tina4ruby 3.2.1 → 3.9.2

data/lib/tina4/database.rb

@@ -4,8 +4,69 @@ require "uri"
 require "digest"
 
 module Tina4
+  # Thread-safe connection pool with round-robin rotation.
+  # Connections are created lazily on first use.
+  class ConnectionPool
+    attr_reader :size
+
+    def initialize(pool_size, driver_factory:, connection_string:, username: nil, password: nil)
+      @pool_size = pool_size
+      @driver_factory = driver_factory
+      @connection_string = connection_string
+      @username = username
+      @password = password
+      @drivers = Array.new(pool_size)  # nil slots — lazy creation
+      @index = 0
+      @mutex = Mutex.new
+    end
+
+    # Get the next driver via round-robin. Thread-safe.
+    def checkout
+      @mutex.synchronize do
+        idx = @index
+        @index = (@index + 1) % @pool_size
+
+        if @drivers[idx].nil?
+          driver = @driver_factory.call
+          driver.connect(@connection_string, username: @username, password: @password)
+          @drivers[idx] = driver
+        end
+
+        @drivers[idx]
+      end
+    end
+
+    # Return a driver to the pool. Currently a no-op for round-robin.
+    def checkin(_driver)
+      # no-op
+    end
+
+    # Close all active connections.
+    def close_all
+      @mutex.synchronize do
+        @drivers.each_with_index do |driver, i|
+          if driver
+            driver.close rescue nil
+            @drivers[i] = nil
+          end
+        end
+      end
+    end
+
+    # Number of connections that have been created.
+    def active_count
+      @mutex.synchronize do
+        @drivers.count { |d| !d.nil? }
+      end
+    end
+
+    def size
+      @pool_size
+    end
+  end
+
   class Database
-    attr_reader :driver, :driver_name, :connected
+    attr_reader :driver, :driver_name, :connected, :pool
 
     DRIVERS = {
       "sqlite" => "Tina4::Drivers::SqliteDriver",
@@ -18,12 +79,12 @@ module Tina4
       "firebird" => "Tina4::Drivers::FirebirdDriver"
     }.freeze
 
-    def initialize(connection_string = nil, username: nil, password: nil, driver_name: nil)
+    def initialize(connection_string = nil, username: nil, password: nil, driver_name: nil, pool: 0)
       @connection_string = connection_string || ENV["DATABASE_URL"]
       @username = username || ENV["DATABASE_USERNAME"]
       @password = password || ENV["DATABASE_PASSWORD"]
       @driver_name = driver_name || detect_driver(@connection_string)
-      @driver = create_driver
+      @pool_size = pool  # 0 = single connection, N>0 = N pooled connections
       @connected = false
 
       # Query cache — off by default, opt-in via TINA4_DB_CACHE=true
@@ -34,12 +95,34 @@ module Tina4
       @cache_misses = 0
       @cache_mutex = Mutex.new
 
-      connect
+      if @pool_size > 0
+        # Pooled mode — create a ConnectionPool with lazy driver creation
+        @pool = ConnectionPool.new(
+          @pool_size,
+          driver_factory: method(:create_driver),
+          connection_string: @connection_string,
+          username: @username,
+          password: @password
+        )
+        @driver = nil
+        @connected = true
+      else
+        # Single-connection mode — current behavior
+        @pool = nil
+        @driver = create_driver
+        connect
+      end
     end
 
     def connect
       @driver.connect(@connection_string, username: @username, password: @password)
       @connected = true
+
+      # Enable autocommit if TINA4_AUTOCOMMIT env var is set
+      if truthy?(ENV["TINA4_AUTOCOMMIT"]) && @driver.respond_to?(:autocommit=)
+        @driver.autocommit = true
+      end
+
       Tina4::Log.info("Database connected: #{@driver_name}")
     rescue => e
       Tina4::Log.error("Database connection failed: #{e.message}")
@@ -47,10 +130,23 @@ module Tina4
     end
 
     def close
-      @driver.close if @connected
+      if @pool
+        @pool.close_all
+      elsif @driver && @connected
+        @driver.close
+      end
       @connected = false
     end
 
