Full support for profiles

Author: tobyzerner

CHANGELOG.md

@@ -30,8 +30,13 @@ and this project adheres to
 
 ### Added
 
-- Add support for JSON:API profile URIs in `Content-Type` headers via
-  `Context::activateProfile(string $uri)` method
+- Add full support for JSON:API profiles:
+    - Parse profile URIs from `Accept` header
+    - `Context::profileRequested(string $uri): bool` - check if a profile was
+      requested
+    - `Context::requestedProfiles(): array` - get all requested profile URIs
+    - `Context::activateProfile(string $uri)` - activate a profile for the
+      response `Content-Type` header
     - Cursor pagination automatically activates the
       `https://jsonapi.org/profiles/ethanresnick/cursor-pagination` profile
 - Add support for asynchronous processing following the

docs/context.md

@@ -83,6 +83,15 @@ class Context
     // Determine whether a sort field has been requested
     public function sortRequested(string $field): bool;
 
+    // Determine whether a profile has been requested in the Accept header
+    public function profileRequested(string $uri): bool;
+
+    // Get all requested profile URIs from the Accept header
+    public function requestedProfiles(): array;
+
+    // Get all requested extension URIs from the Accept header
+    public function requestedExtensions(): array;
+
     // Activate a JSON:API profile for the current response
     public function activateProfile(string $uri): static;
 }

docs/profiles.md

@@ -0,0 +1,47 @@
+# Profiles
+
+[Profiles](https://jsonapi.org/format/1.1/#profiles) allow clients and servers
+to communicate about additional semantics or constraints applied to a JSON:API
+implementation. Unlike extensions, profiles can be safely ignored by the server
+if they are not recognized.
+
+## Requested Profiles
+
+When a client includes a profile in their `Accept` header, you can check if it
+was requested using the `profileRequested` method on the context:
+
+```php
+use Tobyz\JsonApiServer\Context;
+
+if ($context->profileRequested('https://example.com/my-profile')) {
+    // Client has requested this profile
+    // Optionally activate profile-specific behavior
+}
+```
+
+You can also get all requested profile URIs as an array:
+
+```php
+$profiles = $context->requestedProfiles();
+// ['https://example.com/profile1', 'https://example.com/profile2']
+```
+
+## Activating Profiles
+
+When you implement profile-specific behavior, you should activate the profile so
+it appears in the response `Content-Type` header:
+
+```php
+if ($context->profileRequested('https://example.com/my-profile')) {
+    $context->activateProfile('https://example.com/my-profile');
+
+    // Add profile-specific data or behavior
+}
+```
+
+The activated profile URIs will automatically be included in the response
+`Content-Type` header:
+
+```
+Content-Type: application/vnd.api+json; profile="https://example.com/my-profile"
+```

src/Context.php

@@ -3,9 +3,11 @@
 namespace Tobyz\JsonApiServer;
 
 use ArrayObject;
+use HttpAccept\AcceptParser;
 use Psr\Http\Message\ServerRequestInterface;
 use RuntimeException;
 use Tobyz\JsonApiServer\Endpoint\Endpoint;
+use Tobyz\JsonApiServer\Exception\NotAcceptableException;
 use Tobyz\JsonApiServer\Exception\Request\InvalidSparseFieldsetsException;
 use Tobyz\JsonApiServer\Resource\Collection;
 use Tobyz\JsonApiServer\Resource\Resource;
@@ -29,6 +31,8 @@ class Context
 
     private ?array $body;
     private ?string $path;
+    private ?array $requestedExtensions = null;
+    private ?array $requestedProfiles = null;
 
     private WeakMap $endpoints;
     private WeakMap $resourceIds;
@@ -38,6 +42,8 @@ class Context
 
     public function __construct(public JsonApi $api, public ServerRequestInterface $request)
     {
+        $this->parseAcceptHeader();
+
         $this->endpoints = new WeakMap();
         $this->resourceIds = new WeakMap();
         $this->modelIds = new WeakMap();
@@ -211,13 +217,93 @@ public function sortRequested(string $field): bool
         return false;
     }
 
