otto 1.5.0 → 2.0.0.pre1

data/examples/security_features/app.rb

@@ -1,7 +1,8 @@
-# examples/security_features/app.rb (Updated with Design System)
+# examples/security_features/app.rb
 
 require_relative '../../lib/otto/design_system'
 
+# Example application demonstrating Otto's security features including CSRF protection
 class SecureApp
   include Otto::DesignSystem
   include Otto::Security::CSRFHelpers
@@ -106,18 +107,18 @@ class SecureApp
       end
 
       content = if safe_message.empty?
-        otto_alert('error', 'Validation Error', 'Message cannot be empty.')
-      else
-        <<~HTML
-          #{otto_alert('success', 'Feedback Received', 'Thank you for your feedback!')}
-
-          #{otto_card('Your Message') do
-            otto_code_block(safe_message, 'text')
-          end}
-        HTML
+                  otto_alert('error', 'Validation Error', 'Message cannot be empty.')
+                else
+                  <<~HTML
+                    #{otto_alert('success', 'Feedback Received', 'Thank you for your feedback!')}
+
+                    #{otto_card('Your Message') do
+                      otto_code_block(safe_message, 'text')
+                    end}
+                  HTML
                 end
-    rescue Otto::Security::ValidationError => ex
-      content = otto_alert('error', 'Security Validation Failed', ex.message)
+    rescue Otto::Security::ValidationError => e
+      content = otto_alert('error', 'Security Validation Failed', e.message)
     rescue StandardError
       content = otto_alert('error', 'Processing Error', 'An error occurred processing your request.')
     end
@@ -135,18 +136,18 @@ class SecureApp
       else
         begin
           filename = begin
-                     uploaded_file[:filename]
+            uploaded_file[:filename]
           rescue StandardError
-                     uploaded_file.original_filename
+            uploaded_file.original_filename
           end
         rescue StandardError
           'unknown'
         end
 
         safe_filename = if respond_to?(:sanitize_filename)
-          sanitize_filename(filename)
-        else
-          File.basename(filename.to_s).gsub(/[^\w\-_\.]/, '_')
+                          sanitize_filename(filename)
+                        else
+                          File.basename(filename.to_s).gsub(/[^\w\-_.]/, '_')
                         end
 
         file_info = {
@@ -173,8 +174,8 @@ class SecureApp
           </div>
         HTML
       end
-    rescue Otto::Security::ValidationError => ex
-      content = otto_alert('error', 'File Validation Failed', ex.message)
+    rescue Otto::Security::ValidationError => e
+      content = otto_alert('error', 'File Validation Failed', e.message)
     rescue StandardError
       content = otto_alert('error', 'Upload Error', 'An error occurred during file upload.')
     end
@@ -199,9 +200,7 @@ class SecureApp
         safe_bio   = bio.to_s.strip[0..499]
       end
 
-      unless safe_email.match?(/\A[^@\s]+@[^@\s]+\z/)
-        raise Otto::Security::ValidationError, 'Invalid email format'
-      end
+      raise Otto::Security::ValidationError, 'Invalid email format' unless safe_email.match?(/\A[^@\s]+@[^@\s]+\z/)
 
       profile_data = {
         'Name' => safe_name,
@@ -221,8 +220,8 @@ class SecureApp
           profile_html
         end}
       HTML
-    rescue Otto::Security::ValidationError => ex
-      content = otto_alert('error', 'Profile Validation Failed', ex.message)
+    rescue Otto::Security::ValidationError => e
+      content = otto_alert('error', 'Profile Validation Failed', e.message)
     rescue StandardError
       content = otto_alert('error', 'Update Error', 'An error occurred updating your profile.')
     end

data/examples/security_features/config.ru

@@ -14,8 +14,8 @@ require_relative 'app'
 
 # Create Otto app with security features enabled
 app = Otto.new('./routes', {
-  # Enable CSRF protection for POST, PUT, DELETE requests
-  csrf_protection: true,
+                 # Enable CSRF protection for POST, PUT, DELETE requests
+                 csrf_protection: true,
 
   # Enable input validation and sanitization
   request_validation: true,
@@ -44,13 +44,12 @@ app = Otto.new('./routes', {
     'strict-transport-security' => 'max-age=31536000; includeSubDomains',
     'x-frame-options' => 'DENY',
   },
-}
-)
+               })
 
