otto 1.5.0 → 2.0.0.pre1

data/lib/otto/response_handlers/base.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class Otto
+  module ResponseHandlers
+    # Base response handler class
+    class BaseHandler
+      def self.handle(result, response, context = {})
+        raise NotImplementedError, 'Subclasses must implement handle method'
+      end
+
+      def self.ensure_status_set(response, default_status = 200)
+        response.status = default_status unless response.status && response.status != 0
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/default.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+class Otto
+  module ResponseHandlers
+    # Default handler that preserves existing Otto behavior
+    class DefaultHandler < BaseHandler
+      def self.handle(_result, response, _context = {})
+        # Otto's default behavior - let the route handler manage the response
+        # This handler does nothing, preserving existing behavior
+        ensure_status_set(response, 200)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/factory.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative 'json'
+require_relative 'redirect'
+require_relative 'view'
+require_relative 'auto'
+require_relative 'default'
+
+class Otto
+  module ResponseHandlers
+    # Factory for creating response handlers
+    class HandlerFactory
+      # Map of response type names to handler classes
+      HANDLER_MAP = {
+        'json' => JSONHandler,
+        'redirect' => RedirectHandler,
+        'view' => ViewHandler,
+        'auto' => AutoHandler,
+        'default' => DefaultHandler,
+      }.freeze
+
+      def self.create_handler(response_type)
+        handler_class = HANDLER_MAP[response_type.to_s.downcase]
+
+        unless handler_class
+          Otto.logger.warn "Unknown response type: #{response_type}, falling back to default" if Otto.debug
+          handler_class = DefaultHandler
+        end
+
+        handler_class
+      end
+
+      def self.handle_response(result, response, response_type, context = {})
+        handler = create_handler(response_type)
+        handler.handle(result, response, context)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/json.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+class Otto
+  module ResponseHandlers
+    # Handler for JSON responses
+    class JSONHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        response['Content-Type'] = 'application/json'
+
+        # Determine the data to serialize
+        data = if context[:logic_instance]&.respond_to?(:response_data)
+                 context[:logic_instance].response_data
+               elsif result.is_a?(Hash)
+                 result
+               elsif result.nil?
+                 { success: true }
+               else
+                 { success: true, data: result }
+               end
+
+        response.body = [JSON.generate(data)]
+        ensure_status_set(response, context[:status_code] || 200)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/redirect.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+class Otto
+  module ResponseHandlers
+    # Handler for redirect responses
+    class RedirectHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        # Determine redirect path
+        path = if context[:redirect_path]
+                 context[:redirect_path]
+               elsif context[:logic_instance]&.respond_to?(:redirect_path)
+                 context[:logic_instance].redirect_path
+               elsif result.is_a?(String)
+                 result
+               else
+                 '/'
+               end
+
+        response.redirect(path)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/view.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+class Otto
+  module ResponseHandlers
+    # Handler for view/template responses
+    class ViewHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        if context[:logic_instance]&.respond_to?(:view)
+          response.body = [context[:logic_instance].view.render]
+          response['Content-Type'] = 'text/html' unless response['Content-Type']
+        elsif result.respond_to?(:to_s)
+          response.body = [result.to_s]
+          response['Content-Type'] = 'text/html' unless response['Content-Type']
+        else
+          response.body = ['']
+        end
+
+        ensure_status_set(response, context[:status_code] || 200)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers.rb

@@ -1,141 +1,15 @@
+# frozen_string_literal: true
+
 # lib/otto/response_handlers.rb
 
