feat: intl support and consistency changes

Author: innocenzi

docs/1-essentials/01-routing.md

@@ -299,7 +299,7 @@ final class PasswordlessAuthenticationController
     public function __invoke(Request $request): Response
     {
         if (! $this->uri->hasValidSignature($request)) {
-            return new Invalid();
+            throw new HttpRequestFailed(Status::UNPROCESSABLE_CONTENT);
         }
 
         // …
@@ -704,7 +704,6 @@ Tempest provides several response classes for common use cases, all implementing
 - {b`Tempest\Http\Responses\Back`} — redirects to previous page, accepts a fallback.
 - {b`Tempest\Http\Responses\Download`} — downloads a file from the browser.
 - {b`Tempest\Http\Responses\File`} — shows a file in the browser.
-- {b`Tempest\Http\Responses\Invalid`} — a response with form validation errors, redirecting to the previous page.
 - {b`Tempest\Http\Responses\NotFound`} — the 404 response. Accepts an optional body.
 - {b`Tempest\Http\Responses\ServerError`} — a 500 server error response.
 

packages/http/src/GenericResponse.php

@@ -22,14 +22,6 @@ public function __construct(
         $this->body = $body;
         $this->view = $view;
 
-        foreach ($headers as $key => $values) {
-            if (! is_array($values)) {
-                $values = [$values];
-            }
-
-            foreach ($values as $value) {
-                $this->addHeader($key, $value);
-            }
-        }
+        $this->addHeaders($headers);
     }
 }

packages/http/src/IsResponse.php

@@ -41,6 +41,21 @@ public function getHeader(string $name): ?Header
         );
     }
 
+    public function addHeaders(array $headers): self
+    {
+        foreach ($headers as $key => $values) {
+            if (! is_array($values)) {
+                $values = [$values];
+            }
+
+            foreach ($values as $value) {
+                $this->addHeader($key, $value);
+            }
+        }
+
+        return $this;
+    }
+
     public function addHeader(string $key, string $value): self
     {
         $this->headers[$key] ??= new Header($key);

packages/http/src/RequestHeaders.php

@@ -41,12 +41,14 @@ public function offsetGet(mixed $offset): string
         return $this->get((string) $offset);
     }
 
-    public function get(string $name): ?string
+    public function get(string $name, ?string $default = null): ?string
     {
-        return array_find(
+        $header = array_find(
             array: $this->headers,
             callback: fn (mixed $_, string $header) => strcasecmp($header, $name) === 0,
         );
+
+        return $header ?? $default;
     }
 
     public function has(string $name): bool

packages/http/src/Responses/Back.php

@@ -12,6 +12,9 @@
 
 use function Tempest\get;
 
+/**
+ * This response is not fit for stateless requests.
+ */
 final class Back implements Response
 {
     use IsResponse;

packages/http/src/Responses/Invalid.php

@@ -13,11 +13,13 @@ final class Json implements Response
 {
     use IsResponse;
 
-    public function __construct(JsonSerializable|array|null $body = null)
+    public function __construct(JsonSerializable|array|null $body = null, ?Status $status = null, array $headers = [])
     {
-        $this->status = Status::OK;
+        $this->status = $status ?? Status::OK;
         $this->body = $body;
+
         $this->addHeader('Accept', 'application/json');
         $this->addHeader('Content-Type', 'application/json');
+        $this->addHeaders($headers);
     }
 }

packages/http/src/Responses/Json.php

@@ -8,14 +8,21 @@
 use Tempest\Http\Response;
 use Tempest\Http\Status;
 
+/**
+ * This response is not fit for stateless requests.
+ */
 final class Redirect implements Response
 {
     use IsResponse;
 
     public function __construct(
         private(set) string $to,
+        bool $permanent = false,
     ) {
-        $this->status = Status::FOUND;
+        $this->status = $permanent
+            ? Status::MOVED_PERMANENTLY
+            : Status::FOUND;
+
         $this->addHeader('Location', $to);
     }
 

packages/http/src/Responses/Redirect.php

@@ -3,32 +3,41 @@
 namespace Tempest\Router\Exceptions;
 
 use Tempest\Auth\Exceptions\AccessWasDenied;
-use Tempest\Container\Container;
 use Tempest\Core\AppConfig;
 use Tempest\Core\Priority;
 use Tempest\Http\ContentType;
 use Tempest\Http\GenericResponse;
 use Tempest\Http\HttpRequestFailed;
 use Tempest\Http\Request;
 use Tempest\Http\Response;
-use Tempest\Http\Responses\Invalid;
+use Tempest\Http\SensitiveField;
 use Tempest\Http\Session\CsrfTokenDidNotMatch;
+use Tempest\Http\Session\Session;
 use Tempest\Http\Status;
+use Tempest\Intl\Translator;
+use Tempest\Reflection\ClassReflector;
+use Tempest\Support\Arr;
 use Tempest\Support\Filesystem;
+use Tempest\Support\Json;
 use Tempest\Validation\Exceptions\ValidationFailed;
+use Tempest\Validation\FailingRule;
+use Tempest\Validation\Validator;
 use Tempest\View\GenericView;
 use Throwable;
 