 # Optional: Configure additional security settings
-app.security_config.max_request_size = 5 * 1024 * 1024  # 5MB limit
-app.security_config.max_param_depth  = 10                # Limit parameter nesting
-app.security_config.max_param_keys   = 50                 # Limit parameters per request
+app.security_config.max_request_size = 5 * 1024 * 1024 # 5MB limit
+app.security_config.max_param_depth  = 10 # Limit parameter nesting
+app.security_config.max_param_keys   = 50 # Limit parameters per request
 
 # Optional: Add static file serving with security
 app.option[:public] = public_path
@@ -62,10 +61,9 @@ if ENV['RACK_ENV'] == 'production'
 
   # More restrictive CSP for production
   app.set_security_headers({
-    'content-security-policy' => "default-src 'self'; style-src 'self'; script-src 'self'; object-src 'none'",
+                             'content-security-policy' => "default-src 'self'; style-src 'self'; script-src 'self'; object-src 'none'",
     'strict-transport-security' => 'max-age=63072000; includeSubDomains; preload',
-  },
-                          )
+                           })
 else
   # Development-specific settings
   puts '🔒 Security features enabled:'

data/lib/otto/core/configuration.rb

@@ -0,0 +1,167 @@
+# frozen_string_literal: true
+
+# lib/otto/core/configuration.rb
+
+require_relative '../security/csrf'
+require_relative '../security/validator'
+require_relative '../security/authentication'
+require_relative '../security/rate_limiting'
+require_relative '../mcp/server'
+
+class Otto
+  module Core
+    # Configuration module providing locale and application configuration methods
+    module Configuration
+      def configure_locale(opts)
+        # Start with global configuration
+        global_config = self.class.global_config
+        @locale_config = nil
+
+        # Check if we have any locale configuration from any source
+        has_global_locale = global_config && (global_config[:available_locales] || global_config[:default_locale])
+        has_direct_options = opts[:available_locales] || opts[:default_locale]
+        has_legacy_config = opts[:locale_config]
+
+        # Only create locale_config if we have configuration from somewhere
+        return unless has_global_locale || has_direct_options || has_legacy_config
+
+        @locale_config = {}
+
+        # Apply global configuration first
+        if global_config && global_config[:available_locales]
+          @locale_config[:available_locales] =
+            global_config[:available_locales]
+        end
+        if global_config && global_config[:default_locale]
+          @locale_config[:default_locale] =
+            global_config[:default_locale]
+        end
+
+        # Apply direct instance options (these override global config)
+        @locale_config[:available_locales] = opts[:available_locales] if opts[:available_locales]
+        @locale_config[:default_locale] = opts[:default_locale] if opts[:default_locale]
+
+        # Legacy support: Configure locale if provided in initialization options via locale_config hash
+        return unless opts[:locale_config]
+
+        locale_opts = opts[:locale_config]
+        if locale_opts[:available_locales] || locale_opts[:available]
+          @locale_config[:available_locales] =
+            locale_opts[:available_locales] || locale_opts[:available]
+        end
+        return unless locale_opts[:default_locale] || locale_opts[:default]
+
+        @locale_config[:default_locale] =
+          locale_opts[:default_locale] || locale_opts[:default]
+      end
+
+      def configure_security(opts)
+        # Enable CSRF protection if requested
+        enable_csrf_protection! if opts[:csrf_protection]
+
+        # Enable request validation if requested
+        enable_request_validation! if opts[:request_validation]
+
+        # Enable rate limiting if requested
+        if opts[:rate_limiting]
+          rate_limiting_opts = opts[:rate_limiting].is_a?(Hash) ? opts[:rate_limiting] : {}
+          enable_rate_limiting!(rate_limiting_opts)
+        end
+
+        # Add trusted proxies if provided
