rhales 0.3.0

data/lib/rhales/adapters/base_auth.rb

@@ -0,0 +1,106 @@
+# lib/rhales/adapters/base_auth.rb
+
+module Rhales
+  module Adapters
+    # Base authentication adapter interface
+    #
+    # Defines the contract that authentication adapters must implement
+    # to work with Rhales. This allows the library to work with any
+    # authentication system by implementing this interface.
+    class BaseAuth
+      # Check if user is anonymous
+      def anonymous?
+        raise NotImplementedError, 'Subclasses must implement #anonymous?'
+      end
+
+      # Get user's theme preference
+      def theme_preference
+        raise NotImplementedError, 'Subclasses must implement #theme_preference'
+      end
+
+      # Get user identifier (optional)
+      def user_id
+        nil
+      end
+
+      # Get user display name (optional)
+      def display_name
+        nil
+      end
+
+      # Check if user has specific role/permission (optional)
+      def role?(*)
+        raise NotImplementedError, 'Subclasses must implement #role?'
+      end
+
+      # Get user attributes as hash (optional)
+      def attributes
+        {}
+      end
+
+      class << self
+        # Create anonymous user instance
+        def anonymous
+          new
+        end
+      end
+    end
+
+    # Default implementation for anonymous users
+    class AnonymousAuth < BaseAuth
+      def anonymous?
+        true
+      end
+
+      def theme_preference
+        'light'
+      end
+
+      def user_id
+        nil
+      end
+
+      def role?(*)
+        false
+      end
+
+      def display_name
+        'Anonymous'
+      end
+    end
+
+    # Example authenticated user implementation
+    class AuthenticatedAuth < BaseAuth
+      attr_reader :user_data
+
+      def initialize(user_data = {})
+        @user_data = user_data
+      end
+
+      def anonymous?
+        false
+      end
+
+      def theme_preference
+        @user_data[:theme] || @user_data['theme'] || 'light'
+      end
+
+      def user_id
+        @user_data[:id] || @user_data['id']
+      end
+
+      def display_name
+        @user_data[:name] || @user_data['name'] || 'User'
+      end
+
+      def role?(role)
+        roles = @user_data[:roles] || @user_data['roles'] || []
+        roles.include?(role) || roles.include?(role.to_s)
+      end
+
+      def attributes
+        @user_data
+      end
+    end
+  end
+end

data/lib/rhales/adapters/base_request.rb

@@ -0,0 +1,97 @@
+# lib/rhales/adapters/base_request.rb
+
+module Rhales
+  module Adapters
+    # Base request adapter interface
+    #
+    # Defines the contract that request adapters must implement
+    # to work with Rhales. This allows the library to work with any
+    # web framework by implementing this interface.
+    class BaseRequest
+      # Get request path
+      def path
+        raise NotImplementedError, 'Subclasses must implement #path'
+      end
+
+      # Get request method
+      def method
+        raise NotImplementedError, 'Subclasses must implement #method'
+      end
+
+      # Get client IP
+      def ip
+        raise NotImplementedError, 'Subclasses must implement #ip'
+      end
+
+      # Get request parameters
+      def params
+        raise NotImplementedError, 'Subclasses must implement #params'
+      end
+
+      # Get request environment
+      def env
+        raise NotImplementedError, 'Subclasses must implement #env'
+      end
+    end
+
+    # Simple request adapter for framework integration
+    class SimpleRequest < BaseRequest
+      attr_reader :request_path, :request_method, :client_ip, :request_params, :request_env
+
+      def initialize(path: '/', method: 'GET', ip: '127.0.0.1', params: {}, env: {})
+        @request_path = path
+        @request_method = method
+        @client_ip = ip
+        @request_params = params
+        @request_env = env
+      end
+
+      def path
+        @request_path
+      end
+
+      def method
+        @request_method
+      end
+
+      def ip
+        @client_ip
+      end
+
+      def params
+        @request_params
+      end
+
+      def env
+        @request_env
+      end
+    end
+
+    # Framework request adapter wrapper
+    class FrameworkRequest < BaseRequest
+      def initialize(framework_request)
+        @framework_request = framework_request
+      end
+
+      def path
+        @framework_request.path
+      end
+
+      def method
+        @framework_request.request_method
+      end
+
+      def ip
+        @framework_request.ip
+      end
+
+      def params
+        @framework_request.params
+      end
+
+      def env
+        @framework_request.env
+      end
+    end
+  end
+end

