tina4ruby 3.0.0 → 3.9.2

data/lib/tina4/database_result.rb

@@ -5,12 +5,22 @@ module Tina4
   class DatabaseResult
     include Enumerable
 
-    attr_reader :records, :sql, :count
+    attr_reader :records, :columns, :count, :limit, :offset, :sql,
+                :affected_rows, :last_id, :error
 
-    def initialize(records = [], sql: "")
+    def initialize(records = [], sql: "", columns: [], count: nil, limit: 10, offset: 0,
+                   affected_rows: 0, last_id: nil, error: nil, db: nil)
       @records = records || []
       @sql = sql
-      @count = @records.length
+      @columns = columns.empty? && !@records.empty? ? @records.first.keys : columns
+      @count = count || @records.length
+      @limit = limit
+      @offset = offset
+      @affected_rows = affected_rows
+      @last_id = last_id
+      @error = error
+      @db = db
+      @column_info_cache = nil
     end
 
     def each(&block)
@@ -33,12 +43,26 @@ module Tina4
       @records[index]
     end
 
+    def length
+      @count
+    end
+
+    def size
+      @count
+    end
+
+    def success?
+      @error.nil?
+    end
+
     def to_array
       @records.map do |record|
         record.is_a?(Hash) ? record : record.to_h
       end
     end
 
+    alias to_a to_array
+
     def to_json(*_args)
       JSON.generate(to_array)
     end
@@ -54,11 +78,13 @@ module Tina4
       lines.join("\n")
     end
 
-    def to_paginate(page: 1, per_page: 10)
-      total = @records.length
-      total_pages = (total.to_f / per_page).ceil
-      offset = (page - 1) * per_page
-      page_records = @records[offset, per_page] || []
+    def to_paginate(page: nil, per_page: nil)
+      per_page ||= @limit > 0 ? @limit : 10
+      page ||= @offset > 0 ? (@offset / per_page) + 1 : 1
+      total = @count
+      total_pages = [1, (total.to_f / per_page).ceil].max
+      slice_offset = (page - 1) * per_page
+      page_records = @records[slice_offset, per_page] || []
       {
         data: page_records,
         page: page,
@@ -75,8 +101,96 @@ module Tina4
                                   primary_key: primary_key, editable: editable)
     end
 
+    # Return column metadata for the query's table.
+    #
+    # Lazy — only queries the database when explicitly called. Caches the
+    # result so subsequent calls return immediately without re-querying.
+    #
+    # Returns an array of hashes with keys:
+    #   name, type, size, decimals, nullable, primary_key
+    def column_info
+      return @column_info_cache if @column_info_cache
+
+      table = extract_table_from_sql
+
+      if @db && table
+        begin
+          @column_info_cache = query_column_metadata(table)
+          return @column_info_cache
+        rescue StandardError
+          # Fall through to fallback
+        end
+      end
+
+      @column_info_cache = fallback_column_info
+      @column_info_cache
+    end
+
     private
 
