brut 0.0.1

data/lib/brut/front_end/forms/input_definition.rb

@@ -0,0 +1,100 @@
+# An InputDefinition captures metadata used to create an Input. Think of this
+# as a template for creating inputs.  An Input has state, such as values and thus validity.
+# An InputDefinition is immutable and defines inputs.
+class Brut::FrontEnd::Forms::InputDefinition
+  include Brut::Framework::FussyTypeEnforcement
+  attr_reader :max,
+              :maxlength,
+              :min,
+              :minlength,
+              :name,
+              :pattern,
+              :required,
+              :step,
+              :type
+
+  INPUT_TYPES_TO_CLASS = {
+    "checkbox"       => String,
+    "color"          => String,
+    "date"           => String,
+    "datetime-local" => String,
+    "email"          => String,
+    "file"           => String,
+    "hidden"         => String,
+    "month"          => String,
+    "number"         => Numeric,
+    "password"       => String,
+    "radio"          => String,
+    "range"          => String,
+    "search"         => String,
+    "tel"            => String,
+    "text"           => String,
+    "time"           => String,
+    "url"            => String,
+    "week"           => String,
+  }
+
+  # Create an InputDefinition. This should very closely mirror
+  # the attributes used in an <INPUT> element in HTML.
+  def initialize(
+    max: nil,
+    maxlength: nil,
+    min: nil,
+    minlength: nil,
+    name: nil,
+    pattern: nil,
+    required: :based_on_type,
+    step: nil,
+    type: nil
+  )
+    name = name.to_s
+    type = if type.nil?
+             case name
+             when "email" then "email"
+             when "password" then "password"
+             else
+               "text"
+             end
+           else
+             type
+           end
+
+    type = type.to_s
+    if required == :based_on_type
+      required = type != "checkbox"
+    end
+
+    @max       = type!( max       , Numeric                   , "max")
+    @maxlength = type!( maxlength , Numeric                   , "maxlength")
+    @min       = type!( min       , Numeric                   , "min")
+    @minlength = type!( minlength , Numeric                   , "minlength")
+    @name      = type!( name      , String                    , "name")
+    @pattern   = type!( pattern   , String                    , "pattern")
+    @required  = type!( required  , [true, false]             , "required", required: true)
+    @step      = type!( step      , Numeric                   , "step")
+    @type      = type!( type      , INPUT_TYPES_TO_CLASS.keys , "type", required: true)
+
+    if @pattern.nil? && type == "email"
+      @pattern = /^[^@]+@[^@]+\.[^@]+$/.source
+    end
+  end
+
+  # Create an Input based on this defitition, initializing it with the given value.
+  def make_input(value:)
+    Brut::FrontEnd::Forms::Input.new(input_definition: self, value: value)
+  end
+end
+class Brut::FrontEnd::Forms::SelectInputDefinition
+  include Brut::Framework::FussyTypeEnforcement
+  attr_reader :required, :name
+  def initialize(name:, required: true)
+    name = name.to_s
+    @name     = type!( name      , String        , "name")
+    @required = type!( required  , [true, false] , "required", required:true)
+  end
+
+  # Create an Input based on this defitition, initializing it with the given value.
+  def make_input(value:)
+    Brut::FrontEnd::Forms::SelectInput.new(input_definition: self, value: value)
+  end
+end

data/lib/brut/front_end/forms/validity_state.rb

@@ -0,0 +1,36 @@
+# Mirrors a web browser's ValidityState API. Captures the overall state
+# of validity of an input.  This can accomodate server-side constraint violations
+# that are essentially arbitrary.  This means that an instance of this class should
+# fully capture all constraint violations for a given field.  You can 
+# iterate over all the violations with #each, which will yield one `ConstraintViolation` for
+# each failure.  You can query the constraint to determine if it is a client side constraint or not.
+class Brut::FrontEnd::Forms::ValidityState
+  include Enumerable
+
+  def initialize(constraint_violations={})
+    @constraint_violations = constraint_violations.map { |key,value|
+      if value
+        Brut::FrontEnd::Forms::ConstraintViolation.new(key: key, context: {})
+      else
+        nil
+      end
+    }.compact
+  end
+
+  # Returns true if there are no validation errors
+  def valid? = @constraint_violations.empty?
+
+  # Set a server-side constraint violation. This is essentially arbitrary and dependent
+  # on your use-case.
+  def server_side_constraint_violation(key:,context:)
+    @constraint_violations << Brut::FrontEnd::Forms::ConstraintViolation.new(key: key, context: context, server_side: true)
+  end
+
+  def each(&block)
+    @constraint_violations.each do |constraint|
+      block.call(constraint)
+    end
+  end
+
+end
+

