tina4ruby 3.13.37 → 3.13.39

data/lib/tina4/middleware.rb

@@ -41,24 +41,44 @@ module Tina4
         @global_middleware = []
       end
 
-      # Run all "before" hooks: block-based handlers, then class-based before_* methods.
+      # Run all "before" hooks: block-based handlers, then class-based before_*
+      # methods (in definition order).
       #
       # Signature matches Python/PHP/Node orchestrators: pass the list of
       # middleware classes explicitly.
       #
-      # Returns [request, response] on success, or false to halt the request.
+      # M2 — visible-but-resilient: every before_* call is wrapped so a THROW
+      # never crashes the worker. On a throw the error is LOGGED and the
+      # response becomes a clean 500 ({"error":"Internal Server Error",
+      # "status":500}), then processing halts (handler skipped) — deterministic,
+      # never an unhandled exception. A before_* that sets status >= 400 also
+      # halts (the existing 4xx short-circuit). after_* still run on either
+      # halt path (see the dispatcher / #run_after docstring).
+      #
+      # Returns true on success, or false to halt the request (handler skipped).
       def run_before(middleware_classes, request, response)
         # 1. Block-based before handlers (pattern-matched)
         before_handlers.each do |entry|
           next unless matches_pattern?(request.path, entry[:pattern])
-          result = entry[:handler].call(request, response)
+
+          begin
+            result = entry[:handler].call(request, response)
+          rescue StandardError, ScriptError => error
+            middleware_500(response, "before handler", error)
+            return false
+          end
           return false if result == false
         end
 
-        # 2. Class-based middleware: call every before_* method
+        # 2. Class-based middleware: call every before_* method (definition order)
         middleware_classes.each do |klass|
           before_methods_for(klass).each do |method_name|
-            result = klass.send(method_name, request, response)
+            begin
+              result = klass.send(method_name, request, response)
+            rescue StandardError, ScriptError => error
+              middleware_500(response, "#{class_label(klass)}.#{method_name}", error)
+              return false
+            end
             # Support returning [request, response] (Python convention) or false to halt
             if result == false
               return false
@@ -73,21 +93,42 @@ module Tina4
         true
       end
 
-      # Run all "after" hooks: block-based handlers, then class-based after_* methods.
+      # Run all "after" hooks: block-based handlers, then class-based after_*
+      # methods (in definition order).
       #
       # Signature matches Python/PHP/Node orchestrators: pass the list of
       # middleware classes explicitly.
+      #
+      # AFTER-ON-4xx RULE (M2, documented + consistent across all 4 frameworks):
+      # after_* ALWAYS run even when a before_* short-circuited with status >= 400
+      # and the handler was skipped — so they can still add headers / logging.
+      # The dispatcher calls #run_after unconditionally after the before/handler
+      # block (including on the 4xx / throw halt path).
+      #
+      # M2 — every after_* call is wrapped: a THROW is LOGGED and turns the
+      # response into a clean 500, then the REMAINING after_* still run (they
+      # may add headers/logging). Never an unhandled crash.
       def run_after(middleware_classes, request, response)
         # 1. Block-based after handlers (pattern-matched)
         after_handlers.each do |entry|
           next unless matches_pattern?(request.path, entry[:pattern])
-          entry[:handler].call(request, response)
+
+          begin
+            entry[:handler].call(request, response)
+          rescue StandardError, ScriptError => error
+            middleware_500(response, "after handler", error)
+          end
         end
 
-        # 2. Class-based middleware: call every after_* method
+        # 2. Class-based middleware: call every after_* method (definition order)
         middleware_classes.each do |klass|
           after_methods_for(klass).each do |method_name|
-            result = klass.send(method_name, request, response)
+            begin
+              result = klass.send(method_name, request, response)
+            rescue StandardError, ScriptError => error
+              middleware_500(response, "#{class_label(klass)}.#{method_name}", error)
+              next
+            end
             if result.is_a?(Array) && result.length == 2
               request, response = result
             end
@@ -95,8 +136,38 @@ module Tina4
         end
       end
 
+      # Deterministic clean 500 for a middleware that threw. Logs the cause
+      # (NEVER silent) then sets the response to the canonical error shape —
+      # byte-identical to the Python master ({"error":"Internal Server Error",
+      # "status":500} + status 500). Returns the response for chaining.
+      def middleware_500(response, label, error)
+        begin
+          Tina4::Log.error(
+            "Middleware #{label} raised #{error.class.name}: #{error.message}"
+          )
+        rescue StandardError
+          begin
+            $stderr.puts("Middleware #{label} raised #{error.class.name}: #{error.message}")
+            $stderr.flush
+          rescue StandardError
+            # never let logging break the worker
+          end
+        end
+        response.json({ error: "Internal Server Error", status: 500 }, 500)
+      end
+
       private
 
