# MediaTypes::Serialization [![Build Status: master](https://travis-ci.com/XPBytes/media_types-serialization.svg)](https://travis-ci.com/XPBytes/media_types-serialization) [![Gem Version](https://badge.fury.io/rb/media_types-serialization.svg)](https://badge.fury.io/rb/media_types-serialization) [![MIT license](http://img.shields.io/badge/license-MIT-brightgreen.svg)](http://opensource.org/licenses/MIT) `respond_to` on steroids. Add [HATEOAS](https://docs.delftsolutions.nl/wiki/HATEOAS_API) compatible serialization and deserialization to your Rails projects. ## Installation Add this line to your application's Gemfile: ```ruby gem 'media_types-serialization' ``` And then execute: $ bundle Or install it yourself as: $ gem install media_types-serialization ## Usage Serializers help you in converting a ruby object to a representation matching a specified [Media Type validator](https://github.com/SleeplessByte/media-types-ruby) and the other way around. ### Creating a serializer ```ruby class BookSerializer < MediaTypes::Serialization::Base unvalidated 'application/vnd.acme.book' # outputs with a Content-Type of application/vnd.acme.book.v1+json output version: 1 do |obj, version, context| { book: { title: obj.title } } end end ``` To convert a ruby object to a json representation: ```ruby class Book attr_accessor :title end book = Book.new book.title = 'Everything, abridged' BookSerializer.serialize(book, 'vnd.acme.book.v1+json', context: nil) # => { "book": { "title": "Everything, abridged" } } ``` ### Controller integration You can integrate the serialization system in rails, giving you automatic [Content-Type negotiation](https://en.wikipedia.org/wiki/Content_negotiation) using the `Accept` header: ```ruby require 'media_types/serialization' class BookController < ActionController::API include MediaTypes::Serialization allow_output_serializer(BookSerializer, only: %i[show]) freeze_io! def show book = Book.new book.title = 'Everything, abridged' render_media book end end ``` While using the controller integration the context will always be set to the current controller. This allows you to construct urls. ### Adding HATEOAS responses to existing routes When creating a mobile application it's often useful to allow the app to request a non-html representation of a specific url. If you have an existing route: ```ruby class BookController < ApplicationController def show @book = Book.new # Use view corresponding to the controller end end ``` You can add a json representation as follows: ```ruby class BookController < ApplicationController allow_output_serializer(BookSerializer, only: %i[show]) allow_output_html freeze_io! def show @book = Book.new render_media @book end end ``` ### Validations Right now the serializer does not validate incoming or outgoing information. This can cause issues when you accidentally emit non-conforming data that people start to depend on. To make sure you don't do that you can specify a [Media Type validator](https://github.com/SleeplessByte/media-types-ruby): ```ruby require 'media_types' class BookValidator include MediaTypes::Dsl def self.organisation 'acme' end use_name 'book' validations do version 1 do attribute :book do attribute :title, String end end end end class BookSerializer < MediaTypes::Serialization::Base validator BookValidator # outputs with a Content-Type of application/vnd.acme.book.v1+json output version: 1 do |obj, version, context| { book: { title: obj.title } } end end ``` For more information, see the [Media Types docs](https://github.com/SleeplessByte/media-types-ruby). ### Versioning To help with supporting older versions, serializers have a [DSL](https://en.wikipedia.org/wiki/Domain-specific_language) to construct json objects: ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output versions: [1, 2] do |obj, version, context| attribute :book do attribute :title, obj.title attribute :description, obj.description if version >= 2 end end end ``` ```ruby BookSerializer.serialize(book, BookValidator.version(1), context: nil) # => { "book": { "title": "Everything, abridged" } } BookSerializer.serialize(book, BookValidator.version(2), context: nil) # => { "book": { "title": "Everything, abridged", "description": "Mu" } } ``` ### Links When making [HATEOAS](https://docs.delftsolutions.nl/wiki/HATEOAS_API) compliant applications it's very useful to include `Link` headers in your response so clients can use a `HEAD` request instead of having to fetch the entire resource. Serializers have convenience methods to help with this: ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output versions: [1, 2, 3] do |obj, version, context| attribute :book do link :self, href: context.book_url(obj) if version >= 3 attribute :title, obj.title attribute :description, obj.description if version >= 2 end end end ``` This returns the following response: ```ruby BookSerializer.serialize(book, BookValidator.version(3), context: controller) # header = Link: ; rel="self" # => { # "book": { # "_links": { # "self": { "href": "https://example.org" } # }, # "title": "Everything, abridged", # "description": "Mu" # } # } ``` ### Collections There are convenience methods for serializing arrays of objects based on a template. #### Indexes An index is a collection of urls that point to members of the array. The index method automatically generates it based on the self links defined in the default view of the same version. ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output versions: [1, 2, 3] do |obj, version, context| attribute :book do link :self, href: context.book_url(obj) if version >= 3 attribute :title, obj.title attribute :description, obj.description if version >= 2 end end output view: :index, version: 3 do |arr, version, context| attribute :books do link :self, href: context.book_index_url index arr, version: version end end end ``` ```ruby BookSerializer.serialize([book], BookValidator.view(:index).version(3), context: controller) # header = Link: ; rel="self" # => { # "books": { # "_links": { # "self": { "href": "https://example.org" } # }, # "_index": [ # { "href": "https://example.org" } # ] # } # } ``` #### Collections A collection inlines the member objects. The collection method automatically generates it based on the default view of the same version. ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output versions: [1, 2, 3] do |obj, version, context| attribute :book do link :self, href: context.book_url(obj) if version >= 3 attribute :title, obj.title attribute :description, obj.description if version >= 2 end end output view: :index, version: 3 do |arr, version, context| attribute :books do link :self, href: context.book_index_url index arr, version: version end end output view: :collection, version: 3 do |arr, version, context| attribute :books do link :self, href: context.book_collection_url collection arr, version: version end end end ``` ```ruby BookSerializer.serialize([book], BookValidator.view(:collection).version(3), context: controller) # header = Link: ; rel="self" # => { # "books": { # "_links": { # "self": { "href": "https://example.org" } # }, # "_embedded": [ # { # "_links": { # "self": { "href": "https://example.org" } # }, # "title": "Everything, abridged", # "description": "Mu" # } # ] # } # } ``` ### Input deserialization You can mark a media type as something that's allowed to be sent along with a PUT request as follows: ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output versions: [1, 2, 3] do |obj, version, context| attribute :book do link :self, href: context.book_url(obj) if version >= 3 attribute :title, obj.title attribute :description, obj.description if version >= 2 end input version: 3 end class BookController < ActionController::API include MediaTypes::Serialization allow_output_serializer(BookSerializer, only: %i[show]) allow_input_serializer(BookSerializer, only: %i[create]) freeze_io! def show book = Book.new book.title = 'Everything, abridged' render media: serialize_media(book), content_type: request.format.to_s end def create json = deserialize(request, context: self) # does validation for us puts json end end ``` If you use [ActiveRecord](https://guides.rubyonrails.org/active_record_basics.html) you might want to convert the verified json data during deserialization: ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output versions: [1, 2, 3] do |obj, version, context| attribute :book do link :self, href: context.book_url(obj) if version >= 3 attribute :title, obj.title attribute :description, obj.description if version >= 2 end input versions: [1, 2, 3] do |json, version, context| book = Book.new book.title = json['book']['title'] book.description = 'Not available' book.description = json['book']['description'] if version >= 2 # Best practise is to only save in the controller. book end end class BookController < ActionController::API include MediaTypes::Serialization allow_output_serializer(BookSerializer, only: %i[show]) allow_input_serializer(BookSerializer, only: %i[create]) freeze_io! def show book = Book.new book.title = 'Everything, abridged' render media: serialize_media(book), content_type: request.format.to_s end def create book = deserialize(request, context: self) book.save! render media: serialize_media(book), content_type request.format.to_s end end ``` If you don't want to apply any input validation or deserialization you can use the `allow_all_input` method instead of `allow_input_serialization`. ### Raw output Sometimes you need to output raw data. This cannot be validated. You do this as follows: ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output_raw view: :raw, version: 3 do |obj, version, context| hidden do # Make sure links are only set in the headers, not in the body. link :self, href: context.book_url(obj) end "I'm a non-json output" end end ``` ### Raw input You can do the same with input: ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator input_raw view: raw, version: 3 do |bytes, version, context| book = Book.new book.description = bytes book end end ``` ### Remapping media type identifiers Sometimes you already have old clients using an `application/json` media type identifier when they do requests. While this is not a good practise as this makes it hard to add new fields or remove old ones, this library has support for migrating away: ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output versions: [1, 2, 3] do |obj, version, context| attribute :book do link :self, href: context.book_url(obj) if version >= 3 attribute :title, obj.title attribute :description, obj.description if version >= 2 end end output_alias 'application/json' # maps application/json to to applicaton/vnd.acme.book.v1+json input view: :create, versions: [1, 2, 3] do |json, version, context| book = Book.new book.title = json['book']['title'] book.description = 'Not available' book.description = json['book']['description'] if version >= 2 # Make sure not to save here but only save in the controller book end input_alias 'application/json', view: :create # maps application/json to to applicaton/vnd.acme.book.v1+json ``` Validation will be done using the remapped validator. Aliasses map to version `nil` if that is available or `1` otherwise. It is not possible to configure this version. ### HTML This library has a built in API viewer. The viewer can be accessed by by appending a `?api_viewer=last` query parameter to the URL. To enable the API viewer, use: `allow_api_viewer` in the controller. ```ruby class BookController < ActionController::API include MediaTypes::Serialization allow_api_viewer allow_output_serializer(BookSerializer, only: %i[show]) allow_input_serializer(BookSerializer, only: %i[create]) freeze_io! def show book = Book.new book.title = 'Everything, abridged' render media: serialize_media(book), content_type: request.format.to_s end def create json = deserialize(request, context: self) # does validation for us puts json end end ``` You can also output custom HTML: ```ruby class BookSerializer < MediaTypes::Serialization::Base validator BookValidator output versions: [1, 2, 3] do |obj, version, context| attribute :book do link :self, href: context.book_url(obj) if version >= 3 attribute :title, obj.title attribute :description, obj.description if version >= 2 end end output_raw view: :html do |obj, context| render_view 'book/show', context: context, assigns: { title: obj.title, description: obj.description } end output_alias 'text/html', view: :html end ``` #### Errors This library adds support for returning errors to clients using the [`application/problem+json`](https://tools.ietf.org/html/rfc7231) media type. You can catch and transform application errors by adding an `output_error` call before `freeze_io!`: ```ruby class BookController < ActionController::API include MediaTypes::Serialization output_error CanCan::AccessDenied do |p, error| p.title 'You do not have enough permissions to perform this action.', lang: 'en' p.title 'Je hebt geen toestemming om deze actie uit te voeren.', lang: 'nl-NL' p.status_code :forbidden end freeze_io! # ... end ``` The exception you specified will be rescued by the controller and will be displayed to the user along with a link to the shared wiki page for that error type. Feel free to add instructions there on how clients should solve this problem. You can find more information at: [https://docs.delftsolutions.nl/wiki/Error](https://docs.delftsolutions.nl/wiki/Error) If you want to override this url you can use the `p.url(href)` function. By default the `message` property of the error is used to fill the `details` field. You can override this by using the `p.override_details(description, lang:)` function. Custom attributes can be added using the `p.attribute(name, value)` function. ### Related - [`MediaTypes`](https://github.com/SleeplessByte/media-types-ruby): :gem: Library to create media type validators. ## API ### Serializer definition These methods become available during class definition if you inherit from `MediaTypes::Serialization::Base`. #### `unvalidated( prefix )` Disabled validation for this serializer. Prefix is of the form `application/vnd..`. Either unvalidated or validator must be used while defining a serializer. #### `validator( media_type_validator )` Enabled validation for this serializer using a [Media Type Validator](https://github.com/SleeplessByte/media-types-ruby). Either validator or unvalidated must be used while defining a serializer. #### `output( view:, version:, versions: ) do |obj, version, context|` Defines a serialization block. Either version or versions can be set. View should be a symbol or unset. Obj is the object to be serialized, version is the negotiated version and context is the context passed in from the serialize function. When using the controller integration, context is the current controller. The block should return an object to convert into JSON. #### `output_raw( view:, version:, versions: ) do |obj, version, context|` This has the same behavior as `output` but should return a string instead