RubyGems - aris - Versions diffs - 1.3.0 - Mend

aris 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

checksums.yaml +7 -0
data/LICENSE.txt +21 -0
data/README.md +342 -0
data/lib/aris/adapters/base.rb +25 -0
data/lib/aris/adapters/joys_integration.rb +94 -0
data/lib/aris/adapters/mock/adapter.rb +141 -0
data/lib/aris/adapters/mock/request.rb +81 -0
data/lib/aris/adapters/mock/response.rb +17 -0
data/lib/aris/adapters/rack/adapter.rb +117 -0
data/lib/aris/adapters/rack/request.rb +66 -0
data/lib/aris/adapters/rack/response.rb +16 -0
data/lib/aris/core.rb +931 -0
data/lib/aris/discovery.rb +312 -0
data/lib/aris/locale_injector.rb +39 -0
data/lib/aris/pipeline_runner.rb +100 -0
data/lib/aris/plugins/api_key_auth.rb +61 -0
data/lib/aris/plugins/basic_auth.rb +68 -0
data/lib/aris/plugins/bearer_auth.rb +64 -0
data/lib/aris/plugins/cache.rb +120 -0
data/lib/aris/plugins/compression.rb +96 -0
data/lib/aris/plugins/cookies.rb +46 -0
data/lib/aris/plugins/cors.rb +81 -0
data/lib/aris/plugins/csrf.rb +48 -0
data/lib/aris/plugins/etag.rb +90 -0
data/lib/aris/plugins/flash.rb +124 -0
data/lib/aris/plugins/form_parser.rb +46 -0
data/lib/aris/plugins/health_check.rb +62 -0
data/lib/aris/plugins/json.rb +32 -0
data/lib/aris/plugins/multipart.rb +160 -0
data/lib/aris/plugins/rate_limiter.rb +60 -0
data/lib/aris/plugins/request_id.rb +38 -0
data/lib/aris/plugins/request_logger.rb +43 -0
data/lib/aris/plugins/security_headers.rb +99 -0
data/lib/aris/plugins/session.rb +175 -0
data/lib/aris/plugins.rb +23 -0
data/lib/aris/response_helpers.rb +156 -0
data/lib/aris/route_helpers.rb +141 -0
data/lib/aris/utils/redirects.rb +44 -0
data/lib/aris/utils/sitemap.rb +84 -0
data/lib/aris/version.rb +3 -0
data/lib/aris.rb +35 -0
metadata +151 -0

data/lib/aris/plugins/health_check.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# lib/aris/plugins/health_check.rb
+module Aris
+  module Plugins
+    class HealthCheck
+      attr_reader :config
+      def initialize(**config)
+        @config = config
+        @path = config[:path] || '/health'
+        @checks = config[:checks] || {}
+        @name = config[:name] || 'app'
+        @version = config[:version]
+      end
+      def call(request, response)
+        # Only handle health check path
+        return nil unless request.path == @path
+        # Run health checks
+        results = {}
+        overall_healthy = true
+        @checks.each do |name, check_proc|
+          begin
+            check_result = check_proc.call
+            results[name] = check_result ? 'ok' : 'fail'
+            overall_healthy = false unless check_result
+          rescue => e
+            results[name] = "error: #{e.message}"
+            overall_healthy = false
+          end
+        end
+        # Build response
+        health_data = {
+          status: overall_healthy ? 'ok' : 'degraded',
+          name: @name,
+          checks: results
+        }
+        health_data[:version] = @version if @version
+        health_data[:timestamp] = Time.now.iso8601
+        # Set status code
+        status = overall_healthy ? 200 : 503
+        response.status = status
+        response.headers['content-type'] = 'application/json'
+        response.body = [health_data.to_json]
+        response  # Halt pipeline
+      end
+      def self.build(**config)
+        new(**config)
+      end
+    end
+  end
+end
+# Self-register
+Aris.register_plugin(:health_check, plugin_class: Aris::Plugins::HealthCheck)

