better_authy 0.1.0

data/app/views/better_authy/sessions/new.html.erb

@@ -0,0 +1,80 @@
+<% content_for :title, t("better_authy.sessions.title") %>
+
+<div class="w-full max-w-md">
+  <% if flash[:alert].present? %>
+    <%= bui_action_messages([flash[:alert]],
+      variant: :danger,
+      style: :soft,
+      dismissible: true,
+      container_classes: "mb-6"
+    ) %>
+  <% end %>
+
+  <% if flash[:notice].present? %>
+    <%= bui_action_messages([flash[:notice]],
+      variant: :success,
+      style: :soft,
+      dismissible: true,
+      container_classes: "mb-6"
+    ) %>
+  <% end %>
+
+  <%= bui_card(
+    variant: :light,
+    style: :bordered,
+    size: :lg,
+    shadow: true
+  ) do |card| %>
+    <% card.with_header do %>
+      <h1 class="text-2xl font-bold text-center text-grayscale-900">
+        <%= t("better_authy.sessions.title") %>
+      </h1>
+    <% end %>
+
+    <% card.with_body do %>
+      <%= form_with model: @session_form, scope: :session, url: request.path, builder: BetterUi::UiFormBuilder, class: "space-y-6" do |f| %>
+        <%= f.bui_text_input :email,
+          label: t("better_authy.attributes.email"),
+          placeholder: t("better_authy.placeholders.email"),
+          type: "email",
+          autocomplete: "email" %>
+
+        <%= f.bui_password_input :password,
+          label: t("better_authy.attributes.password"),
+          placeholder: t("better_authy.placeholders.password"),
+          autocomplete: "current-password" %>
+
+        <div class="flex items-center justify-between">
+          <%= f.bui_checkbox :remember_me,
+            label: t("better_authy.sessions.remember_me") %>
+
+          <%= link_to t("better_authy.sessions.forgot_password"),
+                      send(:"new_#{params[:scope]}_password_path"),
+                      class: "text-sm font-medium text-primary-600 hover:text-primary-500" %>
+        </div>
+
+        <div>
+          <%= bui_button(
+            variant: :primary,
+            style: :solid,
+            size: :lg,
+            type: :submit,
+            show_loader_on_click: true,
+            container_classes: "w-full"
+          ) do %>
+            <%= t("better_authy.sessions.submit") %>
+          <% end %>
+        </div>
+      <% end %>
+    <% end %>
+
+    <% card.with_footer do %>
+      <p class="text-center text-sm text-grayscale-600">
+        <%= t("better_authy.sessions.no_account") %>
+        <%= link_to t("better_authy.sessions.signup_link"),
+                    send(:"#{params[:scope]}_signup_path"),
+                    class: "font-medium text-primary-600 hover:text-primary-500" %>
+      </p>
+    <% end %>
+  <% end %>
+</div>

data/app/views/layouts/better_authy/application.html.erb

@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title><%= content_for(:title) || "Authentication" %></title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= yield :head %>
+
+  <%= vite_stylesheet_link_tag "application.css" if defined?(vite_stylesheet_link_tag) %>
+  <%= vite_javascript_include_tag "application.js" if defined?(vite_javascript_include_tag) %>
+</head>
+
+<body class="bg-grayscale-50 min-h-screen">
+  <div class="flex min-h-screen flex-col items-center justify-center px-4 py-12">
+    <%= yield %>
+  </div>
+</body>
+</html>

data/config/locales/en.yml

@@ -0,0 +1,48 @@
+en:
+  better_authy:
+    sessions:
+      title: "Sign In"
+      submit: "Sign In"
+      remember_me: "Remember me"
+      signed_in: "Signed in successfully."
+      signed_out: "Signed out successfully."
+      invalid_credentials: "Invalid email or password."
+      unauthenticated: "You need to sign in to continue."
+      no_account: "Don't have an account?"
+      signup_link: "Sign up"
+      forgot_password: "Forgot password?"
+    registrations:
+      title: "Sign Up"
+      submit: "Create account"
+      errors_title: "Please correct the following errors:"
+      signed_up: "Welcome! You have signed up successfully."
+      has_account: "Already have an account?"
+      login_link: "Sign in"
+    attributes:
+      email: "Email"
+      password: "Password"
+      password_confirmation: "Password confirmation"
+    placeholders:
+      email: "you@example.com"
+      password: "Enter your password"
+      password_confirmation: "Confirm your password"
+    hints:
+      password: "Minimum 8 characters"
+    passwords:
+      forgot_title: "Forgot Password"
+      forgot_instruction: "Enter your email address and we'll send you instructions to reset your password."
+      forgot_submit: "Send Reset Instructions"
+      remembered: "Remember your password?"
+      reset_title: "Reset Password"
+      reset_submit: "Reset Password"
+      send_instructions: "If your email address exists in our database, you will receive password reset instructions shortly."
+      updated: "Your password has been changed successfully. You can now sign in."
+      invalid_token: "The password reset link is invalid or has expired."
+      no_token: "No password reset token provided."
+      mailer:
+        subject: "Password Reset Instructions"
+        greeting: "Hello %{email}!"
+        instruction: "Someone has requested a link to change your password. You can do this through the link below."
+        action: "Change my password"
+        ignore: "If you didn't request this, please ignore this email."
+        expiration: "This link will expire in %{hours} hour(s)."