+      # Human-readable label for a middleware (class name, or the class of an
+      # instance) used in the logged 500 message.
+      def class_label(klass)
+        if klass.is_a?(Class) || klass.is_a?(Module)
+          klass.name || klass.to_s
+        else
+          klass.class.name || klass.class.to_s
+        end
+      end
+
       def matches_pattern?(path, pattern)
         return true if pattern.nil?
         case pattern
@@ -109,14 +180,66 @@ module Tina4
         end
       end
 
-      # Collect all public class methods matching before_*
+      # Collect all class methods matching before_* in DEFINITION order.
       def before_methods_for(klass)
-        klass.methods(false).select { |m| m.to_s.start_with?("before_") }.sort
+        discover_methods(klass, "before_")
       end
 
-      # Collect all public class methods matching after_*
+      # Collect all class methods matching after_* in DEFINITION order.
       def after_methods_for(klass)
-        klass.methods(false).select { |m| m.to_s.start_with?("after_") }.sort
+        discover_methods(klass, "after_")
+      end
+
+      # ----------------------------------------------------------------------
+      # MIDDLEWARE ORDERING (M1) — within a class, before_*/after_* methods run
+      # in SOURCE-DEFINITION order, NOT alphabetical. Cross-class order is the
+      # natural iteration of the registered middleware list (registration
+      # order). before_* run before the handler, after_* after.
+      #
+      # WHY source line numbers, not instance_methods(false): in Ruby/PRISM
+      # `instance_methods(false)` is NOT a reliable definition-order report —
+      # once a method NAME (symbol) has been defined on any other class first,
+      # that name can sort ahead in a later class's list. So we sort the
+      # matching methods by their `source_location` line number, which IS the
+      # true source-definition order and is immune to the symbol-table quirk.
+      # (Methods with no source_location — e.g. C-defined — sort to the front
+      # deterministically by name.) We walk the ancestry base→derived so
+      # inherited middleware methods run before a subclass's own, de-duping
+      # overrides to their first (base) position. Mirrors the Python master's
+      # Middleware._discover_methods MRO walk (which leans on __dict__ insertion
+      # order — the equivalent of source-definition order).
+      def discover_methods(klass, prefix)
+        target = klass.is_a?(Class) || klass.is_a?(Module) ? klass.singleton_class : klass.class
+        seen = {}
+        names = []
+        target.ancestors.reverse_each do |ancestor|
+          matched = begin
+                      ancestor.instance_methods(false).select do |name|
+                        name.to_s.start_with?(prefix) &&
+                          !seen.key?(name) &&
+                          klass.respond_to?(name)
+                      end
+                    rescue StandardError
+                      []
+                    end
+
+          ordered = matched.sort_by.with_index do |name, idx|
+            line = begin
+                     loc = ancestor.instance_method(name).source_location
+                     loc ? loc[1] : -1
+                   rescue StandardError
+                     -1
+                   end
+            # Tie-break on the symbol-table index so the result is total/stable.
+            [line, idx]
+          end
+
+          ordered.each do |name|
+            seen[name] = true
+            names << name
+          end
+        end
+        names
       end
     end
   end

data/lib/tina4/migration.rb

@@ -179,10 +179,12 @@ module Tina4
           rescue
             # Generator may already exist
           end
+          # migration_name is UNIQUE: a migration is "applied" iff a success row
+          # exists, so a re-applied name must never duplicate a tracking row.
           @db.execute(<<~SQL)
             CREATE TABLE #{TRACKING_TABLE} (
               id INTEGER NOT NULL PRIMARY KEY,
-              migration_name VARCHAR(500) NOT NULL,
+              migration_name VARCHAR(500) NOT NULL UNIQUE,
               description VARCHAR(500) DEFAULT '',
               batch INTEGER NOT NULL DEFAULT 1,
               executed_at VARCHAR(50) DEFAULT CURRENT_TIMESTAMP,
@@ -190,10 +192,12 @@ module Tina4
             )
           SQL
         else
+          # migration_name is UNIQUE: a migration is "applied" iff a success row
+          # exists, so a re-applied name must never duplicate a tracking row.
           @db.execute(<<~SQL)
             CREATE TABLE #{TRACKING_TABLE} (
               id INTEGER PRIMARY KEY,
-              migration_name VARCHAR(255) NOT NULL,
+              migration_name VARCHAR(255) NOT NULL UNIQUE,
               description VARCHAR(255) DEFAULT '',
               batch INTEGER NOT NULL DEFAULT 1,
               executed_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
@@ -224,22 +228,37 @@ module Tina4
       return [] unless Dir.exist?(@migrations_dir)
 
