whoosh 1.0.1

data/lib/whoosh/auth/jwt.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require "openssl"
+require "base64"
+require "json"
+
+module Whoosh
+  module Auth
+    class Jwt
+      def initialize(secret:, algorithm: :hs256, expiry: 3600)
+        @secret = secret
+        @algorithm = algorithm
+        @expiry = expiry
+      end
+
+      def generate(sub:, **claims)
+        header = { alg: "HS256", typ: "JWT" }
+        now = Time.now.to_i
+        payload = { sub: sub, iat: now, exp: now + @expiry }.merge(claims)
+
+        header_b64 = base64url_encode(JSON.generate(header))
+        payload_b64 = base64url_encode(JSON.generate(payload))
+        signature = sign("#{header_b64}.#{payload_b64}")
+
+        "#{header_b64}.#{payload_b64}.#{signature}"
+      end
+
+      def authenticate(request)
+        auth_header = request.headers["Authorization"]
+        raise Errors::UnauthorizedError, "Missing authorization header" unless auth_header
+        token = auth_header.sub(/\ABearer\s+/i, "")
+        decode(token)
+      end
+
+      private
+
+      def decode(token)
+        parts = token.split(".")
+        raise Errors::UnauthorizedError, "Invalid token format" unless parts.length == 3
+
+        header_b64, payload_b64, signature = parts
+
+        expected_sig = sign("#{header_b64}.#{payload_b64}")
+        unless secure_compare(signature, expected_sig)
+          raise Errors::UnauthorizedError, "Invalid token signature"
+        end
+
+        payload = JSON.parse(base64url_decode(payload_b64))
+
+        if payload["exp"] && payload["exp"] < Time.now.to_i
+          raise Errors::UnauthorizedError, "Token expired"
+        end
+
+        payload.transform_keys(&:to_sym)
+      rescue JSON::ParserError
+        raise Errors::UnauthorizedError, "Invalid token payload"
+      end
+
+      def sign(data)
+        digest = OpenSSL::Digest.new("SHA256")
+        signature_bytes = OpenSSL::HMAC.digest(digest, @secret, data)
+        Base64.urlsafe_encode64(signature_bytes, padding: false)
+      end
+
+      def base64url_encode(data)
+        Base64.urlsafe_encode64(data, padding: false)
+      end
+
+      def base64url_decode(str)
+        Base64.urlsafe_decode64(str)
+      end
+
+      def secure_compare(a, b)
+        # Use HMAC-based comparison to prevent length oracle attacks.
+        # Comparing raw strings leaks whether lengths differ; comparing their
+        # HMAC digests normalises to a fixed size before the constant-time XOR.
+        digest = OpenSSL::Digest.new("SHA256")
+        hmac_a = OpenSSL::HMAC.digest(digest, @secret, a)
+        hmac_b = OpenSSL::HMAC.digest(digest, @secret, b)
+        l = hmac_a.unpack("C*")
+        r = hmac_b.unpack("C*")
+        result = 0
+        l.zip(r) { |x, y| result |= x ^ y }
+        result.zero?
+      end
+    end
+  end
+end

data/lib/whoosh/auth/oauth2.rb

@@ -0,0 +1,33 @@
+# lib/whoosh/auth/oauth2.rb
+# frozen_string_literal: true
+
+module Whoosh
+  module Auth
+    class OAuth2
+      def initialize(token_url: "/oauth/token", validator: nil)
+        @token_url = token_url
+        @validator = validator
+      end
+
+      def authenticate(request)
+        auth_header = request.headers["Authorization"]
+        raise Errors::UnauthorizedError, "Missing authorization header" unless auth_header
+
+        token = auth_header.sub(/\ABearer\s+/i, "")
+        raise Errors::UnauthorizedError, "Missing token" if token.empty?
+
+        if @validator
+          result = @validator.call(token)
+          raise Errors::UnauthorizedError, "Invalid token" unless result
+          result
+        else
+          { token: token }
+        end
+      end
+
+      def token_url
+        @token_url
+      end
+    end
+  end
+end

