otto 1.6.0 → 2.0.0.pre2

data/lib/otto/core/error_handler.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+# lib/otto/core/error_handler.rb
+
+require 'securerandom'
+require 'json'
+require 'rack/request'
+
+class Otto
+  module Core
+    # Error handling module providing secure error reporting and logging functionality
+    module ErrorHandler
+      def handle_error(error, env)
+        # Log error details internally but don't expose them
+        error_id = SecureRandom.hex(8)
+        Otto.logger.error "[#{error_id}] #{error.class}: #{error.message}"
+        Otto.logger.debug "[#{error_id}] Backtrace: #{error.backtrace.join("\n")}" if Otto.debug
+
+        # Parse request for content negotiation
+        begin
+          Rack::Request.new(env)
+        rescue StandardError
+          nil
+        end
+        literal_routes = @routes_literal[:GET] || {}
+
+        # Try custom 500 route first
+        if found_route = literal_routes['/500']
+          begin
+            env['otto.error_id'] = error_id
+            return found_route.call(env)
+          rescue StandardError => e
+            Otto.logger.error "[#{error_id}] Error in custom error handler: #{e.message}"
+          end
+        end
+
+        # Content negotiation for built-in error response
+        accept_header = env['HTTP_ACCEPT'].to_s
+        return json_error_response(error_id) if accept_header.include?('application/json')
+
+        # Fallback to built-in error response
+        @server_error || secure_error_response(error_id)
+      end
+
+      private
+
+      def secure_error_response(error_id)
+        body = if Otto.env?(:dev, :development)
+                 "Server error (ID: #{error_id}). Check logs for details."
+               else
+                 'An error occurred. Please try again later.'
+               end
+
+        headers = {
+          'content-type' => 'text/plain',
+          'content-length' => body.bytesize.to_s,
+        }.merge(@security_config.security_headers)
+
+        [500, headers, [body]]
+      end
+
+      def json_error_response(error_id)
+        error_data = if Otto.env?(:dev, :development)
+                       {
+                         error: 'Internal Server Error',
+                         message: 'Server error occurred. Check logs for details.',
+                         error_id: error_id,
+                       }
+                     else
+                       {
+                         error: 'Internal Server Error',
+                         message: 'An error occurred. Please try again later.',
+                       }
+                     end
+
+        body    = JSON.generate(error_data)
+        headers = {
+          'content-type' => 'application/json',
+          'content-length' => body.bytesize.to_s,
+        }.merge(@security_config.security_headers)
+
+        [500, headers, [body]]
+      end
+    end
+  end
+end

data/lib/otto/core/file_safety.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+# lib/otto/core/file_safety.rb
+
+class Otto
+  module Core
+    # File safety module providing secure file access validation and path traversal protection
+    module FileSafety
+      def safe_file?(path)
+        return false if option[:public].nil? || option[:public].empty?
+        return false if path.nil? || path.empty?
+
+        # Normalize and resolve the public directory path
+        public_dir = File.expand_path(option[:public])
+        return false unless File.directory?(public_dir)
+
+        # Clean the requested path - remove null bytes and normalize
+        clean_path = path.delete("\0").strip
+        return false if clean_path.empty?
+
+        # Join and expand to get the full resolved path
+        requested_path = File.expand_path(File.join(public_dir, clean_path))
+
+        # Ensure the resolved path is within the public directory (prevents path traversal)
+        return false unless requested_path.start_with?(public_dir + File::SEPARATOR)
+
+        # Check file exists, is readable, and is not a directory
+        File.exist?(requested_path) &&
+          File.readable?(requested_path) &&
+          !File.directory?(requested_path) &&
+          (File.owned?(requested_path) || File.grpowned?(requested_path))
+      end
+
+      def safe_dir?(path)
+        return false if path.nil? || path.empty?
+
+        # Clean and expand the path
+        clean_path = path.delete("\0").strip
+        return false if clean_path.empty?
+
+        expanded_path = File.expand_path(clean_path)
+
+        # Check directory exists, is readable, and has proper ownership
+        File.directory?(expanded_path) &&
+          File.readable?(expanded_path) &&
+          (File.owned?(expanded_path) || File.grpowned?(expanded_path))
+      end
+
+      def add_static_path(path)
+        return unless safe_file?(path)
+
+        base_path                      = File.split(path).first
+        # Files in the root directory can refer to themselves
+        base_path                      = path if base_path == '/'
+        File.join(option[:public], base_path)
+        Otto.logger.debug "new static route: #{base_path} (#{path})" if Otto.debug
+        routes_static[:GET][base_path] = base_path
+      end
+    end
+  end
+end

