request.url does not seem to include the prefix or version

[dvandersluis]

As part of the authentication scheme for my API, the URL the consumer accessed is hashed as part of an authentication token. However, when I access request.url in my authentication code, the API prefix and the API version specified are not reflected in the URL:

class API < Grape::API
  error_format :json

  use API::Auth, :token_class => "ApiToken"

  version 'v1', :using => :path
  prefix 'api'

  resources :employees do
    get do
      Employee.all
    end
  end
end

If I GET /api/v1/employees.json, request.url is set to http://www.example.com//employees (note the double slash). Since the consumer, however, is (properly) using http://www.example.com/api/v1/employees as the URL, the URL on each side does not match up and authentication fails.

Any ideas how to fix or get around this?

[dvandersluis]

If I remove the version and prefix, and mount the API at "/api" rather than at "/", request.url does get set properly, but I'm not sure if there are any other issues that this will cause.

[dblock]

I can confirm this is a bug. We should probably fix it, but I am not sure how (spec/grape/endpoint.spec).

  context 'request' do
    it 'should be set to the url requested' do
      subject.get('/url') do
        request.url
      end
      get '/url'
      last_response.body.should == "http://example.org/url"
    end
    it 'should include version' do
      subject.version 'v1', :using => :path
      subject.get('/url') do
        request.url
      end
      get '/v1/url'
      last_response.body.should == "http://example.org/v1/url"
    end
    it 'should include prefix' do
      subject.version 'v1', :using => :path
      subject.prefix 'api'
      subject.get('/url') do
        request.url
      end
      get '/api/v1/url'
      last_response.body.should == "http://example.org/api/v1/url"
    end
  end

The request is constructed from RACK ENV in base.rb like this:

def request
   Rack::Request.new(self.env)
end

Here the middlware probably needs to be self-aware that it's mounted under a specific path and version and method and transform PATH_INFO inside that self.env value into the full path. But it sounds complicated, there's got to be a way to get the origin HTTP request path and pass it around.

In the short term, you can get the current route information via route, for my second example above the route will have "version=v1, method=GET, path=/:version/url(.:format)".

[dblock]

This has been fixed. Path versioning was modifying env['PATH_INFO'], which it shouldn't.