data/config/locales/it.yml

@@ -0,0 +1,48 @@
+it:
+  better_authy:
+    sessions:
+      title: "Accedi"
+      submit: "Accedi"
+      remember_me: "Ricordami"
+      signed_in: "Accesso effettuato."
+      signed_out: "Disconnessione effettuata."
+      invalid_credentials: "Email o password non validi."
+      unauthenticated: "Devi effettuare l'accesso."
+      no_account: "Non hai un account?"
+      signup_link: "Registrati"
+      forgot_password: "Password dimenticata?"
+    registrations:
+      title: "Registrati"
+      submit: "Crea account"
+      errors_title: "Correggi i seguenti errori:"
+      signed_up: "Registrazione completata."
+      has_account: "Hai già un account?"
+      login_link: "Accedi"
+    attributes:
+      email: "Email"
+      password: "Password"
+      password_confirmation: "Conferma password"
+    placeholders:
+      email: "tu@esempio.com"
+      password: "Inserisci la password"
+      password_confirmation: "Conferma la password"
+    hints:
+      password: "Minimo 8 caratteri"
+    passwords:
+      forgot_title: "Password dimenticata"
+      forgot_instruction: "Inserisci il tuo indirizzo email e ti invieremo le istruzioni per reimpostare la password."
+      forgot_submit: "Invia istruzioni"
+      remembered: "Ricordi la password?"
+      reset_title: "Reimposta password"
+      reset_submit: "Reimposta password"
+      send_instructions: "Se il tuo indirizzo email esiste nel nostro database, riceverai le istruzioni per reimpostare la password a breve."
+      updated: "La tua password e' stata modificata con successo. Ora puoi accedere."
+      invalid_token: "Il link per reimpostare la password non e' valido o e' scaduto."
+      no_token: "Token per reimpostare la password non fornito."
+      mailer:
+        subject: "Istruzioni per reimpostare la password"
+        greeting: "Ciao %{email}!"
+        instruction: "Qualcuno ha richiesto un link per cambiare la tua password. Puoi farlo tramite il link qui sotto."
+        action: "Cambia la mia password"
+        ignore: "Se non hai richiesto tu questa operazione, ignora questa email."
+        expiration: "Questo link scadra' tra %{hours} ora/e."

data/config/routes.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+BetterAuthy::Engine.routes.draw do
+  # Generate routes for each configured scope
+  # The defaults: { scope: scope_name } injects the scope into params
+  # so controllers don't need to parse the URL path
+  BetterAuthy.configuration.scopes.each_key do |scope_name|
+    scope scope_name.to_s, defaults: { scope: scope_name } do
+      get "login", to: "sessions#new", as: :"#{scope_name}_login"
+      post "login", to: "sessions#create"
+      delete "logout", to: "sessions#destroy", as: :"#{scope_name}_logout"
+
+      get "signup", to: "registrations#new", as: :"#{scope_name}_signup"
+      post "signup", to: "registrations#create"
+
+      # Password reset routes
+      get "password/new", to: "passwords#new", as: :"new_#{scope_name}_password"
+      post "password", to: "passwords#create", as: :"#{scope_name}_password"
+      get "password/edit", to: "passwords#edit", as: :"edit_#{scope_name}_password"
+      patch "password", to: "passwords#update"
+    end
+  end
+end

data/lib/better_authy/configuration.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class Configuration
+    attr_reader :scopes, :cookie_config
+
+    def initialize
+      @scopes = {}
+      @cookie_config = {
+        secure: ENV.fetch("BETTER_AUTHY_SECURE_COOKIES", "false") == "true",
+        httponly: true,
+        same_site: :lax
+      }
+    end
+
+    def cookie_config=(options)
+      @cookie_config = @cookie_config.merge(options)
+    end
+
+    def scope(name, &block)
+      raise ArgumentError, "scope requires a block" unless block_given?
+
+      name = name.to_sym
+      raise ConfigurationError, "Scope :#{name} is already registered" if @scopes.key?(name)
+
+      scope_config = ScopeConfiguration.new(name)
+      yield(scope_config)
+      @scopes[name] = scope_config
+    end
+
+    def scope_for(name)
+      @scopes[name.to_sym]
+    end
+
+    def scope_for!(name)
+      scope_for(name) || raise(ConfigurationError, "Scope :#{name} is not registered")
+    end
+
+    def validate!
+      @scopes.each_value(&:validate!)
+    end
+  end
+end

