rhales 0.4.0 → 0.5.3

data/examples/dashboard-with-charts.rue

@@ -0,0 +1,271 @@
+<!-- examples/dashboard-with-charts.rue -->
+
+<!--
+  Example: Dashboard with Complex Data Hydration
+
+  This demonstrates:
+  - Complex nested data structures with Zod v4 schema
+  - Arrays and objects for chart data
+  - Conditional rendering based on data availability
+  - Integration with client-side charting libraries
+  - Proper separation of client vs server data
+-->
+
+<schema lang="js-zod" window="dashboardData">
+const schema = z.object({
+  user: z.object({
+    id: z.number(),
+    name: z.string(),
+    role: z.enum(['admin', 'user', 'guest'])
+  }),
+  stats: z.object({
+    totalUsers: z.number(),
+    activeUsers: z.number(),
+    revenue: z.number(),
+    growth: z.number()
+  }),
+  chartData: z.object({
+    labels: z.array(z.string()),
+    datasets: z.array(z.object({
+      label: z.string(),
+      data: z.array(z.number()),
+      backgroundColor: z.string().optional(),
+      borderColor: z.string().optional()
+    }))
+  }),
+  recentActivity: z.array(z.object({
+    id: z.number(),
+    user: z.string(),
+    action: z.string(),
+    timestamp: z.number()
+  })),
+  permissions: z.object({
+    canEdit: z.boolean(),
+    canDelete: z.boolean(),
+    canExport: z.boolean()
+  })
+});
+</schema>
+
+<template>
+<!DOCTYPE html>
+<html lang="{{request.locale}}">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>{{server.pageTitle}}</title>
+  <style>
+    body { font-family: system-ui, sans-serif; margin: 0; padding: 20px; background: #f5f5f5; }
+    .header { display: flex; justify-content: space-between; align-items: center; margin-bottom: 2rem; }
+    .stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1rem; margin-bottom: 2rem; }
+    .stat-card { background: white; padding: 1.5rem; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); }
+    .stat-value { font-size: 2rem; font-weight: bold; color: #0066cc; }
+    .stat-label { color: #666; margin-top: 0.5rem; }
+    .chart-container { background: white; padding: 1.5rem; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); margin-bottom: 2rem; }
+    .activity-list { background: white; padding: 1.5rem; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); }
+    .activity-item { padding: 1rem; border-bottom: 1px solid #eee; }
+    .activity-item:last-child { border-bottom: none; }
+    .actions { display: flex; gap: 0.5rem; }
+    .btn { padding: 0.5rem 1rem; border: none; border-radius: 4px; cursor: pointer; font-size: 0.875rem; }
+    .btn-primary { background: #0066cc; color: white; }
+    .btn-danger { background: #dc3545; color: white; }
+    .btn:disabled { opacity: 0.5; cursor: not-allowed; }
+  </style>
+  <!-- Chart.js for visualization -->
+  <script src="https://cdn.jsdelivr.net/npm/chart.js@4.4.0/dist/chart.umd.min.js"></script>
+</head>
+<body>
+  <div class="header">
+    <div>
+      <h1>{{server.pageTitle}}</h1>
+      <p>Welcome back, {{client.user.name}} ({{client.user.role}})</p>
+    </div>
+    <div class="actions">
+      {{#if client.permissions.canExport}}
+        <button class="btn btn-primary" onclick="exportData()">Export Data</button>
+      {{/if}}
+    </div>
+  </div>
+
+  <!-- Stats Overview -->
+  <div class="stats-grid">
+    <div class="stat-card">
+      <div class="stat-value">{{client.stats.totalUsers}}</div>
+      <div class="stat-label">Total Users</div>
+    </div>
+    <div class="stat-card">
+      <div class="stat-value">{{client.stats.activeUsers}}</div>
+      <div class="stat-label">Active Users</div>
+    </div>
+    <div class="stat-card">
+      <div class="stat-value">${{client.stats.revenue}}</div>
+      <div class="stat-label">Revenue</div>
+    </div>
+    <div class="stat-card">
+      <div class="stat-value">{{client.stats.growth}}%</div>
+      <div class="stat-label">Growth</div>
+    </div>
+  </div>
+
+  <!-- Chart -->
+  <div class="chart-container">
+    <h2>Activity Over Time</h2>
+    <canvas id="activityChart"></canvas>
+  </div>
