otto 1.4.0 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 746b45b9ceea5aed255a2d39e578f65bbf4438791bf61aad37641cbd4313c365
-  data.tar.gz: 8e61944be4c19656684c5630bf74024c3738d4ed6b8891686be4beb735aaaddd
+  metadata.gz: a50c097fe32fba3c0a6d84be84f95f68fffe385675f3fc353681b24f11aefa63
+  data.tar.gz: 9ad3e5c757531c10b1fbd60d304a07aa5ce84915491acb6c36b61656b8b6f6b3
 SHA512:
-  metadata.gz: 0bd4f87e1d824c2dc6683f6909db32e0e0a460b65a8d1646a35f2ac464a450d8804f72cacad60eae066601867f84b1d97c8bbccb02211ed43e5e408d8b269894
-  data.tar.gz: 999b4b96f74cace0b236dea4ef8f16607713a66960be3301b30b3f3e9e9e7f047b6381820cf701d5385afb10641537c2e1726993ff5c84ae75f6325eefe53cc8
+  metadata.gz: c1be28acdcec40db91e12c39926a5197326b0c46b5d269187f8cc3114cfbcae6ae025f1fa69c6c8820faa076c2067c3200838a15818291c729df40271cca3b00
+  data.tar.gz: bfa3af6f70fd650464b935b8b30c687b2393b9a687b68837ab21ffcb2ffb710acc1dea85942e043a8307a4b2d6360b4037846e710f2fc43e47a66100dddea807

data/.gitignore

@@ -19,3 +19,4 @@ vendor
 *.gem
 .ruby-lsp
 .rspec_status
+.mcp.json

data/Gemfile

@@ -16,5 +16,5 @@ group 'development' do
   gem 'ruby-lsp', require: false
   gem 'stackprof', require: false
   gem 'syntax_tree', require: false
-  gem 'tryouts', require: false
+  gem 'tryouts', '~> 3.3.1', require: false
 end

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    otto (1.4.0)
+    otto (1.5.0)
       ostruct
       rack (~> 3.1, < 4.0)
       rack-parser (~> 0.7)
@@ -111,7 +111,7 @@ GEM
     stringio (3.1.7)
     syntax_tree (6.3.0)
       prettier_print (>= 1.2.0)
-    tryouts (3.2.1)
+    tryouts (3.3.1)
       irb
       minitest (~> 5.0)
       pastel (~> 0.8)
@@ -142,7 +142,7 @@ DEPENDENCIES
   ruby-lsp
   stackprof
   syntax_tree
-  tryouts
+  tryouts (~> 3.3.1)
 
 BUNDLED WITH
    2.6.9

data/docs/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

data/lib/otto/response_handlers.rb

@@ -0,0 +1,141 @@
+# lib/otto/response_handlers.rb
+
+class Otto
+  module ResponseHandlers
+    # Base response handler class
+    class BaseHandler
+      def self.handle(result, response, context = {})
+        raise NotImplementedError, "Subclasses must implement handle method"
+      end
+
+      protected
+
+      def self.ensure_status_set(response, default_status = 200)
+        response.status = default_status unless response.status && response.status != 0
+      end
+    end
+
+    # Handler for JSON responses
+    class JSONHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        response['Content-Type'] = 'application/json'
+
+        # Determine the data to serialize
+        data = if context[:logic_instance]&.respond_to?(:response_data)
+                 context[:logic_instance].response_data
+               elsif result.is_a?(Hash)
+                 result
+               elsif result.nil?
+                 { success: true }
+               else
+                 { success: true, data: result }
+               end
+
+        response.body = [JSON.generate(data)]
+        ensure_status_set(response, context[:status_code] || 200)
+      end
+    end
+
+    # Handler for redirect responses
+    class RedirectHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        # Determine redirect path
+        path = if context[:redirect_path]
+                 context[:redirect_path]
+               elsif context[:logic_instance]&.respond_to?(:redirect_path)
+                 context[:logic_instance].redirect_path
+               elsif result.is_a?(String)
+                 result
+               else
+                 '/'
+               end
+
+        response.redirect(path)
+      end
+    end
+
+    # Handler for view/template responses
+    class ViewHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        if context[:logic_instance]&.respond_to?(:view)
+          response.body = [context[:logic_instance].view.render]
+          response['Content-Type'] = 'text/html' unless response['Content-Type']
+        elsif result.respond_to?(:to_s)
+          response.body = [result.to_s]
+          response['Content-Type'] = 'text/html' unless response['Content-Type']
+        else
+          response.body = ['']
+        end
+
+        ensure_status_set(response, context[:status_code] || 200)
+      end
+    end
+
+    # Default handler that preserves existing Otto behavior
+    class DefaultHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        # Otto's default behavior - let the route handler manage the response
+        # This handler does nothing, preserving existing behavior
+        ensure_status_set(response, 200)
+      end
+    end
+
+    # Auto-detection handler that chooses appropriate handler based on context
+    class AutoHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        # Auto-detect based on result type and request context
+        handler_class = detect_handler_type(result, response, context)
+        handler_class.handle(result, response, context)
+      end
+
+      private
+
+      def self.detect_handler_type(result, response, context)
+        # Check if response type was already set by the handler
+        content_type = response['Content-Type']
+
+        if content_type&.include?('application/json')
+          JSONHandler
+        elsif (context[:logic_instance]&.respond_to?(:redirect_path) && context[:logic_instance]&.redirect_path) ||
+              (result.is_a?(String) && result.match?(%r{^/}))
+          # Logic instance has redirect path or result is a string path
+          RedirectHandler
+        elsif result.is_a?(Hash)
+          JSONHandler
+        elsif context[:logic_instance]&.respond_to?(:view)
+          ViewHandler
+        else
+          DefaultHandler
+        end
+      end
+    end
+
+    # Factory for creating response handlers
+    class HandlerFactory
+      # Map of response type names to handler classes
+      HANDLER_MAP = {
+        'json' => JSONHandler,
+        'redirect' => RedirectHandler,
+        'view' => ViewHandler,
+        'auto' => AutoHandler,
+        'default' => DefaultHandler
+      }.freeze
+
+      def self.create_handler(response_type)
+        handler_class = HANDLER_MAP[response_type.to_s.downcase]
+
+        unless handler_class
+          Otto.logger.warn "Unknown response type: #{response_type}, falling back to default" if Otto.debug
+          handler_class = DefaultHandler
+        end
+
+        handler_class
+      end
+
+      def self.handle_response(result, response, response_type, context = {})
+        handler = create_handler(response_type)
+        handler.handle(result, response, context)
+      end
+    end
+  end
+end

