brut 0.0.28 → 0.1.0

data/brutrb.com/features.md

@@ -0,0 +1,373 @@
+# Quick Tour of Brut's Features
+
+## Pages
+
+A [*Page*](/pages) models, well, a web page. It's a class that holds all the data
+necessary to generate its HTML as well as a method called `page_template`, which
+generates the HTML via Phlex.
+
+A page's routing is convention-based and starts with a URL:
+
+```ruby{6}
+class App < Brut::Framework::App
+  def id           = "my-app"
+  def organization = "my-org"
+
+  routes do
+    page "/dashboard"
+  end
+end
+```
+
+This URL means our page class is expected in `DashboardPage`.
+
+```ruby
+class DashboardPage < AppPage
+  def initialize
+    @now     = Time.now
+  end
+
+  def page_template
+    main do
+     h1 { "Hello!" }
+     h2 do
+       plain("It's ")
+       time(datetime: l(@now, format: iso_8601)) do
+         l(@now, format: date)
+       end
+     end
+    end
+  end
+end
+```
+
+This would all produce HTML like so, depending on the value of 
+
+```html [/dashboard]
+<main>
+  <h1>Hello!</h1>
+  <h2>It's
+    <time datetime="2025-02-17">
+      Monday, Feb 17
+    </time>
+  </h2>
+</main>
+```
+
+Note that the actual HTML delivered would include the code for a layout.
+
+## Layouts
+
+Brut includes the concept of [layouts](/layouts), and they work similar to Rails.
+Layouts are classes, however, and implement the Phlex-standard `view_template`
+method:
+
+```ruby
+class DefaultLayout < Brut::FrontEnd::Layout
+  def initialize(page_name:)
+    @page_name = page_name
+  end
+
+  def view_template
+    doctype
+    html(lang: "en") do
+      head do
+        meta(charset: "utf-8")
+        link(rel: "preload", as: "style", href: asset_path("/css/styles.css"))
+        link(rel: "stylesheet",           href: asset_path("/css/styles.css"))
+        script(defer: true, src: asset_path("/js/app.js"))
+        title { app_name }
+      end
+      body do
+        yield
+      end
+    end
+  end
+end
+```
+
+This produces this HTML:
+
+```html
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <link rel="preload" as="style" href="/css/styles-«HASH».css">
+    <link rel="stylesheet" href="/css/styles-«HASH».css">
+    <script defer src="/js/app-«HASH».js">
+    <title>My Awesome App</title>
+  </head>
+  <body>
+    <-- page HTML here -->
+  </body>
+</html>
+```
+
+
+## Components
+
+*Components* are a way to manage the complexity of HTML generation. The are Phlex components, meaning they are a class that implements `view_template`.
+
+Here's an example of a flash message component:
+
+```ruby
+# components/flash_component.rb
+class FlashComponent < AppComponent
+  def initialize(flash:)
+    if flash.notice?
+      @message_key = flash.notice
+      @role = :info
+    elsif flash.alert?
+      @message_key = flash.alert
+      @role = :alert
+    end
+  end
+
+  def any_message? = !@message_key.nil?
+
+  def view_template
+    if any_message?
+      div(role: @role) do
+        t([ :flash, @message_key ])
+      end
+    end
+  end
+end
+```
+
+You can then use this in any other view using `render`, provided by Phlex.
+
+```ruby
+def page_template
+  header do
+    render FlashComponent.new(flash:)
+  end
+end
+```
+
+## Forms
+
+[*Forms*](/forms) are a major concept like pages, since they are the way a browser
+submits data to the server.
+
+In Brut, a form does three things:
+
+* Describes the data in the `<form>` tag
+* Implies a route where its data is submitted via HTTP POST
+* Provides access to the submitted data (via an object with methods, not a Hash of Whatever)
+
+Like `page`, `form` declares a form's route:
+
+```ruby{2}
+routes do
+  form "/login"
+end
+```
+
+Brut is convention-based, so it will expect a class named `LoginForm` to exist. It
+will also expect `LoginHandler` to exist, which is a class that will receive the
+form submission and process it. More on handlers below.
+
+`LoginForm` uses class methods to declare its inputs.  These class methods mirror
+the various form element tags in HTML (`input`, `select`, etc.), and the methods
+attributes allow you to declare names and client-side constraints:
+
+```ruby [forms/login_form.rb]
+class LoginForm < AppForm
+  input :email
+  input :password, minlength: 8
+end
+```
+
+An instance of this class can be used to create HTML:
+
+```ruby
+def view_template
+  FormTag(for: @form) do
+    Inputs::InputTag(form: @form, input_name: :email)
+    Inputs::InputTag(form: @form, input_name: :password)
+    button { "Login" }
+  end
+end
+```
+
+> [!NOTE]
+> We'll explain what `FormTag` and `Inputs::InputTag` are in the [forms
+> section](/forms)
+
+This generates this HTML:
+
+```html
+<form action="/login" method="POST">
+  <input type="email" name="email" required>
+  <input type="password" name="password" required minlength="8">
+  <button>Login</button>
+</form>
+```
+
+When the form is submitted, an instance of `LoginForm` is created and made available
+to `LoginHandler`
+
+## Handlers
+
+A handler is like a controller in Rails, except it only has one method: `handle`.
+Unlike a Rails controller, a handler class is given its arguments explicitly, and
+`handle`'s return value dictates what will happen next.
+
+```ruby
+class LoginHandler < AppHandler
+  def initialize(form:)
+    @form = form
+  end
+  def handle
+    if @form.email == "secret@example.com" &&
+       @form.password = "sup3rs3cret!"
+       redirect_to(DashboardPage)
+    else
+      form.server_side_constraint_violation(
+        input_name: :email,
+        key: :no_such_user
+      )
+      LoginPage.new(form:)
+    end
+  end
+end
+```
+
+Note that we access the form's values as methods, not by digging into a Hash of
