custos 0.1.0

data/lib/custos.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'active_support'
+require 'active_record'
+
+require 'custos/version'
+require 'custos/configuration'
+require 'custos/plugin'
+require 'custos/callback_registry'
+require 'custos/token_generator'
+require 'custos/authenticatable'
+require 'custos/model_config'
+require 'custos/session'
+require 'custos/session_manager'
+require 'custos/controller_helpers'
+require 'custos/mfa_encryptor'
+
+require 'custos/models/magic_link_token'
+require 'custos/models/api_token'
+require 'custos/models/mfa_credential'
+require 'custos/models/remember_token'
+
+require 'custos/plugins/password'
+require 'custos/plugins/magic_link'
+require 'custos/plugins/api_tokens'
+require 'custos/plugins/mfa'
+require 'custos/plugins/lockout'
+require 'custos/plugins/email_confirmation'
+require 'custos/plugins/remember_me'
+
+require 'custos/railtie' if defined?(Rails::Railtie)
+
+module Custos
+  class Error < StandardError; end
+  class UnknownPluginError < Error; end
+  class NotAuthenticatedError < Error; end
+  class DecryptionError < Error; end
+  class TokenExpiredError < Error; end
+  class TokenInvalidError < Error; end
+  class AccountLockedError < Error; end
+
+  @mutex = Mutex.new
+
+  class << self
+    def configure
+      yield configuration
+    end
+
+    def configuration
+      @mutex.synchronize { @configuration ||= Configuration.new }
+    end
+
+    def reset_configuration!
+      @mutex.synchronize { @configuration = Configuration.new }
+    end
+  end
+end

data/lib/generators/custos/install/install_generator.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module Custos
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include ActiveRecord::Generators::Migration
+
+      source_root File.expand_path('templates', __dir__)
+
+      def create_initializer
+        template 'custos_initializer.rb.tt', 'config/initializers/custos.rb'
+      end
+
+      def create_sessions_migration
+        migration_template 'create_custos_sessions.rb.tt',
+                           'db/migrate/create_custos_sessions.rb'
+      end
+    end
+  end
+end

data/lib/generators/custos/install/templates/create_custos_sessions.rb.tt

@@ -0,0 +1,19 @@
+class CreateCustosSessions < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :custos_sessions do |t|
+      t.string :authenticatable_type, null: false
+      t.bigint :authenticatable_id, null: false
+      t.string :session_token_digest, null: false
+      t.string :ip_address
+      t.string :user_agent
+      t.datetime :last_active_at
+      t.datetime :revoked_at
+
+      t.timestamps
+    end
+
+    add_index :custos_sessions, :session_token_digest, unique: true
+    add_index :custos_sessions, %i[authenticatable_type authenticatable_id],
+              name: "index_custos_sessions_on_authenticatable"
+  end
+end

data/lib/generators/custos/install/templates/custos_initializer.rb.tt

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+Custos.configure do |config|
+  # Session expiry in seconds (default: 24 hours)
+  # config.session_expiry = 24 * 60 * 60
+
+  # Session renewal interval in seconds (default: 1 hour)
+  # config.session_renewal_interval = 60 * 60
+
+  # Token length in bytes (default: 32)
+  # config.token_length = 32
+end

