RubyGems - otto - Versions diffs - 1.6.0 → 2.0.0.pre1 - Mend

otto 1.6.0 → 2.0.0.pre1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (136) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +1 -1
data/.github/workflows/claude-code-review.yml +53 -0
data/.github/workflows/claude.yml +49 -0
data/.gitignore +3 -0
data/.rubocop.yml +24 -345
data/CHANGELOG.rst +83 -0
data/CLAUDE.md +56 -0
data/Gemfile +10 -3
data/Gemfile.lock +23 -28
data/README.md +2 -0
data/bin/rspec +4 -4
data/changelog.d/20250911_235619_delano_next.rst +28 -0
data/changelog.d/20250912_123055_delano_remove_ostruct.rst +21 -0
data/changelog.d/20250912_175625_claude_delano_remove_ostruct.rst +21 -0
data/changelog.d/README.md +120 -0
data/changelog.d/scriv.ini +5 -0
data/docs/.gitignore +1 -0
data/docs/migrating/v2.0.0-pre1.md +276 -0
data/examples/.gitignore +1 -0
data/examples/advanced_routes/README.md +33 -0
data/examples/advanced_routes/app/controllers/handlers/async.rb +9 -0
data/examples/advanced_routes/app/controllers/handlers/dynamic.rb +9 -0
data/examples/advanced_routes/app/controllers/handlers/static.rb +9 -0
data/examples/advanced_routes/app/controllers/modules/auth.rb +9 -0
data/examples/advanced_routes/app/controllers/modules/transformer.rb +9 -0
data/examples/advanced_routes/app/controllers/modules/validator.rb +9 -0
data/examples/advanced_routes/app/controllers/routes_app.rb +232 -0
data/examples/advanced_routes/app/controllers/v2/admin.rb +9 -0
data/examples/advanced_routes/app/controllers/v2/config.rb +9 -0
data/examples/advanced_routes/app/controllers/v2/settings.rb +9 -0
data/examples/advanced_routes/app/logic/admin/logic/manager.rb +27 -0
data/examples/advanced_routes/app/logic/admin/panel.rb +27 -0
data/examples/advanced_routes/app/logic/analytics_processor.rb +25 -0
data/examples/advanced_routes/app/logic/complex/business/handler.rb +27 -0
data/examples/advanced_routes/app/logic/data_logic.rb +23 -0
data/examples/advanced_routes/app/logic/data_processor.rb +25 -0
data/examples/advanced_routes/app/logic/input_validator.rb +24 -0
data/examples/advanced_routes/app/logic/nested/feature/logic.rb +27 -0
data/examples/advanced_routes/app/logic/reports_generator.rb +27 -0
data/examples/advanced_routes/app/logic/simple_logic.rb +25 -0
data/examples/advanced_routes/app/logic/system/config/manager.rb +27 -0
data/examples/advanced_routes/app/logic/test_logic.rb +23 -0
data/examples/advanced_routes/app/logic/transform_logic.rb +23 -0
data/examples/advanced_routes/app/logic/upload_logic.rb +23 -0
data/examples/advanced_routes/app/logic/v2/logic/dashboard.rb +27 -0
data/examples/advanced_routes/app/logic/v2/logic/processor.rb +27 -0
data/examples/advanced_routes/app.rb +33 -0
data/examples/advanced_routes/config.rb +23 -0
data/examples/advanced_routes/config.ru +7 -0
data/examples/advanced_routes/puma.rb +20 -0
data/examples/advanced_routes/routes +167 -0
data/examples/advanced_routes/run.rb +39 -0
data/examples/advanced_routes/test.rb +58 -0
data/examples/authentication_strategies/README.md +32 -0
data/examples/authentication_strategies/app/auth.rb +68 -0
data/examples/authentication_strategies/app/controllers/auth_controller.rb +29 -0
data/examples/authentication_strategies/app/controllers/main_controller.rb +28 -0
data/examples/authentication_strategies/config.ru +24 -0
data/examples/authentication_strategies/routes +37 -0
data/examples/basic/README.md +29 -0
data/examples/basic/app.rb +7 -35
data/examples/basic/routes +0 -9
data/examples/mcp_demo/README.md +87 -0
data/examples/mcp_demo/app.rb +29 -34
