otto 2.0.0.pre2 → 2.0.0.pre7

data/lib/otto/privacy/geo_resolver.rb

@@ -0,0 +1,285 @@
+# lib/otto/privacy/geo_resolver.rb
+#
+# frozen_string_literal: true
+
+require 'ipaddr'
+
+class Otto
+  module Privacy
+    # Lightweight geo-location resolution for IP addresses
+    #
+    # Provides country-level geo-location without requiring external
+    # databases or API calls. Supports headers from major CDN/infrastructure
+    # providers (Cloudflare, AWS CloudFront, Fastly, Akamai, Azure) with
+    # fallback to basic IP range detection.
+    #
+    # Supported CDN/Infrastructure Headers:
+    # - Cloudflare: CF-IPCountry
+    # - AWS CloudFront: CloudFront-Viewer-Country
+    # - Fastly: Fastly-Client-IP-Country
+    # - Akamai: X-Akamai-Edgescape (country_code=XX format)
+    # - Azure Front Door: X-Azure-ClientIP-Country
+    # - Semi-standard: X-Geo-Country, X-Country-Code, Country-Code
+    #
+    # @example Resolve country from Cloudflare header
+    #   env = { 'HTTP_CF_IPCOUNTRY' => 'US' }
+    #   GeoResolver.resolve('1.2.3.4', env)
+    #   # => 'US'
+    #
+    # @example Resolve from AWS CloudFront
+    #   env = { 'HTTP_CLOUDFRONT_VIEWER_COUNTRY' => 'GB' }
+    #   GeoResolver.resolve('1.2.3.4', env)
+    #   # => 'GB'
+    #
+    # @example Resolve without CDN headers
+    #   GeoResolver.resolve('8.8.8.8', {})
+    #   # => 'US' (Google DNS via range detection)
+    #
+    # @example Using a custom resolver (MaxMind)
+    #   GeoResolver.custom_resolver = ->(ip, env) {
+    #     reader = MaxMind::DB.new('GeoLite2-Country.mmdb')
+    #     result = reader.get(ip)
+    #     result&.dig('country', 'iso_code')
+    #   }
+    #   GeoResolver.resolve('1.2.3.4', {})  # Uses custom resolver
+    #
+    # @example Extending via subclass
+    #   class MyGeoResolver < Otto::Privacy::GeoResolver
+    #     def self.detect_by_range(ip)
+    #       # Custom logic here
+    #       super  # Fall back to parent
+    #     end
+    #   end
+    #
+    #
+    # Resolution flow
+    #
+    #    Request → Has familiar HTTP Header?
+    #              ├─ Yes → Return country (Cloudflare, AWS, etc.)
+    #              └─ No → Custom Resolver?
+    #                      ├─ Configured → Call & validate
+    #                      │               ├─ Valid → Return country
+    #                      │               └─ Invalid/Error → Continue
+    #                      └─ Not configured → Built-in range detection
+    #                                          └─ Unknown ('**')
+    #
+    class GeoResolver
+      # Unknown country code (not ISO 3166-1 alpha-2, intentionally distinct)
+      UNKNOWN = '**'
+
+      # Custom resolver for extending geo-location capabilities
+      # Can be set to a proc/lambda or a class responding to .call(ip, env)
+      #
+      # @example Using a proc
+      #   GeoResolver.custom_resolver = ->(ip, env) {
+      #     return nil  # Return nil to continue with built-in resolution
+      #     # or return 'US' to provide custom country code
+      #   }
+      #
+      # @example Using MaxMind
+      #   GeoResolver.custom_resolver = ->(ip, env) {
+      #     reader = MaxMind::DB.new('path/to/GeoLite2-Country.mmdb')
+      #     result = reader.get(ip)
+      #     result&.dig('country', 'iso_code')
+      #   }
+      #
+      # Thread Safety Model:
+      # This follows Ruby's standard configuration pattern:
+      # - Set ONCE at boot time (single-threaded initialization)
+      # - Read many times during requests (multi-threaded reads)
+      # - No synchronization needed for this access pattern
+      #
