Add content_negociation extension

docs/changelog.md

@@ -10,13 +10,21 @@ A changelog:
 
 ## dev version
 
-* Changed `Roll.hook` signature to also accept kwargs ([#5](https://github.com/pyrates/roll/pull/5))
-* `json` shorcut sets `utf-8` charset in `Content-Type` header ([#13](https://github.com/pyrates/roll/pull/13))
-* Added `static` extension to serve static files for development ([#16](https://github.com/pyrates/roll/pull/16))
-* `cors` accepts `headers` parameter to control `Access-Control-Allow-Headers` ([#12](https://github.com/pyrates/roll/pull/12))
+* Changed `Roll.hook` signature to also accept kwargs
+  ([#5](https://github.com/pyrates/roll/pull/5))
+* `json` shorcut sets `utf-8` charset in `Content-Type` header
+  ([#13](https://github.com/pyrates/roll/pull/13))
+* Added `static` extension to serve static files for development
+  ([#16](https://github.com/pyrates/roll/pull/16))
+* `cors` accepts `headers` parameter to control `Access-Control-Allow-Headers`
+  ([#12](https://github.com/pyrates/roll/pull/12))
+* Added `content_negociation` extension to reject unacceptable client requests
+  based on the `Accept` header
 * **Breaking changes**:
-    * `options` extension is no more applied by default ([#16](https://github.com/pyrates/roll/pull/16))
-    * deprecated `req` pytest fixture is now removed ([#9](https://github.com/pyrates/roll/pull/9))
+    * `options` extension is no more applied by default
+      ([#16](https://github.com/pyrates/roll/pull/16))
+    * deprecated `req` pytest fixture is now removed
+      ([#9](https://github.com/pyrates/roll/pull/9))
 
 ## 0.5.0 — 2017-09-21
 

docs/reference.md

@@ -152,10 +152,19 @@ Combine it with the `cors` extension to handle the preflight request.
 - **app**: Roll app to register the extension against
 
 
+### content_negociation
+
+Deal with content negociation declared during routes definition.
+Will return a `406 Not Acceptable` response in case of mismatch between
+the `Accept` header from the client and the `accepts` parameter set in
+routes. Useful to reject requests which are not expecting the available
+response.
+
 #### Parameters
 
 - **app**: Roll app to register the extension against
 
+
 ### traceback
 
 Print the traceback on the server side if any. Handy for debugging.
@@ -164,6 +173,7 @@ Print the traceback on the server side if any. Handy for debugging.
 
 - **app**: Roll app to register the extension against
 
+
 ### igniter
 
 Display a BIG message when running the server.
@@ -173,6 +183,7 @@ Quite useless, hence so essential!
 
 - **app**: Roll app to register the extension against
 
+
 ### static
 
 Serve static files. Should not be used in production.
@@ -240,3 +251,12 @@ Fired in case of error, can be at each request.
 Use it to customize HTTP error formatting for instance.
 
 Receives `request`, `response` and `error` parameters.
+
+
+### dispatch
+
+Fired after the route matching at each request.
+Use it to customize routes restrictions for instance.
+
+Receives `request` and `payload` parameters. The latter being the result
+of the routes matching (dict).

requirements.txt

@@ -1,3 +1,4 @@
 autoroutes==0.2.0
 httptools==0.0.9
+mimetype-match==1.0.4
 uvloop==0.8.1

roll/__init__.py

@@ -199,10 +199,12 @@ def write(self, *args):
         payload = b'HTTP/1.1 %a %b\r\n' % (
             self.response.status.value, self.response.status.phrase.encode())
         if not isinstance(self.response.body, bytes):
-            self.response.body = self.response.body.encode()
+            self.response.body = str(self.response.body).encode()
         if 'Content-Length' not in self.response.headers:
             length = len(self.response.body)
             self.response.headers['Content-Length'] = length
+        if 'Content-Type' not in self.response.headers:
+            self.response.headers['Content-Type'] = 'text/html'
         for key, value in self.response.headers.items():
             payload += b'%b: %b\r\n' % (key.encode(), str(value).encode())
         payload += b'\r\n%b' % self.response.body
@@ -242,7 +244,7 @@ async def shutdown(self):
     async def __call__(self, request: Request, response: Response):
         try:
             if not await self.hook('request', request, response):
-                params, handler = self.dispatch(request)
+                params, handler = await self.dispatch(request)
                 await handler(request, response, **params)
         except Exception as error:
             await self.on_error(request, response, error)
@@ -268,22 +270,25 @@ async def on_error(self, request: Request, response: Response, error):
     def factory(self):
         return self.Protocol(self)
 