data/examples/mcp_demo/config.ru +9 -60
data/examples/security_features/README.md +46 -0
data/examples/security_features/app.rb +23 -24
data/examples/security_features/config.ru +8 -10
data/lib/otto/core/configuration.rb +167 -0
data/lib/otto/core/error_handler.rb +86 -0
data/lib/otto/core/file_safety.rb +61 -0
data/lib/otto/core/middleware_stack.rb +157 -0
data/lib/otto/core/router.rb +183 -0
data/lib/otto/core/uri_generator.rb +44 -0
data/lib/otto/design_system.rb +7 -5
data/lib/otto/helpers/base.rb +3 -0
data/lib/otto/helpers/request.rb +10 -8
data/lib/otto/helpers/response.rb +5 -4
data/lib/otto/helpers/validation.rb +9 -7
data/lib/otto/mcp/auth/token.rb +10 -9
data/lib/otto/mcp/protocol.rb +24 -27
data/lib/otto/mcp/rate_limiting.rb +8 -3
data/lib/otto/mcp/registry.rb +7 -2
data/lib/otto/mcp/route_parser.rb +10 -15
data/lib/otto/mcp/server.rb +21 -11
data/lib/otto/mcp/validation.rb +14 -10
data/lib/otto/response_handlers/auto.rb +39 -0
data/lib/otto/response_handlers/base.rb +16 -0
data/lib/otto/response_handlers/default.rb +16 -0
data/lib/otto/response_handlers/factory.rb +39 -0
data/lib/otto/response_handlers/json.rb +28 -0
data/lib/otto/response_handlers/redirect.rb +25 -0
data/lib/otto/response_handlers/view.rb +24 -0
data/lib/otto/response_handlers.rb +9 -135
data/lib/otto/route.rb +9 -9
data/lib/otto/route_definition.rb +15 -18
data/lib/otto/route_handlers/base.rb +121 -0
data/lib/otto/route_handlers/class_method.rb +89 -0
data/lib/otto/route_handlers/factory.rb +29 -0
data/lib/otto/route_handlers/instance_method.rb +69 -0
data/lib/otto/route_handlers/lambda.rb +59 -0
data/lib/otto/route_handlers/logic_class.rb +93 -0
data/lib/otto/route_handlers.rb +10 -405
data/lib/otto/security/authentication/auth_strategy.rb +44 -0
data/lib/otto/security/authentication/authentication_middleware.rb +123 -0
data/lib/otto/security/authentication/failure_result.rb +36 -0
data/lib/otto/security/authentication/strategies/api_key_strategy.rb +40 -0
data/lib/otto/security/authentication/strategies/permission_strategy.rb +47 -0
data/lib/otto/security/authentication/strategies/public_strategy.rb +19 -0
data/lib/otto/security/authentication/strategies/role_strategy.rb +57 -0
data/lib/otto/security/authentication/strategies/session_strategy.rb +41 -0
data/lib/otto/security/authentication/strategy_result.rb +223 -0
data/lib/otto/security/authentication.rb +28 -282
data/lib/otto/security/config.rb +14 -12
data/lib/otto/security/configurator.rb +219 -0
data/lib/otto/security/csrf.rb +8 -143
data/lib/otto/security/middleware/csrf_middleware.rb +151 -0
data/lib/otto/security/middleware/rate_limit_middleware.rb +38 -0
data/lib/otto/security/middleware/validation_middleware.rb +252 -0
data/lib/otto/security/rate_limiter.rb +86 -0
data/lib/otto/security/rate_limiting.rb +10 -105
data/lib/otto/security/validator.rb +8 -253
data/lib/otto/static.rb +3 -0
data/lib/otto/utils.rb +14 -0
data/lib/otto/version.rb +3 -1
data/lib/otto.rb +142 -498
data/otto.gemspec +2 -2
metadata +89 -28
data/examples/dynamic_pages/app.rb +0 -115
data/examples/dynamic_pages/config.ru +0 -30
data/examples/dynamic_pages/routes +0 -21
data/examples/helpers_demo/app.rb +0 -244
data/examples/helpers_demo/config.ru +0 -26
data/examples/helpers_demo/routes +0 -7
data/lib/concurrent_cache_store.rb +0 -68

data/lib/otto/security/authentication/strategies/permission_strategy.rb ADDED Viewed

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+require_relative '../auth_strategy'
+class Otto
+  module Security
+    module Authentication
+      module Strategies
