securial 0.4.2

data/app/models/securial/session.rb

@@ -0,0 +1,27 @@
+module Securial
+  class Session < ApplicationRecord
+    belongs_to :user
+
+    validates :ip_address, presence: true
+    validates :user_agent, presence: true
+    validates :refresh_token, presence: true
+
+    def revoke!
+      update!(revoked: true)
+    end
+
+    def is_valid_session?
+      !revoked && refresh_token_expires_at > Time.current
+    end
+
+    def refresh!
+      raise Securial::SessionErrors::SessionRevokedError, "Session is revoked" if revoked
+      raise Securial::SessionErrors::SessionExpiredError, "Session is expired" if refresh_token_expires_at < Time.current
+
+      update!(refresh_token: SecureRandom.hex(64),
+              refresh_count: self.refresh_count + 1,
+              last_refreshed_at: Time.current,
+              refresh_token_expires_at: 1.week.from_now)
+    end
+  end
+end

data/app/models/securial/user.rb

@@ -0,0 +1,54 @@
+module Securial
+  class User < ApplicationRecord
+    include Securial::PasswordResettable
+
+    normalizes :email_address, with: ->(e) { Securial::NormalizingHelper.normalize_email_address(e) }
+
+    validates :email_address,
+              presence: true,
+              uniqueness: true,
+              length: {
+                minimum: 5,
+                maximum: 255,
+              },
+              format: {
+                with: Securial::RegexHelper::EMAIL_REGEX,
+                message: "must be a valid email address",
+              }
+
+    validates :username,
+              presence: true,
+              uniqueness: { case_sensitive: false },
+              length: { maximum: 20 },
+              format: {
+                with: Securial::RegexHelper::USERNAME_REGEX,
+                message: "can only contain letters, numbers, underscores, and periods, but cannot start with a number or contain consecutive underscores or periods",
+              }
+
+    validates :first_name,
+              presence: true,
+              length: { maximum: 50 }
+    validates :last_name,
+              presence: true,
+              length: { maximum: 50 }
+
+    validates :phone,
+              length: { maximum: 15 },
+              allow_blank: true
+    validates :bio,
+              length: { maximum: 1000 },
+              allow_blank: true
+
+    has_many :role_assignments, dependent: :destroy
+    has_many :roles, through: :role_assignments
+
+    has_many :sessions, dependent: :destroy
+
+
+    def is_admin?
+      titleized_role_name = Securial.configuration.admin_role.to_s.strip.titleize
+
+      roles.exists?(role_name: titleized_role_name)
+    end
+  end
+end

data/app/views/layouts/securial/mailer.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <style>
+      /* Email styles need to be inline */
+    </style>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/app/views/layouts/securial/mailer.text.erb

@@ -0,0 +1 @@
+<%= yield %>

data/app/views/securial/accounts/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "securial/users/securial_user", securial_user: @securial_user

data/app/views/securial/passwords/_password.json.jbuilder

@@ -0,0 +1,2 @@
+json.extract! password, :id, :forgot_password, :reset_password, :created_at, :updated_at
+json.url password_url(password, format: :json)

data/app/views/securial/passwords/index.json.jbuilder

@@ -0,0 +1 @@
+json.array! @passwords, partial: "securial/passwords/password", as: :password

data/app/views/securial/passwords/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "securial/passwords/password", password: @password

data/app/views/securial/role_assignments/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "securial/users/securial_user", securial_user: @securial_user

data/app/views/securial/roles/_securial_role.json.jbuilder

@@ -0,0 +1,9 @@
+json.id securial_role.id
+
+json.role_name securial_role.role_name
+json.hide_from_profile securial_role.hide_from_profile
+
+json.created_at securial_role.created_at
+json.updated_at securial_role.updated_at
+
+json.url securial.roles_url(securial_role, format: :json)