+
+  <!-- Recent Activity -->
+  <div class="activity-list">
+    <h2>Recent Activity</h2>
+    {{#if client.recentActivity}}
+      {{#each client.recentActivity}}
+        <div class="activity-item">
+          <strong>{{user}}</strong> {{action}}
+          <span style="color: #666; font-size: 0.875rem;">
+            ({{@index}} items ago)
+          </span>
+          {{#if ../client.permissions.canDelete}}
+            <button class="btn btn-danger" onclick="deleteActivity({{id}})">Delete</button>
+          {{/if}}
+        </div>
+      {{/each}}
+    {{else}}
+      <p>No recent activity</p>
+    {{/if}}
+  </div>
+
+  <!-- Client-side JavaScript -->
+  <script nonce="{{request.nonce}}">
+    // Access hydrated dashboard data
+    const data = window.dashboardData;
+
+    // Initialize chart with hydrated data
+    const ctx = document.getElementById('activityChart').getContext('2d');
+    const chart = new Chart(ctx, {
+      type: 'line',
+      data: {
+        labels: data.chartData.labels,
+        datasets: data.chartData.datasets
+      },
+      options: {
+        responsive: true,
+        plugins: {
+          legend: { position: 'top' }
+        },
+        scales: {
+          y: { beginAtZero: true }
+        }
+      }
+    });
+
+    // Export function (only available if user has permission)
+    function exportData() {
+      const csv = generateCSV(data.recentActivity);
+      downloadCSV(csv, 'dashboard-export.csv');
+      console.log('Data exported by user:', data.user.name);
+    }
+
+    function generateCSV(activities) {
+      const headers = ['ID', 'User', 'Action', 'Timestamp'];
+      const rows = activities.map(a => [a.id, a.user, a.action, a.timestamp]);
+      return [headers, ...rows].map(row => row.join(',')).join('\n');
+    }
+
+    function downloadCSV(csv, filename) {
+      const blob = new Blob([csv], { type: 'text/csv' });
+      const url = URL.createObjectURL(blob);
+      const a = document.createElement('a');
+      a.href = url;
+      a.download = filename;
+      a.click();
+      URL.revokeObjectURL(url);
+    }
+
+    // Delete function (only available if user has permission)
+    function deleteActivity(id) {
+      if (!data.permissions.canDelete) {
+        alert('You do not have permission to delete activities');
+        return;
+      }
+
+      if (confirm('Are you sure you want to delete this activity?')) {
+        fetch(`/api/activities/${id}`, {
+          method: 'DELETE',
+          headers: {
+            'Content-Type': 'application/json',
+            'X-CSRF-Token': '{{request.csrf_token}}'
+          }
+        })
+        .then(r => r.json())
+        .then(result => {
+          console.log('Activity deleted:', id);
+          location.reload();
+        })
+        .catch(err => console.error('Delete failed:', err));
+      }
+    }
+  </script>
+</body>
+</html>
+</template>
+
+<logic>
+# Dashboard with Charts Example
+#
+# Backend Usage (Ruby):
+#
+# view = Rhales::View.new(
+#   request,
+#   client: {
+#     user: {
+#       id: current_user.id,
+#       name: current_user.name,
+#       role: current_user.role
+#     },
+#     stats: {
+#       totalUsers: User.count,
+#       activeUsers: User.active.count,
+#       revenue: Order.total_revenue,
+#       growth: Analytics.growth_percentage
+#     },
+#     chartData: {
+#       labels: last_7_days.map(&:to_s),
+#       datasets: [
+#         {
+#           label: 'Active Users',
+#           data: last_7_days.map { |date| User.active_on(date).count },
+#           backgroundColor: 'rgba(54, 162, 235, 0.2)',
+#           borderColor: 'rgba(54, 162, 235, 1)'
+#         }
+#       ]
+#     },
+#     recentActivity: Activity.recent(10).map { |a|
+#       {
+#         id: a.id,
+#         user: a.user.name,
+#         action: a.action_description,
+#         timestamp: a.created_at.to_i
+#       }
+#     },
+#     permissions: {
+#       canEdit: current_user.can?(:edit),
+#       canDelete: current_user.can?(:delete),