data/lib/generators/custos/model/model_generator.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module Custos
+  module Generators
+    class ModelGenerator < Rails::Generators::Base
+      include ActiveRecord::Generators::Migration
+
+      KNOWN_PLUGINS = %w[password magic_link api_tokens mfa lockout email_confirmation remember_me].freeze
+
+      source_root File.expand_path('templates', __dir__)
+
+      argument :model_name, type: :string, desc: 'Model name (e.g. User)'
+      argument :plugins, type: :array, default: [], banner: 'plugin1 plugin2'
+
+      def validate_plugins
+        unknown = plugins.map(&:to_s) - KNOWN_PLUGINS
+        return if unknown.empty?
+
+        raise Thor::Error, "Unknown plugin(s): #{unknown.join(', ')}. " \
+                           "Available: #{KNOWN_PLUGINS.join(', ')}"
+      end
+
+      def create_column_migration
+        columns = column_plugins & plugins.map(&:to_s)
+        return if columns.empty?
+
+        migration_template 'add_custos_columns.rb.tt',
+                           "db/migrate/add_custos_to_#{table_name}.rb"
+      end
+
+      def create_magic_links_migration
+        return unless plugins.include?('magic_link')
+
+        migration_template 'create_custos_magic_links.rb.tt',
+                           'db/migrate/create_custos_magic_links.rb'
+      end
+
+      def create_api_tokens_migration
+        return unless plugins.include?('api_tokens')
+
+        migration_template 'create_custos_api_tokens.rb.tt',
+                           'db/migrate/create_custos_api_tokens.rb'
+      end
+
+      def create_mfa_credentials_migration
+        return unless plugins.include?('mfa')
+
+        migration_template 'create_custos_mfa_credentials.rb.tt',
+                           'db/migrate/create_custos_mfa_credentials.rb'
+      end
+
+      def create_remember_tokens_migration
+        return unless plugins.include?('remember_me')
+
+        migration_template 'create_custos_remember_tokens.rb.tt',
+                           'db/migrate/create_custos_remember_tokens.rb'
+      end
+
+      private
+
+      def table_name
+        model_name.underscore.tr('/', '_').pluralize
+      end
+
+      def migration_class_suffix
+        model_name.camelize.delete(':').pluralize
+      end
+
+      def column_plugins
+        %w[password lockout email_confirmation]
+      end
+
+      def has_password?
+        plugins.include?('password')
+      end
+
+      def has_lockout?
+        plugins.include?('lockout')
+      end
+
+      def has_email_confirmation?
+        plugins.include?('email_confirmation')
+      end
+    end
+  end
+end

data/lib/generators/custos/model/templates/add_custos_columns.rb.tt

@@ -0,0 +1,18 @@
+class AddCustosTo<%= migration_class_suffix %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+<%- if has_password? -%>
+    add_column :<%= table_name %>, :password_digest, :string
+<%- end -%>
+<%- if has_lockout? -%>
+    add_column :<%= table_name %>, :failed_auth_count, :integer, default: 0, null: false
+    add_column :<%= table_name %>, :locked_at, :datetime
+    add_column :<%= table_name %>, :failed_mfa_count, :integer, default: 0, null: false
+    add_column :<%= table_name %>, :mfa_locked_at, :datetime
+<%- end -%>
+<%- if has_email_confirmation? -%>
+    add_column :<%= table_name %>, :email_confirmed_at, :datetime
+    add_column :<%= table_name %>, :email_confirmation_token_digest, :string
+    add_column :<%= table_name %>, :email_confirmation_sent_at, :datetime
+<%- end -%>
+  end
+end

data/lib/generators/custos/model/templates/create_custos_api_tokens.rb.tt

@@ -0,0 +1,18 @@
+class CreateCustosApiTokens < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :custos_api_tokens do |t|
+      t.string :authenticatable_type, null: false
+      t.bigint :authenticatable_id, null: false
+      t.string :token_digest, null: false
+      t.datetime :last_used_at
+      t.datetime :expires_at
+      t.datetime :revoked_at
+
+      t.timestamps
+    end
+
+    add_index :custos_api_tokens, :token_digest, unique: true
+    add_index :custos_api_tokens, %i[authenticatable_type authenticatable_id],
+              name: "index_custos_api_tokens_on_authenticatable"
+  end
+end

data/lib/generators/custos/model/templates/create_custos_magic_links.rb.tt

@@ -0,0 +1,17 @@
+class CreateCustosMagicLinks < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :custos_magic_links do |t|
+      t.string :authenticatable_type, null: false
+      t.bigint :authenticatable_id, null: false
+      t.string :token_digest, null: false
+      t.datetime :expires_at, null: false
+      t.datetime :used_at
+
+      t.datetime :created_at, null: false
+    end
+
+    add_index :custos_magic_links, :token_digest, unique: true
+    add_index :custos_magic_links, %i[authenticatable_type authenticatable_id],
+              name: "index_custos_magic_links_on_authenticatable"
+  end
+end