data/app/views/securial/roles/index.json.jbuilder

@@ -0,0 +1,6 @@
+json.records @securial_roles do |securial_role|
+  json.partial! "securial/roles/securial_role", securial_role: securial_role
+end
+
+json.count @securial_roles.count
+json.url securial.roles_url(format: :json)

data/app/views/securial/roles/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "securial/roles/securial_role", securial_role: @securial_role

data/app/views/securial/securial_mailer/reset_password.html.erb

@@ -0,0 +1,5 @@
+<p>
+  You can reset your password within the next <%= Securial.configuration.reset_password_token_expires_in.inspect %>.
+</p>
+
+<p>Your password reset token is: <%= @user.reset_password_token %></p>

data/app/views/securial/securial_mailer/reset_password.text.erb

@@ -0,0 +1,4 @@
+You can reset your password within the next <%= Securial.configuration.reset_password_token_expires_in.inspect %>.
+
+
+Your password reset token is: <%= @user.reset_password_token %>

data/app/views/securial/sessions/_session.json.jbuilder

@@ -0,0 +1,15 @@
+json.id securial_session.id
+
+json.ip_address securial_session.ip_address
+json.user_agent securial_session.user_agent
+json.refresh_count securial_session.refresh_count
+json.refresh_token securial_session.refresh_token
+json.last_refreshed_at securial_session.last_refreshed_at
+json.refresh_token_expires_at securial_session.refresh_token_expires_at
+json.revoked securial_session.revoked
+json.user_id securial_session.user_id
+
+json.created_at securial_session.created_at
+json.updated_at securial_session.updated_at
+
+json.url "No URL available for this action"

data/app/views/securial/sessions/index.json.jbuilder

@@ -0,0 +1,6 @@
+json.records @securial_sessions do |securial_session|
+  json.partial! "securial/sessions/session", securial_session: securial_session
+end
+
+json.count @securial_sessions.count
+json.url "No URL available for this action"

data/app/views/securial/sessions/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "securial/sessions/session", securial_session: @securial_session

data/app/views/securial/status/show.json.jbuilder

@@ -0,0 +1,3 @@
+json.status "ok"
+json.timestamp Time.current
+json.version Securial::VERSION

data/app/views/securial/users/_securial_user.json.jbuilder

@@ -0,0 +1,14 @@
+json.id securial_user.id
+
+json.first_name securial_user.first_name
+json.last_name securial_user.last_name
+json.phone securial_user.phone
+json.username securial_user.username
+json.bio securial_user.bio
+
+json.roles securial_user.roles, partial: "securial/roles/securial_role", as: :securial_role
+
+json.created_at securial_user.created_at
+json.updated_at securial_user.updated_at
+
+json.url securial.user_url(securial_user, format: :json)

data/app/views/securial/users/index.json.jbuilder

@@ -0,0 +1,6 @@
+json.records @securial_users do |securial_user|
+  json.partial! "securial/users/securial_user", securial_user: securial_user
+end
+
+json.count @securial_users.count
+json.url securial.users_url(format: :json)

data/app/views/securial/users/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "securial/users/securial_user", securial_user: @securial_user