+Whatever.  Also note that returning an instance of a page will generate that page's
+HTML, much like Rails' `render :edit` might.  Lastly, `redirect_to` is a
+convenience to generate a URL to `DashboardPage`, and ultimately causes `handle` to
+return a `URI`, which Brut interprets as a redirect.
+
+
+## JavaScript
+
+Brut doesn't include a front-end framework, however you can certainly use one.  All
+JavaScript is bundled into a single bundle by [esbuild](https://esbuild.github.io/).
+
+Brut includes [BrutJS](/brut-js), which is a collection of autonomous custom
+elements AKA Web Components that provide convenient features like autosubmit, form
+submission confirmation and more:
+
+```ruby{5,7}
+def view_template
+  FormTag(for: @form) do
+    Inputs::InputTag(form: @form, input_name: :email)
+    Inputs::InputTag(form: @form, input_name: :password)
+    brut_confirm_submit(message: "Really login? In this economy?!") do
+      button { "Login" }
+    end
+  end
+end
+```
+
+When "Login" is pressed, `window.confirm` will ask if the visitor wants to proceed.
+This custom element can also use a `<dialog>` that you style, and works even better
+if that `<dialog>` makes use of `<brut-confirmation-dialog>`.
+
+## CSS
+
+Brut includes [BrutCSS](/css#using-brut-css), which is a lightweight utility-based
+CSS library to let you get started quickly. It's *not* TailwindCSS, nor will it ever
+be.
+
+You can replace it with whatever you like easily enough.
+
+
+## Database Schema
+
+Brut provides access to an SQL database via Sequel.  Brut uses Sequel's database schema management, however it is enhanced to
+encourage good practices by default.
+
+> [!NOTE]
+> Brut currently *only supports* PostgreSQL.  It may support all RDBMSes that Sequel supports, but as of now,
+> it's just Postgres.
+
+Consider a `households` table that relates to an `accounts` table.
+
+```ruby
+create_table :households,
+             comment: "Family unit managing the data" do
+  column :timezone, :text
+  column :dinner_time_of_day, :text
+  constraint(
+    :time_must_be_time,
+    %{
+      (dinner_time_of_day ~ '^[01][0-9]:[0-5][0-9]$') OR
+      (dinner_time_of_day ~ '^2[0-3]:[0-5][0-9]$')
+    }
+  )
+end
+
+create_table :accounts,
+             comment: "People or systems who can access this system",
+             external_id: true do
+
+  column :email,             :email_address, unique: true
+  column :deactivated_at,    :timestamptz, null: true
+  foreign_key :household_id, :households
+end
+```
+
+This is mostly using [Sequel's built-in migrations API](https://sequel.jeremyevans.net/rdoc/files/doc/schema_modification_rdoc.html).  But, a few additional behaviors are happening:
+
+* Columns default to `NOT NULL`
+* Tables require comments
+* Foreign keys default to having constraints and indexes
+
+There are other quality-of-life features of Brut's migration system, all designed to default to a good practice, with a way to do it
+however you want when needed.
+
+## Database Access
+
+Brut uses `Sequel::Model` to access data in your database.  To discourage the conflation of "models of database tables" with "models
+of your application's domain", these classes are in the `DB` namespace.  Thus, the class `DB::Household` would be able to access the
+`households` table defined above. This frees you up to create a `Household` class to model your domain's logic without being coupled
+to how you store some data in a database.
+
+```ruby
+class DB::Account < AppDataModel
+  has_external_id :ac
+  many_to_one :household
+end
+
+class DB::Household < AppDataModel
+  one_to_many :accounts
+end
+```
+
+## Domain and Business Logic
+
+Brut uses Zeitwerk for code loading, so any directories you create will be auto-loaded and refreshed during development.  This means that you can create a class named `Household` in `app/src/back_end/domain/household.rb` and it would be loaded.  Or, you could create `HouseholdService` in `app/src/back_end/services/household_service.rb` if you like.
+
+> [!TIP]
+> Providing a generally-useful abstraction for business or domain logic is not usually feasible.
+> Thus, Brut doesn't provide much beyond Zeitwerk's auto-loading feature.  It may provide more
+> assistance in  the future, but for now, Brut's approach is to free you from any prescription
+> or moral imperative. Manage your domain and business logic how you see fit. You know your domain
+> and team better than we do.
+
+## Testing
+
+Brut provides support for three types of tests:
+
+* Unit Tests, using RSpec
+* End-to-end tests, using RSpec and Playwright
+* Custom Element tests, written in JavaScript, using Mocha
+
+Since Brut is based on classes, objects, and methods, your unit tests will usually
+be straightforward, however Brut provides helpers to test your Page and Component
+HTML using Nokogiri.  FactoryBot is included and configured to manage test data.
+
+## Tasks
+
+Brut doesn't use Rake tasks. It uses CLI apps powered by Ruby's `OptionParser`.  Brut provides bootstrapping classes to make your own CLIs, as well as some light abstractions to make `OptionParser` a little more ergonomic.  Brut's dev and production management CLIs are built using this support.
+
+## Observability
+
+Brut has built-in support for [OpenTelemetry](https://opentelemetry.io/).  Brut includes configuration for the [otel-desktop-viewer](https://github.com/CtrlSpice/otel-desktop-viewer) or a text-based viewer suitable for development.  For production, most observability vendors provide OpenTelemetry ingestion any many have free tiers.
+
+Brut does support logging, however you are encouraged to use OpenTelemetry instead.
+