+        # Permission-based authentication strategy
+        class PermissionStrategy < AuthStrategy
+          def initialize(required_permissions, session_key: 'user_permissions')
+            @required_permissions = Array(required_permissions)
+            @session_key = session_key
+          end
+          def authenticate(env, requirement)
+            session = env['rack.session']
+            return failure('No session available') unless session
+            user_permissions = session[@session_key] || []
+            user_permissions = Array(user_permissions)
+            # Create user data from session
+            user_data = { user_permissions: user_permissions, session: session }
+            # Extract permission from requirement (e.g., "permission:write" -> "write")
+            required_permission = requirement.split(':', 2).last
+            if user_permissions.include?(required_permission)
+              success(user: user_data, user_permissions: user_permissions, required_permission: required_permission)
+            else
+              failure("Insufficient privileges - requires permission: #{required_permission}")
+            end
+          end
+          def user_context(env)
+            session = env['rack.session']
+            return {} unless session
+            user_permissions = session[@session_key] || []
+            { user_permissions: Array(user_permissions) }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/otto/security/authentication/strategies/public_strategy.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+require_relative '../auth_strategy'
+require_relative '../strategy_result'
+class Otto
+  module Security
+    module Authentication
+      module Strategies
+        # Public access strategy - always allows access
+        class PublicStrategy < AuthStrategy
+          def authenticate(env, _requirement)
+            Otto::Security::Authentication::StrategyResult.anonymous(metadata: { ip: env['REMOTE_ADDR'] })
+          end
+        end
+      end
+    end
+  end
+end

data/lib/otto/security/authentication/strategies/role_strategy.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+require_relative '../auth_strategy'
+class Otto
+  module Security
+    module Authentication
+      module Strategies
+        # Role-based authentication strategy
+        class RoleStrategy < AuthStrategy
+          def initialize(allowed_roles, session_key: 'user_roles')
+            @allowed_roles = Array(allowed_roles)
+            @session_key = session_key
+          end
+          def authenticate(env, requirement)
+            session = env['rack.session']
+            return failure('No session available') unless session
+            user_roles = session[@session_key] || []
+            user_roles = Array(user_roles)
+            # Create user data from session
+            user_data = { user_roles: user_roles, session: session }
+            # For requirements like "role:admin", extract the role part
+            if requirement.include?(':')
+              required_role = requirement.split(':', 2).last
+              if user_roles.include?(required_role)
+                success(user: user_data, user_roles: user_roles, required_role: required_role)
+              else
+                failure("Insufficient privileges - requires role: #{required_role}")
+              end
+            else
+              # For direct strategy matches, check if user has any of the allowed roles
+              matching_roles = user_roles & @allowed_roles
+              if matching_roles.any?
