From 739caa646f7a426dd2d1250b32a07b788fd61dd4 Mon Sep 17 00:00:00 2001 From: Felix Hassert Date: Wed, 28 Oct 2020 14:26:26 +0100 Subject: [PATCH 01/12] tutorial: add error.xml to "complete configuration" section --- tutorial/README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tutorial/README.md b/tutorial/README.md index aadd160..0cfd273 100644 --- a/tutorial/README.md +++ b/tutorial/README.md @@ -1195,3 +1195,24 @@ paths: items: type: array ``` + +### `error.xml` + +```xml + + + + { + "Status": {{ $error/status }}, + "Error-Code": {{ $error/code }} + } + + +``` From c895fff88f70765bb247aa4b5ed54691a1911224 Mon Sep 17 00:00:00 2001 From: "Rainer M. Canavan" Date: Tue, 27 Oct 2020 19:50:20 +0100 Subject: [PATCH 02/12] update validation error message --- tutorial/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tutorial/README.md b/tutorial/README.md index 0cfd273..8fc7af7 100644 --- a/tutorial/README.md +++ b/tutorial/README.md @@ -364,10 +364,10 @@ Let's try again: $ curl --silent localhost:8080/..%2fswagger.yaml%23 | jq { "error": { - "message": "Input Validation Failed", + "message": "Client request validation failed", … "info": [ - "Pattern constraint violated in path for language: Does not match the regex pattern ^[a-zA-Z0-9]+$." + "Pattern constraint violated in path for language: '../swagger.yaml#' does not match the pattern '^[a-zA-Z0-9]+$.'" ] } } From 03cb01b979727cfc47085d714ae0a113927318bf Mon Sep 17 00:00:00 2001 From: Erik Aderhold Date: Mon, 25 Jan 2021 11:04:48 +0100 Subject: [PATCH 03/12] fix external links to developer.mozilla.org Link structure on developer.mozilla.org has changed for the XPath docs developer.mozilla.org/en/XPath -> developer.mozilla.org/en-US/docs/web/XPath --- reference/functions/README.md | 54 +++++++++++++++++------------------ 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/reference/functions/README.md b/reference/functions/README.md index 55aab62..2d3cbda 100644 --- a/reference/functions/README.md +++ b/reference/functions/README.md @@ -6,24 +6,24 @@ * [`base64-decode()`](base64-decode.md) * [`base64-encode()`](base64-encode.md) * [`capitalize-first()`](capitalize-first.md) -* [`concat()` ↗](https://developer.mozilla.org/en/XPath/Functions/concat) -* [`contains()` ↗](https://developer.mozilla.org/en/XPath/Functions/contains) +* [`concat()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/concat) +* [`contains()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/contains) * [`ends-with()`](ends-with.md) * [`join()`](join.md) * [`matches()`](matches.md) * [`md5()`](md5.md) -* [`normalize-space()` ↗](https://developer.mozilla.org/en/XPath/Functions/normalize-space) +* [`normalize-space()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/normalize-space) * [`replace()`](replace.md) * [`split()`](split.md) -* [`starts-with()` ↗](https://developer.mozilla.org/en/XPath/Functions/starts-with) -* [`string()` ↗](https://developer.mozilla.org/en/XPath/Functions/string) -* [`string-length()` ↗](https://developer.mozilla.org/en/XPath/Functions/string-length) -* [`substring()` ↗](https://developer.mozilla.org/en/XPath/Functions/substring) -* [`substring-after()` ↗](https://developer.mozilla.org/en/XPath/Functions/substring-after) -* [`substring-before()` ↗](https://developer.mozilla.org/en/XPath/Functions/substring-before) +* [`starts-with()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/starts-with) +* [`string()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/string) +* [`string-length()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/string-length) +* [`substring()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/substring) +* [`substring-after()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/substring-after) +* [`substring-before()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/substring-before) * [`tolower()`](tolower.md) * [`toupper()`](toupper.md) -* [`translate()` ↗](https://developer.mozilla.org/en/XPath/Functions/translate) +* [`translate()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/translate) * [`trim()`](trim.md) * [`urldecode()`, `url-decode()`](urldecode.md) * [`urlencode()`, `url-encode()`](urlencode.md) @@ -47,17 +47,17 @@ ## Boolean