       completed = completed_migrations
-      # Support both .rb and .sql migration files
-      # Accept both 000001_name.sql (sequential) and YYYYMMDDHHMMSS_name.sql (timestamp) patterns
-      Dir.glob(File.join(@migrations_dir, "*.{rb,sql}"))
-         .reject { |f| f.end_with?(".down.sql") }
-         .sort_by { |f| migration_sort_key(File.basename(f)) }
-         .reject { |f| completed.include?(File.basename(f)) }
+      # Support both .rb and .sql migration files. Accept both 000001_name.sql
+      # (sequential) and YYYYMMDDHHMMSS_name.sql (timestamp) patterns. Sort by a
+      # leading numeric/timestamp prefix (numeric-aware) so `9_*` applies before
+      # `10_*` — a plain lexical sort misorders unpadded prefixes ("10" < "9").
+      # Files with no numeric prefix sort after the numbered ones, lexically.
+      files = Dir.glob(File.join(@migrations_dir, "*.{rb,sql}"))
+                 .reject { |f| f.end_with?(".down.sql") }
+                 .sort_by { |f| migration_sort_key(File.basename(f)) }
+
+      # Warn about filenames without a recognized NNNNNN_/timestamp prefix —
+      # their ordering relative to numbered migrations is undefined, a silent
+      # out-of-order-apply footgun.
+      unprefixed = files.map { |f| File.basename(f) }.reject { |n| n =~ /\A\d+[_-]/ }
+      unless unprefixed.empty?
+        Tina4::Log.warning(
+          "Migration file(s) without a numeric/timestamp prefix may apply out of order: " +
+          unprefixed.join(", ")
+        )
+      end
+
+      files.reject { |f| completed.include?(File.basename(f)) }
     end
 
-    # Sort key that handles both 000001_name.sql and 20240315120000_name.sql patterns.
-    # Both are zero-padded numeric prefixes so alphabetical sorting works, but we
-    # extract the prefix explicitly to guarantee correct ordering when mixed.
+    # Numeric-aware sort key so `9_name.sql` sorts before `10_name.sql` (plain
+    # lexical sort puts "10" before "9"). Files with a leading numeric/timestamp
+    # prefix sort first by that number; the rest sort after, lexically.
     def migration_sort_key(filename)
       if filename =~ /\A(\d+)/
-        [$1.to_i, filename]
+        [0, $1.to_i, filename]
       else
-        [0, filename]
+        [1, 0, filename]
       end
     end
 
@@ -247,16 +266,27 @@ module Tina4
       name = File.basename(file)
       Tina4::Log.info("Running migration: #{name}")
       begin
+        # Wrap each migration FILE in its own transaction so a multi-statement
+        # file that fails midway rolls back as a unit. Truly atomic only on
+        # engines with transactional DDL (PostgreSQL); MySQL/Firebird/SQLite
+        # auto-commit DDL, so earlier statements may persist there — keep one
+        # logical change per file.
+        @db.start_transaction
         if file.end_with?(".rb")
           execute_ruby_migration(file, :up)
         else
           execute_sql_file(file)
         end
+        # ROW-EXISTENCE tracking: only a SUCCESS row is ever written. A
+        # migration is "applied" iff a success row exists — failures are never
+        # recorded, nothing is deleted, the file rolls back and we surface the
+        # error. Fix the bad file and re-run.
         _record_migration(name, batch, passed: 1)
+        @db.commit
         { name: name, status: "success" }
       rescue => e
+        @db.rollback rescue nil
         Tina4::Log.error("Migration failed: #{name} - #{e.message}")
-        _record_migration(name, batch, passed: 0)
         { name: name, status: "failed", error: e.message }
       end
     end
@@ -296,6 +326,26 @@ module Tina4
       migration.__send__(direction, @db)
     end
 
+    # Smart/curly quotes — editors, word processors, docs and chat apps silently
+    # convert a straight " to “ ” and a straight ' to ‘ ’ (plus primes ′ ″). Those
+    # characters are NOT valid SQL string/identifier delimiters, so a pasted-in
+    # migration fails to run ("syntax error near …"). Map them back to straight
+    # ASCII quotes. (Real string CONTENTS are unaffected by intent — we only swap
+    # the lookalike code points for their ASCII equivalents.)
+    SMART_QUOTES = {
+      "“" => '"', "”" => '"', "„" => '"', "‟" => '"', "″" => '"', # “ ” „ ‟ ″
+      "‘" => "'", "’" => "'", "‚" => "'", "‛" => "'", "′" => "'"  # ‘ ’ ‚ ‛ ′
+    }.freeze
+    SMART_QUOTE_RE = Regexp.union(SMART_QUOTES.keys)
+
+    # Replace smart/curly quotes with straight ASCII quotes so migration SQL
+    # authored or pasted from an editor/doc actually runs (those code points are
+    # not valid SQL delimiters). Already-straight quotes and ordinary content are
+    # returned byte-for-byte unchanged.
+    def normalize_quotes(sql)
+      sql.gsub(SMART_QUOTE_RE, SMART_QUOTES)
+    end
+
     # Split SQL into individual statements, handling:
     # - $$ delimited stored procedure blocks
     # - // delimited blocks
@@ -303,6 +353,10 @@ module Tina4
     # - Line comments -- ...
     # Matches the Python/Node.js approach: extract blocks first, split on ;, restore blocks.
     def split_sql_statements(sql, delimiter = ";")
+      # Normalize smart/curly quotes to straight ASCII first, so SQL pasted from
+      # an editor/doc (which converts " → “ ” and ' → ‘ ’) actually runs.
+      sql = normalize_quotes(sql)
+
       blocks = []
 