-    def route(self, path: str, methods: list=None):
+    def route(self, path: str, methods: list=None, **extras):
         if methods is None:
             methods = ['GET']
 
         def wrapper(func):
-            self.routes.add(path, **{m: func for m in methods})
+            handlers = {method: func for method in methods}
+            handlers.update(extras)
+            self.routes.add(path, **handlers)
             return func
 
         return wrapper
 
-    def dispatch(self, request: Request):
-        handlers, params = self.routes.match(request.path)
-        if request.method not in handlers:
+    async def dispatch(self, request: Request):
+        payload, params = self.routes.match(request.path)
+        await self.hook('dispatch', request, payload)
+        if request.method not in payload:
             raise HttpError(HTTPStatus.METHOD_NOT_ALLOWED)
         request.kwargs.update(params)
-        return params, handlers[request.method]
+        return params, payload[request.method]
 
     def listen(self, name: str):
         def wrapper(func):

roll/extensions.py

@@ -5,6 +5,8 @@
 from pathlib import Path
 from traceback import print_exc
 
+from mimetype_match import get_best_match
+
 from . import HttpError
 
 
@@ -48,6 +50,15 @@ async def handle_options(request, response):
         return request.method == 'OPTIONS'
 
 
+def content_negociation(app):
+
+    @app.listen('dispatch')
+    async def reject_unacceptable_requests(request, payload):
+        accept = request.headers.get('Accept', '*/*')
+        if get_best_match(accept, payload['accepts']) is None:
+            raise HttpError(HTTPStatus.NOT_ACCEPTABLE)
+
+
 def traceback(app):
 
     @app.listen('error')
@@ -108,8 +119,8 @@ async def serve(request, response, path):
         content_type, encoding = mimetypes.guess_type(str(abspath))
         with abspath.open('rb') as source:
             response.body = source.read()
-            response.headers['Content-Type'] = (content_type
-                                                or 'application/octet-stream')
+            response.headers['Content-Type'] = (content_type or
+                                                'application/octet-stream')
 
     @app.listen('startup')
     async def register_route():

roll/testing.py

@@ -4,6 +4,15 @@
 import pytest
 
 
+class Transport:
+
+    def write(self, data):
+        ...
+
+    def close(self):
+        ...
+
+
 class Client:
 
     # Default content type for request body encoding, change it to your own
@@ -36,12 +45,15 @@ async def request(self, path, method='GET', body=b'', headers=None,
             headers['Content-Type'] = content_type
         body, headers = self.encode_body(body, headers)
         protocol = self.app.factory()
+        protocol.connection_made(Transport())
         protocol.on_message_begin()
         protocol.on_url(path.encode())
         protocol.request.body = body
         protocol.request.method = method
         protocol.request.headers = headers
-        return await self.app(protocol.request, protocol.response)
+        await self.app(protocol.request, protocol.response)
+        protocol.write()
+        return protocol.response
 
     async def get(self, path, **kwargs):
         return await self.request(path, method='GET', **kwargs)

tests/test_errors.py

@@ -14,7 +14,7 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.INTERNAL_SERVER_ERROR
-    assert resp.body == 'Oops.'
+    assert resp.body == b'Oops.'
 
 
 async def test_httpstatus_error(client, app):
@@ -25,7 +25,7 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.BAD_REQUEST
-    assert resp.body == 'Really bad.'
+    assert resp.body == b'Really bad.'
 
 
 async def test_error_only_with_status(client, app):
@@ -36,7 +36,7 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.INTERNAL_SERVER_ERROR
-    assert resp.body == 'Internal Server Error'
+    assert resp.body == b'Internal Server Error'
 
 
 async def test_error_only_with_httpstatus(client, app):
@@ -47,7 +47,7 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.INTERNAL_SERVER_ERROR
-    assert resp.body == 'Internal Server Error'
+    assert resp.body == b'Internal Server Error'
 
 
 async def test_error_subclasses_with_super(client, app):
@@ -63,7 +63,7 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.INTERNAL_SERVER_ERROR
-    assert resp.body == '<h1>Oops.</h1>'
+    assert resp.body == b'<h1>Oops.</h1>'
 
 
 async def test_error_subclasses_without_super(client, app):
@@ -79,4 +79,4 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.INTERNAL_SERVER_ERROR
-    assert resp.body == '<h1>Oops.</h1>'
+    assert resp.body == b'<h1>Oops.</h1>'

tests/test_extensions.py

@@ -18,7 +18,7 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.OK
-    assert resp.body == 'test response'
+    assert resp.body == b'test response'
     assert resp.headers['Access-Control-Allow-Origin'] == '*'
 