+        Array(opts[:trusted_proxies]).each { |proxy| add_trusted_proxy(proxy) } if opts[:trusted_proxies]
+
+        # Set custom security headers
+        return unless opts[:security_headers]
+
+        set_security_headers(opts[:security_headers])
+      end
+
+      def configure_authentication(opts)
+        # Update existing @auth_config rather than creating a new one
+        # to maintain synchronization with the configurator
+        @auth_config[:auth_strategies] = opts[:auth_strategies] if opts[:auth_strategies]
+        @auth_config[:default_auth_strategy] = opts[:default_auth_strategy] if opts[:default_auth_strategy]
+
+        # Enable authentication middleware if strategies are configured
+        return unless opts[:auth_strategies] && !opts[:auth_strategies].empty?
+
+        enable_authentication!
+      end
+
+      def configure_mcp(opts)
+        @mcp_server = nil
+
+        # Enable MCP if requested in options
+        return unless opts[:mcp_enabled] || opts[:mcp_http] || opts[:mcp_stdio]
+
+        @mcp_server = Otto::MCP::Server.new(self)
+
+        mcp_options = {}
+        mcp_options[:http_endpoint] = opts[:mcp_endpoint] if opts[:mcp_endpoint]
+
+        return unless opts[:mcp_http] != false # Default to true unless explicitly disabled
+
+        @mcp_server.enable!(mcp_options)
+      end
+
+      # Configure locale settings for the application
+      #
+      # @param available_locales [Hash] Hash of available locales (e.g., { 'en' => 'English', 'es' => 'Spanish' })
+      # @param default_locale [String] Default locale to use as fallback
+      # @example
+      #   otto.configure(
+      #     available_locales: { 'en' => 'English', 'es' => 'Spanish', 'fr' => 'French' },
+      #     default_locale: 'en'
+      #   )
+      def configure(available_locales: nil, default_locale: nil)
+        @locale_config ||= {}
+        @locale_config[:available_locales] = available_locales if available_locales
+        @locale_config[:default_locale] = default_locale if default_locale
+      end
+
+      # Configure rate limiting settings.
+      #
+      # @param config [Hash] Rate limiting configuration
+      # @option config [Integer] :requests_per_minute Maximum requests per minute per IP
+      # @option config [Hash] :custom_rules Hash of custom rate limiting rules
+      # @option config [Object] :cache_store Custom cache store for rate limiting
+      # @example
+      #   otto.configure_rate_limiting({
+      #     requests_per_minute: 50,
+      #     custom_rules: {
+      #       'api_calls' => { limit: 30, period: 60, condition: ->(req) { req.path.start_with?('/api') }}
+      #     }
+      #   })
+      def configure_rate_limiting(config)
+        @security_config.rate_limiting_config.merge!(config)
+      end
+
+      # Configure authentication strategies for route-level access control.
+      #
+      # @param strategies [Hash] Hash mapping strategy names to strategy instances
+      # @param default_strategy [String] Default strategy to use when none specified
+      # @example
+      #   otto.configure_auth_strategies({
+      #     'publicly' => Otto::Security::Authentication::Strategies::PublicStrategy.new,
+      #     'authenticated' => Otto::Security::Authentication::Strategies::SessionStrategy.new(session_key: 'user_id'),
+      #     'role:admin' => Otto::Security::Authentication::Strategies::RoleStrategy.new(['admin']),
+      #     'api_key' => Otto::Security::Authentication::Strategies::APIKeyStrategy.new(api_keys: ['secret123'])
+      #   })
+      def configure_auth_strategies(strategies, default_strategy: 'publicly')
+        # Update existing @auth_config rather than creating a new one
+        @auth_config[:auth_strategies] = strategies
+        @auth_config[:default_auth_strategy] = default_strategy
+
+        enable_authentication! unless strategies.empty?
+      end
+
+      private
+
+      def middleware_enabled?(middleware_class)
+        # Only check the new middleware stack as the single source of truth
+        @middleware && @middleware.includes?(middleware_class)
+      end
+    end
+  end
+end