data/lib/otto/route.rb

@@ -23,35 +23,70 @@ class Otto
     module ClassMethods
       attr_accessor :otto
     end
-    attr_reader :verb, :path, :pattern, :method, :klass, :name, :definition, :keys, :kind
+    # @return [Otto::RouteDefinition] The immutable route definition
+    attr_reader :route_definition
+
+    # @return [Class] The resolved class object
+    attr_reader :klass
+
     attr_accessor :otto
 
     # Initialize a new route with security validations
     #
     # @param verb [String] HTTP verb (GET, POST, PUT, DELETE, etc.)
     # @param path [String] URL path pattern with optional parameters
-    # @param definition [String] Class and method definition (Class.method or Class#method)
+    # @param definition [String] Class and method definition with optional key-value parameters
+    #   Examples:
+    #     "Class.method" (traditional)
+    #     "Class#method" (traditional)
+    #     "V2::Logic::AuthSession auth=authenticated response=redirect" (enhanced)
     # @raise [ArgumentError] if definition format is invalid or class name is unsafe
     def initialize(verb, path, definition)
-      @verb           = verb.to_s.upcase.to_sym
-      @path           = path
-      @definition     = definition
-      @pattern, @keys = *compile(@path)
-      if !@definition.index('.').nil?
-        @klass, @name = @definition.split('.')
-        @kind         = :class
-      elsif !@definition.index('#').nil?
-        @klass, @name = @definition.split('#')
-        @kind         = :instance
-      else
-        raise ArgumentError, "Bad definition: #{@definition}"
-      end
-      @klass          = safe_const_get(@klass)
-      # @method = @klass.method(@name)
+      @pattern, @keys = *compile(path)
+
+      # Create immutable route definition
+      @route_definition = Otto::RouteDefinition.new(verb, path, definition, pattern: @pattern, keys: @keys)
+
+      # Resolve the class
+      @klass = safe_const_get(@route_definition.klass_name)
+    end
+
+    # Delegate common methods to route_definition for backward compatibility
+    def verb
+      @route_definition.verb
+    end
+
+    def path
+      @route_definition.path
+    end
+
+    def definition
+      @route_definition.definition
+    end
+
+    def pattern
+      @route_definition.pattern
+    end
+
+    def keys
+      @route_definition.keys
+    end
+
+    def name
+      @route_definition.method_name
+    end
+
+    def kind
+      @route_definition.kind
+    end
+
+    def route_options
+      @route_definition.options
     end
 
     private
 
+
     # Safely resolve a class name using Object.const_get with security validations
     # This replaces the previous eval() usage to prevent code injection attacks.
     #
@@ -120,6 +155,10 @@ class Otto
         env['otto.security_config'] = otto.security_config
       end
 
+      # NEW: Make route definition and options available to middleware and handlers
+      env['otto.route_definition'] = @route_definition
+      env['otto.route_options'] = @route_definition.options
+
       # Process parameters through security layer
       req.params.merge! extra_params
       req.params.replace Otto::Static.indifferent_params(req.params)
@@ -142,53 +181,80 @@ class Otto
       # Add validation helpers
       res.extend Otto::Security::ValidationHelpers
 