 class Otto
   module ResponseHandlers
-    # Base response handler class
-    class BaseHandler
-      def self.handle(result, response, context = {})
-        raise NotImplementedError, "Subclasses must implement handle method"
-      end
-
-      protected
-
-      def self.ensure_status_set(response, default_status = 200)
-        response.status = default_status unless response.status && response.status != 0
-      end
-    end
-
-    # Handler for JSON responses
-    class JSONHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        response['Content-Type'] = 'application/json'
-
-        # Determine the data to serialize
-        data = if context[:logic_instance]&.respond_to?(:response_data)
-                 context[:logic_instance].response_data
-               elsif result.is_a?(Hash)
-                 result
-               elsif result.nil?
-                 { success: true }
-               else
-                 { success: true, data: result }
-               end
-
-        response.body = [JSON.generate(data)]
-        ensure_status_set(response, context[:status_code] || 200)
-      end
-    end
-
-    # Handler for redirect responses
-    class RedirectHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        # Determine redirect path
-        path = if context[:redirect_path]
-                 context[:redirect_path]
-               elsif context[:logic_instance]&.respond_to?(:redirect_path)
-                 context[:logic_instance].redirect_path
-               elsif result.is_a?(String)
-                 result
-               else
-                 '/'
-               end
-
-        response.redirect(path)
-      end
-    end
-
-    # Handler for view/template responses
-    class ViewHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        if context[:logic_instance]&.respond_to?(:view)
-          response.body = [context[:logic_instance].view.render]
-          response['Content-Type'] = 'text/html' unless response['Content-Type']
-        elsif result.respond_to?(:to_s)
-          response.body = [result.to_s]
-          response['Content-Type'] = 'text/html' unless response['Content-Type']
-        else
-          response.body = ['']
-        end
-
-        ensure_status_set(response, context[:status_code] || 200)
-      end
-    end
-
-    # Default handler that preserves existing Otto behavior
-    class DefaultHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        # Otto's default behavior - let the route handler manage the response
-        # This handler does nothing, preserving existing behavior
-        ensure_status_set(response, 200)
-      end
-    end
-
-    # Auto-detection handler that chooses appropriate handler based on context
-    class AutoHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        # Auto-detect based on result type and request context
-        handler_class = detect_handler_type(result, response, context)
-        handler_class.handle(result, response, context)
-      end
-
-      private
-
-      def self.detect_handler_type(result, response, context)
-        # Check if response type was already set by the handler
-        content_type = response['Content-Type']
-
-        if content_type&.include?('application/json')
-          JSONHandler
-        elsif (context[:logic_instance]&.respond_to?(:redirect_path) && context[:logic_instance]&.redirect_path) ||
-              (result.is_a?(String) && result.match?(%r{^/}))
-          # Logic instance has redirect path or result is a string path
-          RedirectHandler
-        elsif result.is_a?(Hash)
-          JSONHandler
-        elsif context[:logic_instance]&.respond_to?(:view)
-          ViewHandler
-        else
-          DefaultHandler
-        end
-      end
-    end
-
-    # Factory for creating response handlers
-    class HandlerFactory
-      # Map of response type names to handler classes
-      HANDLER_MAP = {
-        'json' => JSONHandler,
-        'redirect' => RedirectHandler,
-        'view' => ViewHandler,
-        'auto' => AutoHandler,
-        'default' => DefaultHandler
-      }.freeze
-
-      def self.create_handler(response_type)
-        handler_class = HANDLER_MAP[response_type.to_s.downcase]
-
-        unless handler_class
-          Otto.logger.warn "Unknown response type: #{response_type}, falling back to default" if Otto.debug
-          handler_class = DefaultHandler
-        end
-
-        handler_class
-      end
-
-      def self.handle_response(result, response, response_type, context = {})
-        handler = create_handler(response_type)
-        handler.handle(result, response, context)
-      end
-    end
+    require_relative 'response_handlers/base'
+    require_relative 'response_handlers/json'
+    require_relative 'response_handlers/redirect'
+    require_relative 'response_handlers/view'
+    require_relative 'response_handlers/default'
+    require_relative 'response_handlers/auto'
+    require_relative 'response_handlers/factory'
   end
 end

data/lib/otto/route.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # lib/otto/route.rb
 
 class Otto
@@ -20,6 +22,7 @@ class Otto
   #
   #
   class Route
+    # Class methods for Route providing Otto instance access
     module ClassMethods
       attr_accessor :otto
     end
@@ -86,7 +89,6 @@ class Otto
 
     private
 
-
     # Safely resolve a class name using Object.const_get with security validations
     # This replaces the previous eval() usage to prevent code injection attacks.
     #
@@ -120,8 +122,8 @@ class Otto
 
       begin
         Object.const_get(class_name)
-      rescue NameError => ex
-        raise ArgumentError, "Class not found: #{class_name} - #{ex.message}"
+      rescue NameError => e
+        raise ArgumentError, "Class not found: #{class_name} - #{e.message}"
       end
     end
 
@@ -148,12 +150,10 @@ class Otto
       res            = Rack::Response.new
       req.extend Otto::RequestHelpers
       res.extend Otto::ResponseHelpers
-      res.request    = req
+      res.request = req
 
       # Make security config available to response helpers
-      if otto.respond_to?(:security_config) && otto.security_config
-        env['otto.security_config'] = otto.security_config
-      end
+      env['otto.security_config'] = otto.security_config if otto.respond_to?(:security_config) && otto.security_config
 