+    def extract_table_from_sql
+      return nil if @sql.nil? || @sql.empty?
+
+      if (m = @sql.match(/\bFROM\s+["']?(\w+)["']?/i))
+        return m[1]
+      end
+      if (m = @sql.match(/\bINSERT\s+INTO\s+["']?(\w+)["']?/i))
+        return m[1]
+      end
+      if (m = @sql.match(/\bUPDATE\s+["']?(\w+)["']?/i))
+        return m[1]
+      end
+      nil
+    end
+
+    def query_column_metadata(table)
+      # Use the database's columns method which delegates to the driver
+      raw_cols = @db.columns(table)
+      normalize_columns(raw_cols)
+    rescue StandardError
+      fallback_column_info
+    end
+
+    def normalize_columns(raw_cols)
+      raw_cols.map do |col|
+        col_type = (col[:type] || col["type"] || "UNKNOWN").to_s.upcase
+        size, decimals = parse_type_size(col_type)
+        {
+          name: (col[:name] || col["name"]).to_s,
+          type: col_type.sub(/\(.*\)/, ""),
+          size: size,
+          decimals: decimals,
+          nullable: col.key?(:nullable) ? col[:nullable] : (col.key?("nullable") ? col["nullable"] : true),
+          primary_key: col[:primary_key] || col["primary_key"] || col[:primary] || col["primary"] || false
+        }
+      end
+    end
+
+    def parse_type_size(type_str)
+      if (m = type_str.match(/\((\d+)(?:\s*,\s*(\d+))?\)/))
+        size = m[1].to_i
+        decimals = m[2] ? m[2].to_i : nil
+        [size, decimals]
+      else
+        [nil, nil]
+      end
+    end
+
+    def fallback_column_info
+      return [] if @records.empty?
+      keys = @records.first.is_a?(Hash) ? @records.first.keys : []
+      keys.map do |k|
+        {
+          name: k.to_s,
+          type: "UNKNOWN",
+          size: nil,
+          decimals: nil,
+          nullable: true,
+          primary_key: false
+        }
+      end
+    end
+
     def escape_csv(value, separator)
       str = value.to_s
       if str.include?(separator) || str.include?('"') || str.include?("\n")

data/lib/tina4/dev_mailbox.rb

@@ -34,7 +34,7 @@ module Tina4
         attachments: store_attachments(msg_id, attachments),
         read: false,
         folder: "outbox",
-        created_at: timestamp.iso8601,
+        created_at: timestamp.strftime("%Y-%m-%dT%H:%M:%S.%6N%:z"),
         updated_at: timestamp.iso8601
       }
 

data/lib/tina4/env.rb

@@ -6,7 +6,7 @@ module Tina4
     DEFAULT_ENV = {
       "PROJECT_NAME" => "Tina4 Ruby Project",
       "VERSION" => "1.0.0",
-      "TINA4_LANGUAGE" => "en",
+      "TINA4_LOCALE" => "en",
       "TINA4_DEBUG" => "true",
       "TINA4_LOG_LEVEL" => "[TINA4_LOG_ALL]",
       "SECRET" => "tina4-secret-change-me"

data/lib/tina4/frond.rb

@@ -56,21 +56,65 @@ module Tina4
       # Fragment cache: key => [html, expires_at]
       @fragment_cache  = {}
 
+      # Token pre-compilation cache
+      @compiled         = {}  # {template_name => [tokens, mtime]}
+      @compiled_strings = {}  # {md5_hash => tokens}
+
       # Built-in global functions
       register_builtin_globals
     end
 
-    # Render a template file with data.
+    # Render a template file with data. Uses token caching for performance.
     def render(template, data = {})
       context = @globals.merge(stringify_keys(data))
-      source  = load_template(template)
-      execute(source, context)
+
+      path = File.join(@template_dir, template)
+      raise "Template not found: #{path}" unless File.exist?(path)
+
+      debug_mode = ENV.fetch("TINA4_DEBUG", "").downcase == "true"
+      cached = @compiled[template]
+
+      if cached
+        if debug_mode
+          # Dev mode: check if file changed
+          mtime = File.mtime(path)
+          if cached[1] == mtime
+            return execute_cached(cached[0], context)
+          end
+        else
+          # Production: skip mtime check, cache is permanent
+          return execute_cached(cached[0], context)
+        end
+      end
+
+      # Cache miss — load, tokenize, cache
+      source = File.read(path, encoding: "utf-8")
+      mtime = File.mtime(path)
+      tokens = tokenize(source)
+      @compiled[template] = [tokens, mtime]
+      execute_with_tokens(source, tokens, context)
     end
 
-    # Render a template string directly.
+    # Render a template string directly. Uses token caching for performance.
     def render_string(source, data = {})
       context = @globals.merge(stringify_keys(data))
-      execute(source, context)
+
+      key = Digest::MD5.hexdigest(source)
+      cached_tokens = @compiled_strings[key]
+
+      if cached_tokens
+        return execute_cached(cached_tokens, context)
+      end
+
+      tokens = tokenize(source)
+      @compiled_strings[key] = tokens
+      execute_cached(tokens, context)
+    end
+
+    # Clear all compiled template caches.
+    def clear_cache
+      @compiled.clear
+      @compiled_strings.clear
     end
 