data/lib/rhales/adapters/base_session.rb

@@ -0,0 +1,93 @@
+# lib/rhales/adapters/base_session.rb
+
+module Rhales
+  module Adapters
+    # Base session adapter interface
+    #
+    # Defines the contract that session adapters must implement
+    # to work with Rhales. This allows the library to work with any
+    # session management system.
+    class BaseSession
+      # Check if session is authenticated
+      def authenticated?
+        raise NotImplementedError, 'Subclasses must implement #authenticated?'
+      end
+
+      # Get session identifier
+      def session_id
+        nil
+      end
+
+      # Get session data
+      def data
+        {}
+      end
+
+      # Check if session is valid/active
+      def valid?
+        true
+      end
+
+      # Get session creation time
+      def created_at
+        nil
+      end
+
+      # Get last access time
+      def last_accessed_at
+        nil
+      end
+    end
+
+    # Default implementation for anonymous sessions
+    class AnonymousSession < BaseSession
+      def authenticated?
+        false
+      end
+
+      def session_id
+        'anonymous'
+      end
+
+      def valid?
+        true
+      end
+    end
+
+    # Example authenticated session implementation
+    class AuthenticatedSession < BaseSession
+      attr_reader :session_data
+
+      def initialize(session_data = {})
+        @session_data = session_data
+      end
+
+      def authenticated?
+        !@session_data.empty? && valid?
+      end
+
+      def session_id
+        @session_data[:id] || @session_data['id']
+      end
+
+      def data
+        @session_data
+      end
+
+      def valid?
+        return false unless @session_data[:created_at] || @session_data['created_at']
+
+        # Add session validation logic here (expiry, etc.)
+        true
+      end
+
+      def created_at
+        @session_data[:created_at] || @session_data['created_at']
+      end
+
+      def last_accessed_at
+        @session_data[:last_accessed_at] || @session_data['last_accessed_at']
+      end
+    end
+  end
+end

data/lib/rhales/configuration.rb

@@ -0,0 +1,156 @@
+# lib/rhales/configuration.rb
+
+module Rhales
+  # Configuration management for Rhales library
+  #
+  # Provides a clean, testable alternative to global configuration access.
+  # Supports block-based configuration typical of Ruby gems and dependency injection.
+  #
+  # Usage:
+  #   Rhales.configure do |config|
+  #     config.default_locale = 'en'
+  #     config.template_paths = ['app/templates', 'lib/templates']
+  #     config.features = { account_creation: true }
+  #   end
+  class Configuration
+    # Core application settings
+    attr_accessor :default_locale, :app_environment, :development_enabled
+
+    # Template settings
+    attr_accessor :template_paths, :template_root, :cache_templates
+
+    # Security settings
+    attr_accessor :csrf_token_name, :nonce_header_name, :csp_enabled, :csp_policy, :auto_nonce
+
+    # Feature flags
+    attr_accessor :features
+
+    # Site configuration
+    attr_accessor :site_host, :site_ssl_enabled, :api_base_url
+
+    # Performance settings
+    attr_accessor :cache_parsed_templates, :cache_ttl
+
+    def initialize
+      # Set sensible defaults
+      @default_locale         = 'en'
+      @app_environment        = 'development'
+      @development_enabled    = false
+      @template_paths         = []
+      @cache_templates        = true
+      @csrf_token_name        = 'csrf_token'
+      @nonce_header_name      = 'nonce'
+      @csp_enabled            = true
+      @auto_nonce             = true
+      @csp_policy             = default_csp_policy
+      @features               = {}
+      @site_ssl_enabled       = false
+      @cache_parsed_templates = true
+      @cache_ttl              = 3600 # 1 hour
+    end
+
+    # Build API base URL from site configuration
+    def api_base_url
+      return @api_base_url if @api_base_url
+
+      return nil unless @site_host
+
+      protocol = @site_ssl_enabled ? 'https' : 'http'
+      "#{protocol}://#{@site_host}/api"
+    end
+
+    # Check if development mode is enabled
+    def development?
+      @development_enabled || @app_environment == 'development'
+    end
+
+    # Check if production mode
+    def production?
+      @app_environment == 'production'
+    end
+
+    # Default CSP policy with secure defaults
+    def default_csp_policy
+      {
+        'default-src' => ["'self'"],
+        'script-src' => ["'self'", "'nonce-{{nonce}}'"],
+        'style-src' => ["'self'", "'nonce-{{nonce}}'", "'unsafe-hashes'"],
+        'img-src' => ["'self'", 'data:'],
+        'font-src' => ["'self'"],
+        'connect-src' => ["'self'"],
+        'base-uri' => ["'self'"],
+        'form-action' => ["'self'"],
+        'frame-ancestors' => ["'none'"],
+        'object-src' => ["'none'"],
+        'media-src' => ["'self'"],
+        'worker-src' => ["'self'"],
+        'manifest-src' => ["'self'"],
+        'prefetch-src' => ["'self'"],
+        'upgrade-insecure-requests' => []
+      }.freeze
+    end
+
+    # Get feature flag value
+    def feature_enabled?(feature_name)
+      @features[feature_name] || @features[feature_name.to_s] || false
+    end
+
+    # Validate configuration
+    def validate!
+      errors = []
+
+      # Validate locale
+      if @default_locale.nil? || @default_locale.empty?
+        errors << 'default_locale cannot be empty'
+      end
+
+      # Validate template paths exist if specified
+      @template_paths.each do |path|
+        unless Dir.exist?(path)
+          errors << "Template path does not exist: #{path}"
+        end
+      end
+
+      # Validate cache TTL
+      if @cache_ttl && @cache_ttl <= 0
+        errors << 'cache_ttl must be positive'
+      end
+
+      raise ConfigurationError, "Configuration errors: #{errors.join(', ')}" unless errors.empty?
+    end
+
+    # Deep freeze configuration to prevent modification after setup
+    def freeze!
+      @features.freeze
+      @template_paths.freeze
+      freeze
+    end
+
+    class ConfigurationError < StandardError; end
+  end
+
+  class << self
+    # Global configuration instance
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    # Configure Rhales with block
+    def configure
+      yield(configuration) if block_given?
+      configuration.validate!
+      configuration.freeze!
+      configuration
+    end
+
+    # Reset configuration (useful for testing)
+    def reset_configuration!
+      @configuration = nil
+    end
+
+    # Shorthand access to configuration
+    def config
+      configuration
+    end
+  end
+end