       # NEW: Make route definition and options available to middleware and handlers
       env['otto.route_definition'] = @route_definition
@@ -185,7 +185,7 @@ class Otto
       # This replaces the hardcoded execution pattern with a factory approach
       if otto&.route_handler_factory
         handler = otto.route_handler_factory.create_handler(@route_definition, otto)
-        return handler.call(env, extra_params)
+        handler.call(env, extra_params)
       else
         # Fallback to legacy behavior for backward compatibility
         inst = nil
@@ -205,7 +205,7 @@ class Otto
           context = {
             logic_instance: (kind == :instance ? inst : nil),
             status_code: nil,
-            redirect_path: nil
+            redirect_path: nil,
           }
 
           Otto::ResponseHandlers::HandlerFactory.handle_response(result, res, response_type, context)

data/lib/otto/route_definition.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # lib/otto/route_definition.rb
 
 class Otto
@@ -35,22 +37,22 @@ class Otto
     attr_reader :keys
 
     def initialize(verb, path, definition, pattern: nil, keys: nil)
-      @verb = verb.to_s.upcase.to_sym
-      @path = path
+      @verb       = verb.to_s.upcase.to_sym
+      @path       = path
       @definition = definition
-      @pattern = pattern
-      @keys = keys || []
+      @pattern    = pattern
+      @keys       = keys || []
 
       # Parse the definition into target and options
-      parsed = parse_definition(definition)
-      @target = parsed[:target]
+      parsed   = parse_definition(definition)
+      @target  = parsed[:target]
       @options = parsed[:options].freeze
 
       # Parse the target into class, method, and kind
       target_parsed = parse_target(@target)
-      @klass_name = target_parsed[:klass_name]
-      @method_name = target_parsed[:method_name]
-      @kind = target_parsed[:kind]
+      @klass_name   = target_parsed[:klass_name]
+      @method_name  = target_parsed[:method_name]
+      @kind         = target_parsed[:kind]
 
       # Freeze for immutability
       freeze
@@ -118,7 +120,7 @@ class Otto
         kind: @kind,
         options: @options,
         pattern: @pattern,
-        keys: @keys
+        keys: @keys,
       }
     end
 
@@ -131,7 +133,7 @@ class Otto
     # Detailed inspection
     # @return [String]
     def inspect
-      "#<Otto::RouteDefinition #{to_s} options=#{@options.inspect}>"
+      "#<Otto::RouteDefinition #{self} options=#{@options.inspect}>"
     end
 
     private
@@ -140,17 +142,17 @@ class Otto
     # @param definition [String] The route definition
     # @return [Hash] Hash with :target and :options keys
     def parse_definition(definition)
-      parts = definition.split(/\s+/)
-      target = parts.shift
+      parts   = definition.split(/\s+/)
+      target  = parts.shift
       options = {}
 
       parts.each do |part|
         key, value = part.split('=', 2)
         if key && value
           options[key.to_sym] = value
-        else
+        elsif Otto.debug
           # Malformed parameter, log warning if debug enabled
-          Otto.logger.warn "Ignoring malformed route parameter: #{part}" if Otto.debug
+          Otto.logger.warn "Ignoring malformed route parameter: #{part}"
         end
       end
 
@@ -161,24 +163,19 @@ class Otto
     # @param target [String] The target definition (e.g., "TestApp.index")
     # @return [Hash] Hash with :klass_name, :method_name, and :kind
     def parse_target(target)
-      if target.include?('.')
-        klass_name, method_name = target.split('.', 2)
-        { klass_name: klass_name, method_name: method_name, kind: :class }
-      elsif target.include?('#')
-        klass_name, method_name = target.split('#', 2)
-        { klass_name: klass_name, method_name: method_name, kind: :instance }
-      elsif target.match?(/\A[A-Z][a-zA-Z0-9_]*(?:::[A-Z][a-zA-Z0-9_]*)*\z/)
-        # Namespaced class with implicit method name (class method with same name as class)
-        # E.g., "V2::Logic::Admin::Panel" -> Panel.Panel (class method)
-        # For single word classes like "Logic", it's truly a logic class
-        method_name = target.split('::').last
-        if target.include?('::')
-          # Namespaced class - treat as class method with implicit method name
-          { klass_name: target, method_name: method_name, kind: :class }
-        else
-          # Single word class - treat as logic class
-          { klass_name: target, method_name: method_name, kind: :logic }
-        end
+      case target
+      when /^(.+)\.(.+)$/
+        # Class.method - call class method directly
+        { klass_name: $1, method_name: $2, kind: :class }
+
+      when /^(.+)#(.+)$/
+        # Class#method - instantiate then call instance method
+        { klass_name: $1, method_name: $2, kind: :instance }
+
+      when /^[A-Z][A-Za-z0-9_]*(?:::[A-Z][A-Za-z0-9_]*)*$/
+        # Bare class name - instantiate the class
+        { klass_name: target, method_name: target.split('::').last, kind: :logic }
+
       else
         raise ArgumentError, "Invalid target format: #{target}"
       end