data/lib/brut/front_end/handler.rb

@@ -0,0 +1,48 @@
+# A handler responds to all HTTP requests other than those that render a page. It will be given any data it needs
+# to handle the request to its handle method.  You define this method to accept the parameters you expect.
+#
+# You may also define before_handle which will be given any subset of those parameters and can perform logic before
+# handle is called.  This is most useful in a base class to check for permissions or other cross-cutting concerns.
+#
+# Tests should call handle!
+module Brut::FrontEnd
+  class Handler
+    include Brut::FrontEnd::HandlingResults
+
+    def handle(**)
+      raise Brut::Framework::Errors::AbstractMethod
+    end
+
+    def handle!(**args)
+      result = nil
+      if self.respond_to?(:before_handle)
+        before_handle_args = self.method(:before_handle).parameters.map { |(type,name)|
+          if type == :keyreq
+            if args.key?(name)
+              [ name, args[name] ]
+            else
+              raise ArgumentError,"before_handle requires keyword arg '#{name}' but `handle` did not receive it. It must"
+            end
+          elsif type == :key
+            if args.key?(name)
+              [ name, args[name] ]
+            else
+              nil
+            end
+          else
+            raise ArgumentError,"before_handle must only have keyword args. Got '#{name}' of type '#{type}'"
+          end
+        }.compact.to_h
+        result = self.before_handle(**before_handle_args)
+      end
+      if result.nil?
+        result = self.handle(**args)
+      end
+      result
+    end
+  end
+  module Handlers
+    autoload(:CspReportingHandler,"brut/front_end/handlers/csp_reporting_handler")
+    autoload(:LocaleDetectionHandler,"brut/front_end/handlers/locale_detection_handler")
+  end
+end

data/lib/brut/front_end/handlers/csp_reporting_handler.rb

@@ -0,0 +1,11 @@
+class Brut::FrontEnd::Handlers::CspReportingHandler < Brut::FrontEnd::Handler
+  def handle(body:)
+    begin
+      parsed = JSON.parse(body.read)
+      SemanticLogger["brut:__brut/csp-reporting"].info(parsed)
+    rescue => ex
+      SemanticLogger["brut:__brut/locale"].warn("Got #{ex} from /__brut/locale instead of a parseable JSON object")
+    end
+    http_status(200)
+  end
+end

data/lib/brut/front_end/handlers/locale_detection_handler.rb

@@ -0,0 +1,22 @@
+class Brut::FrontEnd::Handlers::LocaleDetectionHandler < Brut::FrontEnd::Handler
+  def handle(body:,session:)
+    begin
+      parsed = JSON.parse(body.read)
+      SemanticLogger["brut:__brut/locale"].info("Got #{parsed.class}/#{parsed}")
+      if parsed.kind_of?(Hash)
+        locale   = parsed["locale"]
+        timezone = parsed["timeZone"]
+
+        session.timezone_from_browser = timezone
+        if !session.http_accept_language.known?
+          session.http_accept_language = Brut::I18n::HTTPAcceptLanguage.from_browser(locale)
+        end
+      else
+        SemanticLogger["brut:__brut/locale"].warn("Got a #{parsed.class} from /__brut/locale instead of a hash")
+      end
+    rescue => ex
+      SemanticLogger["brut:__brut/locale"].warn("Got #{ex} from /__brut/locale instead of a parseable JSON object")
+    end
+    http_status(200)
+  end
+end

data/lib/brut/front_end/handling_results.rb

@@ -0,0 +1,14 @@
+module Brut::FrontEnd::HandlingResults
+  # For use inside handle! or process! to indicate the user should be redirected to 
+  # the route for the given class and query string parameters. If the route
+  # does not support GET, an exception is raised
+  def redirect_to(klass, **query_string_params)
+    if !klass.kind_of?(Class)
+      raise ArgumentError,"redirect_to should be given a Class, not a #{klass.class}"
+    end
+    Brut.container.routing.uri(klass,with_method: :get,**query_string_params)
+  end
+
+  # For use when an HTTP status code must be returned.
+  def http_status(number) = Brut::FrontEnd::HttpStatus.new(number)
+end