+#       canExport: current_user.can?(:export)
+#     }
+#   },
+#   server: {
+#     pageTitle: 'Admin Dashboard',
+#     # Server-only data (not sent to client)
+#     internalNotes: 'Premium customer - handle with care',
+#     auditLog: AuditLog.for_user(current_user)
+#   }
+# )
+#
+# html = view.render('dashboard-with-charts')
+#
+# Key Features:
+# - Complex nested data validated with Zod schema
+# - Permission-based UI rendering (buttons only shown if allowed)
+# - Client-side chart initialization with hydrated data
+# - CSRF protection for DELETE requests
+# - Clear separation: sensitive audit logs stay in server layer
+</logic>

data/examples/form-with-validation.rue

@@ -0,0 +1,180 @@
+<!-- examples/form-with-validation.rue -->
+
+<!--
+  Example: Form with CSRF Protection and Client-Side Validation
+
+  This demonstrates:
+  - CSRF token handling for secure form submissions
+  - Schema validation for form configuration
+  - Conditional rendering based on authentication
+  - Client-side validation with hydrated data
+-->
+
+<schema lang="js-zod" window="formData">
+const schema = z.object({
+  formConfig: z.object({
+    action: z.string().url(),
+    method: z.enum(['GET', 'POST', 'PUT', 'PATCH', 'DELETE']),
+    maxLength: z.number(),
+    required: z.array(z.string())
+  }),
+  user: z.object({
+    name: z.string(),
+    email: z.string().email()
+  }).nullable(),
+  validationMessages: z.object({
+    required: z.string(),
+    email: z.string(),
+    maxLength: z.string()
+  })
+});
+</schema>
+
+<template>
+<!DOCTYPE html>
+<html lang="{{request.locale}}">
+<head>
+  <meta charset="utf-8">
+  <title>{{server.pageTitle}}</title>
+  <style>
+    .form-group { margin-bottom: 1rem; }
+    .error { color: red; font-size: 0.875rem; }
+    label { display: block; margin-bottom: 0.25rem; font-weight: bold; }
+    input, textarea { width: 100%; padding: 0.5rem; }
+    button { padding: 0.5rem 1rem; background: #0066cc; color: white; border: none; cursor: pointer; }
+    button:hover { background: #0052a3; }
+  </style>
+</head>
+<body>
+  <h1>{{server.pageTitle}}</h1>
+
+  {{#if request.authenticated?}}
+    <form id="contact-form" action="{{client.formConfig.action}}" method="{{client.formConfig.method}}">
+      <!-- CSRF protection -->
+      <input type="hidden" name="_csrf" value="{{request.csrf_token}}">
+
+      <div class="form-group">
+        <label for="name">Name *</label>
+        <input
+          type="text"
+          id="name"
+          name="name"
+          value="{{client.user.name}}"
+          required
+          maxlength="{{client.formConfig.maxLength}}">
+        <span class="error" id="name-error"></span>
+      </div>
+
+      <div class="form-group">
+        <label for="email">Email *</label>
+        <input
+          type="email"
+          id="email"
+          name="email"
+          value="{{client.user.email}}"
+          required>
+        <span class="error" id="email-error"></span>
+      </div>
+
+      <div class="form-group">
+        <label for="message">Message *</label>
+        <textarea
+          id="message"
+          name="message"
+          rows="5"
+          required
+          maxlength="{{client.formConfig.maxLength}}"></textarea>
+        <span class="error" id="message-error"></span>
+      </div>
+
+      <button type="submit">Send Message</button>
+    </form>
+
+    <!-- Client-side validation using Zod -->
+    <script nonce="{{request.nonce}}">
+      const form = document.getElementById('contact-form');
+      const config = window.formData.formConfig;
+      const messages = window.formData.validationMessages;
+
+      // Define Zod schema for form validation
+      const formSchema = z.object({
+        name: z.string()
+          .min(1, messages.required)
+          .max(config.maxLength, messages.maxLength.replace('{max}', config.maxLength)),
+        email: z.string()
+          .min(1, messages.required)
+          .email(messages.email),
+        message: z.string()
+          .min(1, messages.required)