-      case kind
-      when :instance
-        inst = klass.new req, res
-        inst.send(name)
-      when :class
-        klass.send(name, req, res)
+      # NEW: Use the pluggable route handler factory (Phase 4)
+      # This replaces the hardcoded execution pattern with a factory approach
+      if otto&.route_handler_factory
+        handler = otto.route_handler_factory.create_handler(@route_definition, otto)
+        return handler.call(env, extra_params)
       else
-        raise "Unsupported kind for #{@definition}: #{kind}"
+        # Fallback to legacy behavior for backward compatibility
+        inst = nil
+        result = case kind
+                 when :instance
+                   inst = klass.new req, res
+                   inst.send(name)
+                 when :class
+                   klass.send(name, req, res)
+                 else
+                   raise "Unsupported kind for #{definition}: #{kind}"
+                 end
+
+        # Handle response based on route options
+        response_type = @route_definition.response_type
+        if response_type != 'default'
+          context = {
+            logic_instance: (kind == :instance ? inst : nil),
+            status_code: nil,
+            redirect_path: nil
+          }
+
+          Otto::ResponseHandlers::HandlerFactory.handle_response(result, res, response_type, context)
+        end
+
+        res.body = [res.body] unless res.body.respond_to?(:each)
+        res.finish
       end
-      res.body = [res.body] unless res.body.respond_to?(:each)
-      res.finish
     end
 
     private
 
-    # Brazenly borrowed from Sinatra::Base:
-    # https://github.com/sinatra/sinatra/blob/v1.2.6/lib/sinatra/base.rb#L1156
     def compile(path)
       keys = []
-      if path.respond_to? :to_str
-        special_chars = %w[. + ( ) $]
-        pattern       =
-          path.to_str.gsub(/((:\w+)|[\*#{special_chars.join}])/) do |match|
-            case match
-            when '*'
-              keys << 'splat'
-              '(.*?)'
-            when *special_chars
-              Regexp.escape(match)
-            else
-              keys << ::Regexp.last_match(2)[1..-1]
-              '([^/?#]+)'
-            end
-          end
-        # Wrap the regex in parens so the regex works properly.
-        # They can fail when there's an | for example (matching only the last one).
-        # Note: this means we also need to remove the first matched value.
-        [/\A(#{pattern})\z/, keys]
-      elsif path.respond_to?(:keys) && path.respond_to?(:match)
-        [path, path.keys]
-      elsif path.respond_to?(:names) && path.respond_to?(:match)
-        [path, path.names]
-      elsif path.respond_to? :match
-        [path, keys]
+
+      # Handle string paths first (most common case)
+      if path.respond_to?(:to_str)
+        compile_string_path(path, keys)
       else
-        raise TypeError, path
+        case path
+        in { keys: route_keys, match: _ }
+          [path, route_keys]
+        in { names: route_names, match: _ }
+          [path, route_names]
+        in { match: _ }
+          [path, keys]
+        else
+          raise TypeError, path
+        end
       end
     end
+
+    def compile_string_path(path, keys)
+      raise TypeError, path unless path.respond_to?(:to_str)
+
+      pattern = path.to_str.gsub(/((:\w+)|[.*+()$])/) do |match|
+        case match
+        when '*'
+          keys << 'splat'
+          '(.*?)'
+        when '.', '+', '(', ')', '$'
+          Regexp.escape(match)
+        else
+          keys << match[1..-1] # Remove the colon
+          '([^/?#]+)'
+        end
+      end
+
+      [/\A(#{pattern})\z/, keys]
+    end
   end
 end

