tina4ruby 0.5.2 → 3.0.0

data/lib/tina4/rate_limiter.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+module Tina4
+  class RateLimiter
+    DEFAULT_LIMIT = 100
+    DEFAULT_WINDOW = 60 # seconds
+
+    attr_reader :limit, :window
+
+    def initialize(limit: nil, window: nil)
+      @limit = (limit || ENV["TINA4_RATE_LIMIT"] || DEFAULT_LIMIT).to_i
+      @window = (window || ENV["TINA4_RATE_WINDOW"] || DEFAULT_WINDOW).to_i
+      @store = {}    # ip => [timestamps]
+      @mutex = Mutex.new
+      @last_cleanup = Time.now
+    end
+
+    # Check if the given IP is rate limited.
+    # Returns a hash with rate limit info:
+    #   { allowed: true/false, limit:, remaining:, reset:, retry_after: }
+    def check(ip)
+      now = Time.now
+      cleanup_if_needed(now)
+
+      @mutex.synchronize do
+        @store[ip] ||= []
+        entries = @store[ip]
+
+        # Remove expired entries (sliding window)
+        cutoff = now - @window
+        entries.reject! { |t| t < cutoff }
+
+        if entries.length >= @limit
+          # Rate limited
+          oldest = entries.first
+          reset_at = (oldest + @window).to_i
+          retry_after = [(oldest + @window - now).ceil, 1].max
+
+          {
+            allowed: false,
+            limit: @limit,
+            remaining: 0,
+            reset: reset_at,
+            retry_after: retry_after
+          }
+        else
+          entries << now
+
+          {
+            allowed: true,
+            limit: @limit,
+            remaining: @limit - entries.length,
+            reset: (now + @window).to_i,
+            retry_after: nil
+          }
+        end
+      end
+    end
+
+    # Convenience predicate
+    def rate_limited?(ip)
+      !check(ip)[:allowed]
+    end
+
+    # Apply rate limit headers to a response object and return 429 if exceeded.
+    # Returns [status, headers_hash] or nil if allowed.
+    def apply(ip, response)
+      result = check(ip)
+
+      # Always set rate limit headers
+      response.headers["X-RateLimit-Limit"] = result[:limit].to_s
+      response.headers["X-RateLimit-Remaining"] = result[:remaining].to_s
+      response.headers["X-RateLimit-Reset"] = result[:reset].to_s
+
+      unless result[:allowed]
+        response.headers["Retry-After"] = result[:retry_after].to_s
+        response.status_code = 429
+        response.headers["content-type"] = "application/json; charset=utf-8"
+        response.body = JSON.generate({
+          error: "Too Many Requests",
+          retry_after: result[:retry_after]
+        })
+        return false
+      end
+
+      true
+    end
+
+    # Reset tracking for a specific IP (useful for testing)
+    def reset!(ip = nil)
+      @mutex.synchronize do
+        if ip
+          @store.delete(ip)
+        else
+          @store.clear
+        end
+      end
+    end
+
+    # Returns current entry count (for monitoring)
+    def entry_count
+      @mutex.synchronize { @store.length }
+    end
+
+    private
+
+    # Clean up expired entries periodically (every window interval)
+    def cleanup_if_needed(now)
+      return if now - @last_cleanup < @window
+
+      @mutex.synchronize do
+        return if now - @last_cleanup < @window
+
+        cutoff = now - @window
+        @store.delete_if do |_ip, entries|
+          entries.reject! { |t| t < cutoff }
+          entries.empty?
+        end
+        @last_cleanup = now
+      end
+    end
+  end
+end

data/lib/tina4/request.rb

@@ -13,20 +13,36 @@ module Tina4
       @path = env["PATH_INFO"] || "/"
       @query_string = env["QUERY_STRING"] || ""
       @content_type = env["CONTENT_TYPE"] || ""
-      @ip = env["REMOTE_ADDR"] || "127.0.0.1"
       @path_params = path_params
 
+      # Client IP with X-Forwarded-For support
+      @ip = extract_client_ip
+
       # Lazy-initialized fields (nil = not yet computed)
       @headers = nil
       @cookies = nil
       @session = nil
-      @body = nil
+      @body_raw = nil
       @params = nil
       @files = nil
       @json_body = nil
+      @query_hash = nil
+      @body_parsed = nil
+    end
+
+    # Full URL reconstruction
+    def url
+      scheme = env["rack.url_scheme"] || "http"
+      host = env["HTTP_HOST"] || env["SERVER_NAME"] || "localhost"
+      port = env["SERVER_PORT"]
+      url_str = "#{scheme}://#{host}"
+      url_str += ":#{port}" if port && port != "80" && port != "443"
+      url_str += @path
+      url_str += "?#{@query_string}" unless @query_string.empty?
+      url_str
     end
 