data/lib/otto/core/middleware_stack.rb

@@ -0,0 +1,237 @@
+# frozen_string_literal: true
+
+# lib/otto/core/middleware_stack.rb
+
+class Otto
+  module Core
+    # Enhanced middleware stack management for Otto framework.
+    # Provides better middleware registration, introspection capabilities,
+    # and improved execution chain management.
+    class MiddlewareStack
+      include Enumerable
+
+      def initialize
+        @stack = []
+        @middleware_set = Set.new
+      end
+
+      # Enhanced middleware registration with argument uniqueness and immutability check
+      def add(middleware_class, *args, **options)
+        # Prevent modifications to frozen configurations
+        raise FrozenError, 'Cannot modify frozen middleware stack' if frozen?
+
+        # Check if an identical middleware configuration already exists
+        existing_entry = @stack.find do |entry|
+          entry[:middleware] == middleware_class &&
+            entry[:args] == args &&
+            entry[:options] == options
+        end
+
+        # Only add if no identical middleware configuration exists
+        return if existing_entry
+
+        entry = { middleware: middleware_class, args: args, options: options }
+        @stack << entry
+        @middleware_set.add(middleware_class)
+        # Invalidate memoized middleware list
+        @memoized_middleware_list = nil
+      end
+
+      # Add middleware with position hint for optimal ordering
+      #
+      # @param middleware_class [Class] Middleware class
+      # @param args [Array] Middleware arguments
+      # @param position [Symbol, nil] Position hint (:first, :last, or nil for append)
+      # @option options [Symbol] :position Position hint (:first or :last)
+      def add_with_position(middleware_class, *args, position: nil, **options)
+        raise FrozenError, 'Cannot modify frozen middleware stack' if frozen?
+
+        # Check for identical configuration
+        existing_entry = @stack.find do |entry|
+          entry[:middleware] == middleware_class &&
+            entry[:args] == args &&
+            entry[:options] == options
+        end
+
+        return if existing_entry
+
+        entry = { middleware: middleware_class, args: args, options: options }
+
+        case position
+        when :first
+          @stack.unshift(entry)
+        when :last
+          @stack << entry
+        else
+          @stack << entry  # Default append
+        end
+
+        @middleware_set.add(middleware_class)
+        @memoized_middleware_list = nil
+      end
+
+      # Validate MCP middleware ordering
+      #
+      # MCP middleware must be in security-optimal order:
+      # 1. RateLimitMiddleware (reject excessive requests early)
+      # 2. Auth middleware (validate credentials before parsing)
+      # 3. SchemaValidationMiddleware (expensive JSON schema validation last)
+      #
+      # @return [Array<String>] Warning messages if order is suboptimal
+      def validate_mcp_middleware_order
+        warnings = []
+
+        # PERFORMANCE NOTE: This implementation intentionally uses select + find_index
+        # rather than a single-pass approach. The filtered mcp_middlewares array is
+        # typically 0-3 items, making the performance difference unmeasurable.
+        # The current approach prioritizes readability over micro-optimization.
+        # Single-pass alternatives were considered but rejected as premature optimization.
+        mcp_middlewares = @stack.select do |entry|
+          [
+            Otto::MCP::RateLimitMiddleware,
+            Otto::MCP::Auth::TokenMiddleware,
+            Otto::MCP::SchemaValidationMiddleware,
+          ].include?(entry[:middleware])
+        end
+
+        return warnings if mcp_middlewares.size < 2
+
+        # Find positions
+        rate_limit_pos = mcp_middlewares.find_index { |e| e[:middleware] == Otto::MCP::RateLimitMiddleware }
+        auth_pos = mcp_middlewares.find_index { |e| e[:middleware] == Otto::MCP::Auth::TokenMiddleware }
+        validation_pos = mcp_middlewares.find_index { |e| e[:middleware] == Otto::MCP::SchemaValidationMiddleware }
+
+        # Check optimal order: rate_limit < auth < validation
+        if rate_limit_pos && auth_pos && rate_limit_pos > auth_pos
+          warnings << '[MCP Middleware] RateLimitMiddleware should come before TokenMiddleware for optimal performance'
