securial 0.4.2

data/lib/generators/securial/scaffold/scaffold_generator.rb

@@ -0,0 +1,146 @@
+require "rails/generators"
+require "rails/generators/resource_helpers"
+require "rails/generators/named_base"
+
+module Securial
+  module Generators
+    class ScaffoldGenerator < Rails::Generators::NamedBase
+      include Rails::Generators::ResourceHelpers
+
+      allow_incompatible_default_type!
+
+      Thor::Base.shell = Thor::Shell::Color
+
+      source_root File.expand_path("templates", __dir__)
+
+      class_option :orm,
+                   type: :string,
+                   default: "active_record",
+                   desc: "ORM to use (defaults to active_record)",
+                   banner: "NAME"
+
+      argument :attributes, type: :array, default: [], banner: "field:type field:type"
+
+      def self.file_name
+        "generator_manifest.txt"
+      end
+
+      def run_scaffold # rubocop:disable Metrics/MethodLength
+        say_status(:scaffold, "Running built-in scaffold generator with custom options", :cyan) unless Rails.env.test?
+
+        # Generate model and migration
+        Rails::Generators.invoke(
+          "model",
+          [name, *attributes.map(&:to_s)],
+          behavior: behavior,
+          destination_root: root_path,
+        )
+
+        indent = "  " # two-space indent
+
+        # Generate controller from template
+        say_status(:scaffold, "controller", :cyan) unless Rails.env.test?
+        say_status(status_behavior, "#{indent}#{controller_path}", status_color) unless Rails.env.test?
+        template("controller.erb", controller_path, verbose: false)
+
+        # Generate views
+        say_status(:scaffold, "JBuilder views", :cyan) unless Rails.env.test?
+        Rails::Generators.invoke(
+          "securial:jbuilder",
+          [name, *attributes.map(&:to_s)],
+          behavior: behavior,
+          destination_root: Securial::Engine.root,
+        )
+
+        add_routes
+
+        say_status(:scaffold, "controller specs: #{@routing_spec_path}", :cyan) unless Rails.env.test?
+
+        # Generate request specs
+        say_status(status_behavior, "#{indent}#{request_spec_path}", status_color) unless Rails.env.test?
+        template("request_spec.erb", request_spec_path, verbose: false)
+
+        # Generate routing specs
+        say_status(status_behavior, "#{indent}#{routing_spec_path}", status_color) unless Rails.env.test?
+        template("routing_spec.erb", routing_spec_path, verbose: false)
+
+        say_status(:success, "Scaffold complete ✨✨", :green) unless Rails.env.test?
+      end
+
+      private
+
+      def namespaced_name
+        @namespaced_name ||= "securial_#{name.underscore}"
+      end
+
+      def plain_plural_name
+        @plain_plural_name ||= name.underscore.pluralize
+      end
+
+      def resource_path_name
+        plain_plural_name
+      end
+
+      def table_name
+        @table_name ||= namespaced_name.pluralize
+      end
+
+      def controller_class_name
+        class_name.pluralize
+      end
+
+      def controller_file_name
+        plain_plural_name
+      end
+
+      def status_behavior
+        behavior == :invoke ? :create : :remove
+      end
+
+      def status_color
+        behavior == :invoke ? :green : :red
+      end
+
+      def controller_path
+        base_path = root_path.join("app/controllers/securial")
+        @controller_path ||= File.join(base_path, "#{controller_file_name}_controller.rb")
+      end
+
+      def request_spec_path
+        base_path = root_path.join("spec/requests/securial")
+        @request_spec_path ||= File.join(base_path, "#{resource_path_name}_spec.rb")
+      end
+
+      def routing_spec_path
+        base_path = root_path.join("spec/routing/securial")
+        @routing_spec_path ||= File.join(base_path, "#{resource_path_name}_routing_spec.rb")
+      end
+
+      def root_path
+        Rails.env.test? ? Rails.root.join("tmp/") : Engine.root
+      end
+
+      def add_routes
+        say_status(:routes, "routes", :cyan) unless Rails.env.test?
+
+        routes_path = File.join(root_path, "config/routes.rb")
+
+        route_config = "resources :#{plain_plural_name}"
+        template("routes.erb", routes_path, verbose: false) unless File.exist?(routes_path)
+
+        if behavior == :invoke
+          inject_into_file routes_path,
+                           "    #{route_config}\n",
+                           after: "defaults format: :json do\n",
+                           verbose: !Rails.env.test?
+        else
+          content = File.read(routes_path)
+
+          # Remove the route line and write back
+          new_content = content.gsub(/^\s*#{Regexp.escape(route_config)}\n/, "")
+          File.write(routes_path, new_content)
+        end
+      end
+    end
+  end
+end