data/lib/rhales/context.rb

@@ -0,0 +1,240 @@
+# lib/rhales/context.rb
+
+require_relative 'configuration'
+require_relative 'adapters/base_auth'
+require_relative 'adapters/base_session'
+require_relative 'adapters/base_request'
+require_relative 'csp'
+
+module Rhales
+    # RSFCContext provides a clean interface for RSFC templates to access
+    # server-side data. Follows the established pattern from InitScriptContext
+    # and EnvironmentContext for focused, single-responsibility context objects.
+    #
+    # The context provides two layers of data:
+    # 1. App: Framework-provided data (CSRF tokens, authentication, config)
+    # 2. Props: Application data passed to the view (user, content, features)
+    #
+    # App data is accessible as both direct variables and through the app.* namespace.
+    # Props take precedence over app data for variable resolution.
+    #
+    # One RSFCContext instance is created per page render and shared across
+    # the main template and all partials to maintain security boundaries.
+    class Context
+      attr_reader :req, :sess, :cust, :locale, :props, :config, :app_data
+
+      def initialize(req, sess = nil, cust = nil, locale_override = nil, props: {}, config: nil)
+        @req           = req
+        @sess          = sess || default_session
+        @cust          = cust || default_customer
+        @config        = config || Rhales.configuration
+        @locale        = locale_override || @config.default_locale
+
+        # Normalize props keys to strings for consistent access
+        @props = normalize_keys(props).freeze
+
+        # Build context layers (two-layer model: app + props)
+        @app_data = build_app_data.freeze
+
+        # Pre-compute all_data before freezing
+        # Props take precedence over app data, and add app namespace
+        @all_data = @app_data.merge(@props).merge({ 'app' => @app_data }).freeze
+
+        # Make context immutable after creation
+        freeze
+      end
+
+      # Get variable value with dot notation support (e.g., "user.id", "features.account_creation")
+      def get(variable_path)
+        path_parts    = variable_path.split('.')
+        current_value = all_data
+
+        path_parts.each do |part|
+          case current_value
+          when Hash
+            if current_value.key?(part)
+              current_value = current_value[part]
+            elsif current_value.key?(part.to_sym)
+              current_value = current_value[part.to_sym]
+            else
+              return nil
+            end
+          when Object
+            if current_value.respond_to?(part)
+              current_value = current_value.public_send(part)
+            elsif current_value.respond_to?("#{part}?")
+              current_value = current_value.public_send("#{part}?")
+            else
+              return nil
+            end
+          else
+            return nil
+          end
+
+          return nil if current_value.nil?
+        end
+
+        current_value
+      end
+
+      # Get all available data (runtime + business + computed)
+      attr_reader :all_data
+
+      # Check if variable exists
+      def variable?(variable_path)
+        !get(variable_path).nil?
+      end
+
+      # Get list of all available variable paths (for validation)
+      def available_variables
+        collect_variable_paths(all_data)
+      end
+
+      # Resolve variable (alias for get method for hydrator compatibility)
+      def resolve_variable(variable_path)
+        get(variable_path)
+      end
+
+    private
+
+
+      # Build consolidated app data (replaces runtime_data + computed_data)
+      def build_app_data
+        app = {}
+
+        # Request context (from current runtime_data)
+        if req && req.respond_to?(:env) && req.env
+          app['csrf_token'] = req.env.fetch(@config.csrf_token_name, nil)
+          app['nonce'] = get_or_generate_nonce
+          app['request_id'] = req.env.fetch('request_id', nil)
+          app['domain_strategy'] = req.env.fetch('domain_strategy', :default)
+          app['display_domain'] = req.env.fetch('display_domain', nil)