data/lib/otto/route_handlers/base.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+# lib/otto/route_handlers/base.rb
+require 'json'
+
+class Otto
+  module RouteHandlers
+    # Base class for all route handlers
+    # Provides common functionality and interface
+    class BaseHandler
+      attr_reader :route_definition, :otto_instance
+
+      def initialize(route_definition, otto_instance = nil)
+        @route_definition = route_definition
+        @otto_instance    = otto_instance
+      end
+
+      # Execute the route handler
+      # @param env [Hash] Rack environment
+      # @param extra_params [Hash] Additional parameters
+      # @return [Array] Rack response array
+      def call(env, extra_params = {})
+        raise NotImplementedError, 'Subclasses must implement #call'
+      end
+
+      protected
+
+      # Get the target class, loading it safely
+      # @return [Class] The target class
+      def target_class
+        @target_class ||= safe_const_get(route_definition.klass_name)
+      end
+
+      # Setup request and response with the same extensions and processing as Route#call
+      # @param req [Rack::Request] Request object
+      # @param res [Rack::Response] Response object
+      # @param env [Hash] Rack environment
+      # @param extra_params [Hash] Additional parameters
+      def setup_request_response(req, res, env, extra_params)
+        # Apply the same extensions as original Route#call
+        req.extend Otto::RequestHelpers
+        res.extend Otto::ResponseHelpers
+        res.request = req
+
+        # Make security config available to response helpers
+        if otto_instance.respond_to?(:security_config) && otto_instance.security_config
+          env['otto.security_config'] = otto_instance.security_config
+        end
+
+        # Make route definition and options available to middleware and handlers
+        env['otto.route_definition'] = route_definition
+        env['otto.route_options']    = route_definition.options
+
+        # Process parameters through security layer
+        req.params.merge! extra_params
+        req.params.replace Otto::Static.indifferent_params(req.params)
+
+        # Add security headers
+        if otto_instance.respond_to?(:security_config) && otto_instance.security_config
+          otto_instance.security_config.security_headers.each do |header, value|
+            res.headers[header] = value
+          end
+        end
+
+        # Setup class extensions if target_class is available
+        if target_class
+          target_class.extend Otto::Route::ClassMethods
+          target_class.otto = otto_instance if otto_instance
+        end
+
+        # Add security helpers if CSRF is enabled
+        if otto_instance.respond_to?(:security_config) && otto_instance.security_config&.csrf_enabled?
+          res.extend Otto::Security::CSRFHelpers
+        end
+
+        # Add validation helpers
+        res.extend Otto::Security::ValidationHelpers
+      end
+
+      # Finalize response with the same processing as Route#call
+      # @param res [Rack::Response] Response object
+      # @return [Array] Rack response array
+      def finalize_response(res)
+        res.body = [res.body] unless res.body.respond_to?(:each)
+        res.finish
+      end
+
+      # Handle response using appropriate response handler
+      # @param result [Object] Result from route execution
+      # @param response [Rack::Response] Response object
+      # @param context [Hash] Additional context for response handling
+      def handle_response(result, response, context = {})
+        response_type = route_definition.response_type
+
+        # Get the appropriate response handler
+        handler_class = case response_type
+                        in 'json' then Otto::ResponseHandlers::JSONHandler
+                        in 'redirect' then Otto::ResponseHandlers::RedirectHandler
+                        in 'view' then Otto::ResponseHandlers::ViewHandler
+                        in 'auto' then Otto::ResponseHandlers::AutoHandler
+                        else Otto::ResponseHandlers::DefaultHandler
+                        end
+
+        handler_class.handle(result, response, context)
+      end
+
+      private
+
+      # Safely get a constant from a string name
+      # @param name [String] Class name
+      # @return [Class] The class
+      def safe_const_get(name)
+        name.split('::').inject(Object) do |scope, const_name|
+          scope.const_get(const_name)
+        end
+      rescue NameError => e
+        raise NameError, "Unknown class: #{name} (#{e})"
+      end
+    end
+  end
+end