data/lib/generators/securial/scaffold/templates/controller.erb

@@ -0,0 +1,44 @@
+module Securial
+  class <%= controller_class_name %>Controller < ApplicationController
+    before_action :set_<%= singular_table_name %>, only: [:show, :update, :destroy]
+
+    def index
+      @<%= plural_table_name %> = <%= orm_class.all(class_name) %>
+    end
+
+    def show
+    end
+
+    def create
+      @<%= singular_table_name %> = <%= orm_class.build(class_name, "#{singular_table_name}_params") %>
+
+      if @<%= singular_table_name %>.save
+        render :show, status: :created, location: @<%= singular_table_name %>
+      else
+        render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+      end
+    end
+
+    def update
+      if @<%= singular_table_name %>.update(<%= singular_table_name %>_params)
+        render :show
+      else
+        render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+      end
+    end
+
+    def destroy
+      @<%= singular_table_name %>.destroy
+    end
+
+    private
+
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
+    end
+
+    def <%= singular_table_name %>_params
+      params.expect(<%= singular_table_name %>: [<%= attributes_names.map { |name| ":#{name}" }.join(', ') %>])
+    end
+  end
+end

data/lib/generators/securial/scaffold/templates/request_spec.erb

@@ -0,0 +1,61 @@
+require 'rails_helper'
+
+RSpec.describe "/<%= plural_table_name %>", type: :request do
+  let(:<%= singular_table_name %>) { create(:<%= singular_table_name %>) }
+
+  describe "GET /index" do
+    it "returns http success" do
+      get securial.<%= class_name.pluralize.downcase %>_path
+      expect(response).to have_http_status(:success)
+    end
+  end
+
+  describe "GET /show" do
+    it "returns http success" do
+      get securial.<%= class_name.downcase %>_path(<%= singular_table_name %>)
+      expect(response).to have_http_status(:success)
+    end
+  end
+
+  describe "POST /create" do
+    context "with valid parameters" do
+      let(:valid_attributes) {
+        attributes_for(:<%= singular_table_name %>)
+      }
+
+      it "creates a new <%= class_name %>" do
+        expect {
+          post securial.<%= class_name.pluralize.downcase %>_path, params: { <%= singular_table_name %>: valid_attributes }
+        }.to change(Securial::<%= class_name %>, :count).by(1)
+      end
+
+      it "returns http created" do
+        post securial.<%= class_name.pluralize.downcase %>_path, params: { <%= singular_table_name %>: valid_attributes }
+        expect(response).to have_http_status(:created)
+      end
+    end
+  end
+
+  describe "PUT /update" do
+    context "with valid parameters" do
+      let(:new_attributes) {
+        attributes_for(:<%= singular_table_name %>)
+      }
+
+      it "updates the requested <%= singular_table_name %>" do
+        put securial.<%= class_name.downcase %>_path(<%= singular_table_name %>), params: { <%= singular_table_name %>: new_attributes }
+        <%= singular_table_name %>.reload
+        expect(response).to have_http_status(:ok)
+      end
+    end
+  end
+
+  describe "DELETE /destroy" do
+    it "destroys the requested <%= singular_table_name %>" do
+      <%= singular_table_name %> # Create the record
+      expect {
+        delete securial.<%= class_name.downcase %>_path(<%= singular_table_name %>)
+      }.to change(Securial::<%= class_name %>, :count).by(-1)
+    end
+  end
+end

data/lib/generators/securial/scaffold/templates/routes.erb

@@ -0,0 +1,11 @@
+Securial::Engine.routes.draw do
+  defaults format: :json do
+    get "/status", to: "status#show", as: :status
+
+    namespace Securial.admin_namespace do
+      # Placeholder for admin-specific routes. Add routes here as needed.
+      # For example:
+      # resources :users, only: [:index, :show]
+    end
+  end
+end

