Skip to content
OpenAPI / Swagger plugin for Mojolicious
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib Released version 2.13 Mar 13, 2019
t Cannot call $c->continue() if we are in sync mode, fixes #121 Mar 13, 2019
.gitignore
.perltidyrc .perltidyrc Jun 7, 2016
.travis.yml Add .travis.yml Aug 9, 2016
Changes Released version 2.13 Mar 13, 2019
MANIFEST.SKIP git ship start Jun 7, 2016
Makefile.PL Released version 2.12 Feb 14, 2019
README Released version 1.22 Nov 19, 2017
README.md Released version 2.13 Mar 13, 2019
cpanfile Bump JSON::Validator Feb 14, 2019

README.md

NAME

Mojolicious::Plugin::OpenAPI - OpenAPI / Swagger plugin for Mojolicious

SYNOPSIS

use Mojolicious::Lite;

# Will be moved under "basePath", resulting in "POST /api/echo"
post "/echo" => sub {

  # Validate input request or return an error document
  my $c = shift->openapi->valid_input or return;

  # Generate some data
  my $data = {body => $c->validation->param("body")};

  # Validate the output response and render it to the user agent
  # using a custom "openapi" handler.
  $c->render(openapi => $data);
}, "echo";

# Load specification and start web server
plugin OpenAPI => {url => "data:///spec.json"};
app->start;

__DATA__
@@ spec.json
{
  "swagger" : "2.0",
  "info" : { "version": "0.8", "title" : "Echo Service" },
  "schemes" : [ "http" ],
  "basePath" : "/api",
  "paths" : {
    "/echo" : {
      "post" : {
        "x-mojo-name" : "echo",
        "parameters" : [
          { "in": "body", "name": "body", "schema": { "type" : "object" } }
        ],
        "responses" : {
          "200": {
            "description": "Echo response",
            "schema": { "type": "object" }
          }
        }
      }
    }
  }
}

See Mojolicious::Plugin::OpenAPI::Guides::Tutorial for a tutorial on how to write a "full" app with application class and controllers.

DESCRIPTION

Mojolicious::Plugin::OpenAPI is Mojolicious::Plugin that add routes and input/output validation to your Mojolicious application based on a OpenAPI (Swagger) specification.

Have a look at the "SEE ALSO" for references to more documentation, or jump right to the tutorial.

Currently v2 is very well supported, while v3 should be considered higly EXPERIMENTAL. Note that testing out v3 requires YAML::XS to be installed.

Please report in issues or open pull requests to enhance the 3.0 support.

HELPERS

openapi.spec

$hash = $c->openapi->spec($json_pointer)
$hash = $c->openapi->spec("/info/title")
$hash = $c->openapi->spec;

Returns the OpenAPI specification. A JSON Pointer can be used to extract a given section of the specification. The default value of $json_pointer will be relative to the current operation. Example:

{
  "paths": {
    "/pets": {
      "get": {
        // This datastructure is returned by default
      }
    }
  }
}

openapi.validate

@errors = $c->openapi->validate;

Used to validate a request. @errors holds a list of JSON::Validator::Error objects or empty list on valid input.

Note that this helper is only for customization. You probably want "openapi.valid_input" in most cases.

Validated input parameters will be copied to Mojolicious::Controller/validation, which again can be extracted by the "name" in the parameters list from the spec. Example:

# specification:
"parameters": [{"in": "body", "name": "whatever", "schema": {"type": "object"}}],

# controller
my $body = $c->validation->param("whatever");

openapi.valid_input

$c = $c->openapi->valid_input;

Returns the Mojolicious::Controller object if the input is valid or automatically render an error document if not and return false. See "SYNOPSIS" for example usage.

HOOKS

Mojolicious::Plugin::OpenAPI will emit the following hooks on the application object.

openapi_routes_added

Emitted after all routes have been added by this plugin.

$app->hook(openapi_routes_added => sub {
  my ($openapi, $routes) = @_;

  for my $route (@$routes) {
    ...
  }
});

This hook is EXPERIMENTAL and subject for change.

