otto 2.0.0.pre2 → 2.0.0.pre7

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: otto
 version: !ruby/object:Gem::Version
-  version: 2.0.0.pre2
+  version: 2.0.0.pre7
 platform: ruby
 authors:
 - Delano Mandelbaum
@@ -9,6 +9,46 @@ bindir: bin
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: concurrent-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: ipaddr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: logger
   requirement: !ruby/object:Gem::Requirement
@@ -67,16 +107,16 @@ dependencies:
   name: rexml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.6
+        version: '3.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.6
+        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: facets
   requirement: !ruby/object:Gem::Requirement
@@ -115,9 +155,11 @@ files:
 - ".github/workflows/ci.yml"
 - ".github/workflows/claude-code-review.yml"
 - ".github/workflows/claude.yml"
+- ".github/workflows/code-smells.yml"
 - ".gitignore"
 - ".pre-commit-config.yaml"
 - ".pre-push-config.yaml"
+- ".reek.yml"
 - ".rspec"
 - ".rubocop.yml"
 - CHANGELOG.rst
@@ -127,9 +169,12 @@ files:
 - LICENSE.txt
 - README.md
 - bin/rspec
+- changelog.d/20251103_235431_delano_86_improve_error_logging.rst
+- changelog.d/20251109_025012_claude_fix_backtrace_sanitization.rst
 - changelog.d/README.md
 - changelog.d/scriv.ini
 - docs/.gitignore
+- docs/ipaddr-encoding-quirk.md
 - docs/migrating/v2.0.0-pre1.md
 - docs/migrating/v2.0.0-pre2.md
 - examples/.gitignore
@@ -173,10 +218,13 @@ files:
 - examples/authentication_strategies/app/controllers/main_controller.rb
 - examples/authentication_strategies/config.ru
 - examples/authentication_strategies/routes
+- examples/backtrace_sanitization_demo.rb
 - examples/basic/README.md
 - examples/basic/app.rb
 - examples/basic/config.ru
 - examples/basic/routes
+- examples/error_handler_registration.rb
+- examples/logging_improvements.rb
 - examples/mcp_demo/README.md
 - examples/mcp_demo/app.rb
 - examples/mcp_demo/config.ru
@@ -185,19 +233,28 @@ files:
 - examples/security_features/app.rb
 - examples/security_features/config.ru
 - examples/security_features/routes
+- examples/simple_geo_resolver.rb
 - lib/otto.rb
+- lib/otto/core.rb
 - lib/otto/core/configuration.rb
 - lib/otto/core/error_handler.rb
 - lib/otto/core/file_safety.rb
+- lib/otto/core/freezable.rb
 - lib/otto/core/middleware_stack.rb
 - lib/otto/core/router.rb
 - lib/otto/core/uri_generator.rb
 - lib/otto/design_system.rb
 - lib/otto/env_keys.rb
+- lib/otto/helpers.rb
 - lib/otto/helpers/base.rb
 - lib/otto/helpers/request.rb
 - lib/otto/helpers/response.rb
 - lib/otto/helpers/validation.rb
+- lib/otto/locale.rb
+- lib/otto/locale/config.rb
+- lib/otto/locale/middleware.rb
+- lib/otto/logging_helpers.rb
+- lib/otto/mcp.rb
 - lib/otto/mcp/auth/token.rb
 - lib/otto/mcp/protocol.rb
 - lib/otto/mcp/rate_limiting.rb
@@ -205,6 +262,11 @@ files:
 - lib/otto/mcp/route_parser.rb
 - lib/otto/mcp/schema_validation.rb
 - lib/otto/mcp/server.rb
+- lib/otto/privacy.rb
+- lib/otto/privacy/config.rb
+- lib/otto/privacy/geo_resolver.rb
+- lib/otto/privacy/ip_privacy.rb
+- lib/otto/privacy/redacted_fingerprint.rb
 - lib/otto/response_handlers.rb
 - lib/otto/response_handlers/auto.rb
 - lib/otto/response_handlers/base.rb
@@ -222,10 +284,10 @@ files:
 - lib/otto/route_handlers/instance_method.rb
 - lib/otto/route_handlers/lambda.rb
 - lib/otto/route_handlers/logic_class.rb
+- lib/otto/security.rb
 - lib/otto/security/authentication.rb
+- lib/otto/security/authentication/auth_failure.rb
 - lib/otto/security/authentication/auth_strategy.rb
-- lib/otto/security/authentication/authentication_middleware.rb
-- lib/otto/security/authentication/failure_result.rb
 - lib/otto/security/authentication/route_auth_wrapper.rb
 - lib/otto/security/authentication/strategies/api_key_strategy.rb
 - lib/otto/security/authentication/strategies/noauth_strategy.rb
@@ -233,10 +295,12 @@ files:
 - lib/otto/security/authentication/strategies/role_strategy.rb
 - lib/otto/security/authentication/strategies/session_strategy.rb
 - lib/otto/security/authentication/strategy_result.rb
+- lib/otto/security/authorization_error.rb
 - lib/otto/security/config.rb
 - lib/otto/security/configurator.rb
 - lib/otto/security/csrf.rb
 - lib/otto/security/middleware/csrf_middleware.rb
+- lib/otto/security/middleware/ip_privacy_middleware.rb
 - lib/otto/security/middleware/rate_limit_middleware.rb
 - lib/otto/security/middleware/validation_middleware.rb
 - lib/otto/security/rate_limiter.rb
@@ -270,7 +334,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 3.7.2
 specification_version: 4
 summary: Auto-define your rack-apps in plaintext.
 test_files: []

