rswag-api/lib/rswag/api/middleware.rb
require 'json'
require 'yaml'
require 'rack/mime'
module Rswag
module Api
class Middleware
def initialize(app, config)
@app = app
@config = config
end
def call(env)
path = env['PATH_INFO']
# Sanitize the filename for directory traversal by expanding, and ensuring
# its starts with the root directory.
openapi_root = @config.resolve_openapi_root(env)
filename = File.expand_path(File.join(openapi_root, path))
return @app.call(env) unless filename.start_with? openapi_root.to_s
if env['REQUEST_METHOD'] == 'GET' && File.file?(filename)
swagger = parse_file(filename)
@config.swagger_filter.call(swagger, env) unless @config.swagger_filter.nil?
mime = Rack::Mime.mime_type(::File.extname(path), 'text/plain')
headers = { 'Content-Type' => mime }.merge(@config.swagger_headers || {})
body = unload_swagger(filename, swagger)
return [
'200',
headers,
[body]
]
end
@app.call(env)
end
private
def parse_file(filename)
if /\.ya?ml$/ === filename
load_yaml(filename)
else
load_json(filename)
end
end
def load_yaml(filename)
YAML.safe_load(File.read(filename))
end
def load_json(filename)
JSON.parse(File.read(filename))
end
def unload_swagger(filename, swagger)
if /\.ya?ml$/ === filename
YAML.dump(swagger)
else
JSON.dump(swagger)
end
end
end
end
end