data/lib/whoosh/auth/rate_limiter.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module Whoosh
+  module Auth
+    class RateLimiter
+      def initialize(default_limit: 60, default_period: 60, on_store_failure: :fail_open)
+        @default_limit = default_limit
+        @default_period = default_period
+        @on_store_failure = on_store_failure
+        @rules = {}
+        @tiers = {}
+        @store = {}
+        @mutex = Mutex.new
+      end
+
+      def rule(path, limit:, period:)
+        @rules[path] = { limit: limit, period: period }
+      end
+
+      def tier(name, limit: nil, period: nil, unlimited: false)
+        @tiers[name] = { limit: limit, period: period, unlimited: unlimited }
+      end
+
+      def check!(key, path, tier: nil)
+        limits = resolve_limits(path, tier)
+        return if limits[:unlimited]
+
+        bucket_key = "#{key}:#{path}"
+
+        @mutex.synchronize do
+          record = @store[bucket_key]
+          now = Time.now.to_f
+
+          if record.nil? || (now - record[:window_start]) >= limits[:period]
+            @store[bucket_key] = { count: 1, window_start: now }
+            return
+          end
+
+          if record[:count] >= limits[:limit]
+            retry_after = (limits[:period] - (now - record[:window_start])).ceil
+            raise Errors::RateLimitExceeded.new(retry_after: retry_after)
+          end
+
+          record[:count] += 1
+        end
+      rescue NoMethodError, TypeError
+        if @on_store_failure == :fail_closed
+          raise Errors::RateLimitExceeded.new("Rate limit store unavailable", retry_after: 60)
+        end
+      end
+
+      def remaining(key, path, tier: nil)
+        limits = resolve_limits(path, tier)
+        return Float::INFINITY if limits[:unlimited]
+
+        bucket_key = "#{key}:#{path}"
+
+        @mutex.synchronize do
+          record = @store[bucket_key]
+          return limits[:limit] unless record
+
+          now = Time.now.to_f
+          return limits[:limit] if (now - record[:window_start]) >= limits[:period]
+
+          [limits[:limit] - record[:count], 0].max
+        end
+      end
+
+      private
+
+      def resolve_limits(path, tier)
+        if tier && @tiers[tier]
+          tier_config = @tiers[tier]
+          return { unlimited: true } if tier_config[:unlimited]
+          return { limit: tier_config[:limit], period: tier_config[:period], unlimited: false }
+        end
+
+        if @rules[path]
+          return { limit: @rules[path][:limit], period: @rules[path][:period], unlimited: false }
+        end
+
+        { limit: @default_limit, period: @default_period, unlimited: false }
+      end
+    end
+  end
+end

data/lib/whoosh/auth/token_tracker.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Whoosh
+  module Auth
+    class TokenTracker
+      def initialize
+        @usage = {}
+        @callbacks = []
+        @mutex = Mutex.new
+      end
+
+      def on_usage(&block)
+        @callbacks << block
+      end
+
+      def record(key:, endpoint:, tokens:)
+        total = tokens.values.sum
+        @mutex.synchronize do
+          @usage[key] ||= { total_tokens: 0, endpoints: {} }
+          @usage[key][:total_tokens] += total
+          @usage[key][:endpoints][endpoint] ||= 0
+          @usage[key][:endpoints][endpoint] += total
+        end
+        @callbacks.each { |cb| cb.call(key, endpoint, tokens) }
+      end
+
+      def usage_for(key)
+        @mutex.synchronize do
+          data = @usage[key]
+          return { total_tokens: 0, endpoints: {} } unless data
+          { total_tokens: data[:total_tokens], endpoints: data[:endpoints].dup }
+        end
+      end
+
+      def reset(key)
+        @mutex.synchronize { @usage.delete(key) }
+      end
+    end
+  end
+end

data/lib/whoosh/cache/memory_store.rb

@@ -0,0 +1,57 @@
+# lib/whoosh/cache/memory_store.rb
+# frozen_string_literal: true
+
+module Whoosh
+  module Cache
+    class MemoryStore
+      def initialize(default_ttl: 300)
+        @store = {}
+        @default_ttl = default_ttl
+        @mutex = Mutex.new
+      end
+
+      def get(key)
+        @mutex.synchronize do
+          entry = @store[key]
+          return nil unless entry
+          if entry[:expires_at] && Time.now.to_f > entry[:expires_at]
+            @store.delete(key)
+            return nil
+          end
+          entry[:value]
+        end
+      end
+
+      def set(key, value, ttl: nil)
+        ttl ||= @default_ttl
+        serialized = Serialization::Json.decode(Serialization::Json.encode(value))
+        @mutex.synchronize do
+          @store[key] = { value: serialized, expires_at: Time.now.to_f + ttl }
+        end
+        true
+      end
+
+      def fetch(key, ttl: nil)
+        existing = get(key)
+        return existing unless existing.nil?
+        value = yield
+        set(key, value, ttl: ttl)
+        Serialization::Json.decode(Serialization::Json.encode(value))
+      end
+
+      def delete(key)
+        @mutex.synchronize { @store.delete(key) }
+        true
+      end
+
+      def clear
+        @mutex.synchronize { @store.clear }
+        true
+      end
+
+      def close
+        # No-op
+      end
+    end
+  end
+end