data/lib/brut/front_end/http_method.rb

@@ -0,0 +1,33 @@
+class Brut::FrontEnd::HttpMethod
+  def initialize(string)
+    normalized = string.to_s.downcase.to_sym
+    if !self.class.method_names.include?(normalized)
+      raise ArgumentError,"'#{string}' is not a known HTTP method"
+    end
+    @method = normalized
+  end
+
+  def to_s = @method.to_s
+  def to_sym = @method.to_sym
+  alias to_str to_s
+
+  def ==(other)
+    self.class.name == other.class.name && self.to_s == other.to_s
+  end
+
+  def get? = self.to_sym == :get
+
+private
+
+  def self.method_names = [
+    :connect,
+    :delete,
+    :get,
+    :head,
+    :options,
+    :patch,
+    :post,
+    :put,
+    :trace,
+  ].freeze
+end

data/lib/brut/front_end/http_status.rb

@@ -0,0 +1,16 @@
+class Brut::FrontEnd::HttpStatus
+  def initialize(number)
+    number = number.to_i
+    if ((number < 100) || (number > 599))
+      raise ArgumentError,"'#{number}' is not a known HTTP status code"
+    end
+    @number = number
+  end
+
+  def to_i = @number
+  def to_s = to_i.to_s
+
+  def ==(other)
+    self.class == other.class && self.to_i == other.to_i
+  end
+end

data/lib/brut/front_end/middleware.rb

@@ -0,0 +1,7 @@
+module Brut::FrontEnd
+  class Middleware
+  end
+  module Middlewares
+    autoload(:ReloadApp,"brut/front_end/middlewares/reload_app")
+  end
+end

data/lib/brut/front_end/middlewares/reload_app.rb

@@ -0,0 +1,31 @@
+class Brut::FrontEnd::Middlewares::ReloadApp < Brut::FrontEnd::Middleware
+  LOCK = Concurrent::ReadWriteLock.new
+  def initialize(app)
+    @app = app
+  end
+  def call(env)
+    Brut.container.instrumentation.instrument(Brut::Instrumentation::Event.new(category: "middleware", subcategory: self.class.name, name: "call")) do
+      # We can only have one thread reloading stuff at a time, per process.
+      # The ReadWriteLock achieves this.
+      #
+      # Here, if any thread is serving a request, THIS thread will wait here.
+      # Once no other thread is serving a request, the write lock is acquired and a reload happens.
+      LOCK.with_write_lock do
+        begin
+          Brut.container.zeitwerk_loader.reload
+          Brut.container.routing.reload
+          Brut.container.asset_path_resolver.reload
+          ::I18n.reload!
+        rescue => ex
+          SemanticLogger[self.class].warn("Reload failed - your browser may not show you the latest code: #{ex.message}")
+        end
+      end
+      # If another thread has a write lock, we wait here so that the reload can complete before serving
+      # the request.  If no thread has a write lock, THIS thread may proceed to serve the request,
+      # as will any other thread that gets here.
+      LOCK.with_read_lock do
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/brut/front_end/page.rb

@@ -0,0 +1,47 @@
+# A page is a component that has a layout and thus is intended to be
+# an entire web page, not just a fragment.
+class Brut::FrontEnd::Page < Brut::FrontEnd::Component
+  include Brut::FrontEnd::HandlingResults
+  using Brut::FrontEnd::Templates::HTMLSafeString::Refinement
+
+  def layout = "default"
+
+  def before_render = nil
+
+  def handle!
+    case before_render
+    in URI => uri
+      uri
+    in Brut::FrontEnd::HttpStatus => http_status
+      http_status
+    else
+      render
+    end
+  end
+
+  # Overrides component's render to add the concept of a layout.
+  # A layout is an HTML/ERB file that will contain this page's contents.
+  def render
+    Brut.container.layout_locator.locate(self.layout).
+      then { |layout_erb_file| Brut::FrontEnd::Template.new(layout_erb_file)
+      } => layout_template
+
+    Brut.container.page_locator.locate(self.template_name).
+      then { |erb_file| Brut::FrontEnd::Template.new(erb_file)
+      } => template
+
+    layout_template.render_template(self) do
+      template.render_template(self).html_safe!
+    end
+  end
+
+  def self.page_name = self.name
+  def page_name = self.class.page_name
+  def component_name = raise Brut::Framework::Errors::Bug,"#{self.class} is not a component"
+
+private
+
+  def template_name = RichString.new(self.class.name).underscorized.to_s.gsub(/^pages\//,"")
+
+end
+