data/bin/securial

@@ -0,0 +1,58 @@
+#!/usr/bin/env ruby
+
+require "fileutils"
+
+def run(command, chdir: nil)
+  puts "→ #{command}"
+  if chdir
+    Dir.chdir(chdir) do
+      system(command) || abort("❌ Command failed: #{command}")
+    end
+  else
+    system(command) || abort("❌ Command failed: #{command}")
+  end
+end
+
+
+def securial_new(app_name, rails_options)
+  puts "🛠  Creating new Rails app: #{app_name}"
+
+  # Step 1: Forward options to `rails new`
+  rails_command = ["rails", "new", app_name, *rails_options].join(" ")
+  run(rails_command)
+
+  # Step 2: Append securial gem to the Gemfile
+  gemfile_path = File.join(app_name, "Gemfile")
+  File.open(gemfile_path, "a") do |f|
+    f.puts "\ngem 'securial'"
+  end
+
+  # Step 3: Install gems
+  run("bundle install", chdir: app_name)
+
+  # Step 4: Install securial
+  run("bin/rails generate securial:install", chdir: app_name)
+  run("bin/rails db:migrate", chdir: app_name)
+
+  # Step 5: Mount the engine
+  routes_path = File.join(app_name, "config/routes.rb")
+  routes = File.read(routes_path)
+  updated = routes.sub("Rails.application.routes.draw do") do |match|
+    "#{match}\n  mount Securial::Engine => '/securial'"
+  end
+  File.write(routes_path, updated)
+
+  puts "\n✅ Done! Your app is ready at: ./#{app_name}"
+  puts "➡️  Next steps:"
+  puts "   cd #{app_name}"
+  puts "   rails server"
+end
+
+if ARGV[0] == "new" && ARGV[1]
+  app_name = ARGV[1]
+  rails_options = ARGV[2..] || []
+  securial_new(app_name, rails_options)
+else
+  puts "Usage: securial new app_name [rails_options...]"
+  puts "Example: securial new myapp --api --database=postgresql"
+end

data/config/routes.rb

@@ -0,0 +1,41 @@
+Securial::Engine.routes.draw do
+  defaults format: :json do
+    get "/status", to: "status#show", as: :status
+
+    scope Securial.admin_namespace do
+      resources :roles
+      resources :users
+      namespace :role_assignments, as: "role_assignments" do
+        post "assign", action: :create, as: "assign"
+        delete "revoke", action: :destroy, as: "revoke"
+      end
+    end
+
+    scope "accounts" do
+      get "me", to: "accounts#me", as: :me
+      get "account/:username", to: "accounts#show", as: :account_by_username
+      post "register", to: "accounts#register", as: :register
+      put "update", to: "accounts#update_profile", as: :update_profile
+      # post "update_avatar", to: "accounts#update_avatar"
+      # post "update_notification_settings", to: "accounts#update_notification_settings"
+      delete "delete_account", to: "accounts#delete_account", as: :delete_account
+    end
+
+    scope "sessions" do
+      get "", to: "sessions#index", as: :index_sessions
+      get "current", to: "sessions#show", as: :current_session
+      get "id/:id", to: "sessions#show", as: :session
+      post "login", to: "sessions#login", as: :login
+      delete "logout", to: "sessions#logout", as: :logout
+      put "refresh", to: "sessions#refresh", as: :refresh_session
+      delete "revoke", to: "sessions#revoke", as: :revoke_current_session
+      delete "id/:id/revoke", to: "sessions#revoke", as: :revoke_session_by_id
+      delete "revoke_all", to: "sessions#revoke_all", as: :revoke_all_sessions
+    end
+
+    scope "password" do
+      post "forgot", to: "passwords#forgot_password", as: :forgot_password
+      put "reset", to: "passwords#reset_password", as: :reset_password
+    end
+  end
+end

data/db/migrate/20250515104930_create_securial_roles.rb

@@ -0,0 +1,12 @@
+class CreateSecurialRoles < ActiveRecord::Migration[8.0]
+  def change
+    create_table :securial_roles, id: :string do |t|
+      t.string :role_name
+      t.boolean :hide_from_profile, default: false, null: false
+
+      t.timestamps
+    end
+
+    add_index :securial_roles, :role_name, unique: true
+  end
+end

data/db/migrate/20250517155521_create_securial_users.rb

@@ -0,0 +1,18 @@
+class CreateSecurialUsers < ActiveRecord::Migration[8.0]
+  def change
+    create_table :securial_users, id: :string do |t|
+      t.string :email_address
+      t.string :password_digest
+      t.string :first_name
+      t.string :last_name
+      t.string :phone
+      t.string :username
+      t.string :bio
+
+      t.timestamps
+    end
+
+    add_index :securial_users, :email_address, unique: true
+    add_index :securial_users, :username, unique: true
+  end
+end