+    # Get the current driver — from pool (round-robin) or single connection.
+    def current_driver
+      if @pool
+        @pool.checkout
+      else
+        @driver
+      end
+    end
+
     # ── Query Cache ──────────────────────────────────────────────
 
     def cache_stats
@@ -73,10 +169,13 @@ module Tina4
       end
     end
 
-    def fetch(sql, params = [], limit: nil, skip: nil)
+    def fetch(sql, params = [], limit: nil, offset: nil)
+      offset ||= 0
+      drv = current_driver
+
       effective_sql = sql
       if limit
-        effective_sql = @driver.apply_limit(effective_sql, limit, skip || 0)
+        effective_sql = drv.apply_limit(effective_sql, limit, offset)
       end
 
       if @cache_enabled
@@ -86,15 +185,15 @@ module Tina4
           @cache_mutex.synchronize { @cache_hits += 1 }
           return cached
         end
-        result = @driver.execute_query(effective_sql, params)
-        result = Tina4::DatabaseResult.new(result, sql: effective_sql)
+        result = drv.execute_query(effective_sql, params)
+        result = Tina4::DatabaseResult.new(result, sql: effective_sql, db: self)
         cache_set(key, result)
         @cache_mutex.synchronize { @cache_misses += 1 }
         return result
       end
 
-      rows = @driver.execute_query(effective_sql, params)
-      Tina4::DatabaseResult.new(rows, sql: effective_sql)
+      rows = drv.execute_query(effective_sql, params)
+      Tina4::DatabaseResult.new(rows, sql: effective_sql, db: self)
     end
 
     def fetch_one(sql, params = [])
@@ -118,38 +217,41 @@ module Tina4
 
     def insert(table, data)
       cache_invalidate if @cache_enabled
+      drv = current_driver
 
       # List of hashes — batch insert
       if data.is_a?(Array)
         return { success: true, affected_rows: 0 } if data.empty?
         keys = data.first.keys.map(&:to_s)
-        placeholders = @driver.placeholders(keys.length)
+        placeholders = drv.placeholders(keys.length)
         sql = "INSERT INTO #{table} (#{keys.join(', ')}) VALUES (#{placeholders})"
         params_list = data.map { |row| keys.map { |k| row[k.to_sym] || row[k] } }
         return execute_many(sql, params_list)
       end
 
       columns = data.keys.map(&:to_s)
-      placeholders = @driver.placeholders(columns.length)
+      placeholders = drv.placeholders(columns.length)
       sql = "INSERT INTO #{table} (#{columns.join(', ')}) VALUES (#{placeholders})"
-      @driver.execute(sql, data.values)
-      { success: true, last_id: @driver.last_insert_id }
+      drv.execute(sql, data.values)
+      { success: true, last_id: drv.last_insert_id }
     end
 
     def update(table, data, filter = {})
       cache_invalidate if @cache_enabled
+      drv = current_driver
 
-      set_parts = data.keys.map { |k| "#{k} = #{@driver.placeholder}" }
-      where_parts = filter.keys.map { |k| "#{k} = #{@driver.placeholder}" }
+      set_parts = data.keys.map { |k| "#{k} = #{drv.placeholder}" }
+      where_parts = filter.keys.map { |k| "#{k} = #{drv.placeholder}" }
       sql = "UPDATE #{table} SET #{set_parts.join(', ')}"
       sql += " WHERE #{where_parts.join(' AND ')}" unless filter.empty?
       values = data.values + filter.values
-      @driver.execute(sql, values)
+      drv.execute(sql, values)
       { success: true }
     end
 
     def delete(table, filter = {})
       cache_invalidate if @cache_enabled
+      drv = current_driver
 
       # List of hashes — delete each row
       if filter.is_a?(Array)
@@ -161,47 +263,48 @@ module Tina4
       if filter.is_a?(String)
         sql = "DELETE FROM #{table}"
         sql += " WHERE #{filter}" unless filter.empty?
-        @driver.execute(sql)
+        drv.execute(sql)
         return { success: true }
       end
 
       # Hash filter — build WHERE from keys
-      where_parts = filter.keys.map { |k| "#{k} = #{@driver.placeholder}" }
+      where_parts = filter.keys.map { |k| "#{k} = #{drv.placeholder}" }
       sql = "DELETE FROM #{table}"
       sql += " WHERE #{where_parts.join(' AND ')}" unless filter.empty?
-      @driver.execute(sql, filter.values)
+      drv.execute(sql, filter.values)
       { success: true }
     end
 
     def execute(sql, params = [])
       cache_invalidate if @cache_enabled
-      @driver.execute(sql, params)
+      current_driver.execute(sql, params)
     end
 
     def execute_many(sql, params_list = [])
       total_affected = 0
       params_list.each do |params|
-        @driver.execute(sql, params)
+        current_driver.execute(sql, params)
         total_affected += 1
       end
       { success: true, affected_rows: total_affected }
     end
 
