aris 1.3.0

data/lib/aris/plugins/cache.rb

@@ -0,0 +1,120 @@
+# lib/aris/plugins/cache.rb
+require 'digest'
+
+module Aris
+  module Plugins
+    class Cache
+      attr_reader :config
+      
+      def initialize(**config)
+        @config = config
+        @ttl = config[:ttl] || 60  # Default 1 minute
+        @store = config[:store] || {}  # In-memory hash
+        @mutex = Mutex.new
+        @skip_paths = Array(config[:skip_paths] || [])
+        @cache_control = config[:cache_control]
+      end
+      
+      def call(request, response)
+        # Only cache GET requests
+        return nil unless request.method == 'GET'
+        
+        # Skip if path matches skip pattern
+        return nil if @skip_paths.any? { |pattern| request.path.match?(pattern) }
+        
+        # Check if client sent Cache-Control: no-cache
+        cache_control = request.headers['HTTP_CACHE_CONTROL']
+        return nil if cache_control&.include?('no-cache')
+        
+        # Generate cache key
+        cache_key = generate_cache_key(request)
+        
+        # Try to get from cache
+        cached = get_from_cache(cache_key)
+        if cached
+          # Cache hit - restore response from cache
+          response.status = cached[:status]
+          response.headers.merge!(cached[:headers])
+          response.body = cached[:body]
+          response.headers['X-Cache'] = 'HIT'
+          
+          return response  # Halt pipeline
+        end
+        
+        # Cache miss - store request info for response phase
+        request.instance_variable_set(:@cache_key, cache_key)
+        
+        nil  # Continue to handler
+      end
+      
+      # Response plugin - cache the result
+      def call_response(request, response)
+        # Only cache successful GET responses
+        return unless request.method == 'GET'
+        return unless response.status == 200
+        
+        cache_key = request.instance_variable_get(:@cache_key)
+        return unless cache_key
+        
+        # Store in cache
+        set_in_cache(cache_key, {
+          status: response.status,
+          headers: response.headers.dup,
+          body: response.body.dup
+        })
+        
+        # Add cache headers
+        response.headers['X-Cache'] = 'MISS'
+        if @cache_control
+          response.headers['Cache-Control'] = @cache_control
+        end
+      end
+      
+      def self.build(**config)
+        new(**config)
+      end
+      
+      # For testing: clear cache
+      def clear!
+        @mutex.synchronize { @store.clear }
+      end
+      
+      private
+      
+      def generate_cache_key(request)
+        # Include domain, path, and query string
+        key_string = "#{request.domain}:#{request.path}"
+        key_string += "?#{request.query}" unless request.query.nil? || request.query.empty?
+        
+        Digest::MD5.hexdigest(key_string)
+      end
+      
+      def get_from_cache(key)
+        @mutex.synchronize do
+          entry = @store[key]
+          return nil unless entry
+          
+          # Check if expired
+          if Time.now > entry[:expires_at]
+            @store.delete(key)
+            return nil
+          end
+          
+          entry[:value]
+        end
+      end
+      
+      def set_in_cache(key, value)
+        @mutex.synchronize do
+          @store[key] = {
+            value: value,
+            expires_at: Time.now + @ttl
+          }
+        end
+      end
+    end
+  end
+end
+
+
+Aris.register_plugin(:cache, plugin_class: Aris::Plugins::Cache)