data/db/migrate/20250518122749_create_securial_role_assignments.rb

@@ -0,0 +1,10 @@
+class CreateSecurialRoleAssignments < ActiveRecord::Migration[8.0]
+  def change
+    create_table :securial_role_assignments, id: :string do |t|
+      t.references :user, null: false, type: :string, foreign_key: { to_table: :securial_users }
+      t.references :role, null: false, type: :string, foreign_key: { to_table: :securial_roles }
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20250519075407_create_securial_sessions.rb

@@ -0,0 +1,15 @@
+class CreateSecurialSessions < ActiveRecord::Migration[8.0]
+  def change
+    create_table :securial_sessions, id: :string do |t|
+      t.references :user, null: false, type: :string, foreign_key: { to_table: :securial_users }
+      t.string :ip_address, null: false
+      t.string :user_agent, null: false
+      t.string :refresh_token, null: false
+      t.integer :refresh_count, default: 0
+      t.datetime :last_refreshed_at
+      t.datetime :refresh_token_expires_at
+      t.boolean :revoked, default: false, null: false
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20250524210207_add_password_reset_fields_to_securial_users.rb

@@ -0,0 +1,6 @@
+class AddPasswordResetFieldsToSecurialUsers < ActiveRecord::Migration[8.0]
+  def change
+    add_column :securial_users, :reset_password_token, :string
+    add_column :securial_users, :reset_password_token_created_at, :datetime
+  end
+end

data/lib/generators/factory_bot/model/model_generator.rb

@@ -0,0 +1,31 @@
+require "rails/generators"
+require "rails/generators/named_base"
+
+module FactoryBot
+  module Generators
+    class ModelGenerator < Rails::Generators::NamedBase
+      source_root File.expand_path("../templates", __dir__)
+
+      argument :attributes, type: :array, default: [], banner: "field[:type] field[:type]"
+
+      def create_factory_file
+        template "factory.erb", File.join("lib/securial/factories/securial", "#{file_name.pluralize}.rb")
+      end
+
+      # Helper method accessible in the template
+      def securial_attribute_defaults
+        {
+          string: '"MyString"',
+          text: '"MyText"',
+          integer: "1",
+          float: "1.5",
+          decimal: '"9.99"',
+          datetime: "Time.zone.now",
+          time: "Time.zone.now",
+          date: "Time.zone.now",
+          boolean: "false",
+        }
+      end
+    end
+  end
+end

data/lib/generators/factory_bot/templates/factory.erb

@@ -0,0 +1,7 @@
+FactoryBot.define do
+  factory :<%= "securial_#{file_name}" %>, class: "Securial::<%= class_name %>" do
+<% attributes.each do |attribute| -%>
+    <%= attribute.name %> { <%= securial_attribute_defaults[attribute.type.to_sym] || 'nil' %> }
+<% end -%>
+  end
+end

data/lib/generators/securial/install/install_generator.rb

@@ -0,0 +1,37 @@
+require "rails/generators"
+require "rake"
+
+module Securial
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+
+      desc "initializes Securial in your application."
+
+      def copy_initializer
+        say_status("copying", "Securial Initializers", :green)
+        template "securial_initializer.erb", "config/initializers/securial.rb"
+      end
+
+      def create_log_file
+        say_status("creating", "Securial Log file", :green)
+        log_dir = Rails.root.join("log")
+        securial_log = log_dir.join("securial.log")
+
+        FileUtils.mkdir_p(log_dir) unless File.directory?(log_dir)
+        FileUtils.touch(securial_log) unless File.exist?(securial_log)
+      end
+
+      def install_migrations
+        say_status("copying", "Securial migrations", :green)
+        Rails.application.load_tasks unless Rake::Task.task_defined?("securial:install:migrations")
+
+        should_not_invoke = Rails.root.to_s.include?("spec/dummy") ||
+                            Rails.root.to_s.include?("tmp") ||
+                            Rails.env.test?
+
+        Rake::Task["securial:install:migrations"].invoke unless should_not_invoke
+      end
+    end
+  end
+end