     # Register a custom filter.
@@ -198,6 +242,35 @@ module Tina4
     # Execution
     # -----------------------------------------------------------------------
 
+    def execute_cached(tokens, context)
+      # Check if first non-text token is an extends block
+      tokens.each do |ttype, raw|
+        next if ttype == TEXT && raw.strip.empty?
+        if ttype == BLOCK
+          content, _, _ = strip_tag(raw)
+          if content.start_with?("extends ")
+            # Extends requires source-based execution for block extraction
+            source = tokens.map { |_, v| v }.join
+            return execute(source, context)
+          end
+        end
+        break
+      end
+      render_tokens(tokens, context)
+    end
+
+    def execute_with_tokens(source, tokens, context)
+      # Handle extends first
+      if source =~ /\{%-?\s*extends\s+["'](.+?)["']\s*-?%\}/
+        parent_name = Regexp.last_match(1)
+        parent_source = load_template(parent_name)
+        child_blocks = extract_blocks(source)
+        return render_with_blocks(parent_source, context, child_blocks)
+      end
+
+      render_tokens(tokens, context)
+    end
+
     def execute(source, context)
       # Handle extends first
       if source =~ /\{%-?\s*extends\s+["'](.+?)["']\s*-?%\}/
@@ -290,6 +363,12 @@ module Tina4
           when "cache"
             result, i = handle_cache(tokens, i, context)
             output << result
+          when "spaceless"
+            result, i = handle_spaceless(tokens, i, context)
+            output << result
+          when "autoescape"
+            result, i = handle_autoescape(tokens, i, context)
+            output << result
           when "block", "endblock", "extends"
             i += 1
           else
@@ -312,6 +391,66 @@ module Tina4
     # -----------------------------------------------------------------------
 
     def eval_var(expr, context)
+      # Check for top-level ternary BEFORE splitting filters so that
+      # expressions like ``products|length != 1 ? "s" : ""`` work correctly.
+      ternary_pos = find_ternary(expr)
+      if ternary_pos != -1
+        cond_part = expr[0...ternary_pos].strip
+        rest = expr[(ternary_pos + 1)..]
+        colon_pos = find_colon(rest)
+        if colon_pos != -1
+          true_part = rest[0...colon_pos].strip
+          false_part = rest[(colon_pos + 1)..].strip
+          cond = eval_var_raw(cond_part, context)
+          return truthy?(cond) ? eval_var(true_part, context) : eval_var(false_part, context)
+        end
+      end
+
+      eval_var_inner(expr, context)
+    end
+
+    def eval_var_raw(expr, context)
+      var_name, filters = parse_filter_chain(expr)
+      value = eval_expr(var_name, context)
+      filters.each do |fname, args|
+        next if fname == "raw" || fname == "safe"
+        fn = @filters[fname]
+        if fn
+          evaluated_args = args.map { |a| eval_filter_arg(a, context) }
+          value = fn.call(value, *evaluated_args)
+        else
+          # The filter name may include a trailing comparison operator,
+          # e.g. "length != 1".  Extract the real filter name and the
+          # comparison suffix, apply the filter, then evaluate the comparison.
+          m = fname.match(/\A(\w+)\s*(!=|==|>=|<=|>|<)\s*(.+)\z/)
+          if m
+            real_filter = m[1]
+            op = m[2]
+            right_expr = m[3].strip
+            fn2 = @filters[real_filter]
+            if fn2
+              evaluated_args = args.map { |a| eval_filter_arg(a, context) }
+              value = fn2.call(value, *evaluated_args)
+            end
+            right = eval_expr(right_expr, context)
+            value = case op
+                    when "!=" then value != right
+                    when "==" then value == right
+                    when ">=" then value >= right
+                    when "<=" then value <= right
+                    when ">"  then value > right
+                    when "<"  then value < right
+                    else false
+                    end rescue false
+          else
+            value = eval_expr(fname, context)
+          end
+        end
+      end
+      value
+    end
+
+    def eval_var_inner(expr, context)
       var_name, filters = parse_filter_chain(expr)
 
