beskar 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 634876ddd13d9bc2e2cf6fd90917f3890dc97aefd3ed7746552ab2fa9838a15c
+  data.tar.gz: '085d97745587523870ea5dacaedda2cc757f88a48711d8ca556e7e7ef72061a0'
+SHA512:
+  metadata.gz: 4f10ade46713e24239ba8b2ef55ba30fa17556cdf290ba31fc935b810d5c68d0931d2e37f622511aa61fe3fc74249b23c1dd859c07847d8147c43f62c4a9dc13
+  data.tar.gz: aa1f4dcd08a7ba93359a10c9c84c61e4c9e8dd73708302c216a308ef344fc79064d70b43d2d74e2162790ca3243b515122a555dfec85d410d61577bad2ca49d1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright Maciej Litwiniuk
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,87 @@
+# Beskar
+
+**Beskar** is a comprehensive, Rails-native security engine designed to provide multi-layered, proactive protection for modern web applications. It defends against common threats, bot activity, and account takeovers without requiring external dependencies, integrating seamlessly into your application as a natural extension of the framework.
+
+## Features
+
+-   **Web Application Firewall (WAF):** Real-time protection against common attack vectors like SQL Injection (SQLi) and Cross-Site Scripting (XSS).
+-   **Advanced Bot Detection:** Multi-layered defense using JavaScript challenges and invisible honeypots to filter out malicious bots while allowing legitimate ones.
+-   **Account Takeover (ATO) Prevention:** Actively monitors and blocks brute-force attacks, credential stuffing, and impossible travel anomalies.
+-   **Rails-Native Architecture:** Built as a mountable `Rails::Engine`, it leverages `ActiveJob` and `Rails.cache` for high performance and low overhead.
+-   **Real-Time Dashboard (Coming Soon):** A mountable dashboard to visualize security events and monitor threats as they happen.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'beskar'
+````
+
+And then execute:
+
+```bash
+$ bundle install
+```
+
+Next, run the installation generator. This will copy the necessary migrations and create an initializer file.
+
+```bash
+$ rails g beskar:install
+```
+
+Finally, run the database migrations:
+
+```bash
+$ rails db:migrate
+```
+
+## Configuration
+
+You can configure Rails Security Shield in the initializer file created by the installer:
+
+```ruby
+# config/initializers/beskar.rb
+RailsSecurityShield.configure do |config|
+  # === Web Application Firewall (WAF) ===
+  # Enable or disable the WAF middleware. Defaults to false.
+  config.enable_waf = true
+
+  # === Account Protection ===
+  # Set the class name of your user model.
+  # This is used for tracking security events related to users.
+  config.user_class = 'User'
+
+  # More configuration options will be available here.
+end
+```
+
+## Usage
+
+Once installed and configured, Rails Security Shield works automatically. Its middleware is injected into the Rails request stack to analyze incoming traffic and block threats before they reach your application.
+
+Security events are logged to the `beskar_security_events` table for analysis and will be visualized in the forthcoming security dashboard.
+
+## Development
+
+After checking out the repo, run `bundle install` to install dependencies. The gem contains a dummy Rails application in `test/dummy` for development and testing.
+
+To run the test suite, use the standard Rails command:
+
+```bash
+# From the gem's root directory
+$ bin/rails test
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at [https://github.com/prograis/beskar](https://github.com/prograils/beskar). 
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Just be nice to each other.
+

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/app/assets/stylesheets/beskar/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/beskar/application_controller.rb

@@ -0,0 +1,4 @@
+module Beskar
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/helpers/beskar/application_helper.rb

@@ -0,0 +1,4 @@
+module Beskar
+  module ApplicationHelper
+  end
+end

data/app/jobs/beskar/application_job.rb

@@ -0,0 +1,4 @@
+module Beskar
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/beskar/application_mailer.rb

@@ -0,0 +1,6 @@
+module Beskar
+  class ApplicationMailer < ActionMailer::Base
+    default from: "from@example.com"
+    layout "mailer"
+  end
+end

data/app/models/beskar/application_record.rb

@@ -0,0 +1,5 @@
+module Beskar
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/views/layouts/beskar/application.html.erb

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Beskar</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= yield :head %>
+
+  <%= stylesheet_link_tag    "beskar/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,2 @@
+Beskar::Engine.routes.draw do
+end

data/lib/beskar/engine.rb

@@ -0,0 +1,5 @@
+module Beskar
+  class Engine < ::Rails::Engine
+    isolate_namespace Beskar
+  end
+end

data/lib/beskar/version.rb

@@ -0,0 +1,3 @@
+module Beskar
+  VERSION = "0.0.1"
+end

data/lib/beskar.rb

@@ -0,0 +1,6 @@
+require "beskar/version"
+require "beskar/engine"
+
+module Beskar
+  # Your code goes here...
+end

data/lib/tasks/beskar_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :beskar do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,75 @@
+--- !ruby/object:Gem::Specification
+name: beskar
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Maciej Litwiniuk
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.0.0
+description: |-
+  Rails Security Shield is a comprehensive, Rails-native security engine designed to provide multi-layered protection for modern web applications. It actively defends against common threats by integrating a powerful Web Application Firewall (WAF) to block attacks like SQLi and XSS, an advanced bot detection system using JavaScript challenges and honeypots, and robust account takeover prevention to stop brute-force and credential stuffing attacks.
+
+  Built as a mountable Rails Engine, it leverages core framework features like ActiveJob and Rails.cache to ensure high performance and minimal external dependencies. It includes a real-time dashboard for monitoring security events, giving you immediate insight into the threats your application faces. Drop it in, configure it, and get enterprise-grade security that feels like a natural extension of Rails.
+email:
+- maciej@litwiniuk.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/stylesheets/beskar/application.css
+- app/controllers/beskar/application_controller.rb
+- app/helpers/beskar/application_helper.rb
+- app/jobs/beskar/application_job.rb
+- app/mailers/beskar/application_mailer.rb
+- app/models/beskar/application_record.rb
+- app/views/layouts/beskar/application.html.erb
+- config/routes.rb
+- lib/beskar.rb
+- lib/beskar/engine.rb
+- lib/beskar/version.rb
+- lib/tasks/beskar_tasks.rake
+homepage: https://humadroid.io/
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://humadroid.io/
+  source_code_uri: https://github.com/prograils/beskar
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: An all-in-one security engine for Rails providing WAF, bot detection, and
+  account takeover prevention.
+test_files: []