+      # Runtime resolver switching is NOT supported. Changing the resolver
+      # while processing requests creates race conditions (write vs read).
+      # This is intentional - resolver configuration is boot-time only.
+      @custom_resolver = nil
+
+      class << self
+        attr_accessor :custom_resolver
+
+        # Set a custom resolver for geo-location
+        #
+        # MUST be called during single-threaded initialization (before
+        # accepting requests). Runtime changes while serving requests
+        # will cause race conditions.
+        #
+        # @param resolver [Proc, #call] A proc or callable object that takes (ip, env)
+        #   and returns a country code string or nil
+        # @raise [ArgumentError] if resolver doesn't respond to :call
+        def custom_resolver=(resolver)
+          unless resolver.nil? || resolver.respond_to?(:call)
+            raise ArgumentError, 'Custom resolver must respond to :call'
+          end
+          @custom_resolver = resolver
+        end
+      end
+
+      # Resolve country code for an IP address
+      #
+      # Resolution priority:
+      # 1. CDN/infrastructure provider headers (Cloudflare, AWS, Fastly, etc.)
+      # 2. Basic IP range detection for major countries/providers
+      # 3. Return '**' for unknown
+      #
+      # @param ip [String] IP address to resolve
+      # @param env [Hash] Rack environment (may contain geo headers)
+      # @return [String] ISO 3166-1 alpha-2 country code or '**'
+      def self.resolve(ip, env = {})
+        return UNKNOWN if ip.nil? || ip.empty?
+
+        # Check CDN/infrastructure headers in priority order
+        # Priority based on reliability and deployment frequency
+        country = check_geo_headers(env)
+        return country if country
+
+        # Try custom resolver if configured
+        if @custom_resolver
+          begin
+            country = @custom_resolver.call(ip, env)
+            return country if country && valid_country_code?(country)
+          rescue StandardError => e
+            # Log error but don't crash - fall through to built-in detection
+            warn "GeoResolver custom resolver error: #{e.message}" if $DEBUG
+          end
+        end
+
+        # Fallback: Basic range detection
+        detect_by_range(ip)
+      rescue IPAddr::InvalidAddressError
+        UNKNOWN
+      end
+
+      # Check CDN/infrastructure provider geo headers
+      #
+      # Headers are checked in order of reliability and deployment frequency:
+      # 1. Cloudflare (CF-IPCountry) - Most widely deployed
+      # 2. AWS CloudFront (CloudFront-Viewer-Country)
+      # 3. Fastly (Fastly-Client-IP-Country)
+      # 4. Akamai (X-Akamai-Edgescape) - Complex format, extract country
+      # 5. Azure Front Door (X-Azure-ClientIP-Country)
+      # 6. Semi-standard headers (X-Geo-Country, X-Country-Code, Country-Code)
+      #
+      # @param env [Hash] Rack environment
+      # @return [String, nil] ISO 3166-1 alpha-2 country code or nil
+      # @api private
+      def self.check_geo_headers(env)
+        # Cloudflare (most common)
+        country = env['HTTP_CF_IPCOUNTRY']
+        return country if valid_country_code?(country)
+
+        # AWS CloudFront
+        country = env['HTTP_CLOUDFRONT_VIEWER_COUNTRY']
+        return country if valid_country_code?(country)
+
+        # Fastly
+        country = env['HTTP_FASTLY_CLIENT_IP_COUNTRY']
+        return country if valid_country_code?(country)
+
+        # Akamai Edgescape (format: country_code=US,region_code=CA,...)
+        if (edgescape = env['HTTP_X_AKAMAI_EDGESCAPE'])
