otto 2.0.0.pre3 → 2.0.0.pre8

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: otto
 version: !ruby/object:Gem::Version
-  version: 2.0.0.pre3
+  version: 2.0.0.pre8
 platform: ruby
 authors:
 - Delano Mandelbaum
@@ -10,12 +10,12 @@ cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: ipaddr
+  name: concurrent-ruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '1.3'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
@@ -25,17 +25,17 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '1.3'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: concurrent-ruby
+  name: ipaddr
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
@@ -45,7 +45,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
@@ -107,16 +107,16 @@ dependencies:
   name: rexml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.6
+        version: '3.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.6
+        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: facets
   requirement: !ruby/object:Gem::Requirement
@@ -155,9 +155,11 @@ files:
 - ".github/workflows/ci.yml"
 - ".github/workflows/claude-code-review.yml"
 - ".github/workflows/claude.yml"
+- ".github/workflows/code-smells.yml"
 - ".gitignore"
 - ".pre-commit-config.yaml"
 - ".pre-push-config.yaml"
+- ".reek.yml"
 - ".rspec"
 - ".rubocop.yml"
 - CHANGELOG.rst
@@ -166,10 +168,7 @@ files:
 - Gemfile.lock
 - LICENSE.txt
 - README.md
-- benchmark_middleware_wrap.rb
 - bin/rspec
-- changelog.d/20251014_144317_delano_54_thats_a_wrapper.rst
-- changelog.d/20251014_161526_delano_54_thats_a_wrapper.rst
 - changelog.d/README.md
 - changelog.d/scriv.ini
 - docs/.gitignore
@@ -217,10 +216,13 @@ files:
 - examples/authentication_strategies/app/controllers/main_controller.rb
 - examples/authentication_strategies/config.ru
 - examples/authentication_strategies/routes
+- examples/backtrace_sanitization_demo.rb
 - examples/basic/README.md
 - examples/basic/app.rb
 - examples/basic/config.ru
 - examples/basic/routes
+- examples/error_handler_registration.rb
+- examples/logging_improvements.rb
 - examples/mcp_demo/README.md
 - examples/mcp_demo/app.rb
 - examples/mcp_demo/config.ru
@@ -229,6 +231,7 @@ files:
 - examples/security_features/app.rb
 - examples/security_features/config.ru
 - examples/security_features/routes
+- examples/simple_geo_resolver.rb
 - lib/otto.rb
 - lib/otto/core.rb
 - lib/otto/core/configuration.rb
@@ -245,7 +248,10 @@ files:
 - lib/otto/helpers/request.rb
 - lib/otto/helpers/response.rb
 - lib/otto/helpers/validation.rb
+- lib/otto/locale.rb
 - lib/otto/locale/config.rb
+- lib/otto/locale/middleware.rb
+- lib/otto/logging_helpers.rb
 - lib/otto/mcp.rb
 - lib/otto/mcp/auth/token.rb
 - lib/otto/mcp/protocol.rb
@@ -281,12 +287,16 @@ files:
 - lib/otto/security/authentication/auth_failure.rb
 - lib/otto/security/authentication/auth_strategy.rb
 - lib/otto/security/authentication/route_auth_wrapper.rb
+- lib/otto/security/authentication/route_auth_wrapper/response_builder.rb
+- lib/otto/security/authentication/route_auth_wrapper/role_authorization.rb
+- lib/otto/security/authentication/route_auth_wrapper/strategy_resolver.rb
 - lib/otto/security/authentication/strategies/api_key_strategy.rb
 - lib/otto/security/authentication/strategies/noauth_strategy.rb
 - lib/otto/security/authentication/strategies/permission_strategy.rb
 - lib/otto/security/authentication/strategies/role_strategy.rb
 - lib/otto/security/authentication/strategies/session_strategy.rb
 - lib/otto/security/authentication/strategy_result.rb
+- lib/otto/security/authorization_error.rb
 - lib/otto/security/config.rb
 - lib/otto/security/configurator.rb
 - lib/otto/security/csrf.rb
@@ -325,7 +335,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 3.7.2
 specification_version: 4
 summary: Auto-define your rack-apps in plaintext.
 test_files: []