+                success(user: user_data, user_roles: user_roles, allowed_roles: @allowed_roles,
+                        matching_roles: matching_roles)
+              else
+                failure("Insufficient privileges - requires one of roles: #{@allowed_roles.join(', ')}")
+              end
+            end
+          end
+          def user_context(env)
+            session = env['rack.session']
+            return {} unless session
+            user_roles = session[@session_key] || []
+            { user_roles: Array(user_roles) }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/otto/security/authentication/strategies/session_strategy.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+require_relative '../auth_strategy'
+class Otto
+  module Security
+    module Authentication
+      module Strategies
+        # Session-based authentication strategy
+        class SessionStrategy < AuthStrategy
+          def initialize(session_key: 'user_id', session_store: nil)
+            @session_key = session_key
+            @session_store = session_store
+          end
+          def authenticate(env, _requirement)
+            session = env['rack.session']
+            return failure('No session available') unless session
+            user_id = session[@session_key]
+            return failure('Not authenticated') unless user_id
+            # Create a simple user hash for the generic strategy
+            user_data = { id: user_id, user_id: user_id }
+            success(session: session, user: user_data, auth_method: 'session')
+          end
+          def user_context(env)
+            session = env['rack.session']
+            return {} unless session
+            user_id = session[@session_key]
+            return {} unless user_id
+            { user_id: user_id }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/otto/security/authentication/strategy_result.rb ADDED Viewed

@@ -0,0 +1,223 @@
+# frozen_string_literal: true
+# lib/otto/security/authentication/strategy_result.rb
+# StrategyResult is an immutable data structure that holds the result of an
+# authentication strategy. It contains session, user, and metadata needed by
+# Otto Logic classes.
+#
+# @example Basic usage
+#   result = StrategyResult.new(
+#     session: { id: 'abc123', user_id: 1 },
+#     user: user_model_instance,  # Actual user model, not a hash
+#     auth_method: 'token',
+#     metadata: { ip: '127.0.0.1' }
+#   )
+#
+#   result.authenticated?  #=> true
+#   result.has_role?('admin')  #=> true
+#   result.user.name  #=> 'John' (assuming user model has name method)
+#
+class Otto
+  module Security
+    module Authentication
+      StrategyResult = Data.define(:session, :user, :auth_method, :metadata) do
+        # Create an anonymous (unauthenticated) result
+        # @return [StrategyResult] Anonymous result with empty session and nil user
+        def self.anonymous(metadata: {})
+          new(
+            session: {},
+            user: nil,  # Changed from {} to nil - clearer semantics
+            auth_method: 'anonymous',
+            metadata: metadata
+          )
+        end
+        # Check if the request is authenticated (has a user)
+        # @return [Boolean] True if user is present, false otherwise
+        def authenticated?
+          !user.nil?
+        end
+        # Check if the request is anonymous (no user)
+        # @return [Boolean] True if not authenticated
+        def anonymous?
+          user.nil?
+        end
+        # Success/failure methods for compatibility
+        def success?
+          true  # If we have a StrategyResult, authentication succeeded
+        end
+        def failure?
+          false  # Failures return nil, not a StrategyResult
+        end
+        # Check if the user has a specific role
+        # @param role [String, Symbol] Role to check
+        # @return [Boolean] True if user has the role
+        def has_role?(role)
+          return false unless authenticated?
+          # Try user model methods first, fall back to hash access for backward compatibility
+          if user.respond_to?(:role)
+            user.role.to_s == role.to_s
+          elsif user.respond_to?(:has_role?)
+            user.has_role?(role)
+          elsif user.is_a?(Hash)
+            user_role = user[:role] || user['role']
+            user_role.to_s == role.to_s
+          else
+            false
+          end
+        end
+        # Check if the user has a specific permission
+        # @param permission [String, Symbol] Permission to check
+        # @return [Boolean] True if user has the permission
+        def has_permission?(permission)
+          return false unless authenticated?
+          # Try user model methods first, fall back to hash access for backward compatibility
+          if user.respond_to?(:has_permission?)