data/lib/otto/core/error_handler.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+# lib/otto/core/error_handler.rb
+
+require 'securerandom'
+require 'json'
+require 'rack/request'
+
+class Otto
+  module Core
+    # Error handling module providing secure error reporting and logging functionality
+    module ErrorHandler
+      def handle_error(error, env)
+        # Log error details internally but don't expose them
+        error_id = SecureRandom.hex(8)
+        Otto.logger.error "[#{error_id}] #{error.class}: #{error.message}"
+        Otto.logger.debug "[#{error_id}] Backtrace: #{error.backtrace.join("\n")}" if Otto.debug
+
+        # Parse request for content negotiation
+        begin
+          Rack::Request.new(env)
+        rescue StandardError
+          nil
+        end
+        literal_routes = @routes_literal[:GET] || {}
+
+        # Try custom 500 route first
+        if found_route = literal_routes['/500']
+          begin
+            env['otto.error_id'] = error_id
+            return found_route.call(env)
+          rescue StandardError => e
+            Otto.logger.error "[#{error_id}] Error in custom error handler: #{e.message}"
+          end
+        end
+
+        # Content negotiation for built-in error response
+        accept_header = env['HTTP_ACCEPT'].to_s
+        return json_error_response(error_id) if accept_header.include?('application/json')
+
+        # Fallback to built-in error response
+        @server_error || secure_error_response(error_id)
+      end
+
+      private
+
+      def secure_error_response(error_id)
+        body = if Otto.env?(:dev, :development)
+                 "Server error (ID: #{error_id}). Check logs for details."
+               else
+                 'An error occurred. Please try again later.'
+               end
+
+        headers = {
+          'content-type' => 'text/plain',
+          'content-length' => body.bytesize.to_s,
+        }.merge(@security_config.security_headers)
+
+        [500, headers, [body]]
+      end
+
+      def json_error_response(error_id)
+        error_data = if Otto.env?(:dev, :development)
+                       {
+                         error: 'Internal Server Error',
+                         message: 'Server error occurred. Check logs for details.',
+                         error_id: error_id,
+                       }
+                     else
+                       {
+                         error: 'Internal Server Error',
+                         message: 'An error occurred. Please try again later.',
+                       }
+                     end
+
+        body    = JSON.generate(error_data)
+        headers = {
+          'content-type' => 'application/json',
+          'content-length' => body.bytesize.to_s,
+        }.merge(@security_config.security_headers)
+
+        [500, headers, [body]]
+      end
+    end
+  end
+end

data/lib/otto/core/file_safety.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+# lib/otto/core/file_safety.rb
+
+class Otto
+  module Core
+    # File safety module providing secure file access validation and path traversal protection
+    module FileSafety
+      def safe_file?(path)
+        return false if option[:public].nil? || option[:public].empty?
+        return false if path.nil? || path.empty?
+
+        # Normalize and resolve the public directory path
+        public_dir = File.expand_path(option[:public])
+        return false unless File.directory?(public_dir)
+
+        # Clean the requested path - remove null bytes and normalize
+        clean_path = path.delete("\0").strip
+        return false if clean_path.empty?
+
+        # Join and expand to get the full resolved path
+        requested_path = File.expand_path(File.join(public_dir, clean_path))
+
+        # Ensure the resolved path is within the public directory (prevents path traversal)
+        return false unless requested_path.start_with?(public_dir + File::SEPARATOR)
+
+        # Check file exists, is readable, and is not a directory
+        File.exist?(requested_path) &&
+          File.readable?(requested_path) &&
+          !File.directory?(requested_path) &&
+          (File.owned?(requested_path) || File.grpowned?(requested_path))
+      end
+
+      def safe_dir?(path)
+        return false if path.nil? || path.empty?
+
+        # Clean and expand the path
+        clean_path = path.delete("\0").strip
+        return false if clean_path.empty?
+
+        expanded_path = File.expand_path(clean_path)
+
+        # Check directory exists, is readable, and has proper ownership
+        File.directory?(expanded_path) &&
+          File.readable?(expanded_path) &&
+          (File.owned?(expanded_path) || File.grpowned?(expanded_path))
+      end
+
+      def add_static_path(path)
+        return unless safe_file?(path)
+
+        base_path                      = File.split(path).first
+        # Files in the root directory can refer to themselves
+        base_path                      = path if base_path == '/'
+        File.join(option[:public], base_path)
+        Otto.logger.debug "new static route: #{base_path} (#{path})" if Otto.debug
+        routes_static[:GET][base_path] = base_path
+      end
+    end
+  end
+end