     def transaction
-      @driver.begin_transaction
+      drv = current_driver
+      drv.begin_transaction
       yield self
-      @driver.commit
+      drv.commit
     rescue => e
-      @driver.rollback
+      drv.rollback
       raise e
     end
 
     def tables
-      @driver.tables
+      current_driver.tables
     end
 
     def columns(table_name)
-      @driver.columns(table_name)
+      current_driver.columns(table_name)
     end
 
     def table_exists?(table_name)

data/lib/tina4/database_result.rb

@@ -5,12 +5,22 @@ module Tina4
   class DatabaseResult
     include Enumerable
 
-    attr_reader :records, :sql, :count
+    attr_reader :records, :columns, :count, :limit, :offset, :sql,
+                :affected_rows, :last_id, :error
 
-    def initialize(records = [], sql: "")
+    def initialize(records = [], sql: "", columns: [], count: nil, limit: 10, offset: 0,
+                   affected_rows: 0, last_id: nil, error: nil, db: nil)
       @records = records || []
       @sql = sql
-      @count = @records.length
+      @columns = columns.empty? && !@records.empty? ? @records.first.keys : columns
+      @count = count || @records.length
+      @limit = limit
+      @offset = offset
+      @affected_rows = affected_rows
+      @last_id = last_id
+      @error = error
+      @db = db
+      @column_info_cache = nil
     end
 
     def each(&block)
@@ -33,12 +43,26 @@ module Tina4
       @records[index]
     end
 
+    def length
+      @count
+    end
+
+    def size
+      @count
+    end
+
+    def success?
+      @error.nil?
+    end
+
     def to_array
       @records.map do |record|
         record.is_a?(Hash) ? record : record.to_h
       end
     end
 
+    alias to_a to_array
+
     def to_json(*_args)
       JSON.generate(to_array)
     end
@@ -54,11 +78,13 @@ module Tina4
       lines.join("\n")
     end
 
-    def to_paginate(page: 1, per_page: 10)
-      total = @records.length
-      total_pages = (total.to_f / per_page).ceil
-      offset = (page - 1) * per_page
-      page_records = @records[offset, per_page] || []
+    def to_paginate(page: nil, per_page: nil)
+      per_page ||= @limit > 0 ? @limit : 10
+      page ||= @offset > 0 ? (@offset / per_page) + 1 : 1
+      total = @count
+      total_pages = [1, (total.to_f / per_page).ceil].max
+      slice_offset = (page - 1) * per_page
+      page_records = @records[slice_offset, per_page] || []
       {
         data: page_records,
         page: page,
@@ -75,8 +101,96 @@ module Tina4
                                   primary_key: primary_key, editable: editable)
     end
 
+    # Return column metadata for the query's table.
+    #
+    # Lazy — only queries the database when explicitly called. Caches the
+    # result so subsequent calls return immediately without re-querying.
+    #
+    # Returns an array of hashes with keys:
+    #   name, type, size, decimals, nullable, primary_key
+    def column_info
+      return @column_info_cache if @column_info_cache
+
+      table = extract_table_from_sql
+
+      if @db && table
+        begin
+          @column_info_cache = query_column_metadata(table)
+          return @column_info_cache
+        rescue StandardError
+          # Fall through to fallback
+        end
+      end
+
+      @column_info_cache = fallback_column_info
+      @column_info_cache
+    end
+
     private
 