data/brutrb.com/flash-and-session.md

@@ -1,205 +1,189 @@
 # Flash and Session
 
-Brut sessions are stored in cookies, encrypted to prevent tampering.  The *flash*, which is a way to temporarily
-store small bits of information between page loads, is encoded in the session.
+Brut sessions are stored in cookies, encrypted to prevent tampering.  The *flash*, which is a way to temporarily store small bits of information between page loads, is encoded in the session.
 
 ## Overview
 
-Unlike Rails, the session and flash are presented to you as objects, not Hashes.  By declaring the `session:`
-parameter on an initializer, you'll be given the current session for the request as an `AppSession`, which
-inherits from `Brut::FrontEnd::Session`.  Similarly, declaring `flash:`, you'll get a `Brut::FrontEnd::Flash`.
+Unlike Rails, the session and flash are presented to you as objects, not Hashes of Whatever.  By declaring the `session:`
+parameter on an initializer, you'll be given the current session for the request as an `AppSession`, which inherits from `Brut::FrontEnd::Session`.  Similarly, declaring `flash:`, you'll get a `Brut::FrontEnd::Flash`.
 
 The idea is to use Ruby's type system to describe what data is in the session and flash.
 
 ### Session
 
-Brut's session is somewhat richer than you might get from other frameworks.  In particular, the session can
-provide you:
+Brut's session is somewhat richer than you might get from other frameworks.  In particular, the session can provide you:
 
 * The current `Brut::I18n::HTTPAcceptLanguage`, which is the visitor's locale. See [I18n](/i18n) for how this
 works and how to use this value.
 * The timezone as provided by the browser.
 * An explicitly-set timezone that may or may not be what the browser provided.  See [Space-Time Continuum](/space-time-continuum) for more details.
 