+          .max(config.maxLength, messages.maxLength.replace('{max}', config.maxLength))
+      });
+
+      form.addEventListener('submit', (e) => {
+        // Clear previous errors
+        document.querySelectorAll('.error').forEach(el => el.textContent = '');
+
+        // Collect form data
+        const formData = {
+          name: form.elements['name'].value,
+          email: form.elements['email'].value,
+          message: form.elements['message'].value
+        };
+
+        // Validate using Zod
+        const result = formSchema.safeParse(formData);
+
+        if (!result.success) {
+          e.preventDefault();
+
+          // Display validation errors
+          result.error.issues.forEach(issue => {
+            const fieldName = issue.path[0];
+            const errorElement = document.getElementById(fieldName + '-error');
+            if (errorElement) {
+              errorElement.textContent = issue.message;
+            }
+          });
+        }
+      });
+    </script>
+  {{else}}
+    <p>Please <a href="/login">log in</a> to submit the form.</p>
+  {{/if}}
+</body>
+</html>
+</template>
+
+<logic>
+# Form with Validation Example
+#
+# Backend Usage (Ruby):
+#
+# view = Rhales::View.new(
+#   request,
+#   client: {
+#     formConfig: {
+#       action: '/api/contact',
+#       method: 'POST',
+#       maxLength: 500,
+#       required: ['name', 'email', 'message']
+#     },
+#     user: current_user ? { name: current_user.name, email: current_user.email } : nil,
+#     validationMessages: {
+#       required: 'This field is required',
+#       email: 'Please enter a valid email address',
+#       maxLength: 'Maximum length is {max} characters'
+#     }
+#   },
+#   server: {
+#     pageTitle: 'Contact Us'
+#   }
+# )
+#
+# html = view.render('form-with-validation')
+#
+# Key Security Features:
+# - CSRF token automatically provided via request.csrf_token
+# - CSP nonce for inline scripts via request.nonce
+# - Schema validation ensures form config matches expected structure
+# - Only safe, public user data (name, email) is sent to client
+</logic>

data/examples/simple-page.rue

@@ -0,0 +1,61 @@
+<!-- examples/simple-page.rue -->
+
+<!--
+  Example: Simple Page - Minimal Rhales Example
+
+  This is the simplest possible Rhales template demonstrating:
+  - Basic schema definition with Zod v4
+  - Simple template with variable interpolation
+  - Three-layer context access (request, server, client)
+
+  Perfect for beginners learning Rhales fundamentals.
+-->
+
+<schema lang="js-zod" window="pageData">
+const schema = z.object({
+  message: z.string(),
+  count: z.number()
+});
+</schema>
+
+<template>
+<!DOCTYPE html>
+<html lang="{{request.locale}}">
+<head>
+  <meta charset="utf-8">
+  <title>{{server.pageTitle}}</title>
+</head>
+<body>
+  <h1>{{client.message}}</h1>
+  <p>Count: {{client.count}}</p>
+
+  <!-- Access hydrated data in client-side JavaScript -->
+  <script nonce="{{request.nonce}}">
+    console.log('Message:', window.pageData.message);
+    console.log('Count:', window.pageData.count);
+  </script>
+</body>
+</html>
+</template>
+
+<logic>
+# Simple Page Example
+#
+# Backend Usage (Ruby):
+#
+# view = Rhales::View.new(
+#   request,
+#   client: {
+#     message: 'Hello, Rhales!',
+#     count: 42
+#   },
+#   server: {
+#     pageTitle: 'Simple Page Example'
+#   }
+# )
+#
+# html = view.render('simple-page')
+#
+# The client data is automatically validated against the schema
+# and serialized to window.pageData for client-side JavaScript access.
+</logic>

data/examples/vue.rue

@@ -0,0 +1,136 @@
+<!-- examples/vue.rue -->
+
+<!--
+  Example: Vue.js SPA Layout with Server-Side Rendering + Client Hydration
+
+  This demonstrates Rhales' core strength: seamless server-to-SPA handoff.
+
+  The <schema> section defines a Zod v4 schema in plain JavaScript that specifies
+  exactly what your Vue app receives. The window variable name is configurable via
+  the window="..." attribute (e.g., window="appState" → window.appState).