of an object. Output is not validated. #### `output_alias( media_type_identifier, view:, hide_variant: false )` Defines a legacy mapping. This will make the deserializer parse the media type `media_type_identifier` as if it was version `nil` of the specified view. If view is undefined it will use the output serializer without a view defined. Response will have a content type equal to `[media_type_identifier]; variant=[mapped_media_type_identifier]`. If `hide_variant:` is true, the content type emitted will only be `[media_type_identifier]`. #### `output_alias_optional( media_type_identifier, view:, hide_variant: false )` Has the same behavior as `output_alias` but can be used by multiple serializers. The serializer that is loaded last in the controller 'wins' control over this media type identifier. If any of the serializers have an `output_alias` defined with the same media type identifier that one will win instead. Response will have a content type equal to `[media_type_identifier]; variant=[mapped_media_type_identifier]`. If `hide_variant:` is true, the content type emitted will only be `[media_type_identifier]`. #### `input( view:, version:, versions: ) do |obj, version, context|` Defines a deserialization block. Either version or versions can be set. View should be a symbol or unset. Obj is the object to be serialized, version is the negotiated version and context is the context passed in from the serialize function. When using the controller integration, context is the current controller. The block should return the internal representation of the object. Best practise is to make sure not to change state in this function but to leave that up to the controller. #### `input_raw( view:, version:, versions: ) do |bytes, version, context|` This has the same behavior as `input` but takes in raw data. Input is not validated. #### `input_alias( media_type_identifier, view: )` Defines a legacy mapping. This will make the serializer parse the media type `media_type_identifier` as if it was version 1 of the specified view. If view is undefined it will use the input serializer without a view defined. #### `input_alias_optional( media_type_identifier, view: )` Has the same behavior as `input_alias` but can be used by multiple serializers. The serializer that is loaded last in the controller 'wins' control over this media type identifier. If any of the serializers have an `input_alias` defined with the same media type identifier that one will win instead. #### `disable_wildcards` Disables registering wildcard media types. ### Serializer definition The following methods are available within an `output ... do` block. #### `attribute( key, value = {} ) do` Sets a value for the given key. If a block is given, any `attribute`, `link`, `collection` and `index` statements are run in context of `value`. Returns the built up context so far. #### `link( rel, href:, emit_header: true, **attributes )` Adds a `_link` block to the current context. Also adds the specified link to the HTTP Link header. `attributes` allows passing in custom attributes. If `emit_header` is `true` the link will also be emitted as a http header. Returns the built up context so far. #### `index( array, serializer, version:, view: nil )` Adds an `_index` block to the current context. Uses the self links of the specified view to construct an index of urls to the child objects. Returns the built up context so far. #### `collection( array, serializer, version:, view: nil )` Adds an `_embedded` block to the current context. Uses the specified serializer to embed the child objects. Optionally a block can be used to modify the output from the child serializer. Returns the built up context so far. #### `hidden do` Sometimes you want to add links without actually modifying the object. Calls to `attribute`, `link`, `index`, `collection` made inside this block won't modify the context. Any calls to link will only set the HTTP Link header. Returns the unmodified context. #### `emit` Can be added to the end of a block to fix up the return value to return the built up context so far. Returns the built up context so far. #### `object do` Runs a block in a new context and returns the result #### `render_view( view, context:, **args)` Can be used to render a view. You can set local variables in the view by assigning a hash to the `assigns:` parameter. ### Controller definition These functions are available during the controller definition if you add `include MediaTypes::Serialization`. #### `allow_output_serializer( serializer, views: nil, **filters )` Configure the controller to allow the client to request responses emitted by the specified serializer. Optionally allows you to specify which views to allow by passing an array in the views parameter. Accepts the same filters as `before_action`. #### `allow_output_html( as: nil, layout: nil, **filters )` Allows falling back to the default Rails view rendering when the client asks for the media type in the `as:` parameter or `text/html` if `as:` is