data/lib/aris/plugins/json.rb ADDED Viewed

@@ -0,0 +1,32 @@
+require 'json'
+module Aris
+  module Plugins
+    class Json
+      PARSEABLE_METHODS = %w[POST PUT PATCH].freeze
+      def self.call(request, response)
+        return nil unless PARSEABLE_METHODS.include?(request.method)
+        raw_body = request.body
+        return nil if raw_body.nil? || raw_body.empty?
+        begin
+          data = JSON.parse(raw_body)
+          # Attach parsed data to request
+          request.json_body = data
+        rescue JSON::ParserError => e
+          response.status = 400
+          response.headers['content-type'] = 'application/json'
+          response.body = [JSON.generate({ error: 'Invalid JSON', message: e.message })]
+          return response # Halt pipeline
+        end
+        nil # Continue pipeline
+      end
+    end
+  end
+end
+# Self-register
+Aris.register_plugin(:json, plugin_class: Aris::Plugins::Json)

data/lib/aris/plugins/multipart.rb ADDED Viewed

@@ -0,0 +1,160 @@
+# lib/aris/plugins/multipart.rb
+require 'tempfile'
+require 'securerandom'
+module Aris
+  module Plugins
+    class Multipart
+      attr_reader :config
+      PARSEABLE_METHODS = %w[POST PUT PATCH].freeze
+      def initialize(**config)
+        @config = config
+        @max_file_size = config[:max_file_size] || 10_485_760  # 10MB default
+        @max_files = config[:max_files] || 10
+        @allowed_extensions = config[:allowed_extensions]  # nil = all allowed
+      end
+      def call(request, response)
+        return nil unless PARSEABLE_METHODS.include?(request.method)
+        content_type = request.env['CONTENT_TYPE']
+        return nil unless content_type&.include?('multipart/form-data')
+        # Extract boundary from content type
+        boundary = extract_boundary(content_type)
+        unless boundary
+          response.status = 400
+          response.headers['content-type'] = 'text/plain'
+          response.body = ['Missing boundary in multipart request']
+          return response
+        end
+        raw_body = request.body
+        return nil if raw_body.nil? || raw_body.empty?
+        begin
+          # Parse multipart data
+          parts = parse_multipart(raw_body, boundary)
+          # Validate file count
+          files = parts.select { |p| p[:filename] }
+          if files.size > @max_files
+            response.status = 413
+            response.headers['content-type'] = 'text/plain'
+            response.body = ["Too many files (max #{@max_files})"]
+            return response
+          end
+          # Validate file sizes and extensions
+          files.each do |file|
+            if file[:data].bytesize > @max_file_size
+              response.status = 413
+              response.headers['content-type'] = 'text/plain'
+              response.body = ["File '#{file[:filename]}' exceeds maximum size (#{@max_file_size} bytes)"]
+              return response
+            end
+            if @allowed_extensions
+              ext = File.extname(file[:filename]).downcase
+              unless @allowed_extensions.include?(ext)
+                response.status = 400
+                response.headers['content-type'] = 'text/plain'
+                response.body = ["File type '#{ext}' not allowed"]
+                return response
+              end
+            end
+          end
+          # Attach parsed data to request
+          request.instance_variable_set(:@multipart_data, parts)
+        rescue => e
+          response.status = 400
+          response.headers['content-type'] = 'text/plain'
+          response.body = ['Invalid multipart data']
+          return response
+        end
+        nil  # Continue pipeline
+      end
+      def self.build(**config)
+        new(**config)
+      end
+      private
+      def extract_boundary(content_type)
+        match = content_type.match(/boundary=(?:"([^"]+)"|([^;]+))/)
+        match ? (match[1] || match[2]) : nil
+      end
+      def parse_multipart(body, boundary)
+        parts = []
+        delimiter = "--#{boundary}"
+        # Split by boundary
+        sections = body.split(delimiter)
+        # Skip first (empty) and last (closing) sections
+        sections[1..-2]&.each do |section|
+          next if section.strip.empty?
+          # Split headers from content
+          header_end = section.index("\r\n\r\n") || section.index("\n\n")
+          next unless header_end
+          headers_raw = section[0...header_end]
+          content = section[(header_end + 4)..-1]
+          # Remove trailing CRLF
+          content = content.chomp("\r\n").chomp("\n")
+          # Parse Content-Disposition header
+          disposition = headers_raw.match(/Content-Disposition:\s*(.+?)(?:\r?\n|$)/i)
+          next unless disposition
+          disposition_value = disposition[1]
+          # Extract field name
+          name_match = disposition_value.match(/name="([^"]+)"/)
+          name = name_match ? name_match[1] : nil
+          next unless name
+          # Extract filename if present (indicates file upload)
+          filename_match = disposition_value.match(/filename="([^"]+)"/)
+          filename = filename_match ? filename_match[1] : nil
+          # Extract content type if present
+          content_type_match = headers_raw.match(/content-type:\s*(.+?)(?:\r?\n|$)/i)
+          content_type = content_type_match ? content_type_match[1].strip : nil
+          if filename
+            # File upload
+            parts << {
+              name: name,
+              filename: filename,
+              content_type: content_type || 'application/octet-stream',
+              data: content,
+              type: :file
+            }
+          else
+            # Regular form field
+            parts << {
+              name: name,
+              data: content,
+              type: :field
+            }
+          end
+        end
+        parts
+      end
+    end
+  end
+end
+# Self-register
+Aris.register_plugin(:multipart, plugin_class: Aris::Plugins::Multipart)