+            user.has_permission?(permission)
+          elsif user.respond_to?(:permissions)
+            permissions = user.permissions || []
+            permissions = [permissions] unless permissions.is_a?(Array)
+            permissions.map(&:to_s).include?(permission.to_s)
+          elsif user.is_a?(Hash)
+            permissions = user[:permissions] || user['permissions'] || []
+            permissions = [permissions] unless permissions.is_a?(Array)
+            permissions.map(&:to_s).include?(permission.to_s)
+          else
+            false
+          end
+        end
+        # Check if the user has any of the specified roles
+        # @param roles [Array<String, Symbol>] Roles to check
+        # @return [Boolean] True if user has any of the roles
+        def has_any_role?(*roles)
+          roles.flatten.any? { |role| has_role?(role) }
+        end
+        # Check if the user has any of the specified permissions
+        # @param permissions [Array<String, Symbol>] Permissions to check
+        # @return [Boolean] True if user has any of the permissions
+        def has_any_permission?(*permissions)
+          permissions.flatten.any? { |permission| has_permission?(permission) }
+        end
+        # Get user ID from various possible locations
+        # @return [String, Integer, nil] User ID or nil
+        def user_id
+          return nil unless authenticated?
+          # Try user model methods first, fall back to hash access and session
+          if user.respond_to?(:id)
+            user.id
+          elsif user.respond_to?(:user_id)
+            user.user_id
+          elsif user.is_a?(Hash)
+            user[:id] || user['id'] || user[:user_id] || user['user_id']
+          end || session[:user_id] || session['user_id']
+        end
+        # Get user name from various possible locations
+        # @return [String, nil] User name or nil
+        def user_name
+          return nil unless authenticated?
+          # Try user model methods first, fall back to hash access
+          if user.respond_to?(:name)
+            user.name
+          elsif user.respond_to?(:username)
+            user.username
+          elsif user.is_a?(Hash)
+            user[:name] || user['name'] || user[:username] || user['username']
+          end
+        end
+        # Get session ID from various possible locations
+        # @return [String, nil] Session ID or nil
+        def session_id
+          session[:id] || session['id'] || session[:session_id] || session['session_id']
+        end
+        # Get all user roles as an array
+        # @return [Array<String>] Array of roles (empty if none)
+        def roles
+          return [] unless authenticated?
+          roles_data = user[:roles] || user['roles']
+          if roles_data.is_a?(Array)
+            roles_data.map(&:to_s)
+          elsif roles_data
+            [roles_data.to_s]
+          else
+            role = user[:role] || user['role']
+            role ? [role.to_s] : []
+          end
+        end
+        # Get all user permissions as an array
+        # @return [Array<String>] Array of permissions (empty if none)
+        def permissions
+          return [] unless authenticated?
+          perms = user[:permissions] || user['permissions'] || []
+          perms = [perms] unless perms.is_a?(Array)
+          perms.map(&:to_s)
+        end
+        # Create a string representation for debugging
+        # @return [String] Debug representation
+        def inspect
+          if authenticated?
+            "#<StrategyResult authenticated user=#{user_name || user_id} roles=#{roles} method=#{auth_method}>"
+          else
+            "#<StrategyResult anonymous method=#{auth_method}>"
+          end
+        end
+        # Get user context - a hash containing user-specific information and metadata
+        # @return [Hash] User context hash
+        def user_context
+          if authenticated?
+            case auth_method
+            when 'session'
+              { user_id: user_id, session: session }
+            else
+              metadata
+            end
+          else
+            case auth_method
+            when 'anonymous'
+              {}
+            else
+              metadata
+            end
+          end
+        end
+        # Create a hash representation
+        # @return [Hash] Hash representation of the context
+        def to_h
+          {
+            session: session,
+            user: user,
+            auth_method: auth_method,
+            metadata: metadata,
+            authenticated: authenticated?,
+            user_id: user_id,
+            user_name: user_name,
+            roles: roles,
+            permissions: permissions
+          }
+        end
+      end
+    end
+  end
+end