-    # Lazy accessors — only compute when needed
+    # Lazy accessors
     def headers
       @headers ||= extract_headers
     end
@@ -39,14 +55,26 @@ module Tina4
       @session ||= @env["tina4.session"] || {}
     end
 
+    # Raw body string
     def body
-      @body ||= read_body
+      @body_raw ||= read_body
+    end
+
+    # Parsed body (JSON or form data)
+    def body_parsed
+      @body_parsed ||= parse_body
+    end
+
+    # Parsed query string as hash
+    def query
+      @query_hash ||= parse_query_to_hash(@query_string)
     end
 
     def files
       @files ||= extract_files
     end
 
+    # Merged params: query + body + path_params (path_params highest priority)
     def params
       @params ||= build_params
     end
@@ -74,11 +102,22 @@ module Tina4
 
     private
 
+    def extract_client_ip
+      # Check X-Forwarded-For first (proxy/load balancer)
+      forwarded = @env["HTTP_X_FORWARDED_FOR"]
+      if forwarded && !forwarded.empty?
+        # Take the first (original client) IP
+        forwarded.split(",").first.strip
+      else
+        @env["HTTP_X_REAL_IP"] || @env["REMOTE_ADDR"] || "127.0.0.1"
+      end
+    end
+
     def extract_headers
       h = {}
       @env.each do |key, value|
         if key.start_with?("HTTP_")
-          h[key[5..].downcase] = value
+          h[key[5..-1].downcase] = value
         end
       end
       h
@@ -105,31 +144,38 @@ module Tina4
       data
     end
 
+    def parse_body
+      if @content_type.include?("application/json")
+        json_body
+      elsif @content_type.include?("application/x-www-form-urlencoded")
+        parse_query_to_hash(body)
+      else
+        {}
+      end
+    end
+
     def build_params
       p = {}
 
       # Query string params
-      parse_query_string(@query_string, p) unless @query_string.empty?
+      query.each { |k, v| p[k] = v }
 
       # Body params
-      if @content_type.include?("application/json")
-        json_body.each { |k, v| p[k.to_s] = v }
-      elsif @content_type.include?("application/x-www-form-urlencoded")
-        parse_query_string(body, p)
-      end
+      body_parsed.each { |k, v| p[k.to_s] = v }
 
       # Path params (highest priority)
       @path_params.each { |k, v| p[k.to_s] = v }
       p
     end
 
-    def parse_query_string(qs, target = {})
-      return target if qs.nil? || qs.empty?
+    def parse_query_to_hash(qs)
+      result = {}
+      return result if qs.nil? || qs.empty?
       qs.split("&").each do |pair|
         key, value = pair.split("=", 2)
-        target[URI.decode_www_form_component(key.to_s)] = URI.decode_www_form_component(value.to_s)
+        result[URI.decode_www_form_component(key.to_s)] = URI.decode_www_form_component(value.to_s)
       end
-      target
+      result
     end
 
     def extract_files

data/lib/tina4/response.rb

@@ -26,53 +26,63 @@ module Tina4
     TEXT_CONTENT_TYPE = "text/plain; charset=utf-8"
     XML_CONTENT_TYPE  = "application/xml; charset=utf-8"
 
-    attr_accessor :status, :headers, :body, :cookies
+    attr_accessor :status_code, :headers, :body, :cookies
 
     def initialize
-      @status = 200
+      @status_code = 200
       @headers = { "content-type" => HTML_CONTENT_TYPE }
       @body = ""
-      @cookies = nil  # Lazy — most responses have no cookies
+      @cookies = nil  # Lazy -- most responses have no cookies
+    end
+
+    # Chainable status setter
+    def status(code = nil)
+      if code.nil?
+        @status_code
+      else
+        @status_code = code
+        self
+      end
     end
 