-The session also handles serializing the flash to and from the browser's cookies and can store any arbitrary data
-you like via `[]`.  You are encouraged to add methods to your app's `AppSession` to make it explicit what you are
-storing.
+To access the session, declare it as a keyword argument to your page, handler, or
+global component's intitializer:
 
-Let's  see the [route hook](/hooks) from  the [pages](/pages) section again.
+```ruby
+class HomePage < AppPage
+  def initialize(session:)
+    @session = session
+  end
+end
+```
+
+When you create your Brut app, your `AppSession` won't have anything in it, although
+it's a `Brut::FrontEnd::Session`, so you can certainly use `[]` and `[]=` on it.
+However, you are encouraged to declare methods that describe precisely what is in
+the session.
 
-> [!CAUTION]
-> This hook is not production-ready. It lacks certain error-handling situations and
-> makes an assumption about how the session is managed. It's for demonstration only.
-> The [route hooks](/hooks) section has a more
-> appropriate example.
+Let's say the currently logged-in visitor is available in the session.  Your
+`HomePage` could look like so:
 
 ```ruby
-class RequireAuthBeforeHook < Brut::FrontEnd::RouteHook
-  def before(request_context:,session:)
-    if session.current_user_id
-      user = DB::User.find(id: session.current_user_id)
-      if user
-        request_context[:current_user] = user
+class HomePage < AppPage
+  def initialize(session:)
+    @session = session
+  end
+
+  def view_template
+    h1 do
+      if @session.current_visitor
+        "Hello #{@session.current_visitor.name}"
+      else
+        "Hi!"
       end
     end
   end
 end
 ```
 
-When this hook executes, `session` will be an `AppSession`, serialized from the browser's cookies.  Here's what
-that class might look like:
+Let's suppose a `LoginHandler` exists, that can set a value for `current_visitor`:
 
 ```ruby
-# app/src/front_end/support/app_session.rb
-class AppSession < Brut::FrontEnd::Session
-  def login!(current_user:)
-    self[:current_user_id] = current_user.id
-  end
-
-  def logout!
-    self[:current_user_id] = nil
+class LoginHandler < AppHandler
+  def initialize(form:, session:)
+    @form    = form
+    @session = session
   end
 
-  def logged_in?
-    !!self.current_user_id
+  def handle
+    visitor = Login.from_form(form:) # assume this exists
+    if visitor
+      @sesion.login!(visitor:)
+    else
+      # ...
+    end
   end
-
-  def current_user_id = self[:current_user_id]
 end
 ```
 
-The session is a rich object and not just a thin wrapper over a Hash.  You could even have the session perform
-the lookup in the database:
+`AppSession` would need to look like so:
 
-```ruby {11,14-16}
-# app/src/front_end/support/app_session.rb
+```ruby
 class AppSession < Brut::FrontEnd::Session
-  def login!(current_user:)
-    self[:current_user_id] = current_user.id
-  end
-  def logout!
-    self[:current_user_id] = nil
+  def login!(visitor:)
+    self[:current_visitor_id] = visitor.id
   end
 
-  def logged_in?
-    !!self.current_user
-  end
-
-  def current_user
-    DB::User.find(id: self[:current_user_id])
+  def current_visitor
+    DB::Visitor.find(id: self[:current_visitor_id])
   end
 end
 ```
 
-Now, the hook could call `current_user`:
+Brut encourages your session to be a rich object.  You can declare any methods you
+like:
 
-```ruby {3-5}
-class RequireAuthBeforeHook < Brut::FrontEnd::RouteHook
-  def before(request_context:,session:)
-    if session.logged_in?
-      request_context[:current_user] = session.current_user
-    end
-  end
+```ruby
+class AppSession < Brut::FrontEnd::Session
+  def logged_in? = !!self.current_visitor
 end
 ```
 
-Let's see `LoginHandler` from the [handlers](/handlers) section, to see how to save the current user.  Given what
-we've learned, the declaration of the `session:` parameter to the initializer means the relevant instance of
-`AppSession` will be passed in.
+> [!NOTE]
+> When dealing with auth, you can leverage
+> keyword injection beyond injecting the session.  This is
+> discussed in [the auth recipe](/recipes/authentication.md)
 
-```ruby {20}
-# app/src/front_end/handlers/login_handler.rb
-class LoginHandler < AppHandler
-  def initialize(form:, session:)
-    @form    = form
-    @session = session
-  end
+### Flash
 
