auth_master 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c2459f5e3eaff23f81d3e403ded07d9b78577472a011d856b15a5365f189094f
+  data.tar.gz: de3257727b34b730c0ec6c0af1366c5723d5e99ff9c119677570f9ec9dae0d73
+SHA512:
+  metadata.gz: aaf6f1e9ef4cb6c7e8c0f25641ac735b3d3b1e9c60380df3e5c1c176414be2707a6a46022067dd75da8b35c25aacdf2b3bbb8e7bb93e5b6f5bda73b572d08650
+  data.tar.gz: f496418e033c0986041a7216d937aaadee56c9bf51576eadd2a76ffacc92a9a83118fb3c7a9b2208ef0596dba84fc5fd1ff587e6854f75d3414cedaa5e095eb5

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# AuthMaster
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "auth_master"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install auth_master
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/app/assets/stylesheets/auth_master/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/auth_master/application_controller.rb

@@ -0,0 +1,31 @@
+module AuthMaster
+  class ApplicationController < ActionController::Base
+    def target_scoped_class
+      target_scope = config_for(:scope)
+      target_scope.present? ? target_accessor.send(target_scope) : target_accessor
+    end
+
+    private
+
+    def target_accessor
+      finder = config_for(:finder)
+      finder.is_a?(Proc) ? finder.call : target_class
+    end
+
+    def target_class
+      target_param.to_s.classify.constantize
+    end
+
+    def target_param
+      params[:target].to_sym
+    end
+
+    def config_for(name)
+      AuthMaster.targets[target_param][name.to_sym]
+    end
+
+    def check_target_configuration
+      raise ActionController::RoutingError.new("Not Found") if AuthMaster.targets[target_param].blank?
+    end
+  end
+end

data/app/controllers/auth_master/sessions_controller.rb

@@ -0,0 +1,41 @@
+module AuthMaster
+  class SessionsController < ApplicationController
+    TIMING_ATTACK_INTERVAL = 1
+
+    before_action :check_target_configuration
+    around_action :prevent_timing_attack, only: :send_link
+
+    # NOTE: Show input email form
+    def new
+    end
+
+    def send_link
+      AuthMaster::SendLinkOperation.call!(params[:email], target_scoped_class:)
+      redirect_to auth_master_sent_url(target: target_param)
+    end
+
+    def sent
+    end
+
+    def link
+
+    end
+
+    private
+
+    def prevent_timing_attack
+      start_time = Time.current
+      yield
+
+      @timing_attack_interval = timing_attack_interval
+      if @timing_attack_interval.positive?
+        duration = Time.current - start_time
+        sleep(@timing_attack_interval - duration) if duration < @timing_attack_interval
+      end
+    end
+
+    def timing_attack_interval
+      AuthMaster.timing_attack_interval.presence || TIMING_ATTACK_INTERVAL
+    end
+  end
+end

data/app/helpers/auth_master/application_helper.rb

@@ -0,0 +1,4 @@
+module AuthMaster
+  module ApplicationHelper
+  end
+end

data/app/helpers/auth_master/sessions_helper.rb

@@ -0,0 +1,4 @@
+module AuthMaster
+  module SessionsHelper
+  end
+end

data/app/models/auth_master/application_record.rb

@@ -0,0 +1,5 @@
+module AuthMaster
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/auth_master/session.rb

@@ -0,0 +1,5 @@
+module AuthMaster
+  class Session < ApplicationRecord
+    belongs_to :target, polymorphic: true
+  end
+end

data/app/operations/auth_master/send_link_operation.rb

@@ -0,0 +1,11 @@
+module AuthMaster
+  class SendLinkOperation
+    def self.call!(email, target_scoped_class:)
+      target = target_scoped_class.find_by(email:)
+      return if target.blank?
+
+      auth_master_session = AuthMaster::SessionService.create!(target)
+      AuthMaster::SessionService.send_link!(auth_master_session) if auth_master_session.present?
+    end
+  end
+end