data/lib/aris/plugins/compression.rb

@@ -0,0 +1,96 @@
+# lib/aris/plugins/compression.rb
+require 'zlib'
+require 'stringio'
+
+module Aris
+  module Plugins
+    class Compression
+      attr_reader :config
+      
+      # Compressible content types
+      COMPRESSIBLE_TYPES = [
+        'text/',
+        'application/json',
+        'application/javascript',
+        'application/xml',
+        'application/xhtml+xml'
+      ].freeze
+      
+      def initialize(**config)
+        @config = config
+        @level = config[:level] || Zlib::DEFAULT_COMPRESSION
+        @min_size = config[:min_size] || 1024  # Don't compress < 1KB
+      end
+      
+      # Request hook - not used, but kept for compatibility
+      def call(request, response)
+        nil  # Do nothing on request phase
+      end
+      
+      # Response hook - runs after handler
+      def call_response(request, response)
+        # Only compress if client accepts gzip
+        accept_encoding = request.headers['HTTP_ACCEPT_ENCODING'] || ''
+        return unless accept_encoding.include?('gzip')
+        
+        # Only compress if we have a body
+        return if response.body.nil? || response.body.empty?
+        
+        # Get body as string
+        body_string = response.body.join
+        
+        # Skip if too small
+        return if body_string.bytesize < @min_size
+        
+        # Only compress compressible content types
+        content_type = response.headers['content-type'] || ''
+        return unless compressible?(content_type)
+        
+        # Compress the body
+        compressed = compress_gzip(body_string)
+        
+        # Only use compression if it actually saves space
+        if compressed.bytesize < body_string.bytesize
+          response.body = [compressed]
+          response.headers['Content-Encoding'] = 'gzip'
+          response.headers['Vary'] = add_vary_header(response.headers['Vary'])
+          response.headers.delete('Content-Length')  # Will be recalculated by server
+        end
+      end
+      
+      def self.build(**config)
+        new(**config)
+      end
+      
+      private
+      
+      def compressible?(content_type)
+        COMPRESSIBLE_TYPES.any? { |type| content_type.start_with?(type) }
+      end
+      
+      def compress_gzip(data)
+        output = StringIO.new
+        output.set_encoding('ASCII-8BIT')
+        
+        gz = Zlib::GzipWriter.new(output, @level)
+        gz.write(data)
+        gz.close
+        
+        output.string
+      end
+      
+      def add_vary_header(existing_vary)
+        if existing_vary.nil? || existing_vary.empty?
+          'Accept-Encoding'
+        elsif existing_vary.include?('Accept-Encoding')
+          existing_vary
+        else
+          "#{existing_vary}, Accept-Encoding"
+        end
+      end
+    end
+  end
+end
+
+# Self-register
+Aris.register_plugin(:compression, plugin_class: Aris::Plugins::Compression)

data/lib/aris/plugins/cookies.rb

@@ -0,0 +1,46 @@
+# lib/aris/plugins/cookies.rb
+module Aris
+  module Plugins
+    class Cookies
+      def self.call(request, response)
+        # Only add cookie helpers when plugin is used
+        add_cookie_helpers(request, response)
+        nil # Continue pipeline
+      end
+
+      def self.build(**config)
+        self
+      end
+
+      private
+
+      def self.add_cookie_helpers(request, response)
+        # Add cookie writing methods to response
+        response.define_singleton_method(:set_cookie) do |name, value, options = {}|
+          default_options = Aris::Config.cookie_options || {}
+          merged_options = default_options.merge(options)
+          
+          cookie_parts = ["#{name}=#{value}"]
+          cookie_parts << "Path=#{merged_options[:path]}" if merged_options[:path]
+          cookie_parts << "HttpOnly" if merged_options[:httponly]
+          cookie_parts << "Secure" if merged_options[:secure]
+          cookie_parts << "Max-Age=#{merged_options[:max_age]}" if merged_options[:max_age]
+          cookie_parts << "SameSite=#{merged_options[:same_site]}" if merged_options[:same_site]
+          
+          cookie_string = cookie_parts.join("; ")
+          
+          if headers['Set-Cookie']
+            headers['Set-Cookie'] = [headers['Set-Cookie'], cookie_string].join(", ")
+          else
+            headers['Set-Cookie'] = cookie_string
+          end
+        end
+
+        response.define_singleton_method(:delete_cookie) do |name, options = {}|
+          set_cookie(name, "", options.merge(max_age: 0))
+        end
+      end
+    end
+  end
+end
+Aris.register_plugin(:cookies, plugin_class: Aris::Plugins::Cookies)

data/lib/aris/plugins/cors.rb

@@ -0,0 +1,81 @@
+# lib/aris/plugins/cors.rb
+
+module Aris
+  module Plugins
+    class Cors
+      attr_reader :config
+      
+      def initialize(**config)
+        @config = config
+        @origins = normalize_origins(config[:origins] || '*')
+        @methods = config[:methods] || ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']
+        @headers = config[:headers] || ['content-type', 'Authorization']
+        @credentials = config[:credentials] || false
+        @max_age = config[:max_age] || 86400  # 24 hours
+        @expose_headers = config[:expose_headers] || []
+      end
+      
+      def call(request, response)
+        origin = request.headers['HTTP_ORIGIN']
+        
+        # No Origin header = not a CORS request
+        return nil unless origin
+        
+        # Check if origin is allowed
+        unless origin_allowed?(origin)
+          return nil  # Don't set CORS headers for disallowed origins
+        end
+        
+        # Set CORS headers
+        response.headers['Access-Control-Allow-Origin'] = allowed_origin_header(origin)
+        response.headers['Access-Control-Allow-Methods'] = @methods.join(', ')
+        response.headers['Access-Control-Allow-Headers'] = @headers.join(', ')
+        response.headers['Access-Control-Max-Age'] = @max_age.to_s
+        
+        if @credentials
+          response.headers['Access-Control-Allow-Credentials'] = 'true'
+        end
+        
+        if @expose_headers.any?
+          response.headers['Access-Control-Expose-Headers'] = @expose_headers.join(', ')
+        end
+        
+        # Handle preflight OPTIONS request
+        if request.method == 'OPTIONS'
+          response.status = 204
+          response.body = []
+          return response  # Halt - don't proceed to handler
+        end
+        
+        nil  # Continue for actual requests
+      end
+      
+      def self.build(**config)
+        new(**config)
+      end
+      
+      private
+      
+      def normalize_origins(origins)
+        return '*' if origins == '*'
+        Array(origins)
+      end
+      
+      def origin_allowed?(origin)
+        return true if @origins == '*'
+        @origins.include?(origin)
+      end
+      
+      def allowed_origin_header(origin)
+        # If credentials true, must echo specific origin (can't use *)
+        if @credentials && @origins == '*'
+          origin
+        elsif @origins == '*'
+          '*'
+        else
+          origin
+        end
+      end
+    end
+  end
+end