unset. The `Content-Type` of the response will be `text/html` if the `as:` parameter is unset. If the `as:` parameter is set, it will include it in the variant parameter: `text/html; variant=application/vnd.xpbytes.borderless`. Accepts the same filters as `before_action`. #### `allow_output_docs( description, **filters )` Outputs the specified description as help information. Accepts the same filters as `before_action`. #### `allow_input_serializer( serializer, views: nil, **filters )` Configure the controller to allow the client to send bodies with a `Content-Type` that can be deserialized using the specified serializer. Optionally allows you to specify which views to allow by passing an array in the views parameter. Accepts the same filters as `before_action`. #### `allow_all_input( **filters )` Disables input deserialization. Running `deserialize` while allowing all input will result in an error being thrown. #### `not_acceptable_serializer( serializer )` Replaces the serializer used to render the error page when no media type could be negotiated using the `Accept` header. #### `unsupported_media_type_serializer( serializer )` Adds a serializer that can be used to render the error page when the client submits a body with a `Content-Type` that was not added to the whitelist using `allow_input_serialization`. #### `clear_unsupported_media_type_serializers!` Clears the list of serializers used to render the error when the client supplies non-valid input. #### `input_validation_failed_serializer( serializer )` Adds a serializer that can be used to render the error page when input validation fails. #### `clear_input_validation_failed_serializers!` Clears the list of serializers used to render the error when the client supplies non-valid input. #### `allow_api_viewer(serializer: MediaTypes::Serialization::Serializers::ApiViewer, **filter_opts)` Enables rendering the api viewer when adding the `api_viewer=last` query parameter to the url. #### `freeze_io!(**filter_opts)` Registers serialization and deserialization in the controller. This function must be called before using the controller. ### Controller usage These functions are available during method execution in the controller. #### `render_media( obj, serializers: nil, not_acceptable_serializer: nil, **options ) do` Serializes an object and renders it using the appropriate content type. Options are passed through to the controller `render` function. Allows you to specify different objects to different serializers using a block: ```ruby render_media do serializer BookSerializer, book serializer BooksSerializer do [ book ] end end ``` Warning: this block can be called multiple times when used together with recursive serializers like the API viewer. Try to avoid changing state in this block. If you want to render with different serializers than defined in the controller you can pass an array of serializers in the `serializers` property. If you want to override the serializer that is used to render the response when no acceptable Content-Type could be negotiated you can pass the desired serializer in the `not_acceptable_serializer` property. This method throws a `MediaTypes::Serialization::OutputValidationFailedError` error if the output does not conform to the format defined by the configured validator. Best practise is to return a 500 error to the client. If no acceptable Content-Type could be negotiated the response will be rendered using the serialized defined by the class `not_acceptable_serializer` function or by the `not_acceptable_serializer` property. Due to the way this gem is implemented it is not possible to use instance variables (`@variable`) in the `render_media` do block. #### `deserialize( request )` Deserializes the request body using the configured input serializers and returns the deserialized object. Returns nil if no input body was given by the client. This method throws a `MediaTypes::Serialization::InputValidationFailedError` error if the incoming data does not conform to the specified schema. #### `deserialize!( request )` Does the same as `deserialize( request )` but gives the client an error page if no input was supplied. #### `resolve_serializer(request, identifier = nil, registration = @serialization_output_registration)` Returns the serializer class that will handle the given request. ## Customization The easiest way to customize the look and feel of the built in pages is to provide your own logo and background in an initializer: ```ruby # config/initializers/serialization.rb MediaTypes::Serialization::Serializers::CommonCSS.background = 'linear-gradient(245deg, #3a2f28 0%, #201a16 100%)' MediaTypes::Serialization::Serializers::CommonCSS.logo_width = 12 MediaTypes::Serialization::Serializers::CommonCSS.logo_data = <<-HERE HERE ``` ## Development After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). ## Contributing Bug reports and pull requests are welcome on GitHub at [XPBytes/media_types-serialization](https://github.com/XPBytes/media_types-serialization).