data/lib/otto/core/middleware_stack.rb

@@ -0,0 +1,157 @@
+# frozen_string_literal: true
+
+# lib/otto/core/middleware_stack.rb
+
+class Otto
+  module Core
+    # Enhanced middleware stack management for Otto framework.
+    # Provides better middleware registration, introspection capabilities,
+    # and improved execution chain management.
+    class MiddlewareStack
+      include Enumerable
+
+      def initialize
+        @stack = []
+        @middleware_set = Set.new
+      end
+
+      # Enhanced middleware registration with argument uniqueness and immutability check
+      def add(middleware_class, *args, **options)
+        # Prevent modifications to frozen configurations
+        raise FrozenError, 'Cannot modify frozen middleware stack' if frozen?
+
+        # Check if an identical middleware configuration already exists
+        existing_entry = @stack.find do |entry|
+          entry[:middleware] == middleware_class &&
+            entry[:args] == args &&
+            entry[:options] == options
+        end
+
+        # Only add if no identical middleware configuration exists
+        return if existing_entry
+
+        entry = { middleware: middleware_class, args: args, options: options }
+        @stack << entry
+        @middleware_set.add(middleware_class)
+        # Invalidate memoized middleware list
+        @memoized_middleware_list = nil
+      end
+      alias use add
+      alias << add
+
+      # Remove middleware
+      def remove(middleware_class)
+        # Prevent modifications to frozen configurations
+        raise FrozenError, 'Cannot modify frozen middleware stack' if frozen?
+
+        matches = @stack.reject! { |entry| entry[:middleware] == middleware_class }
+
+        # Update middleware set if any matching entries were found
+        return unless matches
+
+        # Rebuild the set of unique middleware classes
+        @middleware_set = Set.new(@stack.map { |entry| entry[:middleware] })
+        # Invalidate memoized middleware list
+        @memoized_middleware_list = nil
+      end
+
+      # Check if middleware is registered - now O(1) using Set
+      def includes?(middleware_class)
+        @middleware_set.include?(middleware_class)
+      end
+
+      # Clear all middleware
+      def clear!
+        # Prevent modifications to frozen configurations
+        raise FrozenError, 'Cannot modify frozen middleware stack' if frozen?
+
+        @stack.clear
+        @middleware_set.clear
+        # Invalidate memoized middleware list
+        @memoized_middleware_list = nil
+      end
+
+      # Enumerable support
+      def each(&)
+        @stack.each(&)
+      end
+
+      # Build Rack application with middleware chain
+      def build_app(base_app, security_config = nil)
+        @stack.reduce(base_app) do |app, entry|
+          middleware = entry[:middleware]
+          args = entry[:args]
+          options = entry[:options]
+
+          if middleware.respond_to?(:new)
+            # Inject security_config for security middleware, placing it before custom args
+            if security_config && middleware_needs_config?(middleware)
+              middleware.new(app, security_config, *args, **options)
+            else
+              middleware.new(app, *args, **options)
+            end
+          else
+            # Proc-based middleware
+            middleware.call(app)
+          end
+        end
+      end
+
+      # Cached middleware list to reduce array creation
+      def middleware_list
+        # Memoize the result to avoid repeated array creation
+        @memoized_middleware_list ||= @stack.map { |entry| entry[:middleware] }
+      end
+
+      # Detailed introspection
+      def middleware_details
+        @stack.map do |entry|
+          {
+            middleware: entry[:middleware],
+            args: entry[:args],
+            options: entry[:options],
+          }
+        end
+      end
+
+      # Statistics
+      def size
+        @stack.size
+      end
+
+      def empty?
+        @stack.empty?
+      end
+
+      # Count occurrences of a specific middleware class
+      def count(middleware_class)
+        @stack.count { |entry| entry[:middleware] == middleware_class }
+      end
+
+      # NOTE: The includes? method is defined earlier for O(1) lookup using a Set
+
+      # Legacy compatibility methods for existing Otto interface
+      def reverse_each(&)
+        @stack.reverse_each(&)
+      end
+
+      private
+
+      def middleware_needs_config?(middleware_class)
+        # Include all Otto security middleware that can accept security_config
+        # Support both new namespaced classes and backward compatibility aliases
+        [
+          Otto::Security::Middleware::CSRFMiddleware,
+          Otto::Security::Middleware::ValidationMiddleware,
+          Otto::Security::Middleware::RateLimitMiddleware,
+          Otto::Security::Authentication::AuthenticationMiddleware,
+          # Backward compatibility aliases
+          Otto::Security::CSRFMiddleware,
+          Otto::Security::ValidationMiddleware,
+          Otto::Security::RateLimitMiddleware,
+          Otto::Security::AuthenticationMiddleware,
+        ].include?(middleware_class)
+      end
+    end
+  end
+end