+        end
+
+        if auth_pos && validation_pos && auth_pos > validation_pos
+          warnings << '[MCP Middleware] TokenMiddleware should come before SchemaValidationMiddleware for optimal performance'
+        end
+
+        if rate_limit_pos && validation_pos && rate_limit_pos > validation_pos
+          warnings << '[MCP Middleware] RateLimitMiddleware should come before SchemaValidationMiddleware for optimal performance'
+        end
+
+        warnings
+      end
+      alias use add
+      alias << add
+
+      # Remove middleware
+      def remove(middleware_class)
+        # Prevent modifications to frozen configurations
+        raise FrozenError, 'Cannot modify frozen middleware stack' if frozen?
+
+        matches = @stack.reject! { |entry| entry[:middleware] == middleware_class }
+
+        # Update middleware set if any matching entries were found
+        return unless matches
+
+        # Rebuild the set of unique middleware classes
+        @middleware_set = Set.new(@stack.map { |entry| entry[:middleware] })
+        # Invalidate memoized middleware list
+        @memoized_middleware_list = nil
+      end
+
+      # Check if middleware is registered - now O(1) using Set
+      def includes?(middleware_class)
+        @middleware_set.include?(middleware_class)
+      end
+
+      # Clear all middleware
+      def clear!
+        # Prevent modifications to frozen configurations
+        raise FrozenError, 'Cannot modify frozen middleware stack' if frozen?
+
+        @stack.clear
+        @middleware_set.clear
+        # Invalidate memoized middleware list
+        @memoized_middleware_list = nil
+      end
+
+      # Enumerable support
+      def each(&)
+        @stack.each(&)
+      end
+
+      # Build Rack application with middleware chain
+      def build_app(base_app, security_config = nil)
+        @stack.reduce(base_app) do |app, entry|
+          middleware = entry[:middleware]
+          args = entry[:args]
+          options = entry[:options]
+
+          if middleware.respond_to?(:new)
+            # Inject security_config for security middleware, placing it before custom args
+            if security_config && middleware_needs_config?(middleware)
+              middleware.new(app, security_config, *args, **options)
+            else
+              middleware.new(app, *args, **options)
+            end
+          else
+            # Proc-based middleware
+            middleware.call(app)
+          end
+        end
+      end
+
+      # Cached middleware list to reduce array creation
+      def middleware_list
+        # Memoize the result to avoid repeated array creation
+        @memoized_middleware_list ||= @stack.map { |entry| entry[:middleware] }
+      end
+
+      # Detailed introspection
+      def middleware_details
+        @stack.map do |entry|
+          {
+            middleware: entry[:middleware],
+            args: entry[:args],
+            options: entry[:options],
+          }
+        end
+      end
+
+      # Statistics
+      def size
+        @stack.size
+      end
+
+      def empty?
+        @stack.empty?
+      end
+
+      # Count occurrences of a specific middleware class
+      def count(middleware_class)
+        @stack.count { |entry| entry[:middleware] == middleware_class }
+      end
+
+      # NOTE: The includes? method is defined earlier for O(1) lookup using a Set
+
+      # Legacy compatibility methods for existing Otto interface
+      def reverse_each(&)
+        @stack.reverse_each(&)
+      end
+
+      private
+
+      def middleware_needs_config?(middleware_class)
+        # Include all Otto security middleware that can accept security_config
+        # Support both new namespaced classes and backward compatibility aliases
+        [
+          Otto::Security::Middleware::CSRFMiddleware,
+          Otto::Security::Middleware::ValidationMiddleware,
+          Otto::Security::Middleware::RateLimitMiddleware,
+          Otto::Security::Authentication::AuthenticationMiddleware,
+          # Backward compatibility aliases
+          Otto::Security::CSRFMiddleware,
+          Otto::Security::ValidationMiddleware,
+          Otto::Security::RateLimitMiddleware,
+          Otto::Security::AuthenticationMiddleware,
+        ].include?(middleware_class)
+      end
+    end
+  end
+end