RENDERER

This plugin register a new handler called openapi. The special thing about this handler is that it will validate the data before sending it back to the user agent. Examples:

$c->render(json => {foo => 123});    # without validation
$c->render(openapi => {foo => 123}); # with validation

This handler will also use "renderer" to format the output data. The code below shows the default "renderer" which generates JSON data:

$app->plugin(
  OpenAPI => {
    renderer => sub {
      my ($c, $data) = @_;
      return Mojo::JSON::encode_json($data);
    }
  }
);

ATTRIBUTES

route

$route = $openapi->route;

The parent Mojolicious::Routes::Route object for all the OpenAPI endpoints.

validator

$jv = $openapi->validator;

Holds a JSON::Validator::OpenAPI::Mojolicious object.

METHODS

register

$openapi = $openapi->register($app, \%config);
$openapi = $app->plugin(OpenAPI => \%config);

Loads the OpenAPI specification, validates it and add routes to $app. It will also set up "HELPERS" and adds a before_render hook for auto-rendering of error documents. The return value is the object instance, which allow you to access the "ATTRIBUTES" after you load the plugin.

%config can have:

allow_invalid_ref

The OpenAPI specification does not allow "$ref" at every level, but setting this flag to a true value will ignore the $ref check.

Note that setting this attribute is discourage.

coerce

See "coerce" in JSON::Validator for possible values that coerce can take.

Default: 1

default_response_codes

A list of response codes that will get a "$ref" pointing to "#/definitions/DefaultResponse", unless already defined in the spec. "DefaultResponse" can be altered by setting "default_response_name".

The default response code list is the following:

400 | Bad Request           | Invalid input from client / user agent
401 | Unauthorized          | Used by Mojolicious::Plugin::OpenAPI::Security
404 | Not Found             | Route is not defined
500 | Internal Server Error | Internal error or failed output validation
501 | Not Implemented       | Route exists, but the action is not implemented

Note that more default codes might be added in the future if required by the plugin.

default_response_name

The name of the "definition" in the spec that will be used for "default_response_codes". The default value is "DefaultResponse". See "Default response schema" in Mojolicious::Plugin::OpenAPI::Guides::Tutorial for more details.

log_level

log_level is used when logging invalid request/response error messages.

Default: "warn".

plugins

A list of OpenAPI classes to extend the functionality. Default is: Mojolicious::Plugin::OpenAPI::Cors, Mojolicious::Plugin::OpenAPI::SpecRenderer and Mojolicious::Plugin::OpenAPI::Security.

$app->plugin(OpenAPI => {plugins => [qw(+Cors +SpecRenderer +Security)]});

You can load your own plugins by doing:

$app->plugin(OpenAPI => {plugins => [qw(+SpecRenderer My::Cool::OpenAPI::Plugin)]});

renderer

See "RENDERER".

route

route can be specified in case you want to have a protected API. Example:

$app->plugin(OpenAPI => {
  route => $app->routes->under("/api")->to("user#auth"),
  url   => $app->home->rel_file("cool.api"),
});

schema

Can be used to set a different schema, than the default OpenAPI 2.0 spec. Example values: "http://swagger.io/v2/schema.json", "v2" or "v3".

spec_route_name

Name of the route that handles the "basePath" part of the specification and serves the specification. Defaults to "x-mojo-name" in the specification at the top level.

url

See "schema" in JSON::Validator for the different url formats that is accepted.

spec is an alias for "url", which might make more sense if your specification is written in perl, instead of JSON or YAML.

version_from_class

Can be used to overridden /info/version in the API specification, from the return value from the VERSION() method in version_from_class.

This will only have an effect if "version" is "0".

Defaults to the current $app.

AUTHOR

Jan Henning Thorsen

COPYRIGHT AND LICENSE

Copyright (C) 2016, Jan Henning Thorsen

This program is free software, you can redistribute it and/or modify it under the terms of the Artistic License version 2.0.

SEE ALSO

You can’t perform that action at this time.