data/lib/aris/plugins/csrf.rb

@@ -0,0 +1,48 @@
+require 'securerandom'
+module Aris
+  module Plugins
+    module CsrfUtility
+      extend self
+      def generate_token
+        SecureRandom.urlsafe_base64(32)
+      end
+      def validate_token(expected, provided)
+        expected && provided && expected == provided
+      end
+    end
+    
+    CSRF_THREAD_KEY = :aris_csrf_token
+    FORM_METHODS = %w[POST PUT PATCH DELETE].freeze
+        
+    class CsrfTokenGenerator
+      def self.call(request, response)
+        if request.method == 'GET' || request.method == 'HEAD'
+          token = CsrfUtility.generate_token
+          Thread.current[CSRF_THREAD_KEY] = token
+        end
+        nil # Continue pipeline
+      end
+    end
+    
+    class CsrfProtection
+      def self.call(request, response)
+        return nil unless FORM_METHODS.include?(request.method)
+        expected = Thread.current[CSRF_THREAD_KEY]
+        provided = request.headers['HTTP_X_CSRF_TOKEN']
+        unless CsrfUtility.validate_token(expected, provided)
+          response.status = 403
+          response.headers['content-type'] = 'text/plain'
+          response.body = ['CSRF token validation failed']
+          return response
+        end
+        
+        nil
+      end
+    end
+
+  end
+end
+Aris.register_plugin(:csrf, 
+  generator: Aris::Plugins::CsrfTokenGenerator,
+  protection: Aris::Plugins::CsrfProtection
+)

data/lib/aris/plugins/etag.rb

@@ -0,0 +1,90 @@
+# lib/aris/plugins/etag.rb
+require 'digest'
+
+module Aris
+  module Plugins
+    class ETag
+      attr_reader :config
+      
+      def initialize(**config)
+        @config = config
+        @cache_control = config[:cache_control] || 'max-age=0, private, must-revalidate'
+        @strong = config[:strong].nil? ? true : config[:strong]
+      end
+      
+      # Request hook - check If-None-Match
+      def call(request, response)
+        if_none_match = request.headers['HTTP_IF_NONE_MATCH']
+        
+        # Store for later comparison in response phase
+        request.instance_variable_set(:@if_none_match, if_none_match)
+        
+        nil  # Continue to handler
+      end
+      
+      # Response hook - generate ETag and check match
+      def call_response(request, response)
+        # Only generate ETags for successful GET/HEAD requests
+        return unless %w[GET HEAD].include?(request.method)
+        return unless response.status == 200
+        
+        # Skip if response already has ETag
+        return if response.headers['ETag']
+        
+        # Generate ETag from body
+        body_string = response.body.join
+        etag = generate_etag(body_string)
+        
+        # Set ETag header
+        response.headers['ETag'] = etag
+        
+        # Set Cache-Control if not already set
+        unless response.headers['Cache-Control']
+          response.headers['Cache-Control'] = @cache_control
+        end
+        
+        # Check if client's ETag matches
+        if_none_match = request.instance_variable_get(:@if_none_match)
+        if if_none_match && etag_match?(if_none_match, etag)
+          # Return 304 Not Modified
+          response.status = 304
+          response.body = []
+        end
+      end
+      
+      def self.build(**config)
+        new(**config)
+      end
+      
+      private
+      
+      def generate_etag(body)
+        hash = Digest::MD5.hexdigest(body)
+        if @strong
+          %("#{hash}")  # Strong ETag with quotes
+        else
+          %(W/"#{hash}")  # Weak ETag
+        end
+      end
+      
+      def etag_match?(if_none_match, etag)
+        # Handle multiple ETags in If-None-Match
+        client_etags = if_none_match.split(',').map(&:strip)
+        
+        # Check if any client ETag matches
+        client_etags.any? do |client_etag|
+          # Strip W/ prefix for weak comparison
+          normalize_etag(client_etag) == normalize_etag(etag)
+        end
+      end
+      
+      def normalize_etag(etag)
+        # Remove W/ prefix and quotes for comparison
+        etag.sub(/^W\//, '').gsub('"', '')
+      end
+    end
+  end
+end
+
+# Self-register
+Aris.register_plugin(:etag, plugin_class: Aris::Plugins::ETag)