Functions -* [`boolean()` ↗](https://developer.mozilla.org/en/XPath/Functions/boolean) -* [`false()` ↗](https://developer.mozilla.org/en/XPath/Functions/false) -* [`not()` ↗](https://developer.mozilla.org/en/XPath/Functions/not) -* [`true()` ↗](https://developer.mozilla.org/en/XPath/Functions/true) +* [`boolean()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/boolean) +* [`false()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/false) +* [`not()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/not) +* [`true()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/true) ## Math Functions -* [`ceiling()` ↗](https://developer.mozilla.org/en/XPath/Functions/ceiling) -* [`floor()` ↗](https://developer.mozilla.org/en/XPath/Functions/floor) -* [`number()` ↗](https://developer.mozilla.org/en/XPath/Functions/number) -* [`round()` ↗](https://developer.mozilla.org/en/XPath/Functions/round) -* [`sum()` ↗](https://developer.mozilla.org/en/XPath/Functions/sum) +* [`ceiling()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/ceiling) +* [`floor()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/floor) +* [`number()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/number) +* [`round()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/round) +* [`sum()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/sum) ## Date Functions @@ -76,7 +76,7 @@ * [`body()`](body.md) * [`content()`](content.md) -* [`count()` ↗](https://developer.mozilla.org/en/XPath/Functions/count) +* [`count()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/count) * [`file-exists()`](file-exists.md) * [`fit-document()`](fit-document.md) * [`fit-log()`](fit-log.md) @@ -84,15 +84,15 @@ * [`get-log()`](get-log.md) * [`has-class()`](has-class.md) * [`html-parse()`](html-parse.md) -* [`id()` ↗](https://developer.mozilla.org/en/XPath/Functions/id) +* [`id()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/id) * [`ldap-lookup()`](ldap-lookup.md) * [`ldap-query()`](ldap-query.md) -* [`lang()` ↗](https://developer.mozilla.org/en/XPath/Functions/lang) -* [`last()` ↗](https://developer.mozilla.org/en/XPath/Functions/last) -* [`local-name()` ↗](https://developer.mozilla.org/en/XPath/Functions/local-name) +* [`lang()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/lang) +* [`last()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/last) +* [`local-name()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/local-name) * [`lookup()`](lookup.md) -* [`name()` ↗](https://developer.mozilla.org/en/XPath/Functions/name) -* [`namespace-uri()` ↗](https://developer.mozilla.org/en/XPath/Functions/namespace-uri) -* [`position()` ↗](https://developer.mozilla.org/en/XPath/Functions/position) +* [`name()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/name) +* [`namespace-uri()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/namespace-uri) +* [`position()` ↗](https://developer.mozilla.org/en-US/docs/web/XPath/Functions/position) * [`uuid3()` and `uuid4()`](uuid.md) * [`xml-parse()`](xml-parse.md) From c2d9eb4e039832276d1aeaf8c342bf1c1b863be7 Mon Sep 17 00:00:00 2001 From: Johannes Koch Date: Wed, 27 Jan 2021 13:02:13 +0100 Subject: [PATCH 04/12] Added docu for validate-request-security request option --- reference/OpenAPI/upstream.md | 17 +++++++++++++++++ reference/actions/request.md | 1 + 2 files changed, 18 insertions(+) diff --git a/reference/OpenAPI/upstream.md b/reference/OpenAPI/upstream.md index a585b76..f79de22 100644 --- a/reference/OpenAPI/upstream.md +++ b/reference/OpenAPI/upstream.md @@ -14,6 +14,7 @@ The configuration takes place in the [`request` action](/reference/actions/reque * `definition` - The path to the swagger definition file (type: `string`) * `validate-request` - Whether to validate the request (valid values: `true`, `false`, "report-only", default: `false`) +* `validate-request-security` - Whether to validate the request security requirements according to `security` in the swagger definition (valid values: `true`, `false`, "report-only", default: `false`) * `validate-response` - Whether to validate the response (valid values: `true`, `false`, "report-only", default: `false`) ### Error Handling @@ -34,6 +35,22 @@ The configuration