data/lib/brut/front_end/request_context.rb

@@ -0,0 +1,82 @@
+class Brut::FrontEnd::RequestContext
+  def initialize(env:,session:,flash:,xhr:,body:)
+    @hash = {
+      env:,
+      session:,
+      flash:,
+      xhr:,
+      body:,
+      csrf_token: Rack::Protection::AuthenticityToken.token(env["rack.session"]),
+      clock: Clock.new(session.timezone_from_browser),
+    }
+  end
+
+
+  def []=(key,value)
+    key = key.to_sym
+    @hash[key] = value
+  end
+
+  def fetch(key)
+    if self.key?(key)
+      value = self[key]
+      if value
+        return value
+      else
+        raise ArgumentError,"No key '#{key}' in #{self.class}"
+      end
+    else
+      raise ArgumentError,"Key '#{key}' is nil in #{self.class}"
+    end
+  end
+
+  def [](key)
+    @hash[key.to_sym]
+  end
+
+  def key?(key)
+    @hash.key?(key.to_sym)
+  end
+
+  # Returns a hash suitable to passing into this class' constructor.
+  def as_constructor_args(klass, request_params:)
+    args_for_method(method: klass.instance_method(:initialize), request_params:, form: nil)
+  end
+
+  def as_method_args(object, method_name, request_params:,form:)
+    args_for_method(method: object.method(method_name), request_params:, form:)
+  end
+
+private
+
+  def args_for_method(method:, request_params:, form: )
+    args = {}
+    method.parameters.each do |(type,name)|
+
+      if name.to_s == "**" || name.to_s == "*"
+        raise ArgumentError,"#{method.class}##{method.name} accepts '#{name}' and not keyword args. Define it in your class to accept the keyword arguments your method needs"
+      end
+      if ![ :key,:keyreq ].include?(type)
+        raise ArgumentError,"#{name} is not a keyword arg, but is a #{type}"
+      end
+
+      if self.key?(name)
+        args[name] = self[name]
+      elsif !form.nil? && name == :form
+        args[name] = form
+      elsif !request_params.nil? && (request_params[name.to_s] || request_params[name.to_sym])
+        args[name] = request_params[name.to_s] || request_params[name.to_sym]
+      elsif type == :keyreq
+        request_params_message = if request_params.nil?
+                                   "no request params provied"
+                                 else
+                                   "request_params: #{request_params.keys.map(&:to_s).join(", ")}"
+                                 end
+        raise ArgumentError,"#{method} argument '#{name}' is required, but there is no value in the current request context (keys: #{@hash.keys.map(&:to_s).join(", ")}, #{request_params_message}, form: #{form.class}). Either set this value in the request context or set a default value in the initializer"
+      else
+        # this keyword arg has a default value which will be used
+      end
+    end
+    args
+  end
+end

data/lib/brut/front_end/route_hook.rb

@@ -0,0 +1,15 @@
+module Brut::FrontEnd
+  class RouteHook
+    include Brut::FrontEnd::HandlingResults
+    # Return this to continue the hook
+    def continue = true
+  end
+
+  module RouteHooks
+    autoload(:LocaleDetection, "brut/front_end/route_hooks/locale_detection")
+    autoload(:SetupRequestContext, "brut/front_end/route_hooks/setup_request_context")
+    autoload(:AgeFlash, "brut/front_end/route_hooks/age_flash")
+    autoload(:CSPNoInlineStylesOrScripts,"brut/front_end/route_hooks/csp_no_inline_styles_or_scripts")
+    autoload(:CSPNoInlineScripts,"brut/front_end/route_hooks/csp_no_inline_scripts")
+  end
+end