 
@@ -167,3 +167,92 @@ async def test_can_change_static_prefix(client, app):
     resp = await client.get('/foo/index.html')
     assert resp.status == HTTPStatus.OK
     assert b'Test' in resp.body
+
+
+async def test_get_accept_content_negociation(client, app):
+
+    extensions.content_negociation(app)
+
+    @app.route('/test', accepts=['text/html'])
+    async def get(req, resp):
+        resp.body = 'accepted'
+
+    resp = await client.get('/test', headers={'Accept': 'text/html'})
+    assert resp.status == HTTPStatus.OK
+    assert resp.body == b'accepted'
+    assert resp.headers['Content-Type'] == 'text/html'
+
+
+async def test_get_accept_content_negociation_if_many(client, app):
+
+    extensions.content_negociation(app)
+
+    @app.route('/test', accepts=['text/html', 'application/json'])
+    async def get(req, resp):
+        if req.headers['Accept'] == 'text/html':
+            resp.body = '<h1>accepted</h1>'
+        elif req.headers['Accept'] == 'application/json':
+            resp.json = {'status': 'accepted'}
+
+    resp = await client.get('/test', headers={'Accept': 'text/html'})
+    assert resp.status == HTTPStatus.OK
+    assert resp.body == b'<h1>accepted</h1>'
+    assert resp.headers['Content-Type'] == 'text/html'
+    resp = await client.get('/test', headers={'Accept': 'application/json'})
+    assert resp.status == HTTPStatus.OK
+    assert resp.body == b'{"status":"accepted"}'
+    assert resp.headers['Content-Type'] == 'application/json; charset=utf-8'
+
+
+async def test_get_reject_content_negociation(client, app):
+
+    extensions.content_negociation(app)
+
+    @app.route('/test', accepts=['text/html'])
+    async def get(req, resp):
+        resp.body = 'rejected'
+
+    resp = await client.get('/test', headers={'Accept': 'text/css'})
+    assert resp.status == HTTPStatus.NOT_ACCEPTABLE
+
+
+async def test_get_accept_star_content_negociation(client, app):
+
+    extensions.content_negociation(app)
+
+    @app.route('/test', accepts=['text/css'])
+    async def get(req, resp):
+        resp.body = 'accepted'
+
+    resp = await client.get('/test', headers={'Accept': 'text/*'})
+    assert resp.status == HTTPStatus.OK
+
+
+async def test_post_accept_content_negociation(client, app):
+
+    extensions.content_negociation(app)
+
+    @app.route('/test', methods=['POST'], accepts=['application/json'])
+    async def get(req, resp):
+        resp.json = {'status': 'accepted'}
+
+    client.content_type = 'application/x-www-form-urlencoded'
+    resp = await client.post('/test', body={'key': 'value'},
+                             headers={'Accept': 'application/json'})
+    assert resp.status == HTTPStatus.OK
+    assert resp.headers['Content-Type'] == 'application/json; charset=utf-8'
+    assert resp.body == b'{"status":"accepted"}'
+
+
+async def test_post_reject_content_negociation(client, app):
+
+    extensions.content_negociation(app)
+
+    @app.route('/test', methods=['POST'], accepts=['text/html'])
+    async def get(req, resp):
+        resp.json = {'status': 'accepted'}
+
+    client.content_type = 'application/x-www-form-urlencoded'
+    resp = await client.post('/test', body={'key': 'value'},
+                             headers={'Accept': 'application/json'})
+    assert resp.status == HTTPStatus.NOT_ACCEPTABLE

tests/test_hooks.py

@@ -13,7 +13,7 @@ async def test_request_hook_can_alter_response(client, app):
     @app.listen('request')
     async def listener(request, response):
         response.status = 400
-        response.body = 'another response'
+        response.body = b'another response'
         return True  # Shortcut the response process.
 
     @app.route('/test')
@@ -22,7 +22,7 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.BAD_REQUEST
-    assert resp.body == 'another response'
+    assert resp.body == b'another response'
 
 
 async def test_response_hook_can_alter_response(client, app):
@@ -39,7 +39,7 @@ async def get(req, resp):
 
     resp = await client.get('/test')
     assert resp.status == HTTPStatus.BAD_REQUEST
-    assert resp.body == 'another response'
+    assert resp.body == b'another response'
 
 
 async def test_error_with_json_format(client, app):