       # Sandbox: check variable access
@@ -356,6 +495,68 @@ module Tina4
       eval_expr(arg, context)
     end
 
+    # Find the index of a top-level ``?`` that is part of a ternary operator.
+    # Respects quoted strings, parentheses, and skips ``??`` (null coalesce).
+    # Returns -1 if not found.
+    def find_ternary(expr)
+      depth = 0
+      in_quote = nil
+      i = 0
+      len = expr.length
+      while i < len
+        ch = expr[i]
+        if in_quote
+          in_quote = nil if ch == in_quote
+          i += 1
+          next
+        end
+        if ch == '"' || ch == "'"
+          in_quote = ch
+          i += 1
+          next
+        end
+        if ch == "("
+          depth += 1
+        elsif ch == ")"
+          depth -= 1
+        elsif ch == "?" && depth == 0
+          # Skip ``??`` (null coalesce)
+          if i + 1 < len && expr[i + 1] == "?"
+            i += 2
+            next
+          end
+          return i
+        end
+        i += 1
+      end
+      -1
+    end
+
+    # Find the index of the top-level ``:`` that separates the true/false
+    # branches of a ternary.  Respects quotes and parentheses.
+    def find_colon(expr)
+      depth = 0
+      in_quote = nil
+      expr.each_char.with_index do |ch, i|
+        if in_quote
+          in_quote = nil if ch == in_quote
+          next
+        end
+        if ch == '"' || ch == "'"
+          in_quote = ch
+          next
+        end
+        if ch == "("
+          depth += 1
+        elsif ch == ")"
+          depth -= 1
+        elsif ch == ":" && depth == 0
+          return i
+        end
+      end
+      -1
+    end
+
     # -----------------------------------------------------------------------
     # Filter chain parser
     # -----------------------------------------------------------------------
@@ -496,6 +697,13 @@ module Tina4
         return truthy?(cond) ? eval_expr(ternary[2], context) : eval_expr(ternary[3], context)
       end
 
+      # Jinja2-style inline if: value if condition else other_value
+      inline_if = expr.match(/\A(.+?)\s+if\s+(.+?)\s+else\s+(.+)\z/)
+      if inline_if
+        cond = eval_expr(inline_if[2], context)
+        return truthy?(cond) ? eval_expr(inline_if[1], context) : eval_expr(inline_if[3], context)
+      end
+
       # Null coalescing: value ?? "default"
       if expr.include?("??")
         left, _, right = expr.partition("??")
@@ -1121,6 +1329,81 @@ module Tina4
       [rendered, i]
     end
 