data/lib/aris/plugins/rate_limiter.rb ADDED Viewed

@@ -0,0 +1,60 @@
+module Aris
+  module Plugins
+    class RateLimiter
+      LIMIT_WINDOW = 60
+      # In-memory store (replace with Redis in production)
+      @@store = {}
+      @@mutex = Mutex.new
+      def self.call(request, response)
+        key = request.headers['HTTP_X_API_KEY'] || request.host
+        if limit_exceeded?(key)
+          response.status = 429
+          response.headers['content-type'] = 'text/plain'
+          response.headers['Retry-After'] = LIMIT_WINDOW.to_s
+          response.body = ['Rate limit exceeded. Try again later.']
+          return response # Halt pipeline
+        end
+        increment_count(key)
+        nil # Continue pipeline
+      end
+      private
+      def self.limit_exceeded?(key)
+        @@mutex.synchronize do
+          entry = @@store[key]
+          return false unless entry
+          # Check if we're still in the window and over limit
+          entry[:count] >= 100 && (Time.now - entry[:window_start]) < LIMIT_WINDOW
+        end
+      end
+      def self.increment_count(key)
+        @@mutex.synchronize do
+          entry = @@store[key] ||= { count: 0, window_start: Time.now }
+          # Reset window if expired
+          if (Time.now - entry[:window_start]) >= LIMIT_WINDOW
+            entry[:count] = 0
+            entry[:window_start] = Time.now
+          end
+          entry[:count] += 1
+        end
+      end
+      # For testing: clear the store
+      def self.reset!
+        @@mutex.synchronize { @@store.clear }
+      end
+    end
+  end
+end
+# Self-register
+Aris.register_plugin(:rate_limit, plugin_class: Aris::Plugins::RateLimiter)

data/lib/aris/plugins/request_id.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# lib/aris/plugins/request_id.rb
+require 'securerandom'
+module Aris
+  module Plugins
+    class RequestId
+      attr_reader :config
+      def initialize(**config)
+        @config = config
+        @header_name = config[:header_name] || 'X-Request-ID'
+        @generator = config[:generator] || -> { SecureRandom.uuid }
+      end
+      def call(request, response)
+        request_id = request.headers["HTTP_#{header_to_env(@header_name)}"]
+        request_id ||= @generator.call
+        request.instance_variable_set(:@request_id, request_id)
+        response.headers[@header_name] = request_id
+        nil  # Continue pipeline
+      end
+      def self.build(**config)
+        new(**config)
+      end
+      private
+      def header_to_env(header_name)
+        # Convert X-Request-ID → X_REQUEST_ID
+        header_name.upcase.gsub('-', '_')
+      end
+    end
+  end
+end
+Aris.register_plugin(:request_id, plugin_class: Aris::Plugins::RequestId)

