-and-rack.html
although many might say that using Cucumber is really more application or Acceptance testing and not unit testing, it does contain an approach to creating the HTTP headers and forming the http request, which I'm guessing might be where you are stuck?
Personally I don't have a problem with that since if you are truely going to unit test the API, you'd likely have to mock any units of code the api might be talking with (e.g. however you are persisting the data)
Seeing as I'm a QA guy not a dev, I'd be perfectly happy with using cucumber and testing it at that level, but I also greatly appreciate it when devs unit test, so while you might use rSpec instead of Cuke, perhaps the tip towards 'rack test' will be useful to what you are trying to accomplish.
You can try using airborne which is a framework written for just this purpose:
https://github.com/brooklynDev/airborne
You can test against either a live API, or against a Sinatra, Grape, Rails application.
I would use fakeweb gem to do unit testing with web services.
I would suggest client-api gem - it has loads of useful features specific to api automation which is easy to use and to maintain scripts.
https://github.com/prashanth-sams/client-api
Interestingly, this gem binds an api automation framework within itself. So, you don't even need a framework setup.
Key Features of client-api library:
Custom Header, URL, and Timeout support
URL query string customization
Datatype and key-pair value validation
Single key-pair response validation
Multi key-pair response validation
JSON response schema validation
JSON response content validation
JSON response size validation
JSON response is empty? validation
JSON response has specific key? validation
JSON response array-list sorting validation (descending, ascending)
Response headers validation
JSON template as body and schema
Support to store JSON responses of each tests for the current run
Logs support for debug
Custom logs remover
Auto-handle SSL for http(s) schemes
Example specs: https://github.com/prashanth-sams/client-api/tree/master/spec/client
Add this config snippet in the spec_helper.rb file:
ClientApi.configure do |config|
config.base_url = 'https://reqres.in'
config.headers = {'Content-Type' => 'application/json', 'Accept' => 'application/json'}
config.basic_auth = {'Username' => 'ahamilton#apigee.com', 'Password' => 'myp#ssw0rd'}
config.json_output = {'Dirname' => './output', 'Filename' => 'test'}
config.time_out = 10 # in secs
config.logger = {'Dirname' => './logs', 'Filename' => 'test', 'StoreFilesCount' => 2}
end
RSpec test scenarios look like,
api = ClientApi::Api.new
it "GET request" do
api.get('/api/users')
expect(api.status).to eq(200)
expect(api.message).to eq('OK')
end
it "POST request" do
api.post('/api/users', {"name": "prashanth sams"})
expect(api.status).to eq(201)
end
Note: This is an active project handling issues and new features based on user requirements

Resources