data/lib/better_authy/controller_helpers.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  module ControllerHelpers
+    extend ActiveSupport::Concern
+
+    included do
+      # Define helper methods for each configured scope
+      BetterAuthy.configuration.scopes.each_key do |scope_name|
+        define_scope_helpers(scope_name)
+      end
+    end
+
+    class_methods do
+      def define_scope_helpers(scope_name)
+        # current_{scope}
+        define_method(:"current_#{scope_name}") do
+          ivar = "@current_#{scope_name}"
+          return instance_variable_get(ivar) if instance_variable_defined?(ivar)
+
+          instance_variable_set(ivar, find_authenticated_resource(scope_name))
+        end
+
+        # {scope}_signed_in?
+        define_method(:"#{scope_name}_signed_in?") do
+          send(:"current_#{scope_name}").present?
+        end
+
+        # sign_in_{scope}
+        define_method(:"sign_in_#{scope_name}") do |resource, remember: false|
+          scope_config = BetterAuthy.scope_for!(scope_name)
+
+          reset_session
+          session[scope_config.session_key] = resource.id
+          resource.track_sign_in!(request)
+
+          if remember
+            token = resource.remember_me!
+            cookie_value = "#{resource.id}:#{token}"
+            cookies.encrypted[scope_config.remember_cookie] = {
+              value: cookie_value,
+              expires: scope_config.remember_for.from_now,
+              **BetterAuthy.configuration.cookie_config
+            }
+          end
+
+          instance_variable_set("@current_#{scope_name}", resource)
+        end
+
+        # sign_out_{scope}
+        define_method(:"sign_out_#{scope_name}") do
+          scope_config = BetterAuthy.scope_for!(scope_name)
+          current_resource = send(:"current_#{scope_name}")
+
+          current_resource&.forget_me!
+
+          session.delete(scope_config.session_key)
+          cookies.delete(scope_config.remember_cookie)
+
+          instance_variable_set("@current_#{scope_name}", nil)
+        end
+
+        # authenticate_{scope}!
+        define_method(:"authenticate_#{scope_name}!") do
+          return if send(:"#{scope_name}_signed_in?")
+
+          scope_config = BetterAuthy.scope_for!(scope_name)
+          redirect_to(scope_config.sign_in_path)
+        end
+
+        # Register as helper methods
+        helper_method :"current_#{scope_name}", :"#{scope_name}_signed_in?"
+      end
+    end
+
+    private
+
+    def find_authenticated_resource(scope_name)
+      scope_config = BetterAuthy.scope_for!(scope_name)
+      model_class = scope_config.model_class
+
+      # Try session first
+      if (resource_id = session[scope_config.session_key])
+        return model_class.find_by(id: resource_id)
+      end
+
+      # Try remember cookie
+      if (cookie_value = cookies.encrypted[scope_config.remember_cookie])
+        resource_id, token = cookie_value.split(":", 2)
+        resource = model_class.find_by(id: resource_id)
+        return resource if resource&.remember_token_valid?(token)
+      end
+
+      nil
+    end
+  end
+end

data/lib/better_authy/engine.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class Engine < ::Rails::Engine
+    isolate_namespace BetterAuthy
+
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+  end
+end

data/lib/better_authy/errors.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class Error < StandardError; end
+  class ConfigurationError < Error; end
+end

data/lib/better_authy/model_extensions.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  module ModelExtensions
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def better_authy_authenticable(scope_name, **options)
+        # Store scope name and options on the class
+        class_attribute :authenticable_scope_name, default: scope_name
+        class_attribute :authenticable_options, default: options
+
+        # Include the authenticable concern (runs included do block)
+        include BetterAuthy::Models::Authenticable
+      end
+    end
+  end
+end
+
+# Extend ActiveRecord::Base when ActiveRecord is loaded
+ActiveSupport.on_load(:active_record) do
+  include BetterAuthy::ModelExtensions
+end