+    def handle_spaceless(tokens, start, context)
+      body_tokens = []
+      i = start + 1
+      depth = 0
+      while i < tokens.length
+        if tokens[i][0] == BLOCK
+          tc, _, _ = strip_tag(tokens[i][1])
+          tag = tc.split[0] || ""
+          if tag == "spaceless"
+            depth += 1
+            body_tokens << tokens[i]
+          elsif tag == "endspaceless"
+            if depth == 0
+              i += 1
+              break
+            end
+            depth -= 1
+            body_tokens << tokens[i]
+          else
+            body_tokens << tokens[i]
+          end
+        else
+          body_tokens << tokens[i]
+        end
+        i += 1
+      end
+
+      rendered = render_tokens(body_tokens.dup, context)
+      rendered = rendered.gsub(/>\s+</, "><")
+      [rendered, i]
+    end
+
+    def handle_autoescape(tokens, start, context)
+      content, _, _ = strip_tag(tokens[start][1])
+      mode_match = content.match(/\Aautoescape\s+(false|true)/)
+      auto_escape_on = !(mode_match && mode_match[1] == "false")
+
+      body_tokens = []
+      i = start + 1
+      depth = 0
+      while i < tokens.length
+        if tokens[i][0] == BLOCK
+          tc, _, _ = strip_tag(tokens[i][1])
+          tag = tc.split[0] || ""
+          if tag == "autoescape"
+            depth += 1
+            body_tokens << tokens[i]
+          elsif tag == "endautoescape"
+            if depth == 0
+              i += 1
+              break
+            end
+            depth -= 1
+            body_tokens << tokens[i]
+          else
+            body_tokens << tokens[i]
+          end
+        else
+          body_tokens << tokens[i]
+        end
+        i += 1
+      end
+
+      if !auto_escape_on
+        old_auto_escape = @auto_escape
+        @auto_escape = false
+        rendered = render_tokens(body_tokens.dup, context)
+        @auto_escape = old_auto_escape
+      else
+        rendered = render_tokens(body_tokens.dup, context)
+      end
+
+      [rendered, i]
+    end
+
     # -----------------------------------------------------------------------
     # Helpers
     # -----------------------------------------------------------------------
@@ -1160,8 +1443,20 @@ module Tina4
         "safe"          => ->(v, *_a) { v },
         "json_encode"   => ->(v, *_a) { JSON.generate(v) rescue v.to_s },
         "json_decode"   => ->(v, *_a) { v.is_a?(String) ? (JSON.parse(v) rescue v) : v },
-        "base64_encode" => ->(v, *_a) { Base64.strict_encode64(v.to_s) },
+        "base64_encode" => ->(v, *_a) { Base64.strict_encode64(v.is_a?(String) ? v : v.to_s) },
+        "base64encode"  => ->(v, *_a) { Base64.strict_encode64(v.is_a?(String) ? v : v.to_s) },
         "base64_decode" => ->(v, *_a) { Base64.decode64(v.to_s) },
+        "base64decode"  => ->(v, *_a) { Base64.decode64(v.to_s) },
+        "data_uri" => ->(v, *_a) {
+          if v.is_a?(Hash)
+            ct = v[:type] || v["type"] || "application/octet-stream"
+            raw = v[:content] || v["content"] || ""
+            raw = raw.respond_to?(:read) ? raw.read : raw
+            "data:#{ct};base64,#{Base64.strict_encode64(raw.to_s)}"
+          else
+            v.to_s
+          end
+        },
         "url_encode"    => ->(v, *_a) { CGI.escape(v.to_s) },
 
         # -- Hashing --
@@ -1312,6 +1607,14 @@ module Tina4
     #   - "checkout|order_123": payload is {"type" => "form", "context" => "checkout", "ref" => "order_123"}
     #
     # @return [String] <input type="hidden" name="formToken" value="TOKEN">
+    # Session ID used by generate_form_token for CSRF session binding.
+    # Set this before rendering templates to bind tokens to the current session.
+    @form_token_session_id = ""
+
+    class << self
+      attr_accessor :form_token_session_id
+    end
+
     def self.generate_form_token(descriptor = "")
       require_relative "log"
       require_relative "auth"
@@ -1327,7 +1630,11 @@ module Tina4
         end
       end
 
-      ttl_minutes = (ENV["TINA4_TOKEN_LIMIT"] || "30").to_i
+      # Include session_id for CSRF session binding
+      sid = form_token_session_id.to_s
+      payload["session_id"] = sid unless sid.empty?
+
+      ttl_minutes = (ENV["TINA4_TOKEN_LIMIT"] || "60").to_i
       expires_in = ttl_minutes * 60
       token = Tina4::Auth.create_token(payload, expires_in: expires_in)
       Tina4::SafeString.new(%(<input type="hidden" name="formToken" value="#{CGI.escapeHTML(token)}">))

data/lib/tina4/gallery/queue/meta.json

@@ -1 +1 @@
-{"name": "Queue", "description": "Background job producer and consumer", "try_url": "/api/gallery/queue/produce"}
+{"name": "Queue", "description": "Background job producer and consumer", "try_url": "/gallery/queue"}