+          country = extract_akamai_country(edgescape)
+          return country if valid_country_code?(country)
+        end
+
+        # Azure Front Door
+        country = env['HTTP_X_AZURE_CLIENTIP_COUNTRY']
+        return country if valid_country_code?(country)
+
+        # Semi-standard headers (least reliable, check last)
+        country = env['HTTP_X_GEO_COUNTRY']
+        return country if valid_country_code?(country)
+
+        country = env['HTTP_X_COUNTRY_CODE']
+        return country if valid_country_code?(country)
+
+        country = env['HTTP_COUNTRY_CODE']
+        return country if valid_country_code?(country)
+
+        nil
+      end
+      private_class_method :check_geo_headers
+
+      # Extract country code from Akamai Edgescape header
+      #
+      # Edgescape format: "country_code=US,region_code=CA,city=LOSANGELES,..."
+      #
+      # @param edgescape [String] Akamai Edgescape header value
+      # @return [String, nil] Country code or nil
+      # @api private
+      def self.extract_akamai_country(edgescape)
+        return nil unless edgescape.is_a?(String)
+
+        # Extract country_code=XX (must be exactly 2 uppercase letters, bounded)
+        # Use word boundary or comma to ensure we don't match partial strings like "INVALID"
+        match = edgescape.match(/country_code=([A-Z]{2})(?:,|\z)/)
+        match ? match[1] : nil
+      end
+      private_class_method :extract_akamai_country
+
+      # Detect country by IP range (basic implementation)
+      #
+      # Detects major cloud providers and well-known IP ranges.
+      # This is intentionally limited - for comprehensive geo-location,
+      # use CDN headers or configure a custom resolver.
+      #
+      # @param ip [String] IP address
+      # @return [String] Country code or '**'
+      # @api private
+      def self.detect_by_range(ip)
+        addr = IPAddr.new(ip)
+
+        # Private/local addresses
+        return UNKNOWN if IPPrivacy.private_or_localhost?(ip)
+
+        # Check against known ranges
+        KNOWN_RANGES.each do |range, country|
+          return country if range.include?(addr)
+        end
+
+        UNKNOWN
+      end
+      private_class_method :detect_by_range
+
+      # Known IP ranges for major providers (limited set for basic detection)
+      # For comprehensive geo-location, use CDN headers or custom resolver
+      KNOWN_RANGES = {
+        # Google Public DNS
+        IPAddr.new('8.8.8.0/24') => 'US',
+        IPAddr.new('8.8.4.0/24') => 'US',
+
+        # Cloudflare DNS
+        IPAddr.new('1.1.1.0/24') => 'US',
+        IPAddr.new('1.0.0.0/24') => 'US',
+
+        # AWS US-East
+        IPAddr.new('52.0.0.0/11') => 'US',
+        IPAddr.new('54.0.0.0/8') => 'US',
+
+        # AWS EU-West
+        IPAddr.new('34.240.0.0/13') => 'IE',
+        IPAddr.new('52.16.0.0/14') => 'IE',
+
+        # AWS AP-Southeast
+        IPAddr.new('13.210.0.0/15') => 'AU',
+        IPAddr.new('52.62.0.0/15') => 'AU',
+
+        # Quad9 DNS (Switzerland)
+        IPAddr.new('9.9.9.0/24') => 'CH',
+
+        # OpenDNS
+        IPAddr.new('208.67.222.0/24') => 'US',
+        IPAddr.new('208.67.220.0/24') => 'US',
+      }.freeze
+
+      # Validate country code format
+      #
+      # @param code [String] Country code to validate
+      # @return [Boolean] true if valid ISO 3166-1 alpha-2 code
+      # @api private
+      def self.valid_country_code?(code)
+        code.is_a?(String) && code.length == 2 && code.match?(/^[A-Z]{2}$/)
+      end
+      private_class_method :valid_country_code?
+    end
+  end
+end