data/lib/otto/core/router.rb

@@ -0,0 +1,184 @@
+# frozen_string_literal: true
+
+# lib/otto/core/router.rb
+
+require_relative '../mcp/route_parser'
+
+class Otto
+  module Core
+    # Router module providing route loading and request dispatching functionality
+    module Router
+      def load(path)
+        path = File.expand_path(path)
+        raise ArgumentError, "Bad path: #{path}" unless File.exist?(path)
+
+        raw = File.readlines(path).grep(/^\w/).collect(&:strip)
+        raw.each do |entry|
+          # Enhanced parsing: split only on first two whitespace boundaries
+          # This preserves parameters in the definition part
+          parts = entry.split(/\s+/, 3)
+          next if parts.size < 3 # Skip malformed entries
+
+          verb = parts[0]
+          path = parts[1]
+          definition = parts[2]
+
+          # Check for MCP routes
+          if Otto::MCP::RouteParser.is_mcp_route?(definition)
+            handle_mcp_route(verb, path, definition)
+            next
+          elsif Otto::MCP::RouteParser.is_tool_route?(definition)
+            handle_tool_route(verb, path, definition)
+            next
+          end
+
+          route                                   = Otto::Route.new verb, path, definition
+          route.otto                              = self
+          path_clean                              = path.gsub(%r{/$}, '')
+          @route_definitions[route.definition]    = route
+          Otto.logger.debug "route: #{route.pattern}" if Otto.debug
+          @routes[route.verb] ||= []
+          @routes[route.verb] << route
+          @routes_literal[route.verb]           ||= {}
+          @routes_literal[route.verb][path_clean] = route
+        rescue StandardError => e
+          Otto.logger.error "Error for route #{path}: #{e.message}"
+          Otto.logger.debug e.backtrace.join("\n") if Otto.debug
+        end
+        self
+      end
+
+      def handle_request(env)
+        locale             = determine_locale env
+        env['rack.locale'] = locale
+        env['otto.locale_config'] = @locale_config if @locale_config
+        @static_route    ||= Rack::Files.new(option[:public]) if option[:public] && safe_dir?(option[:public])
+        path_info          = Rack::Utils.unescape(env['PATH_INFO'])
+        path_info          = '/' if path_info.to_s.empty?
+
+        begin
+          path_info_clean = path_info
+                            .encode(
+                              'UTF-8', # Target encoding
+                              invalid: :replace, # Replace invalid byte sequences
+                              undef: :replace,   # Replace characters undefined in UTF-8
+                              replace: '' # Use empty string for replacement
+                            )
+                            .gsub(%r{/$}, '') # Remove trailing slash, if present
+        rescue ArgumentError => e
+          # Log the error but don't expose details
+          Otto.logger.error '[Otto.handle_request] Path encoding error'
+          Otto.logger.debug "[Otto.handle_request] Error details: #{e.message}" if Otto.debug
+          # Set a default value or use the original path_info
+          path_info_clean = path_info
+        end
+
+        base_path      = File.split(path_info).first
+        # Files in the root directory can refer to themselves
+        base_path      = path_info if base_path == '/'
+        http_verb      = env['REQUEST_METHOD'].upcase.to_sym
+        literal_routes = routes_literal[http_verb] || {}
+        literal_routes.merge! routes_literal[:GET] if http_verb == :HEAD
+
+        if static_route && http_verb == :GET && routes_static[:GET].member?(base_path)
+          # Otto.logger.debug " request: #{path_info} (static)"
+          static_route.call(env)
+        elsif literal_routes.has_key?(path_info_clean)
+          route = literal_routes[path_info_clean]
+          # Otto.logger.debug " request: #{http_verb} #{path_info} (literal route: #{route.verb} #{route.path})"
+          route.call(env)
+        elsif static_route && http_verb == :GET && safe_file?(path_info)
+          Otto.logger.debug " new static route: #{base_path} (#{path_info})" if Otto.debug
+          routes_static[:GET][base_path] = base_path
+          static_route.call(env)
+        else
+          match_dynamic_route(env, path_info, http_verb, literal_routes)
+        end
+      end
+
+      def determine_locale(env)
+        accept_langs = env['HTTP_ACCEPT_LANGUAGE']
+        accept_langs = option[:locale] if accept_langs.to_s.empty?
+        locales      = []
+        unless accept_langs.empty?
+          locales = accept_langs.split(',').map do |l|
+            l += ';q=1.0' unless /;q=\d+(?:\.\d+)?$/.match?(l)
+            l.split(';q=')
+          end.sort_by do |_locale, qvalue|
+            qvalue.to_f
+          end.collect do |locale, _qvalue|
+            locale
+          end.reverse
+        end
+        Otto.logger.debug "locale: #{locales} (#{accept_langs})" if Otto.debug
+        locales.empty? ? nil : locales
+      end
+
+      private
+
+      def match_dynamic_route(env, path_info, http_verb, literal_routes)
+        extra_params  = {}
+        found_route   = nil
+        valid_routes  = routes[http_verb] || []
+        valid_routes.push(*routes[:GET]) if http_verb == :HEAD
+
+        valid_routes.each do |route|
+          # Otto.logger.debug " request: #{http_verb} #{path_info} (trying route: #{route.verb} #{route.pattern})"
+          next unless (match = route.pattern.match(path_info))
+
+          values = match.captures.to_a
+          # The first capture returned is the entire matched string b/c
+          # we wrapped the entire regex in parens. We don't need it to
+          # the full match.
+          values.shift
+          extra_params = build_route_params(route, values)
+          found_route  = route
+          break
+        end
+
+        found_route ||= literal_routes['/404']
+        if found_route
+          found_route.call env, extra_params
+        else
+          @not_found || Otto::Static.not_found
+        end
+      end
+
+      def build_route_params(route, values)
+        if route.keys.any?
+          route.keys.zip(values).each_with_object({}) do |(k, v), hash|
+            if k == 'splat'
+              (hash[k] ||= []) << v
+            else
+              hash[k] = v
+            end
+          end
+        elsif values.any?
+          { 'captures' => values }
+        else
+          {}
+        end
+      end
+
+      def handle_mcp_route(verb, path, definition)
+        raise '[MCP] MCP server not enabled' unless @mcp_server
+
+        route_info = Otto::MCP::RouteParser.parse_mcp_route(verb, path, definition)
+        @mcp_server.register_mcp_route(route_info)
+        Otto.logger.debug "[MCP] Registered resource route: #{definition}" if Otto.debug
+      rescue StandardError => e
+        Otto.logger.error "[MCP] Failed to parse MCP route: #{definition} - #{e.message}"
+      end
+
+      def handle_tool_route(verb, path, definition)
+        raise '[MCP] MCP server not enabled' unless @mcp_server
+
+        route_info = Otto::MCP::RouteParser.parse_tool_route(verb, path, definition)
+        @mcp_server.register_mcp_route(route_info)
+        Otto.logger.debug "[MCP] Registered tool route: #{definition}" if Otto.debug
+      rescue StandardError => e
+        Otto.logger.error "[MCP] Failed to parse TOOL route: #{definition} - #{e.message}"
+      end
+    end
+  end
+end