data/lib/whoosh/cache/redis_store.rb

@@ -0,0 +1,72 @@
+# lib/whoosh/cache/redis_store.rb
+# frozen_string_literal: true
+
+module Whoosh
+  module Cache
+    class RedisStore
+      @redis_available = nil
+
+      def self.available?
+        if @redis_available.nil?
+          @redis_available = begin
+            require "redis"
+            true
+          rescue LoadError
+            false
+          end
+        end
+        @redis_available
+      end
+
+      def initialize(url:, default_ttl: 300, pool_size: 5)
+        unless self.class.available?
+          raise Errors::DependencyError, "Cache Redis store requires the 'redis' gem"
+        end
+        @redis = Redis.new(url: url)
+        @default_ttl = default_ttl
+      end
+
+      def get(key)
+        raw = @redis.get(key)
+        return nil unless raw
+        Serialization::Json.decode(raw)
+      rescue => e
+        nil
+      end
+
+      def set(key, value, ttl: nil)
+        ttl ||= @default_ttl
+        @redis.set(key, Serialization::Json.encode(value), ex: ttl)
+        true
+      rescue => e
+        false
+      end
+
+      def fetch(key, ttl: nil)
+        existing = get(key)
+        return existing unless existing.nil?
+        value = yield
+        set(key, value, ttl: ttl)
+        Serialization::Json.decode(Serialization::Json.encode(value))
+      end
+
+      def delete(key)
+        @redis.del(key) > 0
+      rescue => e
+        false
+      end
+
+      def clear
+        @redis.flushdb
+        true
+      rescue => e
+        false
+      end
+
+      def close
+        @redis.close
+      rescue => e
+      end
+    end
+  end
+end

data/lib/whoosh/cache.rb

@@ -0,0 +1,26 @@
+# lib/whoosh/cache.rb
+# frozen_string_literal: true
+
+module Whoosh
+  module Cache
+    autoload :MemoryStore, "whoosh/cache/memory_store"
+    autoload :RedisStore,  "whoosh/cache/redis_store"
+
+    def self.build(config_data = {})
+      cache_config = config_data["cache"] || {}
+      store = cache_config["store"] || "memory"
+      default_ttl = cache_config["default_ttl"] || 300
+
+      case store
+      when "memory"
+        MemoryStore.new(default_ttl: default_ttl)
+      when "redis"
+        url = cache_config["url"] || "redis://localhost:6379"
+        pool_size = cache_config["pool_size"] || 5
+        RedisStore.new(url: url, default_ttl: default_ttl, pool_size: pool_size)
+      else
+        raise ArgumentError, "Unknown cache store: #{store}"
+      end
+    end
+  end
+end