data/lib/otto/privacy/ip_privacy.rb

@@ -0,0 +1,177 @@
+# lib/otto/privacy/ip_privacy.rb
+#
+# frozen_string_literal: true
+
+require 'ipaddr'
+require 'digest'
+require 'openssl'
+require 'socket'
+
+class Otto
+  module Privacy
+    # IP address anonymization utilities
+    #
+    # Provides methods for masking and hashing IP addresses to enhance
+    # privacy while maintaining the ability to track sessions and analyze
+    # traffic patterns.
+    #
+    # @example Mask an IPv4 address (1 octet)
+    #   IPPrivacy.mask_ip('192.168.1.100', 1)
+    #   # => '192.168.1.0'
+    #
+    # @example Mask an IPv4 address (2 octets)
+    #   IPPrivacy.mask_ip('192.168.1.100', 2)
+    #   # => '192.168.0.0'
+    #
+    # @example Hash an IP for session correlation
+    #   key = 'daily-rotation-key'
+    #   IPPrivacy.hash_ip('192.168.1.100', key)
+    #   # => 'a3f8b2...' (consistent for same IP+key, changes when key rotates)
+    #
+    # @note All methods return UTF-8 encoded strings for Rack compatibility.
+    #   See file:docs/ipaddr-encoding-quirk.md for details on IPAddr#to_s behavior.
+    #
+    class IPPrivacy
+      # Mask an IP address by zeroing out the specified number of octets/bits
+      #
+      # For IPv4:
+      # - octet_precision=1: Masks last octet (e.g., 192.168.1.100 → 192.168.1.0)
+      # - octet_precision=2: Masks last 2 octets (e.g., 192.168.1.100 → 192.168.0.0)
+      #
+      # For IPv6:
+      # - octet_precision=1: Masks last 80 bits
+      # - octet_precision=2: Masks last 96 bits
+      #
+      # @param ip [String] IP address to mask
+      # @param octet_precision [Integer] Number of trailing octets to mask (1 or 2, default: 1)
+      # @return [String] Masked IP address (UTF-8 encoded)
+      # @raise [ArgumentError] if IP is invalid or octet_precision is not 1 or 2
+      def self.mask_ip(ip, octet_precision = 1)
+        return nil if ip.nil? || ip.empty?
+
+        raise ArgumentError, "octet_precision must be 1 or 2, got: #{octet_precision}" unless [1,
+                                                                                               2].include?(octet_precision)
+
+        begin
+          addr = IPAddr.new(ip)
+
+          if addr.ipv4?
+            mask_ipv4(addr, octet_precision)
+          else
+            mask_ipv6(addr, octet_precision)
+          end
+        rescue IPAddr::InvalidAddressError => e
+          raise ArgumentError, "Invalid IP address: #{ip} - #{e.message}"
+        end
+      end
+
+      # Hash an IP address for session correlation without storing the original
+      #
+      # Uses HMAC-SHA256 with a daily-rotating key to create a consistent
+      # identifier for the same IP within a key rotation period, but different
+      # across rotations.
+      #
+      # @param ip [String] IP address to hash
+      # @param key [String] Secret key for HMAC (should rotate daily)
+      # @return [String] Hexadecimal hash string (64 characters)
+      # @raise [ArgumentError] if IP or key is invalid
+      def self.hash_ip(ip, key)
+        return nil if ip.nil? || ip.empty?
+
+        raise ArgumentError, 'Key cannot be nil or empty' if key.nil? || key.empty?
+
+        # Normalize IP address format before hashing
+        normalized_ip = begin
+          IPAddr.new(ip).to_s
+        rescue IPAddr::InvalidAddressError => e
+          raise ArgumentError, "Invalid IP address: #{ip} - #{e.message}"