takes place in the [`request` action](/reference/actions/reque } ``` +If with `validate-request-security: true` a request security violation is found, the request _will not be sent_. The response will be an [error document](validation.md#system-error-document) with status `401 Unauthorized`. + +```json +{ + "error": { + "message": "Upstream Request Security Validation Failed", + "error": 3207, + "status": 401, + "requestID": "W@W8DrjPEMPxyqu4zAL4PAAAABg", + "info": [ + "Header Security (HeaderAuth): Missing header My-Header" + ] + } +} +``` + If `validate-response` detects that the response body violates the schema, the response will be replaced by a system error. ```json diff --git a/reference/actions/request.md b/reference/actions/request.md index 8880ca9..dd3a0fc 100644 --- a/reference/actions/request.md +++ b/reference/actions/request.md @@ -315,6 +315,7 @@ The `options` property sets the request options. Its value must be a JSON object * `disable-connection-reuse` - Whether to disable the reuse of HTTP connections (type: `boolean`, default: `false`) * `mock-response` - Whether to [mock the response](/reference/OpenAPI/upstream.md#mocking) (type: `boolean`, default: `false`) * `validate-request` - Whether to validate the request (valid values: `true`, `false`, "report-only", default: `false`) +* `validate-request-security` - Whether to validate the request security requirements according to `security` in the swagger definition (valid values: `true`, `false`, "report-only", default: `false`) * `validate-response` - Whether to validate the response (valid values: `true`, `false`, "report-only", default: `false`) * `definition` - The path to the swagger definition file (type: `string`) * `exit-on-error` - if `true`, abort normal processing of the flow in case of validation errors. If configured, the [error flow](/reference/OpenAPI/routing.md#error-flow) is run. Otherwise a standard error message is substituted as a response to the request (type: `boolean`, default `false`) From 56221df22b94e15fea1fa0786ed666531e7d2a5a Mon Sep 17 00:00:00 2001 From: Johannes Koch Date: Wed, 27 Jan 2021 13:15:51 +0100 Subject: [PATCH 05/12] Added changelog entry for validate-request-security request option --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 582d756..81edad6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## Unreleased + +### Added + +- The [`validate-request-security` request option](/reference/actions/request.md#options) + + ## [20210107](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags) ### Added From e0ac8bd58685b63f43a2d087ed8b09d589d07ea0 Mon Sep 17 00:00:00 2001 From: "Rainer M. Canavan" Date: Thu, 28 Jan 2021 12:38:15 +0100 Subject: [PATCH 06/12] changelog for fix-numeric-set-env --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 582d756..4a7f3ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## Unreleased + +### Fixed + +- [`set-env`](/reference/actions/set-env.md) now does not produce unnecessary quotes for numeric values + + ## [20210107](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags) ### Added From c6e586e5f27672a7240226e814eaae8e28c9b468 Mon Sep 17 00:00:00 2001 From: "Rainer M. Canavan" Date: Mon, 1 Feb 2021 17:57:35 +0100 Subject: [PATCH 07/12] minor beautification of the documentation of validate-request-security --- reference/OpenAPI/upstream.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference/OpenAPI/upstream.md b/reference/OpenAPI/upstream.md index f79de22..d3745aa 100644 --- a/reference/OpenAPI/upstream.md +++ b/reference/OpenAPI/upstream.md @@ -35,7 +35,7 @@ The configuration takes place in the [`request` action](/reference/actions/reque } ``` -If with `validate-request-security: true` a request security violation is found, the request _will not be sent_. The response will be an [error document](validation.md#system-error-document) with status `401 Unauthorized`. +If `validate-request-security` is `true` and the request does not fullfill the security requirements, the request _will not be sent_. The response will be an [error document](validation.md#system-error-document) with status `401 Unauthorized`. ```json { From 0dbf42a293fcf002d31af041dd3242adedd3207f Mon Sep 17 00:00:00 2001 From: Johannes Koch Date: Mon, 8 Feb 2021 10:09:48 +0100 Subject: [PATCH 08/12] Added documentation of if attribute --- reference/flow.