     def json(data, status_or_opts = nil, status: nil)
-      @status = status || (status_or_opts.is_a?(Integer) ? status_or_opts : 200)
+      @status_code = status || (status_or_opts.is_a?(Integer) ? status_or_opts : 200)
       @headers["content-type"] = JSON_CONTENT_TYPE
       @body = data.is_a?(String) ? data : JSON.generate(data)
       self
     end
 
     def html(content, status_or_opts = nil, status: nil)
-      @status = status || (status_or_opts.is_a?(Integer) ? status_or_opts : 200)
+      @status_code = status || (status_or_opts.is_a?(Integer) ? status_or_opts : 200)
       @headers["content-type"] = HTML_CONTENT_TYPE
       @body = content.to_s
       self
     end
 
     def text(content, status_or_opts = nil, status: nil)
-      @status = status || (status_or_opts.is_a?(Integer) ? status_or_opts : 200)
+      @status_code = status || (status_or_opts.is_a?(Integer) ? status_or_opts : 200)
       @headers["content-type"] = TEXT_CONTENT_TYPE
       @body = content.to_s
       self
     end
 
     def xml(content, status: 200)
-      @status = status
+      @status_code = status
       @headers["content-type"] = XML_CONTENT_TYPE
       @body = content.to_s
       self
     end
 
     def csv(content, filename: "export.csv", status: 200)
-      @status = status
+      @status_code = status
       @headers["content-type"] = "text/csv"
       @headers["content-disposition"] = "attachment; filename=\"#{filename}\""
       @body = content.to_s
       self
     end
 
-    def redirect(url, status: 302)
-      @status = status
+    def redirect(url, status_or_opts = nil, status: nil)
+      @status_code = status || (status_or_opts.is_a?(Integer) ? status_or_opts : 302)
       @headers["location"] = url
       @body = ""
       self
@@ -80,7 +90,7 @@ module Tina4
 
     def file(path, content_type: nil, download: false)
       unless ::File.exist?(path)
-        @status = 404
+        @status_code = 404
         @body = "File not found"
         return self
       end
@@ -94,22 +104,37 @@ module Tina4
     end
 
     def render(template_path, data = {}, status: 200)
-      @status = status
+      @status_code = status
       @headers["content-type"] = HTML_CONTENT_TYPE
       @body = Tina4::Template.render(template_path, data)
       self
     end
 
+    # Chainable header setter
+    def header(name, value = nil)
+      if value.nil?
+        @headers[name]
+      else
+        @headers[name] = value
+        self
+      end
+    end
+
+    # Chainable cookie setter
+    def cookie(name, value, opts = {})
+      set_cookie(name, value, opts)
+    end
+
     def set_cookie(name, value, opts = {})
-      cookie = "#{name}=#{URI.encode_www_form_component(value)}"
-      cookie += "; Path=#{opts[:path] || '/'}"
-      cookie += "; HttpOnly" if opts.fetch(:http_only, true)
-      cookie += "; Secure" if opts[:secure]
-      cookie += "; SameSite=#{opts[:same_site] || 'Lax'}"
-      cookie += "; Max-Age=#{opts[:max_age]}" if opts[:max_age]
-      cookie += "; Expires=#{opts[:expires].httpdate}" if opts[:expires]
+      cookie_str = "#{name}=#{URI.encode_www_form_component(value)}"
+      cookie_str += "; Path=#{opts[:path] || '/'}"
+      cookie_str += "; HttpOnly" if opts.fetch(:http_only, true)
+      cookie_str += "; Secure" if opts[:secure]
+      cookie_str += "; SameSite=#{opts[:same_site] || 'Lax'}"
+      cookie_str += "; Max-Age=#{opts[:max_age]}" if opts[:max_age]
+      cookie_str += "; Expires=#{opts[:expires].httpdate}" if opts[:expires]
       @cookies ||= []
-      @cookies << cookie
+      @cookies << cookie_str
       self
     end
 
@@ -132,16 +157,21 @@ module Tina4
       self
     end
 
+    # Flush / finalize -- alias for to_rack for semantic clarity
+    def send
+      to_rack
+    end
+
     def to_rack
       # Fast path: no cookies (99% of API responses)
       if @cookies.nil? || @cookies.empty?
-        return [@status, @headers, [@body.to_s]]
+        return [@status_code, @headers, [@body.to_s]]
       end
 