+        end
+
+        # Use HMAC-SHA256 for secure hashing with key
+        OpenSSL::HMAC.hexdigest('SHA256', key, normalized_ip)
+      end
+
+      # Check if an IP address is valid
+      #
+      # @param ip [String] IP address to validate
+      # @return [Boolean] true if valid IPv4 or IPv6 address
+      def self.valid_ip?(ip)
+        return false if ip.nil? || ip.empty?
+
+        IPAddr.new(ip)
+        true
+      rescue IPAddr::InvalidAddressError
+        false
+      end
+
+      # Check if an IP address is localhost or private (RFC 1918)
+      #
+      # Private/localhost IPs are not masked for development convenience.
+      #
+      # @param ip [String] IP address to check
+      # @return [Boolean] true if IP is localhost or private
+      def self.private_or_localhost?(ip)
+        return false if ip.nil? || ip.empty?
+
+        addr = IPAddr.new(ip)
+        addr.private? || addr.loopback?
+      rescue IPAddr::InvalidAddressError
+        false
+      end
+
+      # Mask IPv4 address
+      #
+      # @param addr [IPAddr] IPAddr object (must be IPv4)
+      # @param octet_precision [Integer] Number of trailing octets to mask (1 or 2)
+      # @return [String] Masked IPv4 address (UTF-8 encoded)
+      # @api private
+      # @see file:docs/ipaddr-encoding-quirk.md IPAddr encoding behavior
+      def self.mask_ipv4(addr, octet_precision)
+        # Convert to integer for bitwise operations
+        ip_int = addr.to_i
+
+        # Create mask: 0xFFFFFFFF with trailing zeros
+        # octet_precision=1: 0xFFFFFF00 (mask last 8 bits)
+        # octet_precision=2: 0xFFFF0000 (mask last 16 bits)
+        bits_to_mask = octet_precision * 8
+        mask = (0xFFFFFFFF >> bits_to_mask) << bits_to_mask
+
+        # Apply mask and convert back to IP
+        masked_int = ip_int & mask
+
+        # Force UTF-8 encoding: IPAddr#to_s returns US-ASCII for IPv4 but UTF-8
+        # for IPv6. We normalize to UTF-8 for Rack compatibility and to prevent
+        # Encoding::CompatibilityError. Safe because IP strings contain only
+        # ASCII characters.
+        # See also: https://github.com/ruby/ruby/blob/master/lib/ipaddr.rb
+        IPAddr.new(masked_int, Socket::AF_INET).to_s.force_encoding('UTF-8')
+      end
+      private_class_method :mask_ipv4
+
+      # Mask IPv6 address
+      #
+      # @param addr [IPAddr] IPAddr object (must be IPv6)
+      # @param octet_precision [Integer] Number of trailing octets to mask (1 or 2)
+      # @return [String] Masked IPv6 address (UTF-8 encoded)
+      # @api private
+      def self.mask_ipv6(addr, octet_precision)
+        ip_int = addr.to_i
+
+        # octet_precision=1: Mask last 80 bits (leave first 48 bits for network)
+        # octet_precision=2: Mask last 96 bits (leave first 32 bits)
+        bits_to_mask = octet_precision == 1 ? 80 : 96
+
+        # Create mask by setting all 128 bits, then clearing the trailing bits we want to mask
+        # Example: For bits_to_mask=80, this creates a mask with first 48 bits set to 1, last 80 bits set to 0
+        # (1 << 128) - 1 creates 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF (all 128 bits set)
+        mask = ((1 << 128) - 1) >> bits_to_mask << bits_to_mask
+
+        masked_int = ip_int & mask
+
+        IPAddr.new(masked_int, Socket::AF_INET6).to_s.force_encoding('UTF-8')
+      end
+
+      private_class_method :mask_ipv6
+    end
+  end
+end