+    /**
+     * Determine whether a profile has been requested.
+     */
+    public function profileRequested(string $uri): bool
+    {
+        return in_array($uri, $this->requestedProfiles());
+    }
+
+    /**
+     * Get all requested profile URIs.
+     *
+     * @return array
+     */
+    public function requestedProfiles(): array
+    {
+        if ($this->requestedProfiles === null) {
+            $this->parseAcceptHeader();
+        }
+
+        return $this->requestedProfiles;
+    }
+
+    /**
+     * Get all requested extension URIs from Accept header.
+     *
+     * @return array
+     */
+    public function requestedExtensions(): array
+    {
+        if ($this->requestedExtensions === null) {
+            $this->parseAcceptHeader();
+        }
+
+        return $this->requestedExtensions;
+    }
+
+    private function parseAcceptHeader(): void
+    {
+        $accept = $this->request->getHeaderLine('Accept');
+
+        if (!$accept) {
+            $this->requestedProfiles = [];
+            $this->requestedExtensions = [];
+            return;
+        }
+
+        $list = (new AcceptParser())->parse($accept);
+
+        foreach ($list as $mediaType) {
+            if (!in_array($mediaType->name(), [$this->api::MEDIA_TYPE, '*/*'])) {
+                continue;
+            }
+
+            if (array_diff(array_keys($mediaType->parameters()), ['ext', 'profile'])) {
+                continue;
+            }
+
+            $extensionUris = $mediaType->hasParamater('ext')
+                ? explode(' ', $mediaType->getParameter('ext'))
+                : [];
+
+            if (array_diff($extensionUris, array_keys($this->api->extensions))) {
+                continue;
+            }
+
+            $profileUris = $mediaType->hasParamater('profile')
+                ? explode(' ', $mediaType->getParameter('profile'))
+                : [];
+
+            $this->requestedProfiles = $profileUris;
+            $this->requestedExtensions = $extensionUris;
+            return;
+        }
+
+        throw new NotAcceptableException();
+    }
+
     public function withRequest(ServerRequestInterface $request): static
     {
         $new = clone $this;
         $new->request = $request;
         $new->sparseFields = new WeakMap();
         $new->body = null;
         $new->path = null;
+        $new->requestedProfiles = null;
+        $new->requestedExtensions = null;
+        $new->parseAcceptHeader();
         return $new;
     }
 

src/JsonApi.php

@@ -2,7 +2,6 @@
 
 namespace Tobyz\JsonApiServer;
 
-use HttpAccept\AcceptParser;
 use HttpAccept\ContentTypeParser;
 use InvalidArgumentException;
 use Psr\Http\Message\ResponseInterface as Response;
@@ -12,7 +11,6 @@
 use Tobyz\JsonApiServer\Exception\InternalServerErrorException;
 use Tobyz\JsonApiServer\Exception\JsonApiErrorsException;
 use Tobyz\JsonApiServer\Exception\MethodNotAllowedException;
-use Tobyz\JsonApiServer\Exception\NotAcceptableException;
 use Tobyz\JsonApiServer\Exception\NotFoundException;
 use Tobyz\JsonApiServer\Exception\Request\InvalidQueryParameterException;
 use Tobyz\JsonApiServer\Exception\ResourceNotFoundException;
@@ -132,11 +130,6 @@ public function errors(array $errors): static
 
     /**
      * Handle a request.
-     *
-     * @throws UnsupportedMediaTypeException if the request Content-Type header is invalid
-     * @throws NotAcceptableException if the request Accept header is invalid
-     * @throws MethodNotAllowedException if the request method is invalid
-     * @throws BadRequestException if the request URI is invalid
      */
     public function handle(Request $request): Response
     {
@@ -181,15 +174,13 @@ public function handle(Request $request): Response
 
     private function runExtensions(Context $context): ?Response
     {
-        $request = $context->request;
-
-        $contentTypeExtensionUris = $this->getContentTypeExtensionUris($request);
-        $acceptableExtensionUris = $this->getAcceptableExtensionUris($request);
+        $contentTypeExtensionUris = $this->getContentTypeExtensionUris($context->request);
+        $acceptExtensionUris = $context->requestedExtensions();
 
