otto 2.0.0.pre1 → 2.0.0.pre2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +2 -1
- data/.github/workflows/claude-code-review.yml +1 -1
- data/.github/workflows/claude.yml +1 -1
- data/.rubocop.yml +4 -1
- data/CHANGELOG.rst +54 -6
- data/Gemfile +1 -1
- data/Gemfile.lock +19 -18
- data/docs/.gitignore +1 -0
- data/docs/migrating/v2.0.0-pre2.md +345 -0
- data/lib/otto/core/configuration.rb +2 -2
- data/lib/otto/core/middleware_stack.rb +80 -0
- data/lib/otto/core/router.rb +7 -6
- data/lib/otto/env_keys.rb +114 -0
- data/lib/otto/helpers/base.rb +2 -21
- data/lib/otto/helpers/response.rb +22 -0
- data/lib/otto/mcp/{validation.rb → schema_validation.rb} +3 -2
- data/lib/otto/mcp/server.rb +26 -13
- data/lib/otto/response_handlers/json.rb +6 -0
- data/lib/otto/route.rb +44 -48
- data/lib/otto/route_handlers/factory.rb +22 -9
- data/lib/otto/security/authentication/authentication_middleware.rb +29 -12
- data/lib/otto/security/authentication/failure_result.rb +15 -7
- data/lib/otto/security/authentication/route_auth_wrapper.rb +149 -0
- data/lib/otto/security/authentication/strategies/{public_strategy.rb → noauth_strategy.rb} +1 -1
- data/lib/otto/security/authentication/strategy_result.rb +129 -15
- data/lib/otto/security/authentication.rb +2 -2
- data/lib/otto/security/config.rb +0 -11
- data/lib/otto/security/configurator.rb +2 -2
- data/lib/otto/security/middleware/rate_limit_middleware.rb +19 -3
- data/lib/otto/version.rb +1 -1
- data/lib/otto.rb +2 -3
- data/otto.gemspec +2 -0
- metadata +26 -6
- data/changelog.d/20250911_235619_delano_next.rst +0 -28
- data/changelog.d/20250912_123055_delano_remove_ostruct.rst +0 -21
- data/changelog.d/20250912_175625_claude_delano_remove_ostruct.rst +0 -21
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
Added
|
|
2
|
-
-----
|
|
3
|
-
|
|
4
|
-
- ``Otto::RequestContext`` Data class providing immutable, structured authentication context for Logic classes
|
|
5
|
-
- Helper methods ``authenticated?``, ``has_role?``, ``has_permission?``, ``user_name``, ``session_id`` for cleaner Logic class implementation
|
|
6
|
-
- Factory methods for creating RequestContext from AuthResult or anonymous contexts
|
|
7
|
-
|
|
8
|
-
Changed
|
|
9
|
-
-------
|
|
10
|
-
|
|
11
|
-
- **BREAKING**: Logic class constructor signature changed from ``initialize(session, user, params, locale)`` to ``initialize(context, params, locale)``
|
|
12
|
-
- Logic classes now receive immutable RequestContext instead of separate session/user parameters
|
|
13
|
-
- LogicClassHandler simplified to single arity pattern, removing backward compatibility code
|
|
14
|
-
- Authentication middleware now creates RequestContext instances for all requests
|
|
15
|
-
|
|
16
|
-
Documentation
|
|
17
|
-
-------------
|
|
18
|
-
|
|
19
|
-
- Updated migration guide with comprehensive RequestContext examples and step-by-step conversion instructions
|
|
20
|
-
- Updated Logic class examples in advanced_routes and authentication_strategies to demonstrate new pattern
|
|
21
|
-
- Enhanced documentation with RequestContext API reference and helper method examples
|
|
22
|
-
|
|
23
|
-
AI Assistance
|
|
24
|
-
-------------
|
|
25
|
-
|
|
26
|
-
- RequestContext Data class design developed with AI architectural guidance for immutability and clean API
|
|
27
|
-
- Comprehensive migration of all example Logic classes with AI assistance for consistency and best practices
|
|
28
|
-
- Documentation improvements ensuring clarity of breaking changes and migration path
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
Changed
|
|
2
|
-
-------
|
|
3
|
-
|
|
4
|
-
- Replaced `RequestContext` with `StrategyResult` class for better authentication handling
|
|
5
|
-
- Simplified authentication strategy API to return `StrategyResult` or `nil` for success/failure
|
|
6
|
-
- Enhanced route handlers to support JSON request body parsing
|
|
7
|
-
- Updated authentication middleware to use `StrategyResult` throughout
|
|
8
|
-
|
|
9
|
-
Added
|
|
10
|
-
-----
|
|
11
|
-
|
|
12
|
-
- Added `StrategyResult` class with improved user model compatibility and cleaner API
|
|
13
|
-
- Added JSON request body parsing support in Logic class handlers
|
|
14
|
-
|
|
15
|
-
Removed
|
|
16
|
-
-------
|
|
17
|
-
|
|
18
|
-
- Removed `RequestContext` class (replaced by `StrategyResult`)
|
|
19
|
-
- Removed `AuthResult` class from authentication system
|
|
20
|
-
- Removed OpenStruct dependency across the framework
|
|
21
|
-
- Removed `ConcurrentCacheStore` example class for an ActiveSupport::Cache::MemoryStore-compatible interface with Rack::Attack
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
Changed
|
|
2
|
-
-------
|
|
3
|
-
|
|
4
|
-
- Reorganized Otto security module structure for better maintainability and separation of concerns
|
|
5
|
-
- Moved authentication strategies to ``Otto::Security::Authentication::Strategies`` namespace
|
|
6
|
-
- Moved security middleware to ``Otto::Security::Middleware`` namespace
|
|
7
|
-
- Moved ``StrategyResult`` and ``FailureResult`` to ``Otto::Security::Authentication`` namespace
|
|
8
|
-
|
|
9
|
-
Added
|
|
10
|
-
-----
|
|
11
|
-
|
|
12
|
-
- Added new modular directory structure under ``lib/otto/security/``
|
|
13
|
-
- Added backward compatibility aliases to maintain existing API compatibility
|
|
14
|
-
- Added proper namespacing for authentication components and middleware classes
|
|
15
|
-
|
|
16
|
-
AI Assistance
|
|
17
|
-
-------------
|
|
18
|
-
|
|
19
|
-
- Comprehensive security module reorganization with systematic namespace restructuring
|
|
20
|
-
- Automated test validation to ensure backward compatibility during refactoring
|
|
21
|
-
- Intelligent file organization following Ruby conventions and single responsibility principles
|