data/lib/otto/privacy/redacted_fingerprint.rb

@@ -0,0 +1,146 @@
+# lib/otto/privacy/redacted_fingerprint.rb
+#
+# frozen_string_literal: true
+
+require 'securerandom'
+require 'time'
+require 'uri'
+
+class Otto
+  module Privacy
+    # Immutable privacy-safe request fingerprint (aka CrappyFingerprint)
+    #
+    # Contains anonymized information about a request that can be used for
+    # logging, analytics, and session tracking without storing personally
+    # identifiable information.
+    #
+    # @example Create from Rack environment
+    #   config = Otto::Privacy::Config.new
+    #   fingerprint = RedactedFingerprint.new(env, config)
+    #   fingerprint.masked_ip   # => '192.168.1.0'
+    #   fingerprint.country     # => 'US'
+    #
+    class RedactedFingerprint
+      attr_reader :session_id, :timestamp, :masked_ip, :hashed_ip,
+                  :country, :anonymized_ua, :request_path,
+                  :request_method, :referer
+
+      # Create a new RedactedFingerprint from a Rack environment
+      #
+      # @param env [Hash] Rack environment hash
+      # @param config [Otto::Privacy::Config] Privacy configuration
+      def initialize(env, config)
+        remote_ip = env['REMOTE_ADDR']
+
+        @session_id = SecureRandom.uuid
+        @timestamp = Time.now.utc
+        @masked_ip = IPPrivacy.mask_ip(remote_ip, config.octet_precision)
+        @hashed_ip = IPPrivacy.hash_ip(remote_ip, config.rotation_key)
+        @country = config.geo_enabled ? GeoResolver.resolve(remote_ip, env) : nil
+        @anonymized_ua = anonymize_user_agent(env['HTTP_USER_AGENT'])
+        @request_path = env['PATH_INFO']
+        @request_method = env['REQUEST_METHOD']
+        @referer = anonymize_referer(env['HTTP_REFERER'])
+
+        freeze
+      end
+
+      # Convert to hash for logging or serialization
+      #
+      # @return [Hash] Hash representation of fingerprint
+      def to_h
+        {
+              session_id: @session_id,
+               timestamp: @timestamp.iso8601,
+               masked_ip: @masked_ip,
+               hashed_ip: @hashed_ip,
+                 country: @country,
+           anonymized_ua: @anonymized_ua,
+          request_method: @request_method,
+            request_path: @request_path,
+                 referer: @referer,
+        }
+      end
+
+      # Convert to JSON string
+      #
+      # @return [String] JSON representation
+      def to_json(*_args)
+        require 'json'
+        to_h.to_json
+      end
+
+      # String representation
+      #
+      # @return [String] Human-readable representation
+      def to_s
+        "#<RedactedFingerprint #{@hashed_ip[0..15]}... #{@country} #{@timestamp}>"
+      end
+
+      # Inspect representation
+      #
+      # @return [String] Detailed representation for debugging
+      def inspect
+        '#<Otto::Privacy::RedactedFingerprint ' \
+          "masked_ip=#{@masked_ip.inspect} " \
+          "hashed_ip=#{@hashed_ip[0..15]}... " \
+          "country=#{@country.inspect} " \
+          "timestamp=#{@timestamp.inspect}>"
+      end
+
+      private
+
+      # Anonymize user agent string by removing version numbers and build identifiers
+      #
+      # Removes specific version numbers (*.*.* pattern) and build identifiers
+      # (e.g., Build/MRA58N) to reduce fingerprinting granularity while maintaining
+      # browser/OS info.
+      #
+      # @param ua [String, nil] User agent string
+      # @return [String, nil] Anonymized user agent or nil
+      def anonymize_user_agent(ua)
+        return nil if ua.nil? || ua.empty?
+
+        # Remove build identifiers (e.g., Build/MRA58N, Build/MPJ24.139-64)
+        # This must run BEFORE version stripping to avoid partial matches.
+        # If we strip versions first, Build/MPJ24.139-64 becomes Build/MPJ*.*-64,
+        # and the regex won't match properly (asterisks not in [\w.-] class).
+        anonymized = ua.gsub(/Build\/[\w.-]+/, 'Build/*')
+
+        # Remove version patterns (*.*.*.*, *.*.*, *.*)
+        # Support both dot and underscore separators (e.g., 10.15.7 and 10_15_7)
+        anonymized = anonymized
+                     .gsub(/\d+[._]\d+[._]\d+[._]\d+/, '*.*.*.*')
+                     .gsub(/\d+[._]\d+[._]\d+/, '*.*.*')
+                     .gsub(/\d+[._]\d+/, '*.*')
+
+        # Truncate if too long (prevent DoS via huge UA strings)
+        anonymized.length > 500 ? anonymized[0..499] : anonymized
+      end
+
+      # Anonymize referer URL
+      #
+      # Strips query parameters and keeps only the path to reduce
+      # tracking potential while maintaining useful navigation data.
+      #
+      # @param referer [String, nil] Referer header value
+      # @return [String, nil] Anonymized referer or nil
+      def anonymize_referer(referer)
+        return nil if referer.nil? || referer.empty?
+
+        begin
+          uri = URI.parse(referer)
+          # Keep scheme, host, and path only (remove query and fragment)
+          if uri.scheme && uri.host
+            "#{uri.scheme}://#{uri.host}#{uri.path}"
+          else
+            uri.path
+          end
+        rescue URI::InvalidURIError
+          # If referer is malformed, return nil
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/otto/privacy.rb