data/lib/aris/plugins/flash.rb

@@ -0,0 +1,124 @@
+# lib/aris/plugins/flash.rb - Complete rewrite of FlashData
+require 'json'
+require 'base64'
+require 'set'
+
+module Aris
+  module Plugins
+    class Flash
+      def self.call(request, response)
+        # Load flash data from cookie and initialize flash object
+        flash_data = load_flash_from_cookie(request)
+        
+        # Define flash method on request
+        request.define_singleton_method(:flash) do
+          @flash ||= flash_data
+        end
+        
+        nil # Continue pipeline
+      end
+      
+      def self.call_response(request, response)
+        return unless request.respond_to?(:flash)
+        
+        flash = request.flash
+        data_to_store = flash.to_store
+        
+        if data_to_store.any?
+          # Store flash for next request
+          encoded = Base64.urlsafe_encode64(data_to_store.to_json)
+          response.set_cookie('_aris_flash', encoded, {
+            httponly: true,
+            path: '/'
+          })
+        elsif request.cookies && request.cookies['_aris_flash']
+          # Clear flash cookie if no data to store
+          response.delete_cookie('_aris_flash')
+        end
+      end
+
+      def self.build(**config)
+        self
+      end
+
+      private
+
+      def self.load_flash_from_cookie(request)
+        return FlashData.new unless request.respond_to?(:cookies)
+        
+        cookie_value = request.cookies['_aris_flash']
+        return FlashData.new unless cookie_value && !cookie_value.empty?
+        
+        begin
+          decoded = Base64.urlsafe_decode64(cookie_value)
+          data = JSON.parse(decoded, symbolize_names: true)
+          FlashData.new(data)
+        rescue StandardError
+          # If cookie is invalid, start with empty flash
+          FlashData.new
+        end
+      end
+
+      # Internal flash data storage
+# Alternative FlashData implementation with more explicit tracking
+class FlashData
+  def initialize(initial_data = {})
+    @current = initial_data || {}
+    @next = {}
+    @now = {}
+    # Use a simple array to track reads
+    @read_keys = []
+  end
+  
+  def [](key)
+    key = key.to_sym
+    
+    # Check now first
+    return @now[key] if @now.key?(key)
+    
+    # Check current
+    if @current.key?(key) && !@read_keys.include?(key)
+      value = @current[key]
+      @read_keys << key
+      return value
+    end
+    
+    # Check next
+    @next[key]
+  end
+  
+  def []=(key, value)
+    @next[key.to_sym] = value
+  end
+  
+  def now
+    FlashNow.new(@now)
+  end
+  
+  def any?
+    @current.any? || @next.any? || @now.any?
+  end
+  
+  def to_store
+    # Remove any keys that have been read
+    unused_current = @current.reject { |k, _| @read_keys.include?(k) }
+    unused_current.merge(@next)
+  end
+end
+      # Flash.now proxy - only modifies current request data
+      class FlashNow
+        def initialize(now_data)
+          @now_data = now_data
+        end
+        
+        def [](key)
+          @now_data[key.to_sym]
+        end
+        
+        def []=(key, value)
+          @now_data[key.to_sym] = value
+        end
+      end
+    end
+  end
+end

data/lib/aris/plugins/form_parser.rb

@@ -0,0 +1,46 @@
+# lib/aris/plugins/form_parser.rb
+require 'rack/utils'
+
+module Aris
+  module Plugins
+    class FormParser
+      attr_reader :config
+      
+      PARSEABLE_METHODS = %w[POST PUT PATCH].freeze
+      
+      def initialize(**config)
+        @config = config
+      end
+      
+def call(request, response)
+  return nil unless PARSEABLE_METHODS.include?(request.method)
+  
+  # Check content-type - access from env, not headers
+  content_type = request.env['CONTENT_TYPE']
+  return nil unless content_type&.include?('application/x-www-form-urlencoded')
+  
+  raw_body = request.body
+  return nil if raw_body.nil? || raw_body.empty?
+  
+  begin
+    # Parse form data
+    data = ::Rack::Utils.parse_nested_query(raw_body)
+    
+    # Attach parsed data to request
+    request.instance_variable_set(:@form_data, data)
+  rescue => e
+    response.status = 400
+    response.headers['content-type'] = 'text/plain'
+    response.body = ['Invalid form data']
+    return response
+  end
+  
+  nil # Continue pipeline
+end
+      
+      def self.build(**config)
+        new(**config)
+      end
+    end
+  end
+end