data/app/services/auth_master/session_service.rb

@@ -0,0 +1,57 @@
+require 'token_guard'
+
+module AuthMaster
+  class SessionService
+    LOGIN_TIMEOUT_INTERVAL  = 5.minutes
+    LOGIN_ATTEMPTS_COUNT    = 3
+
+    class << self
+      def create!(target)
+        return if !allow_creation?(target)
+
+        AuthMaster::Session.create!(target:)
+      end
+
+      def send_link!(auth_master_session)
+        target = auth_master_session.target
+
+        token = TokenGuard.encrypt(auth_master_session.id, purpose: :email, secret: AuthMaster.targets[target_name(target)][:secret])
+        target_mailer(target).with(email: target.email, token:).send(target_mailer_login_link_method(target)).deliver_later
+      end
+
+      private
+
+      def count(target, time:)
+        AuthMaster::Session.where(target:).where("created_at > ?", DateTime.current - time).count
+      end
+
+      def allow_creation?(target)
+        count(target, time: login_timeout_interval(target)) < login_attempts_count(target)
+      end
+
+      def login_timeout_interval(target)
+        AuthMaster.targets[target_name(target)][:login_timeout_interval] || LOGIN_TIMEOUT_INTERVAL
+      end
+
+      def login_attempts_count(target)
+        AuthMaster.targets[target_name(target)][:login_attempts_count] || LOGIN_ATTEMPTS_COUNT
+      end
+
+      def target_name(target)
+        target.class.to_s.downcase.to_sym
+      end
+
+      def target_mailer(target)
+        config_for(target, :mailer_class).to_s.classify.constantize
+      end
+
+      def target_mailer_login_link_method(target)
+        config_for(target, :mailer_login_link_method)
+      end
+
+      def config_for(target, name)
+        AuthMaster.targets[target_name(target)][name.to_sym]
+      end
+    end
+  end
+end

data/app/views/auth_master/sessions/new.html.erb

@@ -0,0 +1 @@
+<h1>Sessions#new</h1>

data/app/views/auth_master/sessions/sent.html.erb

@@ -0,0 +1 @@
+<h1>Sessions#sent</h1>

data/app/views/layouts/auth_master/application.html.erb

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Auth master</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= yield :head %>
+
+  <%= stylesheet_link_tag    "auth_master/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,11 @@
+AuthMaster::Engine.routes.draw do
+  get   "/:target/login", to: "sessions#new", as: :auth_master_login
+  post  "/:target/login", to: "sessions#send_link"
+
+  get   "/:target/sent",  to: "sessions#sent", as: :auth_master_sent
+
+  get   "/:target/link",  to: "sessions#link", as: :auth_master_link
+  post  "/:target/link",  to: "sessions#create"
+
+  get   "/:target/denied", to: "sessions#denied", as: :auth_master_denied
+end

data/db/migrate/20250313120723_create_auth_master_sessions.rb

@@ -0,0 +1,9 @@
+class CreateAuthMasterSessions < ActiveRecord::Migration[8.0]
+  def change
+    create_table :auth_master_sessions, id: :uuid do |t|
+      t.references :target, polymorphic: true, null: false, type: :uuid
+
+      t.timestamps
+    end
+  end
+end

data/lib/auth_master/engine.rb

@@ -0,0 +1,5 @@
+module AuthMaster
+  class Engine < ::Rails::Engine
+    isolate_namespace AuthMaster
+  end
+end

data/lib/auth_master/version.rb

@@ -0,0 +1,3 @@
+module AuthMaster
+  VERSION = "0.0.1"
+end

data/lib/auth_master.rb

@@ -0,0 +1,10 @@
+require "auth_master/version"
+require "auth_master/engine"
+
+module AuthMaster
+  mattr_accessor  :targets, :timing_attack_interval
+
+  def self.configure
+    yield self
+  end
+end

data/lib/tasks/auth_master_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :auth_master do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: auth_master
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- vickodin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2025-03-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.0.2
+- !ruby/object:Gem::Dependency
+  name: token_guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: Authentication Engine
+email:
+- vick.orel@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/stylesheets/auth_master/application.css
+- app/controllers/auth_master/application_controller.rb
+- app/controllers/auth_master/sessions_controller.rb
+- app/helpers/auth_master/application_helper.rb
+- app/helpers/auth_master/sessions_helper.rb
+- app/models/auth_master/application_record.rb
+- app/models/auth_master/session.rb
+- app/operations/auth_master/send_link_operation.rb
+- app/services/auth_master/session_service.rb
+- app/views/auth_master/sessions/new.html.erb
+- app/views/auth_master/sessions/sent.html.erb
+- app/views/layouts/auth_master/application.html.erb
+- config/routes.rb
+- db/migrate/20250313120723_create_auth_master_sessions.rb
+- lib/auth_master.rb
+- lib/auth_master/engine.rb
+- lib/auth_master/version.rb
+- lib/tasks/auth_master_tasks.rake
+homepage: https://github.com/vickodin/auth_master
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/vickodin/auth_master
+  source_code_uri: https://github.com/vickodin/auth_master
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.1
+signing_key: 
+specification_version: 4
+summary: Authentication engine for projects built with Rails (Ruby on Rails)
+test_files: []