data/lib/generators/securial/install/templates/securial_initializer.erb

@@ -0,0 +1,109 @@
+# This file was generated by the Securial engine.
+
+Securial.configure do |config|
+  ##### Logging Configuration
+  ## Enable or disable logging to file
+  # Set to true to log to a file, false to disable file logging
+  config.log_to_file = true
+
+  ## Enable or disable logging to STDOUT
+  # Set to true to log to STDOUT, false to disable STDOUT logging
+  config.log_to_stdout = true # Enable or disable logging to STDOUT
+
+  # Set log level for file logger: :debug, :info, :warn, :error, :fatal, or :unknown
+  config.log_file_level = :info
+
+  # Set log level for stdout logger
+  config.log_stdout_level = :info
+
+  ##### User Roles
+  ## Set the role for admin users
+  # This role is used to determine access levels and permissions
+  # for different user types in the application. including access
+  # to specific features and actions.
+  # e.g. if the admin role is set to :superuser, then users with this role
+  # will have access to the admin dashboard and other admin features.
+  # in the `/securial/superusers` namespace.
+  config.admin_role = :admin
+
+  #### Session Configuration
+  ## Set the session expiration duration
+  # This is the time after which a session will be considered expired.
+  # After this time, the session will be invalidated and the user
+  # will need to log in again to refresh the session.
+  # The expiration time is set in seconds, minutes, or hours.
+  # The default is 3 minutes.
+  config.session_expiration_duration = 3.minutes
+
+  ## Set the session renewal duration
+  # This is the time after which a session will be renewed.
+  # After this time, the session will be renewed and the expiration
+  # time will be extended. This is useful for keeping users logged in
+  # without requiring them to log in again. The renewal time is set
+  # in seconds, minutes, or hours. The default is 3 days.
+  config.session_renewal_duration = 3.days
+
+  ## Set the session secret
+  # This secret is used to sign the session tokens and ensure
+  # that they cannot be tampered with. It is important to keep this
+  # secret secure and not share it with anyone.
+  # The default is "secret".
+  config.session_secret = "secret"
+
+  ## Set the session algorithm
+  # This is the algorithm used to sign the session tokens.
+  # The default is :hs256, which is a HMAC SHA-256 algorithm.
+  # Other options include :hs256, :hs384, and :hs512
+  config.session_algorithm = :hs256
+
+  #### Securial Mailer Configuration
+  ## Set the mailer sender address
+  # This is the email address that will be used as the sender
+  # for all emails sent by the Securial engine. This includes
+  # emails for password resets, account verification, and other
+  # notifications.
+  config.mailer_sender = "no-reply@example.com"
+
+  #### Password configuration
+  ## Set the password reset email subject
+  # This is the subject line that will be used for the password reset
+  # email. The default is "Password Reset Instructions".
+  config.password_reset_email_subject = "Password Reset Instructions"
+
+  ## Set the minimum password length
+  # This is the minimum length that a password must have
+  # in order to be considered valid. The default is 8 characters.
+  config.password_min_length = 8
+
+  ## Set the maximum password length
+  # This is the maximum length that a password can have
+  # in order to be considered valid. The default is 128 characters.
+  config.password_max_length = 128
+
+  ## Set the password complexity requirements
+  # This is a regular expression that defines the complexity
+  # requirements for a password. The default is a regex that
+  # requires at least one uppercase letter, one lowercase letter,
+  # one digit, and one special character.
+  config.password_complexity = Securial::RegexHelper::PASSWORD_REGEX
+
+  ## Set the password expiration duration
+  # This is the time after which a password will be considered expired.
+  # After this time, the user will need to change their password
+  # in order to log in again. The expiration time is set in seconds,
+  # minutes, or hours. The default is 90 days.
+  config.password_expires_in = 90.days
+  
+  ## Set the password reset token expiration duration
+  # This is the time after which a password reset token will be considered expired.
+  # After this time, the token will no longer be valid and the user
+  # will need to request a new password reset token. The expiration time
+  # is set in seconds, minutes, or hours. The default is 2 hours.
+  config.reset_password_token_expires_in = 2.hours
+
+  ## Set the password reset token secret
+  # This secret is used to sign the password reset tokens and ensure
+  # that they cannot be tampered with. It is important to keep this
+  # secret secure and not share it with anyone.
+  config.reset_password_token_secret = "reset_secret"
+end