+
+  The <template> provides SEO-friendly server-rendered HTML that Vue can mount onto
+  for client-side functionality.
+
+  Key features demonstrated:
+  - Schema validation with Zod v4
+  - Automatic JSON hydration script generation
+  - Conditional asset loading (dev vs production)
+  - CSP-compliant nonce handling
+  - Three-layer context access (request, server, client)
+-->
+
+<schema lang="js-zod" window="__ONETIME_STATE__">
+const schema = z.object({
+  ui: z.object({
+    theme: z.string(),
+    locale: z.string()
+  }),
+  authentication: z.object({
+    authenticated: z.boolean(),
+    userId: z.string().nullable()
+  }),
+  user: z.object({
+    name: z.string(),
+    email: z.string(),
+    accountSince: z.number().nullable()
+  }).nullable(),
+  features: z.object({
+    darkMode: z.boolean(),
+    notifications: z.boolean()
+  }),
+  apiBaseUrl: z.string().url()
+});
+</schema>
+
+<template>
+<!doctype html>
+<html lang="{{client.ui.locale}}" class="{{client.ui.theme}}">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{{server.pageTitle}}</title>
+
+    <!-- Dark mode detection (runs before page render to prevent FOUC) -->
+    <script nonce="{{request.nonce}}">
+      if (localStorage.theme === 'dark' || (!('theme' in localStorage) && window.matchMedia('(prefers-color-scheme: dark)').matches)) {
+        document.documentElement.classList.add('dark')
+      } else {
+        document.documentElement.classList.remove('dark')
+      }
+    </script>
+
+    {{#if server.viteAssetsHtml}}
+      {{{server.viteAssetsHtml}}}
+    {{/if}}
+  </head>
+
+  <body class="font-serif bg-white dark:bg-gray-900 text-gray-900 dark:text-gray-100">
+    <div id="app">
+      <!-- Server-rendered placeholder for SEO/initial load -->
+      {{#if client.authentication.authenticated}}
+        <div class="loading-state">
+          <p>Welcome back, {{client.user.name}}!</p>
+          <p>Loading your dashboard...</p>
+        </div>
+      {{else}}
+        <div class="landing-page">
+          <h1>Welcome to Our App</h1>
+          <p>Please log in to continue</p>
+        </div>
+      {{/if}}
+    </div>
+
+    <!-- Client hydration data is automatically injected by Rhales hydrator -->
+    <!-- Result: window.__ONETIME_STATE__ = { ui: {...}, authentication: {...}, ... } -->
+
+    <!-- Vue application bootstrap -->
+    {{#if server.frontendHost}}
+      <!-- Development: Vite dev server -->
+      <script nonce="{{request.nonce}}" type="module" src="{{server.frontendHost}}/src/main.ts"></script>
+    {{else}}
+      <!-- Production: Built assets -->
+      <script nonce="{{request.nonce}}" type="module" src="/assets/main.js"></script>
+    {{/if}}
+  </body>
+</html>
+</template>
+
+<logic>
+# Vue.js SPA Integration Example
+#
+# Backend Usage (Ruby):
+#
+# view = Rhales::View.new(
+#   request,
+#   client: {
+#     ui: { theme: user.theme || 'light', locale: I18n.locale },
+#     authentication: { authenticated: logged_in?, userId: current_user&.id },
+#     user: current_user&.to_client_data,
+#     features: { darkMode: true, notifications: true },
+#     apiBaseUrl: ENV['API_BASE_URL']
+#   },
+#   server: {
+#     pageTitle: 'My App',
+#     viteAssetsHtml: vite_javascript_tag('application'),
+#     frontendHost: ENV['VITE_DEV_SERVER_URL'] # nil in production
+#   }
+# )
+#
+# html = view.render('vue')
+#
+# Frontend Usage (Vue 3):
+#
+# // src/main.ts
+# import { createApp } from 'vue'
+# import App from './App.vue'
+#
+# // Access hydrated state (window variable name matches <schema window="...">)
+# const state = window.__ONETIME_STATE__
+#
+# const app = createApp(App, {
+#   initialState: state
+# })
+#
+# app.mount('#app')
+</logic>