data/lib/otto/security/authentication/authentication_middleware.rb

@@ -1,140 +0,0 @@
-# frozen_string_literal: true
-
-require_relative 'strategy_result'
-require_relative 'failure_result'
-require_relative 'route_auth_wrapper'
-require_relative 'strategies/noauth_strategy'
-require_relative 'strategies/role_strategy'
-require_relative 'strategies/permission_strategy'
-
-class Otto
-  module Security
-    module Authentication
-      # Authentication middleware that enforces route-level auth requirements
-      class AuthenticationMiddleware
-        def initialize(app, security_config = {}, config = {})
-          @app = app
-          @security_config = security_config
-          @config = config
-          @strategies = config[:auth_strategies] || {}
-          @default_strategy = config[:default_auth_strategy] || 'noauth'
-
-          # Add default noauth strategy if not provided
-          @strategies['noauth'] ||= Strategies::NoAuthStrategy.new
-        end
-
-        def call(env)
-          # Check if this route has auth requirements
-          route_definition = env['otto.route_definition']
-
-          # If no route definition, create anonymous result and continue
-          unless route_definition
-            env['otto.strategy_result'] = Otto::Security::Authentication::StrategyResult.anonymous(
-              metadata: { ip: env['REMOTE_ADDR'] }
-            )
-            return @app.call(env)
-          end
-
-          auth_requirement = route_definition.auth_requirement
-
-          # If no auth requirement, create anonymous result and continue
-          unless auth_requirement
-            env['otto.strategy_result'] = Otto::Security::Authentication::StrategyResult.anonymous(
-              metadata: { ip: env['REMOTE_ADDR'] }
-            )
-            return @app.call(env)
-          end
-
-          # Find appropriate strategy
-          strategy = find_strategy(auth_requirement)
-          return auth_error_response("Unknown authentication strategy: #{auth_requirement}") unless strategy
-
-          # Perform authentication
-          strategy_result = strategy.authenticate(env, auth_requirement)
-
-          # Check result type: FailureResult indicates auth failure, StrategyResult indicates success
-          if strategy_result.is_a?(Otto::Security::Authentication::FailureResult)
-            # Failure - create anonymous result with failure info
-            failure_reason = strategy_result.failure_reason || 'Authentication failed'
-            env['otto.strategy_result'] = Otto::Security::Authentication::StrategyResult.anonymous(
-              metadata: {
-                ip: env['REMOTE_ADDR'],
-                auth_failure: failure_reason,
-                attempted_strategy: auth_requirement,
-              }
-            )
-            auth_error_response(failure_reason)
-          else
-            # Success - store the strategy result directly
-            env['otto.strategy_result'] = strategy_result
-
-            # SESSION PERSISTENCE: This assignment is INTENTIONAL, not a merge operation.
-            # We must ensure env['rack.session'] and strategy_result.session reference
-            # the SAME object so that:
-            #   1. Logic classes write to strategy_result.session
-            #   2. Rack's session middleware persists env['rack.session']
-            #   3. Changes from (1) are included in (2)
-            #
-            # Using merge! instead would break this - the objects must be identical.
-            # See commit ed7fa0d for the bug this fixes.
-            env['rack.session'] = strategy_result.session if strategy_result.session
-            env['otto.user'] = strategy_result.user # For convenience
-            env['otto.user_context'] = strategy_result.user_context # For convenience
-            @app.call(env)
-          end
-        end
-
-        private
-
-        def find_strategy(requirement)
-          # Try exact match first - this has highest priority
-          return @strategies[requirement] if @strategies[requirement]
-
-          # For colon-separated requirements like "role:admin", try prefix match
-          if requirement.include?(':')
-            prefix = requirement.split(':', 2).first
-
-            # Check if we have a strategy registered for the prefix
-            prefix_strategy = @strategies[prefix]
-            return prefix_strategy if prefix_strategy
-
-            # Try fallback patterns for role: and permission: requirements
-            if requirement.start_with?('role:')
-              return @strategies['role'] || Strategies::RoleStrategy.new([])
-            elsif requirement.start_with?('permission:')
-              return @strategies['permission'] || Strategies::PermissionStrategy.new([])
-            end
-          end
-
-          nil
-        end
-
-        def auth_error_response(message)
-          body = JSON.generate({
-                                 error: 'Authentication Required',
-            message: message,
-            timestamp: Time.now.to_i,
-                               })
-
-          headers = {
-            'Content-Type' => 'application/json',
-            'Content-Length' => body.bytesize.to_s,
-          }
-
-          # Add security headers if available from config hash or Otto instance
-          # NOTE: Extracting this to a method was considered but rejected.
-          # This logic appears only once and is clear in context. Extraction would
-          # add ~10 lines (method def + docs) for a 5-line single-use block without
-          # improving readability. Consider extracting if this pattern is duplicated.
-          if @config.is_a?(Hash) && @config[:security_headers]
-            headers.merge!(@config[:security_headers])
-          elsif @config.respond_to?(:security_config) && @config.security_config
-            headers.merge!(@config.security_config.security_headers)
-          end
-
-          [401, headers, [body]]
-        end
-      end
-    end
-  end
-end