stripe / poncho Goto Github PK

This can be reproducible with the same example in the examples directory, and with the following command:
# let us not include the explicit header setting and send the data as a url-encoded
# body instead of application/json which is what we really want/expect

curl http://localhost:4567/charges -X POST -d "{\"amount\" : 120 }"

results in this error:

{"error":{"param":"{\"amount\":120}","type":"invalid_param","message":null}}

This is not really an error with Poncho but a problem with the user forgetting to set the wrong content type.

However, Poncho seems to run the basic sanity checks on params and throws this error. Guarding against wrong user input (in this case, pure idiocy on the part of the user) may not be the goal of a framework/abstraction and I really don't know what would be a better way to solve this for the same reason. Should there be a better error message? (I know it's impossible to cover all the edge-cases). Or perhaps, a setting to make sure Poncho won't sanity check the params unless the developer wants them?

Loving the current direction of Poncho. I've run into a few repeat issues, mainly stemming from the fact that params and filters are not inherited in method classes.

We typically setup a BaseMethod class for our custom exception handling, shared methods etc, which all other api method classes inherit from. This works fine until we try to share a before filter or param... Filters and params are not inherited... BOOM fullstop.

To get around this limitation, we've been wrapping our shared code (exceptions, filters, params) into modules, and including the module into each... and... every... method class. Arg.

Any chance the stripe team could make filters and params inheritable?

It looks like Poncho expects a logger at request.logger, but there isn't one. It's been a long time since I've used Rails, so I'm not sure if a logger is supposed to be there or not.

There's a fork with a patch at danielberkompas/poncho@b640a22.

Hi

are there any more examples?

J

I really like where Poncho is going and I'm excited to use it in my projects, but I'm running into a roadblock. How should one implement security?

So far, I've tried implementing security via a shared base method, like so:

class BaseMethod < Poncho::JSONMethod
  param :api_key

  validate do
    # Validation here for api key
  end
end

Then all my methods inherit from that BaseMethod:

class ResourceListMethod < BaseMethod
  # Method specific stuff here
end

At first glance, it seemed like this would work. However, the api_key validations don't get run inside the subclassed methods. The same goes if I use before. Any suggestions?

Poncho::Resource is a neat and small wrapper that can be used on its own for wrapping a model instance and provide .to_json, to_hash and other methods for free. Unfortunately, since it doesn't load the JSON library, using it standalone would throw an error:

require "poncho"

class A
  def a
    20
  end

  def b
    "Poncho is fun"
   end
end

class AR < Poncho::Resource
  param :a
  param :b
end      



AR.new(A.new).to_json
# => NoMethodError: undefined method `to_json' for {:a=>"20", :b=>"Poncho is fun"}:Hash

I can understand that adding a require 'json' line to every file is not clean. We need to load the entire JSON library just to get access to one method :/

Aside:

Is there a reason why Poncho does not support multiple JSON libraries? Since .to_json is not present in, say, Oj gem.