@@ -0,0 +1,31 @@
+# lib/otto/privacy.rb
+#
+# frozen_string_literal: true
+
+require_relative 'privacy/config'
+require_relative 'privacy/ip_privacy'
+require_relative 'privacy/geo_resolver'
+require_relative 'privacy/redacted_fingerprint'
+
+# Otto::Privacy module provides IP address anonymization and privacy features
+#
+# By default, Otto anonymizes IP addresses to enhance user privacy and
+# comply with data protection regulations like GDPR. Original IP addresses
+# are never stored unless privacy is explicitly disabled.
+#
+# Features:
+# - Configurable IP masking (1 or 2 octets for IPv4, 80 or 96 bits for IPv6)
+# - Daily-rotating IP hashing for session correlation without tracking
+# - Geo-location resolution (country-level only, via CloudFlare headers)
+# - User agent anonymization (removes version numbers)
+#
+# Privacy is ENABLED BY DEFAULT. To disable:
+#   otto.disable_ip_privacy!
+#
+# To configure privacy settings:
+#   otto.configure_ip_privacy(octet_precision: 2, geo: true)
+#
+class Otto
+  module Privacy
+  end
+end

data/lib/otto/response_handlers/auto.rb

@@ -1,3 +1,5 @@
+# lib/otto/response_handlers/auto.rb
+#
 # frozen_string_literal: true
 
 require_relative 'base'

data/lib/otto/response_handlers/base.rb

@@ -1,3 +1,5 @@
+# lib/otto/response_handlers/base.rb
+#
 # frozen_string_literal: true
 
 class Otto

data/lib/otto/response_handlers/default.rb

@@ -1,3 +1,5 @@
+# lib/otto/response_handlers/default.rb
+#
 # frozen_string_literal: true
 
 require_relative 'base'

data/lib/otto/response_handlers/factory.rb

@@ -1,3 +1,5 @@
+# lib/otto/response_handlers/factory.rb
+#
 # frozen_string_literal: true
 
 require_relative 'json'

data/lib/otto/response_handlers/json.rb

@@ -1,3 +1,5 @@
+# lib/otto/response_handlers/json.rb
+#
 # frozen_string_literal: true
 
 require_relative 'base'

data/lib/otto/response_handlers/redirect.rb

@@ -1,3 +1,5 @@
+# lib/otto/response_handlers/redirect.rb
+#
 # frozen_string_literal: true
 
 require_relative 'base'

data/lib/otto/response_handlers/view.rb

@@ -1,3 +1,5 @@
+# lib/otto/response_handlers/view.rb
+#
 # frozen_string_literal: true
 
 require_relative 'base'