       # Extract $$ ... $$ blocks (stored procedures, triggers, etc.)
@@ -311,8 +365,12 @@ module Tina4
         "__BLOCK_#{blocks.length - 1}__"
       end
 
-      # Extract // ... // blocks
-      processed = processed.gsub(/\/\/(.*?)\/\//m) do
+      # Extract // ... // blocks (stored procedures, triggers, etc.). The `//`
+      # delimiters must NOT be preceded by a colon, so a URL scheme
+      # (`https://…`) or other `://` literal inside a migration is never
+      # captured as an opaque stored-proc block (it would otherwise swallow
+      # everything between two `//` occurrences and skip statement splitting).
+      processed = processed.gsub(/(?<!:)\/\/(.*?)(?<!:)\/\//m) do
         blocks << $~.to_s
         "__BLOCK_#{blocks.length - 1}__"
       end
@@ -348,18 +406,21 @@ module Tina4
       sql = File.read(file)
       statements = split_sql_statements(sql)
       statements.each do |stmt|
-        # Firebird lacks IF NOT EXISTS for ALTER TABLE ADD.
-        # Pre-check the system catalogue so duplicate columns are
-        # silently skipped instead of raising an error.
-        skip_reason = should_skip_for_firebird(stmt)
+        # Idempotency on engines lacking IF NOT EXISTS: Firebird ALTER-TABLE-ADD
+        # (pre-check the system catalogue for a duplicate column), and CREATE
+        # TABLE on Firebird/MSSQL (pre-check the table exists). Only a genuine
+        # already-exists is skipped — every other error still raises.
+        skip_reason = should_skip_for_firebird(stmt) || should_skip_create_table(stmt)
         if skip_reason
           Tina4::Log.info("Migration #{File.basename(file)}: #{skip_reason}")
           next
         end
-        result = @db.execute(stmt)
-        if result == false
-          raise RuntimeError, @db.get_error || "SQL execution failed: #{stmt}"
-        end
+        # db.execute() now RAISES on a SQL error (it no longer returns false),
+        # so a bad statement throws straight up to run_migration's rescue, which
+        # records the migration as failed and surfaces the error. The old
+        # "if result == false: raise" check is dead — a plain execute carries
+        # the same failure semantics.
+        @db.execute(stmt)
       end
     end
 
@@ -396,6 +457,34 @@ module Tina4
       end
     end
 
+    # CREATE TABLE <name> — name may be quoted ("x"), bracketed ([x] MSSQL), or bare.
+    CREATE_TABLE_RE = /\A\s*CREATE\s+TABLE\s+(?:IF\s+NOT\s+EXISTS\s+)?(?:"([^"]+)"|\[([^\]]+)\]|(\w+))/i
+
+    # Make CREATE TABLE idempotent on engines lacking IF NOT EXISTS.
+    #
+    # Firebird and MSSQL do not support `CREATE TABLE IF NOT EXISTS`, so a raw
+    # CREATE in a re-run migration raises "object already exists". When the
+    # target table already exists on those engines, returns a skip reason so the
+    # statement is skipped (mirrors the Firebird ALTER-TABLE-ADD idempotency
+    # guard). SQLite/MySQL/PostgreSQL support IF NOT EXISTS and are left to the
+    # engine. Only a genuine already-exists is skipped — every other error still
+    # raises. Returns nil if the statement should execute normally.
+    def should_skip_create_table(stmt)
+      engine = @db.get_database_type rescue nil
+      return nil unless %w[firebird mssql].include?(engine)
+
+      m = stmt.match(CREATE_TABLE_RE)
+      return nil unless m
+
+      table = m[1] || m[2] || m[3]
+      begin
+        return "Table #{table} already exists, skipping CREATE TABLE" if @db.table_exists?(table)
+      rescue
+        return nil
+      end
+      nil
+    end
+
     def _record_migration(name, batch, passed: 1)
       # Extract description from filename (strip numeric prefix and extension)
       stem = File.basename(name, File.extname(name))