data/lib/otto/route_definition.rb

@@ -0,0 +1,187 @@
+# lib/otto/route_definition.rb
+
+class Otto
+  # Immutable data class representing a complete route definition
+  # This encapsulates all aspects of a route: path, target, and options
+  class RouteDefinition
+    # @return [String] The HTTP verb (GET, POST, etc.)
+    attr_reader :verb
+
+    # @return [String] The URL path pattern
+    attr_reader :path
+
+    # @return [String] The original definition string
+    attr_reader :definition
+
+    # @return [String] The target class and method (e.g., "TestApp.index")
+    attr_reader :target
+
+    # @return [String] The class name portion
+    attr_reader :klass_name
+
+    # @return [String] The method name portion
+    attr_reader :method_name
+
+    # @return [Symbol] The invocation kind (:class, :instance, or :logic)
+    attr_reader :kind
+
+    # @return [Hash] The route options (auth, response, csrf, etc.)
+    attr_reader :options
+
+    # @return [Regexp] The compiled path pattern for matching
+    attr_reader :pattern
+
+    # @return [Array<String>] The parameter keys extracted from the path
+    attr_reader :keys
+
+    def initialize(verb, path, definition, pattern: nil, keys: nil)
+      @verb = verb.to_s.upcase.to_sym
+      @path = path
+      @definition = definition
+      @pattern = pattern
+      @keys = keys || []
+
+      # Parse the definition into target and options
+      parsed = parse_definition(definition)
+      @target = parsed[:target]
+      @options = parsed[:options].freeze
+
+      # Parse the target into class, method, and kind
+      target_parsed = parse_target(@target)
+      @klass_name = target_parsed[:klass_name]
+      @method_name = target_parsed[:method_name]
+      @kind = target_parsed[:kind]
+
+      # Freeze for immutability
+      freeze
+    end
+
+    # Check if route has specific option
+    # @param key [Symbol, String] Option key to check
+    # @return [Boolean]
+    def has_option?(key)
+      @options.key?(key.to_sym)
+    end
+
+    # Get option value with optional default
+    # @param key [Symbol, String] Option key
+    # @param default [Object] Default value if option not present
+    # @return [Object]
+    def option(key, default = nil)
+      @options.fetch(key.to_sym, default)
+    end
+
+    # Get authentication requirement
+    # @return [String, nil] The auth requirement or nil
+    def auth_requirement
+      option(:auth)
+    end
+
+    # Get response type
+    # @return [String] The response type (defaults to 'default')
+    def response_type
+      option(:response, 'default')
+    end
+
+    # Check if CSRF is exempt for this route
+    # @return [Boolean]
+    def csrf_exempt?
+      option(:csrf) == 'exempt'
+    end
+
+    # Check if this is a Logic class route (no . or # in target)
+    # @return [Boolean]
+    def logic_route?
+      kind == :logic
+    end
+
+    # Create a new RouteDefinition with modified options
+    # @param new_options [Hash] Options to merge/override
+    # @return [RouteDefinition] New immutable instance
+    def with_options(new_options)
+      merged_options = @options.merge(new_options)
+      new_definition = [@target, *merged_options.map { |k, v| "#{k}=#{v}" }].join(' ')
+
+      self.class.new(@verb, @path, new_definition, pattern: @pattern, keys: @keys)
+    end
+
+    # Convert to hash representation
+    # @return [Hash]
+    def to_h
+      {
+        verb: @verb,
+        path: @path,
+        definition: @definition,
+        target: @target,
+        klass_name: @klass_name,
+        method_name: @method_name,
+        kind: @kind,
+        options: @options,
+        pattern: @pattern,
+        keys: @keys
+      }
+    end
+
+    # String representation for debugging
+    # @return [String]
+    def to_s
+      "#{@verb} #{@path} #{@definition}"
+    end
+
+    # Detailed inspection
+    # @return [String]
+    def inspect
+      "#<Otto::RouteDefinition #{to_s} options=#{@options.inspect}>"
+    end
+
+    private
+
+    # Parse route definition into target and options
+    # @param definition [String] The route definition
+    # @return [Hash] Hash with :target and :options keys
+    def parse_definition(definition)
+      parts = definition.split(/\s+/)
+      target = parts.shift
+      options = {}
+
+      parts.each do |part|
+        key, value = part.split('=', 2)
+        if key && value
+          options[key.to_sym] = value
+        else
+          # Malformed parameter, log warning if debug enabled
+          Otto.logger.warn "Ignoring malformed route parameter: #{part}" if Otto.debug
+        end
+      end
+
+      { target: target, options: options }
+    end
+
+    # Parse target into class name, method name, and kind
+    # @param target [String] The target definition (e.g., "TestApp.index")
+    # @return [Hash] Hash with :klass_name, :method_name, and :kind
+    def parse_target(target)
+      if target.include?('.')
+        klass_name, method_name = target.split('.', 2)
+        { klass_name: klass_name, method_name: method_name, kind: :class }
+      elsif target.include?('#')
+        klass_name, method_name = target.split('#', 2)
+        { klass_name: klass_name, method_name: method_name, kind: :instance }
+      elsif target.match?(/\A[A-Z][a-zA-Z0-9_]*(?:::[A-Z][a-zA-Z0-9_]*)*\z/)
+        # Namespaced class with implicit method name (class method with same name as class)
+        # E.g., "V2::Logic::Admin::Panel" -> Panel.Panel (class method)
+        # For single word classes like "Logic", it's truly a logic class
+        method_name = target.split('::').last
+        if target.include?('::')
+          # Namespaced class - treat as class method with implicit method name
+          { klass_name: target, method_name: method_name, kind: :class }
+        else
+          # Single word class - treat as logic class
+          { klass_name: target, method_name: method_name, kind: :logic }
+        end
+      else
+        raise ArgumentError, "Invalid target format: #{target}"
+      end
+    end
+  end
+end