data/lib/whoosh/cli/generators.rb

@@ -0,0 +1,133 @@
+# lib/whoosh/cli/generators.rb
+# frozen_string_literal: true
+
+require "fileutils"
+
+module Whoosh
+  module CLI
+    class Generators
+      TYPE_MAP = {
+        "string" => "String", "integer" => "Integer", "float" => "Float",
+        "boolean" => "Whoosh::Types::Bool", "text" => "String",
+        "datetime" => "Time"
+      }.freeze
+
+      def self.endpoint(name, fields = [], root: Dir.pwd)
+        cn = classify(name)
+        FileUtils.mkdir_p(File.join(root, "endpoints"))
+        FileUtils.mkdir_p(File.join(root, "schemas"))
+        FileUtils.mkdir_p(File.join(root, "test", "endpoints"))
+
+        # Generate schema with fields
+        schema(name, fields, root: root) unless fields.empty?
+
+        unless fields.empty?
+          # schema already generated above, skip the blank one
+        else
+          File.write(File.join(root, "schemas", "#{name}.rb"),
+            "# frozen_string_literal: true\n\nclass #{cn}Request < Whoosh::Schema\n  # Add fields here\nend\n\nclass #{cn}Response < Whoosh::Schema\n  # Add fields here\nend\n")
+        end
+
+        File.write(File.join(root, "endpoints", "#{name}.rb"),
+          "# frozen_string_literal: true\n\nclass #{cn}Endpoint < Whoosh::Endpoint\n  post \"/#{name}\", request: #{cn}Request\n\n  def call(req)\n    { message: \"#{cn} endpoint\" }\n  end\nend\n")
+
+        File.write(File.join(root, "test", "endpoints", "#{name}_test.rb"),
+          "# frozen_string_literal: true\n\nrequire \"test_helper\"\n\nRSpec.describe #{cn}Endpoint do\n  it \"responds to POST /#{name}\" do\n    post \"/#{name}\"\n    expect(last_response.status).to eq(200)\n  end\nend\n")
+
+        puts "Created endpoints/#{name}.rb, schemas/#{name}.rb, test/endpoints/#{name}_test.rb"
+      end
+
+      def self.schema(name, fields = [], root: Dir.pwd)
+        cn = classify(name)
+        FileUtils.mkdir_p(File.join(root, "schemas"))
+
+        field_lines = fields.map { |f|
+          col, type = f.split(":")
+          ruby_type = TYPE_MAP[type] || "String"
+          "  field :#{col}, #{ruby_type}, required: true"
+        }.join("\n")
+        field_lines = "  # field :name, String, required: true, desc: \"Description\"" if field_lines.empty?
+
+        File.write(File.join(root, "schemas", "#{name}.rb"),
+          "# frozen_string_literal: true\n\nclass #{cn}Schema < Whoosh::Schema\n#{field_lines}\nend\n")
+        puts "Created schemas/#{name}.rb"
+      end
+
+      def self.model(name, fields = [], root: Dir.pwd)
+        cn = classify(name)
+        table = "#{name.downcase}s"
+        ts = Time.now.strftime("%Y%m%d%H%M%S")
+
+        FileUtils.mkdir_p(File.join(root, "models"))
+        FileUtils.mkdir_p(File.join(root, "db", "migrations"))
+
+        File.write(File.join(root, "models", "#{name.downcase}.rb"),
+          "# frozen_string_literal: true\n\nclass #{cn} < Sequel::Model(:#{table})\nend\n")
+
+        cols = fields.map { |f|
+          col, type = f.split(":")
+          st = { "string" => "String", "integer" => "Integer", "float" => "Float", "boolean" => "TrueClass", "text" => "String, text: true", "datetime" => "DateTime" }[type] || "String"
+          "      #{st} :#{col}, null: false"
+        }.join("\n")
+
+        File.write(File.join(root, "db", "migrations", "#{ts}_create_#{table}.rb"),
+          "Sequel.migration do\n  change do\n    create_table(:#{table}) do\n      primary_key :id\n#{cols}\n      DateTime :created_at, default: Sequel::CURRENT_TIMESTAMP\n      DateTime :updated_at\n    end\n  end\nend\n")
+
+        FileUtils.mkdir_p(File.join(root, "test", "models"))
+        File.write(File.join(root, "test", "models", "#{name.downcase}_test.rb"),
+          "# frozen_string_literal: true\n\nrequire \"test_helper\"\n\nRSpec.describe #{cn} do\n  it \"exists\" do\n    expect(#{cn}).to be_a(Class)\n  end\nend\n")
+
+        puts "Created models/#{name.downcase}.rb, db/migrations/#{ts}_create_#{table}.rb"
+      end
+
+      def self.migration(name, root: Dir.pwd)
+        ts = Time.now.strftime("%Y%m%d%H%M%S")
+        FileUtils.mkdir_p(File.join(root, "db", "migrations"))
+        File.write(File.join(root, "db", "migrations", "#{ts}_#{name}.rb"),
+          "Sequel.migration do\n  change do\n    # Add migration code here\n  end\nend\n")
+        puts "Created db/migrations/#{ts}_#{name}.rb"
+      end
+
+      def self.plugin(name, root: Dir.pwd)
+        cn = classify(name)
+        FileUtils.mkdir_p(File.join(root, "lib"))
+
+        File.write(File.join(root, "lib", "#{name}_plugin.rb"), <<~RUBY)
+          # frozen_string_literal: true
+
+          class #{cn}Plugin < Whoosh::Plugins::Base
+            gem_name "#{name}"
+            accessor_name :#{name.tr("-", "_")}
+
+            def self.initialize_plugin(config)
+              # Initialize and return plugin instance
+              nil
+            end
+          end
+        RUBY
+        puts "Created lib/#{name}_plugin.rb"
+      end
+
+      def self.proto(name, root: Dir.pwd)
+        FileUtils.mkdir_p(File.join(root, "protos"))
+        msg_name = name.match?(/[_-]/) ? classify(name) : name
+
+        File.write(File.join(root, "protos", "#{name.downcase}.proto"), <<~PROTO)
+          syntax = "proto3";
+
+          package whoosh;
+
+          message #{msg_name} {
+            // Add fields here
+            // string name = 1;
+          }
+        PROTO
+        puts "Created protos/#{name.downcase}.proto"
+      end
+
+      def self.classify(name)
+        name.split(/[-_]/).map(&:capitalize).join
+      end
+    end
+  end
+end