data/lib/aris/plugins/request_logger.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# lib/aris/plugins/request_logger.rb
+require 'json'
+require 'logger'
+module Aris
+  module Plugins
+    class RequestLogger
+      attr_reader :config
+      def initialize(**config)
+        @config = config
+        @format = config[:format] || :text
+        @exclude = Array(config[:exclude] || [])
+        @logger = config[:logger] || ::Logger.new(STDOUT)
+      end
+      def call(request, response)
+        # Skip excluded paths
+        return nil if @exclude.include?(request.path)
+        # Log the request
+        entry = {
+          method: request.method,
+          path: request.path,
+          host: request.host,
+          timestamp: Time.now.iso8601
+        }
+        if @format == :json
+          @logger.info(JSON.generate(entry))
+        else
+          @logger.info("#{entry[:method]} #{entry[:path]}")
+        end
+        nil  # Continue pipeline
+      end
+      def self.build(**config)
+        new(**config)
+      end
+    end
+  end
+end

data/lib/aris/plugins/security_headers.rb ADDED Viewed

@@ -0,0 +1,99 @@
+# security_headers.rb
+module Aris
+  module Plugins
+    class SecurityHeaders
+      attr_reader :config
+      # Default secure headers
+      DEFAULTS = {
+        'X-Frame-Options' => 'SAMEORIGIN',
+        'X-content-type-Options' => 'nosniff',
+        'X-XSS-Protection' => '0',  # Modern browsers ignore this, disabled preferred
+        'Referrer-Policy' => 'strict-origin-when-cross-origin'
+      }.freeze
+      def initialize(**config)
+        @config = config
+        @headers = build_headers(config)
+      end
+      def call(request, response)
+        # Set all configured headers
+        @headers.each do |key, value|
+          response.headers[key] = value
+        end
+        nil  # Continue pipeline
+      end
+      def self.build(**config)
+        new(**config)
+      end
+      private
+def build_headers(config)
+  headers = {}
+  # Start with defaults unless disabled
+  unless config[:defaults] == false
+    headers.merge!(DEFAULTS)
+  end
+  # X-Frame-Options
+  if config.key?(:x_frame_options)
+    if config[:x_frame_options]
+      headers['X-Frame-Options'] = config[:x_frame_options]
+    else
+      headers.delete('X-Frame-Options')  # ✅ Explicitly remove when nil
+    end
+  end
+  # X-content-type-Options
+  if config.key?(:x_content_type_options)
+    if config[:x_content_type_options]
+      headers['X-content-type-Options'] = config[:x_content_type_options]
+    else
+      headers.delete('X-content-type-Options')  # ✅ Explicitly remove when nil
+    end
+  end
+  # Referrer-Policy
+  if config.key?(:referrer_policy)
+    if config[:referrer_policy]
+      headers['Referrer-Policy'] = config[:referrer_policy]
+    else
+      headers.delete('Referrer-Policy')  # ✅ Explicitly remove when nil
+    end
+  end
+  # HSTS (same as before)
+  if config[:hsts]
+    hsts_value = if config[:hsts].is_a?(Hash)
+      max_age = config[:hsts][:max_age] || 31536000
+      directives = ["max-age=#{max_age}"]
+      directives << 'includeSubDomains' if config[:hsts][:include_subdomains]
+      directives << 'preload' if config[:hsts][:preload]
+      directives.join('; ')
+    else
+      'max-age=31536000; includeSubDomains'
+    end
+    headers['Strict-Transport-Security'] = hsts_value
+  end
+  # CSP (same as before)
+  if config[:csp]
+    headers['Content-Security-Policy'] = config[:csp]
+  end
+  # Permissions-Policy (same as before)
+  if config[:permissions_policy]
+    headers['Permissions-Policy'] = config[:permissions_policy]
+  end
+  headers
+end
+    end
+  end
+end