+    def extract_table_from_sql
+      return nil if @sql.nil? || @sql.empty?
+
+      if (m = @sql.match(/\bFROM\s+["']?(\w+)["']?/i))
+        return m[1]
+      end
+      if (m = @sql.match(/\bINSERT\s+INTO\s+["']?(\w+)["']?/i))
+        return m[1]
+      end
+      if (m = @sql.match(/\bUPDATE\s+["']?(\w+)["']?/i))
+        return m[1]
+      end
+      nil
+    end
+
+    def query_column_metadata(table)
+      # Use the database's columns method which delegates to the driver
+      raw_cols = @db.columns(table)
+      normalize_columns(raw_cols)
+    rescue StandardError
+      fallback_column_info
+    end
+
+    def normalize_columns(raw_cols)
+      raw_cols.map do |col|
+        col_type = (col[:type] || col["type"] || "UNKNOWN").to_s.upcase
+        size, decimals = parse_type_size(col_type)
+        {
+          name: (col[:name] || col["name"]).to_s,
+          type: col_type.sub(/\(.*\)/, ""),
+          size: size,
+          decimals: decimals,
+          nullable: col.key?(:nullable) ? col[:nullable] : (col.key?("nullable") ? col["nullable"] : true),
+          primary_key: col[:primary_key] || col["primary_key"] || col[:primary] || col["primary"] || false
+        }
+      end
+    end
+
+    def parse_type_size(type_str)
+      if (m = type_str.match(/\((\d+)(?:\s*,\s*(\d+))?\)/))
+        size = m[1].to_i
+        decimals = m[2] ? m[2].to_i : nil
+        [size, decimals]
+      else
+        [nil, nil]
+      end
+    end
+
+    def fallback_column_info
+      return [] if @records.empty?
+      keys = @records.first.is_a?(Hash) ? @records.first.keys : []
+      keys.map do |k|
+        {
+          name: k.to_s,
+          type: "UNKNOWN",
+          size: nil,
+          decimals: nil,
+          nullable: true,
+          primary_key: false
+        }
+      end
+    end
+
     def escape_csv(value, separator)
       str = value.to_s
       if str.include?(separator) || str.include?('"') || str.include?("\n")

data/lib/tina4/env.rb

@@ -6,7 +6,7 @@ module Tina4
     DEFAULT_ENV = {
       "PROJECT_NAME" => "Tina4 Ruby Project",
       "VERSION" => "1.0.0",
-      "TINA4_LANGUAGE" => "en",
+      "TINA4_LOCALE" => "en",
       "TINA4_DEBUG" => "true",
       "TINA4_LOG_LEVEL" => "[TINA4_LOG_ALL]",
       "SECRET" => "tina4-secret-change-me"

data/lib/tina4/frond.rb

@@ -391,6 +391,66 @@ module Tina4
     # -----------------------------------------------------------------------
 
     def eval_var(expr, context)
+      # Check for top-level ternary BEFORE splitting filters so that
+      # expressions like ``products|length != 1 ? "s" : ""`` work correctly.
+      ternary_pos = find_ternary(expr)
+      if ternary_pos != -1
+        cond_part = expr[0...ternary_pos].strip
+        rest = expr[(ternary_pos + 1)..]
+        colon_pos = find_colon(rest)
+        if colon_pos != -1
+          true_part = rest[0...colon_pos].strip
+          false_part = rest[(colon_pos + 1)..].strip
+          cond = eval_var_raw(cond_part, context)
+          return truthy?(cond) ? eval_var(true_part, context) : eval_var(false_part, context)
+        end
+      end
+
+      eval_var_inner(expr, context)
+    end
+
+    def eval_var_raw(expr, context)
+      var_name, filters = parse_filter_chain(expr)
+      value = eval_expr(var_name, context)
+      filters.each do |fname, args|
+        next if fname == "raw" || fname == "safe"
+        fn = @filters[fname]
+        if fn
+          evaluated_args = args.map { |a| eval_filter_arg(a, context) }
+          value = fn.call(value, *evaluated_args)
+        else
+          # The filter name may include a trailing comparison operator,
+          # e.g. "length != 1".  Extract the real filter name and the
+          # comparison suffix, apply the filter, then evaluate the comparison.
+          m = fname.match(/\A(\w+)\s*(!=|==|>=|<=|>|<)\s*(.+)\z/)
+          if m
+            real_filter = m[1]
+            op = m[2]
+            right_expr = m[3].strip
+            fn2 = @filters[real_filter]
+            if fn2
+              evaluated_args = args.map { |a| eval_filter_arg(a, context) }
+              value = fn2.call(value, *evaluated_args)
+            end
+            right = eval_expr(right_expr, context)
+            value = case op
+                    when "!=" then value != right
+                    when "==" then value == right
+                    when ">=" then value >= right
+                    when "<=" then value <= right
+                    when ">"  then value > right
+                    when "<"  then value < right
+                    else false
+                    end rescue false
+          else
+            value = eval_expr(fname, context)
+          end
+        end
+      end
+      value
+    end
+
+    def eval_var_inner(expr, context)
       var_name, filters = parse_filter_chain(expr)
 