data/benchmark_middleware_wrap.rb

@@ -1,163 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-# Benchmark to measure real-world Otto performance with actual routes and middleware
-# Usage: ruby benchmark_middleware_wrap.rb
-
-require 'bundler/setup'
-require 'benchmark'
-require 'stringio'
-require 'tempfile'
-
-require_relative 'lib/otto'
-
-REQUEST_COUNT = 50_000
-MIDDLEWARE_COUNT = 40
-
-# Create a temporary routes file
-routes_content = <<~ROUTES
-  GET / TestApp.index
-  GET /users/:id TestApp.show
-  POST /users TestApp.create
-  GET /health TestApp.health
-ROUTES
-
-routes_file = Tempfile.new(['routes', '.txt'])
-routes_file.write(routes_content)
-routes_file.close
-
-# Define test application
-class TestApp
-  def self.index(_env, _params = {})
-    [200, { 'Content-Type' => 'text/html' }, ['Welcome']]
-  end
-
-  def self.show(env, params = {})
-    user_id = params[:id] || env.dig('otto.params', :id) || '123'
-    [200, { 'Content-Type' => 'text/html' }, ["User #{user_id}"]]
-  end
-
-  def self.create(_env, _params = {})
-    [201, { 'Content-Type' => 'application/json' }, ['{"id": 123}']]
-  end
-
-  def self.health(_env, _params = {})
-    [200, { 'Content-Type' => 'text/plain' }, ['OK']]
-  end
-end
-
-# Create real Rack middleware
-class BenchmarkMiddleware
-  def initialize(app, _config = nil)
-    @app = app
-  end
-
-  def call(env)
-    @app.call(env)
-  end
-end
-
-# Create Otto instance with real configuration
-otto = Otto.new(routes_file.path)
-
-# Add real Otto security middleware
-otto.enable_csrf_protection!
-otto.enable_request_validation!
-
-# Add custom middleware to reach target count
-current_count = otto.middleware.size
-(MIDDLEWARE_COUNT - current_count).times do
-  otto.use(Class.new(BenchmarkMiddleware))
-end
-
-# Suppress error logging for benchmark
-Otto.logger.level = Logger::FATAL
-
-puts "\n" + ("=" * 70)
-puts "Otto Performance Benchmark"
-puts ("=" * 70)
-puts "Configuration:"
-puts "  Routes:     #{otto.instance_variable_get(:@route_definitions).size}"
-actual_app = otto.instance_variable_get(:@app)
-puts "  Middleware: #{otto.middleware.size} (#{MIDDLEWARE_COUNT} total in stack, app built: #{!actual_app.nil?})"
-puts "  Requests:   #{REQUEST_COUNT.to_s.reverse.gsub(/(\d{3})(?=\d)/, '\\1,').reverse}"
-puts ("=" * 70)
-
-# Create realistic Rack environments for different routes
-def make_env(method, path)
-  {
-    'REQUEST_METHOD' => method,
-    'PATH_INFO' => path,
-    'QUERY_STRING' => '',
-    'SERVER_NAME' => 'example.com',
-    'SERVER_PORT' => '80',
-    'rack.version' => [1, 3],
-    'rack.url_scheme' => 'http',
-    'rack.input' => StringIO.new,
-    'rack.errors' => StringIO.new,
-    'rack.multithread' => false,
-    'rack.multiprocess' => true,
-    'rack.run_once' => false,
-    'REMOTE_ADDR' => '192.168.1.100',
-    'HTTP_USER_AGENT' => 'Benchmark/1.0',
-    'rack.session' => {}
-  }
-end
-
-# Test different routes
-routes = [
-  ['GET', '/'],
-  ['GET', '/users/123'],
-  ['POST', '/users'],
-  ['GET', '/health']
-]
-
-# Warmup
-puts "\nWarming up (1,000 requests)..."
-1_000.times do |i|
-  method, path = routes[i % routes.size]
-  env = make_env(method, path)
-  otto.call(env)
-end
-
-puts "\n" + ("=" * 70)
-puts "Running benchmark..."
-puts ("=" * 70)
-
-# Benchmark
-result = Benchmark.measure do
-  REQUEST_COUNT.times do |i|
-    method, path = routes[i % routes.size]
-    env = make_env(method, path)
-    otto.call(env)
-  end
-end
-
-total_time = result.real
-per_request = (total_time / REQUEST_COUNT * 1_000_000).round(2)
-requests_per_sec = (REQUEST_COUNT / total_time).round(0)
-
-puts "\nResults:"
-puts ("=" * 70)
-puts "  Total time:        #{(total_time * 1000).round(2)}ms"
-puts "  Time per request:  #{per_request}µs"
-puts "  Requests/sec:      #{requests_per_sec.to_s.reverse.gsub(/(\d{3})(?=\d)/, '\\1,').reverse}"
-puts ("=" * 70)
-
-# Performance analysis
-puts "\nPerformance Analysis:"
-if per_request < 20
-  puts "  ✓ Excellent performance (< 20µs per request)"
-elsif per_request < 50
-  puts "  ✓ Good performance (< 50µs per request)"
-elsif per_request < 100
-  puts "  ~ Acceptable performance (< 100µs per request)"
-else
-  puts "  ⚠ May need optimization (#{per_request}µs per request)"
-end
-
-puts "\nMiddleware overhead: ~#{((per_request - 2.5) / MIDDLEWARE_COUNT).round(3)}µs per middleware"
-puts
-
-# Cleanup
-routes_file.unlink

data/changelog.d/20251014_144317_delano_54_thats_a_wrapper.rst

@@ -1,36 +0,0 @@
-Changed
--------
-
-- Authentication now handled by RouteAuthWrapper at handler level instead of middleware
-- RouteAuthWrapper enhanced with session persistence, security headers, strategy caching, and sophisticated pattern matching
-- env['otto.strategy_result'] now GUARANTEED to be present on all routes (authenticated or anonymous)
-- RouteAuthWrapper now wraps all route handlers, not just routes with auth requirements
-
-Removed
--------
-
-- Removed AuthenticationMiddleware (architecturally broken - executed before routing)
-- Removed enable_authentication! (no longer needed - RouteAuthWrapper handles auth automatically)
-- Removed defensive nil fallback from LogicClassHandler (no longer needed)
-
-Fixed
------
-
-- Session persistence now works correctly (env['rack.session'] references same object as strategy_result.session)
-- Security headers now included on all authentication failure responses (401/302)
-- Strategy lookups now cached for performance
-- env['otto.strategy_result'] is now guaranteed to be present (anonymous StrategyResult for public routes)
-- Routes without auth requirements now get anonymous StrategyResult with IP metadata
-
-Security
---------
-
-- Authentication strategies now execute after routing when route_definition is available
-- Supports exact match, prefix match (role:admin), and fallback patterns for strategies
-
-Documentation
--------------
-
-- Updated CLAUDE.md with RouteAuthWrapper architecture overview
-- Updated env_keys.rb to document guaranteed presence of strategy_result
-- Added comprehensive tests for anonymous route handling

data/changelog.d/20251014_161526_delano_54_thats_a_wrapper.rst

@@ -1,5 +0,0 @@
-Changed
--------
-
-- Renamed MiddlewareStack#build_app to #wrap to better reflect per-request behavior
-  (wraps base app in middleware layers on each request, not a one-time initialization)