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/reference/flow.md b/reference/flow.md index 9021da8..7eb4618 100644 --- a/reference/flow.md +++ b/reference/flow.md @@ -79,6 +79,22 @@ If the result of that expression is `false`, the block will be skipped and the c The block associated with the first matching conditional expression will be executed – or if all expressions were evaluated to `false`, the `else` block will be executed. +### `if` attribute + +The `if` attribute allows for conditional execution of a single action: + +```xml + + … + + { + … + } + + … + +``` + ### `return` `return` quits the current [sub flow](actions/sub-flow.md) and returns to its parent flow. From dd3ae4f16c95adf20ac05a227bcc76ff89d8e975 Mon Sep 17 00:00:00 2001 From: Johannes Koch Date: Thu, 4 Mar 2021 13:15:39 +0100 Subject: [PATCH 09/12] changelog for split() function fix for ampersand --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2467803..7a8831d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ ### Fixed - [`set-env`](/reference/actions/set-env.md) now does not produce unnecessary quotes for numeric values +- Problem in the [`split()` function](/reference/functions/split.md), if called with a string containing an ampersand ## [20210107](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags) From f55e99a57edb74180ecd80d019f291e463319409 Mon Sep 17 00:00:00 2001 From: "Rainer M. Canavan" Date: Tue, 30 Mar 2021 10:16:05 +0200 Subject: [PATCH 10/12] changelog for #47945 CORS cache pollution --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7a8831d..7d87608 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - [`set-env`](/reference/actions/set-env.md) now does not produce unnecessary quotes for numeric values - Problem in the [`split()` function](/reference/functions/split.md), if called with a string containing an ampersand +- Send `Vary: Origin` response headers for non-preflight requests if [CORS](/reference/OpenAPI/cors.md) is enabled but `Origin` was not sent ## [20210107](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags) From fa6fe475343d9488e681b2eda3c665a7c6d0baca Mon Sep 17 00:00:00 2001 From: vwuerbel Date: Tue, 20 Apr 2021 11:45:17 +0200 Subject: [PATCH 11/12] distinguish FLAT and Couper (#115) Co-authored-by: Felix Hassert --- README.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index d6ba9bf..91c290d 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,16 @@ # FLAT -![Couper](https://couper.io/assets/images/couper-logo.svg) - _FLAT_ - the "Frontend Layer API Toolkit" by [Sevenval](https://www.sevenval.com/) is designed -for easy decoupling frontend from backend in modern web applications. It is the -preview version of _Couper_. See [couper.io](https://couper.io/) for more -details. +for easy decoupling frontend from backend in modern web applications. + +This documentation helps building maintainable JSON-based web APIs on +top of FLAT. -This documentation helps building maintainable JSON-based web APIs -on top of FLAT. +FLAT is the preview version of +[_Couper_](https://github.com/avenga/couper) – +[Avenga's](https://www.avenga.com) lightweight API gateway designed +to support developers in building and operating API-driven Web +projects. See [couper.io](https://couper.io/) for more details. ## [Tutorial](tutorial/README.md) @@ -17,7 +19,7 @@ This is the best place to start. ## [Cookbook](cookbook/README.md) -Browse the recipes in [Couper's Cookbook](cookbook/README.md) to learn +Browse the recipes in [FLAT's Cookbook](cookbook/README.md) to learn how to accomplish common API development tasks with FLAT. Developers will find plenty of examples here. ## [Reference](reference/README.md) From d25905b16f544c81671adcbad2e1dac7ab733509 Mon Sep 17 00:00:00 2001 From: "Rainer M. Canavan" Date: Wed, 23 Jun 2021 12:53:32 +0200 Subject: [PATCH 12/12] Release 20210623 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d87608..19db9f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## Unreleased +## [20210623](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags) ### Added