data/lib/otto/core/uri_generator.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# lib/otto/core/uri_generator.rb
+
+require 'uri'
+
+class Otto
+  module Core
+    # URI generation module providing path and URL generation for route definitions
+    module UriGenerator
+      # Return the URI path for the given +route_definition+
+      # e.g.
+      #
+      #     Otto.default.path 'YourClass.somemethod'  #=> /some/path
+      #
+      def uri(route_definition, params = {})
+        # raise RuntimeError, "Not working"
+        route = @route_definitions[route_definition]
+        return if route.nil?
+
+        local_params = params.clone
+        local_path   = route.path.clone
+
+        keys_to_remove = []
+        local_params.each_pair do |k, v|
+          next unless local_path.match(":#{k}")
+
+          local_path.gsub!(":#{k}", v.to_s)
+          keys_to_remove << k
+        end
+        keys_to_remove.each { |k| local_params.delete(k) }
+
+        uri = URI::HTTP.new(nil, nil, nil, nil, nil, local_path, nil, nil, nil)
+        unless local_params.empty?
+          query_string = local_params.map do |k, v|
+            "#{URI.encode_www_form_component(k)}=#{URI.encode_www_form_component(v)}"
+          end.join('&')
+          uri.query = query_string
+        end
+        uri.to_s
+      end
+    end
+  end
+end

data/lib/otto/design_system.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # lib/otto/design_system.rb
 
 class Otto
@@ -112,11 +114,11 @@ class Otto
       return '' if text.nil?
 
       text.to_s
-        .gsub('&', '&')
-        .gsub('<', '&lt;')
-        .gsub('>', '&gt;')
-        .gsub('"', '&quot;')
-        .gsub("'", '&#x27;')
+          .gsub('&', '&amp;')
+          .gsub('<', '&lt;')
+          .gsub('>', '&gt;')
+          .gsub('"', '&quot;')
+          .gsub("'", '&#x27;')
     end
 
     def otto_styles