+        else
+          # Generate nonce even without request if CSP is enabled
+          app['nonce'] = get_or_generate_nonce
+        end
+
+        # Configuration (from both layers)
+        app['environment'] = @config.app_environment
+        app['api_base_url'] = @config.api_base_url
+        app['features'] = @config.features
+        app['development'] = @config.development?
+
+        # Authentication & UI (from current computed_data)
+        app['authenticated'] = authenticated?
+        app['theme_class'] = determine_theme_class
+
+        app
+      end
+
+      # Build API base URL from configuration (deprecated - moved to config)
+      def build_api_base_url
+        @config.api_base_url
+      end
+
+      # Determine theme class for CSS
+      def determine_theme_class
+        # Default theme logic - can be overridden by business data
+        if props['theme']
+          "theme-#{props['theme']}"
+        elsif cust && cust.respond_to?(:theme_preference)
+          "theme-#{cust.theme_preference}"
+        else
+          'theme-light'
+        end
+      end
+
+      # Check if user is authenticated
+      def authenticated?
+        sess && sess.authenticated? && cust && !cust.anonymous?
+      end
+
+      # Get default session instance
+      def default_session
+        Rhales::Adapters::AnonymousSession.new
+      end
+
+      # Get default customer instance
+      def default_customer
+        Rhales::Adapters::AnonymousAuth.new
+      end
+
+      # Normalize hash keys to strings recursively
+      def normalize_keys(data)
+        case data
+        when Hash
+          data.each_with_object({}) do |(key, value), result|
+            result[key.to_s] = normalize_keys(value)
+          end
+        when Array
+          data.map { |item| normalize_keys(item) }
+        else
+          data
+        end
+      end
+
+      # Recursively collect all variable paths from nested data
+      def collect_variable_paths(data, prefix = '')
+        paths = []
+
+        case data
+        when Hash
+          data.each do |key, value|
+            current_path = prefix.empty? ? key.to_s : "#{prefix}.#{key}"
+            paths << current_path
+
+            if value.is_a?(Hash) || value.is_a?(Object)
+              paths.concat(collect_variable_paths(value, current_path))
+            end
+          end
+        when Object
+          # For objects, collect method names that look like attributes
+          data.public_methods(false).each do |method|
+            method_name = method.to_s
+            next if method_name.end_with?('=') # Skip setters
+            next if method_name.start_with?('_') # Skip private-ish methods
+
+            current_path = prefix.empty? ? method_name : "#{prefix}.#{method_name}"
+            paths << current_path
+          end
+        end
+
+        paths
+      end
+
+      # Get or generate nonce for CSP
+      def get_or_generate_nonce
+        # Try to get existing nonce from request env
+        if req && req.respond_to?(:env) && req.env
+          existing_nonce = req.env.fetch(@config.nonce_header_name, nil)
+          return existing_nonce if existing_nonce
+        end
+
+        # Generate new nonce if auto_nonce is enabled or CSP is enabled
+        return CSP.generate_nonce if @config.auto_nonce || (@config.csp_enabled && csp_nonce_required?)
+
+        # Return nil if nonce is not needed
+        nil
+      end
+
+      # Check if CSP policy requires nonce
+      def csp_nonce_required?
+        return false unless @config.csp_enabled
+
+        csp = CSP.new(@config)
+        csp.nonce_required?
+      end
+
+      class << self
+        # Create context with business data for a specific view
+        def for_view(req, sess, cust, locale, config: nil, **props)
+          new(req, sess, cust, locale, props: props, config: config)
+        end
+
+        # Create minimal context for testing
+        def minimal(props: {}, config: nil)
+          new(nil, nil, nil, 'en', props: props, config: config)
+        end
+      end
+  end
+end