data/lib/brut/front_end/route_hooks/age_flash.rb

@@ -0,0 +1,8 @@
+class Brut::FrontEnd::RouteHooks::AgeFlash < Brut::FrontEnd::RouteHook
+  def after(app_session:,request_context:)
+    flash = request_context[:flash]
+    flash.age!
+    app_session.flash = flash
+    continue
+  end
+end

data/lib/brut/front_end/route_hooks/csp_no_inline_scripts.rb

@@ -0,0 +1,17 @@
+class Brut::FrontEnd::RouteHooks::CSPNoInlineScripts < Brut::FrontEnd::RouteHook
+  def after(response:)
+    response.headers["Content-Security-Policy"] = header_value
+    continue
+  end
+
+  def header_value
+    [
+      "default-src 'self'",
+      "script-src-elem 'self'",
+      "script-src-attr 'none'",
+      "style-src-elem 'self'",
+      "style-src-attr 'self'",
+    ].join("; ")
+  end
+
+end

data/lib/brut/front_end/route_hooks/csp_no_inline_styles_or_scripts.rb

@@ -0,0 +1,46 @@
+class Brut::FrontEnd::RouteHooks::CSPNoInlineStylesOrScripts < Brut::FrontEnd::RouteHook
+  def after(response:)
+    response.headers["Content-Security-Policy"] = header_value
+    continue
+  end
+
+  def header_value
+    [
+      "default-src 'self'",
+      "script-src-elem 'self'",
+      "script-src-attr 'none'",
+      "style-src-elem 'self'",
+      "style-src-attr 'none'",
+    ].join("; ")
+  end
+
+  class ReportOnly < Brut::FrontEnd::RouteHooks::CSPNoInlineStylesOrScripts
+    def after(response:,request:)
+      csp_reporting_path   = uri(Brut::FrontEnd::Handlers::CspReportingHandler.routing,request:)
+      reporting_directives = "report-to csp_reporting;report-uri #{csp_reporting_path}"
+
+      response.headers["Content-Security-Policy-Report-Only"] = header_value + ";" + reporting_directives
+      response.headers["Reporting-Endpoints"]                 = "csp_reporting='#{csp_reporting_path}'"
+
+      continue
+    end
+  end
+
+private
+
+  def uri(path,request:)
+    # Adapted from Sinatra's innards
+    host = "http#{'s' if request.secure?}://"
+    if request.forwarded? || (request.port != (request.secure? ? 443 : 80))
+      host << request.host_with_port
+    else
+      host << request.host
+    end
+    uri_parts = [
+      host,
+      request.script_name.to_s,
+      path,
+    ]
+    File.join(uri_parts)
+  end
+end

data/lib/brut/front_end/route_hooks/locale_detection.rb

@@ -0,0 +1,24 @@
+class Brut::FrontEnd::RouteHooks::LocaleDetection < Brut::FrontEnd::RouteHook
+  def before(app_session:,env:)
+    http_accept_language = Brut::I18n::HTTPAcceptLanguage.from_header(env["HTTP_ACCEPT_LANGUAGE"])
+    if !app_session.http_accept_language.known?
+      app_session.http_accept_language = http_accept_language
+    end
+    best_locale = nil
+    app_session.http_accept_language.weighted_locales.each do |weighted_locale|
+      if ::I18n.available_locales.include?(weighted_locale.locale.to_sym)
+        best_locale = weighted_locale.locale.to_sym
+        break
+      elsif ::I18n.available_locales.include?(weighted_locale.primary_only.locale.to_sym)
+        best_locale = weighted_locale.primary_only.locale.to_sym
+        break
+      end
+    end
+    if best_locale
+      ::I18n.locale = best_locale
+    else
+      SemanticLogger["Brut"].warn("None of the user's locales are available: #{app_session.http_accept_language}")
+    end
+    continue
+  end
+end

data/lib/brut/front_end/route_hooks/setup_request_context.rb

@@ -0,0 +1,11 @@
+class Brut::FrontEnd::RouteHooks::SetupRequestContext < Brut::FrontEnd::RouteHook
+  def before(app_session:,request:,env:)
+    flash = app_session.flash
+    app_session[:_flash] ||= flash
+    Thread.current.thread_variable_set(
+      :request_context,
+      Brut::FrontEnd::RequestContext.new(env:,session:app_session,flash:,xhr: request.xhr?,body: request.body)
+    )
+    continue
+  end
+end