data/lib/better_authy/models/authenticable.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  module Models
+    module Authenticable
+      extend ActiveSupport::Concern
+
+      included do
+        # Configure has_secure_password
+        has_secure_password
+
+        # Email validations
+        validates :email,
+          presence: true,
+          uniqueness: { case_sensitive: false },
+          format: { with: URI::MailTo::EMAIL_REGEXP }
+
+        # Password validation (uses options from better_authy_authenticable call)
+        validates :password,
+          length: { minimum: authenticable_options.fetch(:password_minimum, 8) },
+          allow_nil: true
+
+        # Email normalization
+        normalizes :email, with: ->(email) { email.strip.downcase }
+      end
+
+      # Returns the scope name for this model
+      def authenticable_scope
+        self.class.authenticable_scope_name
+      end
+
+      # Returns the scope configuration
+      def authenticable_scope_config
+        BetterAuthy.scope_for(authenticable_scope)
+      end
+
+      # Generate remember token
+      def remember_me!
+        token = SecureRandom.urlsafe_base64(32)
+        update!(
+          remember_token_digest: BCrypt::Password.create(token),
+          remember_created_at: Time.current
+        )
+        token
+      end
+
+      # Clear remember token
+      def forget_me!
+        update!(
+          remember_token_digest: nil,
+          remember_created_at: nil
+        )
+      end
+
+      # Validate remember token
+      def remember_token_valid?(token)
+        return false if remember_token_digest.blank?
+        return false if remember_created_at.blank?
+        return false if remember_created_at < authenticable_scope_config.remember_for.ago
+
+        BCrypt::Password.new(remember_token_digest).is_password?(token)
+      end
+
+      # Track sign in
+      def track_sign_in!(request)
+        now = Time.current
+        update!(
+          sign_in_count: sign_in_count + 1,
+          last_sign_in_at: current_sign_in_at,
+          last_sign_in_ip: current_sign_in_ip,
+          current_sign_in_at: now,
+          current_sign_in_ip: request.remote_ip
+        )
+      end
+
+      # Generate password reset token
+      def generate_password_reset_token!
+        token = SecureRandom.urlsafe_base64(32)
+        update!(
+          password_reset_token_digest: BCrypt::Password.create(token),
+          password_reset_sent_at: Time.current
+        )
+        token
+      end
+
+      # Validate password reset token
+      def password_reset_token_valid?(token)
+        return false if password_reset_token_digest.blank?
+        return false if password_reset_sent_at.blank?
+        return false if password_reset_sent_at < authenticable_scope_config.password_reset_within.ago
+
+        BCrypt::Password.new(password_reset_token_digest).is_password?(token)
+      end
+
+      # Clear password reset token
+      def clear_password_reset_token!
+        update!(
+          password_reset_token_digest: nil,
+          password_reset_sent_at: nil
+        )
+      end
+
+      # Reset password with confirmation
+      def reset_password!(new_password, new_password_confirmation)
+        self.password = new_password
+        self.password_confirmation = new_password_confirmation
+
+        if valid?
+          save!
+          clear_password_reset_token!
+          true
+        else
+          false
+        end
+      end
+    end
+  end
+end

data/lib/better_authy/scope_configuration.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class ScopeConfiguration
+    attr_reader :name
+    attr_accessor :model_name, :session_key, :remember_cookie, :remember_for,
+                  :sign_in_path, :after_sign_in_path, :layout, :password_reset_within
+
+    def initialize(name)
+      @name = name.to_sym
+      @session_key = :"#{name}_id"
+      @remember_cookie = :"_remember_#{name}_token"
+      @remember_for = 2.weeks
+      @password_reset_within = 1.hour
+      @sign_in_path = "/auth/#{name}/login"
+      @after_sign_in_path = "/"
+      @layout = "better_authy/application"
+    end
+
+    def model_class
+      raise ConfigurationError, "model_name is required for scope :#{name}" if model_name.blank?
+
+      model_name.constantize
+    end
+
+    def validate!
+      raise ConfigurationError, "model_name is required for scope :#{name}" if model_name.blank?
+    end
+  end
+end

data/lib/better_authy/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  VERSION = "0.1.0"
+end

data/lib/better_authy.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require "bcrypt"
+require "better_ui"
+
+require "better_authy/version"
+require "better_authy/errors"
+require "better_authy/scope_configuration"
+require "better_authy/configuration"
+require "better_authy/engine"
+require "better_authy/models/authenticable"
+require "better_authy/model_extensions"
+require "better_authy/controller_helpers"
+
+module BetterAuthy
+  class << self
+    def configure
+      yield(configuration)
+    end
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def reset_configuration!
+      @configuration = Configuration.new
+    end
+
+    def scope_for(name)
+      configuration.scope_for(name)
+    end
+
+    def scope_for!(name)
+      configuration.scope_for!(name)
+    end
+  end
+end