-  def handle
-    if !@form.constraint_violations?
-      authorized_user = AuthorizedUser.login(
-        email: form.email,
-        password: form.password
-      )
-      if authorized_user.nil?
-        @form.server_side_constraint_violation(
-          input_name: :email,
-          key: :login_not_found
-        )
-      else
-        session.login!(current_user: authorized_user.user)
-      end
-    end
-    if @form.constraint_violations?
-      LoginPage.new(form: @form)
-    else
-      redirect_to(DashboardPage.routing)
-    end
+To access the flash, declare it as a keyword argument to your page, handler, or
+global component's intitializer:
+
+```ruby {2,4}
+class DeleteWidgetByIdHandler < AppHandler
+  def initialize(widget_id:, flash:)
+    @widget_id = widget_id
+    @flash     = flash
   end
 end
 ```
 
-Brut will handle saving the updated values in the response so when, in this case, the `DashboardPage` is
-rendered, it can see which user is logged in.
-
-### Flash
-
-By default, your app will use Brut's flash class, `Brut::FrontEnd::Flash`.  This is because you typically don't
-need to enhance the flash.  Brut's flash has an "alert" and "notice", and you can use them however you see fit. You can also set arbitrary messages in the flash via `[]`.
+By default, the flash will be a `Brut::FrontEnd::Flash`.  While you can set your own
+class, this is less commonly needed, so Brut doesn't provide one by default.  Like
+the session, you can use `[]`, but are discouraged from this to avoid Hashes of
+Whatever littering your code.
 
-The contents of the flash only survive one request, so anything you set will be available in that session's next
-request, but not after that.
+The default flash provides a `notice` attribute and an `alert` attribute. Their
+values only survive one request, so anything you set will be available in that session's next request, but not after that.
 
-Note that the flash's alert and notice are intended to be I18n keys.  You don't have to use them this way, but it
-is encouraged.  If you pass an array into `alert=` or `notice=`, the elements will be joined to form an I18n key.
+The values are expected to be I18n keys:
 
-You can create your own subclass if you need a richer flash class than the one Brut provides.
-
-First, create your class. It can be anywhere, but we recommend `app/src/front_end/support/app_flash.rb`:
-
-```ruby
-# app/src/front_end/support/app_flash.rb
-class AppFlash < Brut::FrontEnd::Flash
-  # For example
-  def debug=(debug)
-    self[:debug] = debug
+```ruby {5,8}
+  def handle
+    widget = DB::Widget.find!(id: @widget_id)
+    if widget.can_delete?
+      widget.delete
+      @flash.notice = :widget_deleted
+      redirect_to(WidgetsPage)
+    else
+      @flash.alert = :widget_cannot_be_deleted
+      WidgetsPage.new
+    end
   end
-  def debug  = self[:debug]
-  def debug? = !!self.debug
 end
 ```
 
-Then, in your `App`, located in `app/src/app.rb`, use `Brut.container.override` to change the class used for the
-flash:
-
-```ruby
-class App < Brut::Framework::App
-  # ...
-  def initialize
-    Brut.container.override(
-      "flash_class",
-      AppFlash
-    )
+This is only enforced by convention, but you should stick to one convention since
+you will likely create a [global component](/components) for the flash:
+
+```ruby {17}
+class FlashComponent < AppComponent
+  def initialize(flash:)
+    if flash.notice?
+      @message_key = flash.notice
+      @role = :info
+    elsif flash.alert?
+      @message_key = flash.alert
+      @role = :alert
+    end
   end
 
-  # ...
+  def any_message? = !@message_key.nil?
+
+  def view_template
+    if any_message?
+      div(role: @role) do
+        t([ :flash, @message_key ])
+      end
+    end
+  end
 end
 ```
 
-Brut's configuration system is discussed in more detail in [Configuration](/configuration).
+See [using your own Flash class](/recipes/custom-flash) to see how to enhance Brut's
+flash with your own logic.
 
 ## Testing
 
 Testing your session or flash classes may not be super valuable, however they are normal Ruby objects so you can
-test them in a conventional way.  Both classes treat their internals as a Hash, so you can implement and assert
-via the `[]` and `[]=` methods.
+test them in a conventional way. Although you are discouraged from using `[]` and
+`[]=` as the public API of your session or flash, they can be useful for assertions
+or test setup.
 
 ## Recommended Practices
 
-While you can use both the flash and the session has a hash of whatever, your are encouraged to avoid this in
-your production code.  Create well-defined attributes or methods to manipulate these objects using the language
-of your domain.
-
+Do not treat the session or flash as a Hash of Whatever.  Isolate all magic keys to
+the class and provide a rich API.  It doesn't take that much effort and will make
+your app way easier to manage.
 
 ## Technical Notes