 /**
  * Renders exceptions for HTML content. The priority is lowered by one because
  * JSON-rendering should be the default for requests without `Accept` header.
  */
-#[Priority(Priority::LOWEST + 1)]
+#[Priority(Priority::LOW)]
 final readonly class HtmlExceptionRenderer implements ExceptionRenderer
 {
     public function __construct(
         private AppConfig $appConfig,
-        private Container $container,
+        private Translator $translator,
+        private Request $request,
+        private Validator $validator,
+        private Session $session,
     ) {}
 
     public function canRender(Throwable $throwable, Request $request): bool
@@ -39,45 +48,47 @@ public function canRender(Throwable $throwable, Request $request): bool
     public function render(Throwable $throwable): Response
     {
         $response = match (true) {
-            $throwable instanceof ConvertsToResponse => $throwable->toResponse(),
-            $throwable instanceof ValidationFailed => new Invalid($throwable->subject, $throwable->failingRules, $throwable->targetClass),
-            $throwable instanceof AccessWasDenied => $this->renderErrorResponse(Status::FORBIDDEN),
-            $throwable instanceof HttpRequestFailed => $this->renderErrorResponse($throwable->status, $throwable),
+            $throwable instanceof ValidationFailed => $this->renderValidationFailedResponse($throwable),
+            $throwable instanceof AccessWasDenied => $this->renderErrorResponse(Status::FORBIDDEN, message: $throwable->accessDecision->message),
             $throwable instanceof CsrfTokenDidNotMatch => $this->renderErrorResponse(Status::UNPROCESSABLE_CONTENT),
-            default => $this->renderErrorResponse(Status::INTERNAL_SERVER_ERROR, $throwable),
+            $throwable instanceof HttpRequestFailed => $this->renderHttpRequestFailed($throwable),
+            $throwable instanceof ConvertsToResponse => $throwable->convertToResponse(),
+            default => $this->renderErrorResponse(Status::INTERNAL_SERVER_ERROR),
         };
 
         if ($this->shouldRenderDevelopmentException($throwable)) {
             return new DevelopmentException(
                 throwable: $throwable,
                 response: $response,
-                request: $this->container->get(Request::class),
+                request: $this->request,
             );
         }
 
         return $response;
     }
 
-    private function renderErrorResponse(Status $status, ?Throwable $exception = null): Response
+    private function renderHttpRequestFailed(HttpRequestFailed $exception): Response
     {
-        if ($exception instanceof HttpRequestFailed && $exception->cause?->body) {
+        if ($exception->cause && is_string($exception->cause->body)) {
+            return $this->renderErrorResponse($exception->status, message: $exception->cause->body);
+        }
+
+        if ($exception->cause && $exception->cause->body) {
             return $exception->cause;
         }
 
+        return $this->renderErrorResponse($exception->status);
+    }
+
+    private function renderErrorResponse(Status $status, ?string $message = null): Response
+    {
         return new GenericResponse(
             status: $status,
             body: new GenericView(__DIR__ . '/production/error.view.php', [
                 'css' => $this->getStyleSheet(),
                 'status' => $status->value,
                 'title' => $status->description(),
-                'message' => $exception?->getMessage() ?: match ($status) {
-                    Status::INTERNAL_SERVER_ERROR => 'An unexpected server error occurred',
-                    Status::NOT_FOUND => 'This page could not be found on the server',
-                    Status::FORBIDDEN => 'You do not have permission to access this page',
-                    Status::UNAUTHORIZED => 'You must be authenticated in to access this page',
-                    Status::UNPROCESSABLE_CONTENT => 'The request could not be processed due to invalid data',
-                    default => null,
-                },
+                'message' => $message ?? $this->translator->translate("http_status_error.{$status->value}"),
             ]),
         );
     }
@@ -103,4 +114,52 @@ private function shouldRenderDevelopmentException(Throwable $throwable): bool
 
         return true;
     }
+
+    private function renderValidationFailedResponse(ValidationFailed $exception): Response
+    {
+        $status = Status::UNPROCESSABLE_CONTENT;
+        $headers = [];
+
+        if ($referer = $this->request->headers->get('referer')) {
+            $headers['Location'] = $referer;
+            $status = Status::FOUND;
+        }
+
+        $this->session->flash(Session::VALIDATION_ERRORS, $exception->failingRules);
+        $this->session->flash(Session::ORIGINAL_VALUES, $this->filterSensitiveFields($this->request, $exception->targetClass));
+
+        $errors = Arr\map_iterable($exception->failingRules, fn (array $failingRulesForField, string $field) => Arr\map_iterable(
+            array: $failingRulesForField,
+            map: fn (FailingRule $rule) => $this->validator->getErrorMessage($rule, $field),
+        ));
+
+        $headers['x-validation'] = Json\encode($errors);
+
+        return new GenericResponse(
+            status: $status,
+            headers: $headers,
+        );
+    }
+
+    /**
+     * @param class-string|null $targetClass
+     */
+    private function filterSensitiveFields(Request $request, ?string $targetClass): array
+    {
+        $body = $request->body;
+
+        if ($targetClass === null) {
+            return $body;
+        }
+
+        $reflector = new ClassReflector($targetClass);
+
+        foreach ($reflector->getPublicProperties() as $property) {
+            if ($property->hasAttribute(SensitiveField::class)) {
+                unset($body[$property->getName()]);
+            }
+        }
+
+        return $body;
+    }
 }