data/lib/aris/plugins/session.rb ADDED Viewed

@@ -0,0 +1,175 @@
+# lib/aris/plugins/session.rb
+require 'json'
+require 'base64'
+require 'openssl'
+module Aris
+  module Plugins
+    class Session
+      @default_config = {
+        enabled: true,
+        store: :cookie,
+        key: '_aris_session',
+        expire_after: 14 * 24 * 3600, # 2 weeks in seconds
+        secret: nil
+      }
+      class << self
+        attr_accessor :default_config
+        def call(request, response)
+          load_session(request)
+          nil
+        end
+        def call_response(request, response)
+          return unless request.respond_to?(:session)
+          store_session(request, response)
+        end
+        def build(**config)
+          config = default_config.merge(config)
+          config[:secret] ||= Aris::Config.secret_key_base
+          new(config)
+        end
+        private
+        def load_session(request)
+          session_data = load_from_store(request)
+          request.define_singleton_method(:session) do
+            @session ||= SessionData.new(session_data)
+          end
+        end
+        def store_session(request, response)
+          return unless request.session.changed? || request.session.destroyed?
+          if request.session.destroyed?
+            clear_from_store(request, response)
+          else
+            save_to_store(request, response, request.session.to_hash)
+          end
+        end
+        def load_from_store(request)
+          case default_config[:store]
+          when :cookie
+            load_from_cookie(request)
+          else
+            {} # Default empty session
+          end
+        end
+        def save_to_store(request, response, data)
+          case default_config[:store]
+          when :cookie
+            save_to_cookie(request, response, data)
+          end
+        end
+        def clear_from_store(request, response)
+          case default_config[:store]
+          when :cookie
+            clear_cookie(response)
+          end
+        end
+        def load_from_cookie(request)
+          return {} unless request.respond_to?(:cookies)
+          cookie_value = request.cookies[default_config[:key]]
+          return {} unless cookie_value
+          begin
+            # For encrypted sessions
+            decrypt_session(cookie_value)
+          rescue
+            {} # Invalid session, start fresh
+          end
+        end
+        def save_to_cookie(request, response, data)
+          return if data.empty?
+          encrypted_data = encrypt_session(data)
+          response.set_cookie(default_config[:key], encrypted_data, {
+            httponly: true,
+            secure: (ENV['RACK_ENV'] == 'production'),
+            path: '/',
+            max_age: default_config[:expire_after]
+          })
+        end
+        def clear_cookie(response)
+          response.delete_cookie(default_config[:key])
+        end
+        def encrypt_session(data)
+          # Simple encryption for demo - use proper encryption in production
+          json_data = data.to_json
+          Base64.urlsafe_encode64(json_data)
+        end
+        def decrypt_session(encrypted_data)
+          json_data = Base64.urlsafe_decode64(encrypted_data)
+          JSON.parse(json_data, symbolize_names: true)
+        end
+      end
+      def initialize(config)
+        @config = config
+      end
+      # Session data container
+      class SessionData
+        def initialize(initial_data = {})
+          @data = initial_data || {}
+          @changed = false
+          @destroyed = false
+        end
+        def [](key)
+          @data[key.to_sym]
+        end
+        def []=(key, value)
+          @data[key.to_sym] = value
+          @changed = true
+        end
+        def delete(key)
+          @data.delete(key.to_sym)
+          @changed = true
+        end
+        def clear
+          @data.clear
+          @changed = true
+        end
+        def destroy
+          clear
+          @destroyed = true
+        end
+        def to_hash
+          @data.dup
+        end
+        def changed?
+          @changed
+        end
+        def destroyed?
+          @destroyed
+        end
+      end
+    end
+  end
+end
+# Register the plugin
+Aris.register_plugin(:session, plugin_class: Aris::Plugins::Session)

data/lib/aris/plugins.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Aris
+  module Plugins
+    @@registry = {}
+    def self.register(name, *classes)
+      raise ArgumentError, "Plugin '#{name}' requires at least one class" if classes.empty?
+      @@registry[name.to_sym] = classes.flatten
+    end
+    def self.resolve(name)
+      @@registry[name.to_sym] || raise(ArgumentError, "Unknown plugin :#{name}")
+    end
+  end
+  def self.register_plugin(name, **options)
+    classes = [options[:generator], options[:protection], options[:plugin_class]].flatten.compact
+    Plugins.register(name, *classes)
+  end
+  def self.resolve_plugin(name)
+    Plugins.resolve(name)
+  end
+end