       # Sandbox: check variable access
@@ -435,6 +495,68 @@ module Tina4
       eval_expr(arg, context)
     end
 
+    # Find the index of a top-level ``?`` that is part of a ternary operator.
+    # Respects quoted strings, parentheses, and skips ``??`` (null coalesce).
+    # Returns -1 if not found.
+    def find_ternary(expr)
+      depth = 0
+      in_quote = nil
+      i = 0
+      len = expr.length
+      while i < len
+        ch = expr[i]
+        if in_quote
+          in_quote = nil if ch == in_quote
+          i += 1
+          next
+        end
+        if ch == '"' || ch == "'"
+          in_quote = ch
+          i += 1
+          next
+        end
+        if ch == "("
+          depth += 1
+        elsif ch == ")"
+          depth -= 1
+        elsif ch == "?" && depth == 0
+          # Skip ``??`` (null coalesce)
+          if i + 1 < len && expr[i + 1] == "?"
+            i += 2
+            next
+          end
+          return i
+        end
+        i += 1
+      end
+      -1
+    end
+
+    # Find the index of the top-level ``:`` that separates the true/false
+    # branches of a ternary.  Respects quotes and parentheses.
+    def find_colon(expr)
+      depth = 0
+      in_quote = nil
+      expr.each_char.with_index do |ch, i|
+        if in_quote
+          in_quote = nil if ch == in_quote
+          next
+        end
+        if ch == '"' || ch == "'"
+          in_quote = ch
+          next
+        end
+        if ch == "("
+          depth += 1
+        elsif ch == ")"
+          depth -= 1
+        elsif ch == ":" && depth == 0
+          return i
+        end
+      end
+      -1
+    end
+
     # -----------------------------------------------------------------------
     # Filter chain parser
     # -----------------------------------------------------------------------
@@ -1321,8 +1443,20 @@ module Tina4
         "safe"          => ->(v, *_a) { v },
         "json_encode"   => ->(v, *_a) { JSON.generate(v) rescue v.to_s },
         "json_decode"   => ->(v, *_a) { v.is_a?(String) ? (JSON.parse(v) rescue v) : v },
-        "base64_encode" => ->(v, *_a) { Base64.strict_encode64(v.to_s) },
+        "base64_encode" => ->(v, *_a) { Base64.strict_encode64(v.is_a?(String) ? v : v.to_s) },
+        "base64encode"  => ->(v, *_a) { Base64.strict_encode64(v.is_a?(String) ? v : v.to_s) },
         "base64_decode" => ->(v, *_a) { Base64.decode64(v.to_s) },
+        "base64decode"  => ->(v, *_a) { Base64.decode64(v.to_s) },
+        "data_uri" => ->(v, *_a) {
+          if v.is_a?(Hash)
+            ct = v[:type] || v["type"] || "application/octet-stream"
+            raw = v[:content] || v["content"] || ""
+            raw = raw.respond_to?(:read) ? raw.read : raw
+            "data:#{ct};base64,#{Base64.strict_encode64(raw.to_s)}"
+          else
+            v.to_s
+          end
+        },
         "url_encode"    => ->(v, *_a) { CGI.escape(v.to_s) },
 
         # -- Hashing --
@@ -1473,6 +1607,14 @@ module Tina4
     #   - "checkout|order_123": payload is {"type" => "form", "context" => "checkout", "ref" => "order_123"}
     #
     # @return [String] <input type="hidden" name="formToken" value="TOKEN">
+    # Session ID used by generate_form_token for CSRF session binding.
+    # Set this before rendering templates to bind tokens to the current session.
+    @form_token_session_id = ""
+
+    class << self
+      attr_accessor :form_token_session_id
+    end
+
     def self.generate_form_token(descriptor = "")
       require_relative "log"
       require_relative "auth"
@@ -1488,7 +1630,11 @@ module Tina4
         end
       end
 
-      ttl_minutes = (ENV["TINA4_TOKEN_LIMIT"] || "30").to_i
+      # Include session_id for CSRF session binding
+      sid = form_token_session_id.to_s
+      payload["session_id"] = sid unless sid.empty?
+
+      ttl_minutes = (ENV["TINA4_TOKEN_LIMIT"] || "60").to_i
       expires_in = ttl_minutes * 60
       token = Tina4::Auth.create_token(payload, expires_in: expires_in)
       Tina4::SafeString.new(%(<input type="hidden" name="formToken" value="#{CGI.escapeHTML(token)}">))

data/lib/tina4/localization.rb

@@ -11,7 +11,7 @@ module Tina4
       end
 
       def current_locale
-        @current_locale || ENV["TINA4_LANGUAGE"] || "en"
+        @current_locale || ENV["TINA4_LOCALE"] || "en"
       end
 
       def current_locale=(locale)