       # Cookie path
       final_headers = @headers.dup
       final_headers["set-cookie"] = @cookies.join("\n")
-      [@status, final_headers, [@body.to_s]]
+      [@status_code, final_headers, [@body.to_s]]
     end
 
     def self.auto_detect(result, response)
@@ -157,11 +187,11 @@ module Tina4
           response.text(result)
         end
       when Integer
-        response.status = result
+        response.status_code = result
         response.body = ""
         response
       when NilClass
-        response.status = 204
+        response.status_code = 204
         response.body = ""
         response
       else

data/lib/tina4/response_cache.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+module Tina4
+  # In-memory response cache for GET requests.
+  #
+  # Caches serialized responses by method + URL.
+  # Designed to be used as Rack middleware or integrated into the Tina4 middleware chain.
+  #
+  # Usage:
+  #   cache = Tina4::ResponseCache.new(ttl: 60, max_entries: 1000)
+  #   cache.cache_response("GET", "/api/users", 200, "application/json", '{"users":[]}')
+  #   hit = cache.get("GET", "/api/users")
+  #
+  # Environment:
+  #   TINA4_CACHE_TTL -- default TTL in seconds (default: 0 = disabled)
+  #
+  class ResponseCache
+    CacheEntry = Struct.new(:body, :content_type, :status_code, :expires_at)
+
+    # @param ttl [Integer] default TTL in seconds (0 = disabled)
+    # @param max_entries [Integer] maximum cache entries
+    # @param status_codes [Array<Integer>] only cache these status codes
+    def initialize(ttl: nil, max_entries: 1000, status_codes: [200])
+      @ttl = ttl || (ENV["TINA4_CACHE_TTL"] ? ENV["TINA4_CACHE_TTL"].to_i : 0)
+      @max_entries = max_entries
+      @status_codes = status_codes
+      @store = {}
+      @mutex = Mutex.new
+    end
+
+    # Check if caching is enabled.
+    #
+    # @return [Boolean]
+    def enabled?
+      @ttl > 0
+    end
+
+    # Build a cache key from method and URL.
+    #
+    # @param method [String]
+    # @param url [String]
+    # @return [String]
+    def cache_key(method, url)
+      "#{method}:#{url}"
+    end
+
+    # Retrieve a cached response. Returns nil on miss or expired entry.
+    #
+    # @param method [String]
+    # @param url [String]
+    # @return [CacheEntry, nil]
+    def get(method, url)
+      return nil unless enabled?
+      return nil unless method == "GET"
+
+      key = cache_key(method, url)
+      @mutex.synchronize do
+        entry = @store[key]
+        return nil unless entry
+
+        if Time.now.to_f > entry.expires_at
+          @store.delete(key)
+          return nil
+        end
+
+        entry
+      end
+    end
+
+    # Store a response in the cache.
+    #
+    # @param method [String]
+    # @param url [String]
+    # @param status_code [Integer]
+    # @param content_type [String]
+    # @param body [String]
+    # @param ttl [Integer, nil] override default TTL
+    def cache_response(method, url, status_code, content_type, body, ttl: nil)
+      return unless enabled?
+      return unless method == "GET"
+      return unless @status_codes.include?(status_code)
+
+      effective_ttl = ttl || @ttl
+      key = cache_key(method, url)
+      expires_at = Time.now.to_f + effective_ttl
+
+      @mutex.synchronize do
+        # Evict oldest if at capacity
+        if @store.size >= @max_entries && !@store.key?(key)
+          oldest_key = @store.keys.first
+          @store.delete(oldest_key)
+        end
+
+        @store[key] = CacheEntry.new(body, content_type, status_code, expires_at)
+      end
+    end
+
+    # Get cache statistics.
+    #
+    # @return [Hash] with :size and :keys
+    def cache_stats
+      @mutex.synchronize do
+        { size: @store.size, keys: @store.keys.dup }
+      end
+    end
+
+    # Clear all cached responses.
+    def clear_cache
+      @mutex.synchronize { @store.clear }
+    end
+
+    # Remove expired entries.
+    #
+    # @return [Integer] number of entries removed
+    def sweep
+      @mutex.synchronize do
+        now = Time.now.to_f
+        keys_to_remove = @store.select { |_k, v| now > v.expires_at }.keys
+        keys_to_remove.each { |k| @store.delete(k) }
+        keys_to_remove.size
+      end
+    end
+
+    # Current TTL setting.
+    #
+    # @return [Integer]
+    attr_reader :ttl
+
+    # Maximum entries setting.
+    #
+    # @return [Integer]
+    attr_reader :max_entries
+  end
+end