         $activeExtensions = array_intersect_key(
             $this->extensions,
             array_flip($contentTypeExtensionUris),
-            array_flip($acceptableExtensionUris),
+            array_flip($acceptExtensionUris),
         );
 
         foreach ($activeExtensions as $extension) {
@@ -226,7 +217,7 @@ private function getContentTypeExtensionUris(Request $request): array
 
         try {
             $type = (new ContentTypeParser())->parse($contentType);
-        } catch (InvalidArgumentException $e) {
+        } catch (InvalidArgumentException) {
             throw new UnsupportedMediaTypeException();
         }
 
@@ -247,37 +238,6 @@ private function getContentTypeExtensionUris(Request $request): array
         return $extensionUris;
     }
 
-    private function getAcceptableExtensionUris(Request $request): array
-    {
-        if (!($accept = $request->getHeaderLine('Accept'))) {
-            return [];
-        }
-
-        $list = (new AcceptParser())->parse($accept);
-
-        foreach ($list as $mediaType) {
-            if (!in_array($mediaType->name(), [JsonApi::MEDIA_TYPE, '*/*'])) {
-                continue;
-            }
-
-            if (!empty(array_diff(array_keys($mediaType->parameters()), ['ext', 'profile']))) {
-                continue;
-            }
-
-            $extensionUris = $mediaType->hasParamater('ext')
-                ? explode(' ', $mediaType->getParameter('ext'))
-                : [];
-
-            if (!empty(array_diff($extensionUris, array_keys($this->extensions)))) {
-                continue;
-            }
-
-            return $extensionUris;
-        }
-
-        throw new NotAcceptableException();
-    }
-
     /**
      * Convert an exception into a JSON:API error document response.
      */

tests/specification/ContentNegotiationTest.php

@@ -107,4 +107,77 @@ public function test_responds_with_vary_header()
 
         $this->assertEquals('Accept', $response->getHeaderLine('vary'));
     }
+
+    public function test_requested_profiles_can_be_read()
+    {
+        $this->api = new JsonApi();
+
+        $capturedProfiles = null;
+
+        $resource = new MockResource('users', models: [(object) ['id' => '1']], endpoints: [
+            Show::make()->response(function ($response, $model, $context) use (&$capturedProfiles) {
+                $capturedProfiles = $context->requestedProfiles();
+            }),
+        ]);
+
+        $this->api->resource($resource);
+
+        $request = $this->buildRequest('GET', '/users/1')->withHeader(
+            'Accept',
+            'application/vnd.api+json; profile="https://example.com/profile1 https://example.com/profile2"',
+        );
+
+        $this->api->handle($request);
+
+        $this->assertEquals(
+            ['https://example.com/profile1', 'https://example.com/profile2'],
+            $capturedProfiles,
+        );
+    }
+
+    public function test_activated_profiles_appear_in_content_type()
+    {
+        $this->api = new JsonApi();
+
+        $resource = new MockResource('users', models: [(object) ['id' => '1']], endpoints: [
+            Show::make()->response(function ($response, $model, $context) {
+                $context->activateProfile('https://example.com/profile1');
+                $context->activateProfile('https://example.com/profile2');
+            }),
+        ]);
+
+        $this->api->resource($resource);
+
+        $response = $this->api->handle($this->buildRequest('GET', '/users/1'));
+
+        $this->assertEquals(
+            'application/vnd.api+json; profile="https://example.com/profile1 https://example.com/profile2"',
+            $response->getHeaderLine('Content-Type'),
+        );
+    }
+
+    public function test_profiles_from_lines_with_unsupported_extensions_are_ignored()
+    {
+        $this->api = new JsonApi();
+
+        $capturedProfiles = null;
+
+        $resource = new MockResource('users', models: [(object) ['id' => '1']], endpoints: [
+            Show::make()->response(function ($response, $model, $context) use (&$capturedProfiles) {
+                $capturedProfiles = $context->requestedProfiles();
+            }),
+        ]);
+
+        $this->api->resource($resource);
+
+        $request = $this->buildRequest('GET', '/users/1')->withHeader(
+            'Accept',
+            'application/vnd.api+json; ext="https://unsupported.com/ext"; profile="https://example.com/should-be-ignored", application/vnd.api+json; profile="https://example.com/valid-profile"',
+        );
+
+        $this->api->handle($request);
+
+        // Should only get the profile from the second (valid) Accept line
+        $this->assertEquals(['https://example.com/valid-profile'], $capturedProfiles);
+    }
 }