data/lib/generators/custos/model/templates/create_custos_mfa_credentials.rb.tt

@@ -0,0 +1,16 @@
+class CreateCustosMfaCredentials < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :custos_mfa_credentials do |t|
+      t.string :authenticatable_type, null: false
+      t.bigint :authenticatable_id, null: false
+      t.string :method, null: false
+      t.text :secret_data, null: false
+      t.datetime :enabled_at
+
+      t.timestamps
+    end
+
+    add_index :custos_mfa_credentials, %i[authenticatable_type authenticatable_id method],
+              unique: true, name: "index_custos_mfa_on_authenticatable_and_method"
+  end
+end

data/lib/generators/custos/model/templates/create_custos_remember_tokens.rb.tt

@@ -0,0 +1,16 @@
+class CreateCustosRememberTokens < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :custos_remember_tokens do |t|
+      t.string :authenticatable_type, null: false
+      t.bigint :authenticatable_id, null: false
+      t.string :token_digest, null: false
+      t.datetime :expires_at, null: false
+
+      t.datetime :created_at, null: false
+    end
+
+    add_index :custos_remember_tokens, :token_digest, unique: true
+    add_index :custos_remember_tokens, %i[authenticatable_type authenticatable_id],
+              name: "index_custos_remember_tokens_on_authenticatable"
+  end
+end

metadata

@@ -0,0 +1,129 @@
+--- !ruby/object:Gem::Specification
+name: custos
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ingvar
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-03-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: argon2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+description: Modern, modular authentication for Rails applications. Supports password,
+  magic link, API tokens, MFA, and more — all as composable plugins.
+email:
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/custos.rb
+- lib/custos/authenticatable.rb
+- lib/custos/callback_registry.rb
+- lib/custos/configuration.rb
+- lib/custos/controller_helpers.rb
+- lib/custos/mfa_encryptor.rb
+- lib/custos/model_config.rb
+- lib/custos/models/api_token.rb
+- lib/custos/models/magic_link_token.rb
+- lib/custos/models/mfa_credential.rb
+- lib/custos/models/remember_token.rb
+- lib/custos/plugin.rb
+- lib/custos/plugins/api_tokens.rb
+- lib/custos/plugins/email_confirmation.rb
+- lib/custos/plugins/lockout.rb
+- lib/custos/plugins/magic_link.rb
+- lib/custos/plugins/mfa.rb
+- lib/custos/plugins/password.rb
+- lib/custos/plugins/remember_me.rb
+- lib/custos/railtie.rb
+- lib/custos/session.rb
+- lib/custos/session_manager.rb
+- lib/custos/tasks/cleanup.rake
+- lib/custos/token_generator.rb
+- lib/custos/version.rb
+- lib/generators/custos/install/install_generator.rb
+- lib/generators/custos/install/templates/create_custos_sessions.rb.tt
+- lib/generators/custos/install/templates/custos_initializer.rb.tt
+- lib/generators/custos/model/model_generator.rb
+- lib/generators/custos/model/templates/add_custos_columns.rb.tt
+- lib/generators/custos/model/templates/create_custos_api_tokens.rb.tt
+- lib/generators/custos/model/templates/create_custos_magic_links.rb.tt
+- lib/generators/custos/model/templates/create_custos_mfa_credentials.rb.tt
+- lib/generators/custos/model/templates/create_custos_remember_tokens.rb.tt
+homepage: https://github.com/supostat/Custos
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/supostat/Custos
+  source_code_uri: https://github.com/supostat/Custos
+  changelog_uri: https://github.com/supostat/Custos/blob/main/gem/CHANGELOG.md
+  documentation_uri: https://github.com/supostat/Custos
+  bug_tracker_uri: https://github.com/supostat/Custos/issues
+  rubygems_mfa_required: 'true'
+  allowed_push_host: https://rubygems.org
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.19
+signing_key:
+specification_version: 4
+summary: Plugin-based authentication for Rails
+test_files: []