data/lib/generators/securial/jbuilder/jbuilder_generator.rb

@@ -0,0 +1,52 @@
+module Securial
+  module Generators
+    class JbuilderGenerator < Rails::Generators::NamedBase
+      source_root File.expand_path("templates", __dir__)
+
+      argument :attributes, type: :array, default: [], banner: "field:type field:type"
+
+      def create_view_files
+        create_resource_file
+        create_index_file
+        create_show_file
+      end
+
+      private
+
+      def attributes_names
+        attributes.map(&:name)
+      end
+
+      def create_resource_file
+        @resource_path_name = File.join(view_path, "_#{singular_table_name}.json.jbuilder")
+        say_status(status_behavior, "  #{@resource_path_name}", status_color) unless Rails.env.test?
+        template "_resource.json.erb", @resource_path_name, verbose: false
+      end
+
+      def create_index_file
+        @index_path_name = File.join(view_path, "index.json.jbuilder")
+        say_status(status_behavior, "  #{@index_path_name}", status_color) unless Rails.env.test?
+        template "index.json.erb", @index_path_name, verbose: false
+      end
+
+      def create_show_file
+        @show_path_name = File.join(view_path, "show.json.jbuilder")
+        say_status(status_behavior, "  #{@show_path_name}", status_color) unless Rails.env.test?
+        template "show.json.erb", @show_path_name, verbose: false
+      end
+
+      def view_path
+        base_path = Rails.env.test? ? Rails.root.join("tmp/app/views/securial").to_s : "app/views/securial"
+        @view_path ||= File.join(base_path, name.pluralize.downcase)
+      end
+
+      def status_behavior
+        behavior == :invoke ? :create : :remove
+      end
+
+      def status_color
+        behavior == :invoke ? :green : :red
+      end
+    end
+  end
+end

data/lib/generators/securial/jbuilder/templates/_resource.json.erb

@@ -0,0 +1,10 @@
+json.id <%= singular_table_name %>.id
+
+<% attributes_names.each do |attr| -%>
+json.<%= attr %> <%= singular_table_name %>.<%= attr %>
+<% end -%>
+
+json.created_at <%= singular_table_name %>.created_at
+json.updated_at <%= singular_table_name %>.updated_at
+
+json.url securial.<%= name.pluralize.downcase %>_url(<%= singular_table_name %>, format: :json)

data/lib/generators/securial/jbuilder/templates/index.json.erb

@@ -0,0 +1,7 @@
+json.records @<%= plural_table_name %> do |<%= singular_table_name %>|
+  json.partial! "securial/<%= name.pluralize.downcase %>/<%= singular_table_name %>", <%= singular_table_name %>: <%= singular_table_name %>
+end
+
+json.count @<%= plural_table_name %>.count
+json.url securial.<%= name.pluralize.downcase %>_url(format: :json)
+

data/lib/generators/securial/jbuilder/templates/show.json.erb

@@ -0,0 +1 @@
+json.partial! "securial/<%= name.pluralize.downcase %>/<%= singular_table_name %>", <%= singular_table_name %>: @<%= singular_table_name %>