Class: Otto::Route

Inherits:

Object

• Object
• Otto::Route

Defined in:

lib/otto/route.rb

Overview

Otto::Route

A Route is a definition of a URL path and the method to call when that path is requested. Each route represents a single line in a routes file.

Routes include built-in security features:

• Class name validation to prevent code injection

• Automatic security header injection

• CSRF protection when enabled

• Input validation and sanitization

e.g.

GET   /uri/path      YourApp.method
GET   /uri/path2     YourApp#method

Defined Under Namespace

Modules: ClassMethods

Instance Attribute Summary

• #definition ⇒ Object readonly

  Returns the value of attribute definition.

• #keys ⇒ Object readonly

  Returns the value of attribute keys.

• #kind ⇒ Object readonly

  Returns the value of attribute kind.

• #klass ⇒ Object readonly

  Returns the value of attribute klass.

• #method ⇒ Object readonly

  Returns the value of attribute method.

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #otto ⇒ Object

  Returns the value of attribute otto.

• #path ⇒ Object readonly

  Returns the value of attribute path.

• #pattern ⇒ Object readonly

  Returns the value of attribute pattern.

• #verb ⇒ Object readonly

  Returns the value of attribute verb.

Instance Method Summary

• #call(env, extra_params = {}) ⇒ Array

  Execute the route by calling the associated class method.

• #initialize(verb, path, definition) ⇒ Route constructor

  Initialize a new route with security validations.

• #pattern_regexp ⇒ Object

Constructor Details

#initialize(verb, path, definition) ⇒ Route

Initialize a new route with security validations

Parameters:

• verb (String) —

  HTTP verb (GET, POST, PUT, DELETE, etc.)

• path (String) —

  URL path pattern with optional parameters

• definition (String) —

  Class and method definition (Class.method or Class#method)

Raises:

• (ArgumentError) —

  if definition format is invalid or class name is unsafe

# File 'lib/otto/route.rb', line 35

def initialize(verb, path, definition)
  @verb           = verb.to_s.upcase.to_sym
  @path           = path
  @definition     = definition
  @pattern, @keys = *compile(@path)
  if !@definition.index('.').nil?
    @klass, @name = @definition.split('.')
    @kind         = :class
  elsif !@definition.index('#').nil?
    @klass, @name = @definition.split('#')
    @kind         = :instance
  else
    raise ArgumentError, "Bad definition: #{@definition}"
  end
  @klass          = safe_const_get(@klass)
  # @method = @klass.method(@name)
end

Instance Attribute Details

#definition ⇒ Object (readonly)

Returns the value of attribute definition.

# File 'lib/otto/route.rb', line 26

def definition
  @definition
end

#keys ⇒ Object (readonly)

Returns the value of attribute keys.

# File 'lib/otto/route.rb', line 26

def keys
  @keys
end

#kind ⇒ Object (readonly)

Returns the value of attribute kind.

# File 'lib/otto/route.rb', line 26

def kind
  @kind
end

#klass ⇒ Object (readonly)

Returns the value of attribute klass.

# File 'lib/otto/route.rb', line 26

def klass
  @klass
end

#method ⇒ Object (readonly)

Returns the value of attribute method.

# File 'lib/otto/route.rb', line 26

def method
  @method
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/otto/route.rb', line 26

def name
  @name
end

#otto ⇒ Object

Returns the value of attribute otto.

# File 'lib/otto/route.rb', line 27

def otto
  @otto
end

#path ⇒ Object (readonly)

Returns the value of attribute path.

# File 'lib/otto/route.rb', line 26

def path
  @path
end

#pattern ⇒ Object (readonly)

Returns the value of attribute pattern.

# File 'lib/otto/route.rb', line 26

def pattern
  @pattern
end

#verb ⇒ Object (readonly)

Returns the value of attribute verb.

# File 'lib/otto/route.rb', line 26

def verb
  @verb
end

Instance Method Details

#call(env, extra_params = {}) ⇒ Array

Execute the route by calling the associated class method

This method handles the complete request/response cycle with built-in security:

• Processes parameters through the security layer

• Adds configured security headers to the response

• Extends request/response with security helpers when enabled

• Provides CSRF and validation helpers to the target class

Parameters:

• env (Hash) —

  Rack environment hash

• extra_params (Hash) (defaults to: {}) —

  Additional parameters to merge (default: {})

Returns:

• (Array) —

  Rack response array [status, headers, body]

# File 'lib/otto/route.rb', line 110

def call(env, extra_params = {})
  extra_params ||= {}
  req            = Rack::Request.new(env)
  res            = Rack::Response.new
  req.extend Otto::RequestHelpers
  res.extend Otto::ResponseHelpers
  res.request    = req

  # Process parameters through security layer
  req.params.merge! extra_params
  req.params.replace Otto::Static.indifferent_params(req.params)

  # Add security headers
  if otto.respond_to?(:security_config) && otto.security_config
    otto.security_config.security_headers.each do |header, value|
      res.headers[header] = value
    end
  end

  klass.extend Otto::Route::ClassMethods
  klass.otto = otto

  # Add security helpers if CSRF is enabled
  if otto.respond_to?(:security_config) && otto.security_config&.csrf_enabled?
    res.extend Otto::Security::CSRFHelpers
  end

  # Add validation helpers
  res.extend Otto::Security::ValidationHelpers

  case kind
  when :instance
    inst = klass.new req, res
    inst.send(name)
  when :class
    klass.send(name, req, res)
  else
    raise "Unsupported kind for #{@definition}: #{kind}"
  end
  res.body = [res.body] unless res.body.respond_to?(:each)
  res.finish
end

#pattern_regexp ⇒ Object

# File 'lib/otto/route.rb', line 95

def pattern_regexp
  Regexp.new(@path.gsub('/*', '/.+'))
end