data/lib/generators/securial/scaffold/templates/routing_spec.erb

@@ -0,0 +1,31 @@
+require "rails_helper"
+
+RSpec.describe Securial::<%= controller_class_name %>Controller, type: :routing do
+  routes { Securial::Engine.routes }
+
+  describe "routing" do
+    it "routes to #index" do
+      expect(get: "/<%= class_name.pluralize.downcase %>").to route_to("securial/<%= class_name.pluralize.downcase %>#index", format: :json)
+    end
+
+    it "routes to #show" do
+      expect(get: "/<%= class_name.pluralize.downcase %>/1").to route_to("securial/<%= class_name.pluralize.downcase %>#show", id: "1", format: :json)
+    end
+
+    it "routes to #create" do
+      expect(post: "/<%= class_name.pluralize.downcase %>").to route_to("securial/<%= class_name.pluralize.downcase %>#create", format: :json)
+    end
+
+    it "routes to #update via PUT" do
+      expect(put: "/<%= class_name.pluralize.downcase %>/1").to route_to("securial/<%= class_name.pluralize.downcase %>#update", id: "1", format: :json)
+    end
+
+    it "routes to #update via PATCH" do
+      expect(patch: "/<%= class_name.pluralize.downcase %>/1").to route_to("securial/<%= class_name.pluralize.downcase %>#update", id: "1", format: :json)
+    end
+
+    it "routes to #destroy" do
+      expect(delete: "/<%= class_name.pluralize.downcase %>/1").to route_to("securial/<%= class_name.pluralize.downcase %>#destroy", id: "1", format: :json)
+    end
+  end
+end

data/lib/securial/configuration.rb

@@ -0,0 +1,35 @@
+module Securial
+  class Configuration
+    attr_accessor :log_to_file, :log_to_stdout
+    attr_accessor :log_file_level, :log_stdout_level
+    attr_accessor :admin_role
+    attr_accessor :session_expiration_duration
+    attr_accessor :session_secret, :session_algorithm
+    attr_accessor :mailer_sender
+    attr_accessor :password_reset_email_subject
+    attr_accessor :password_min_length, :password_max_length
+    attr_accessor :password_complexity
+    attr_accessor :password_expires_in
+    attr_accessor :reset_password_token_expires_in
+    attr_accessor :reset_password_token_secret
+
+    def initialize
+      @log_to_file = !Rails.env.test?
+      @log_to_stdout = !Rails.env.test?
+      @log_file_level = :info
+      @log_stdout_level = :info
+      @admin_role = :admin
+      @session_expiration_duration = 3.minutes
+      @session_secret = "secret"
+      @session_algorithm = :hs256
+      @mailer_sender = "no-reply@example.com"
+      @password_reset_email_subject = "SECURIAL: Password Reset Instructions"
+      @password_min_length = 8
+      @password_max_length = 128
+      @password_complexity = Securial::RegexHelper::PASSWORD_REGEX
+      @password_expires_in = 90.days
+      @reset_password_token_expires_in = 2.hours
+      @reset_password_token_secret = "reset_secret"
+    end
+  end
+end

data/lib/securial/engine.rb

@@ -0,0 +1,89 @@
+require_relative "./logger"
+
+Dir[File.join(__dir__, "errors", "*.rb")].each { |f| require_relative f }
+
+require_relative "./configuration"
+
+require_relative "./helpers/auth_helper"
+require_relative "./helpers/normalizing_helper"
+require_relative "./helpers/regex_helper"
+
+require_relative "./route_inspector"
+
+require_relative "./middleware/request_logger_tag"
+require "jwt"
+
+module Securial
+  class Engine < ::Rails::Engine
+    isolate_namespace Securial
+
+    initializer "securial.filter_parameters" do |app|
+      app.config.filter_parameters += [
+        :password,
+        :password_confirmation,
+        :password_reset_token,
+        :reset_password_token
+      ]
+    end
+
+    initializer "securial.logger" do
+      Securial.const_set(:ENGINE_LOGGER, Securial::Logger.build)
+    end
+
+    initializer "securial.engine_initialized" do |app|
+      Securial::ENGINE_LOGGER.info("[Securial] Engine mounted. Host app: #{app.class.name}")
+    end
+
+    initializer "securial.factories", after: "factory_bot.set_factory_paths" do
+      if defined?(FactoryBot)
+        FactoryBot.definition_file_paths << Engine.root.join("lib", "securial", "factories")
+      end
+    end
+
+    initializer "securial.load_factory_bot_generator" do
+      require_relative "../generators/factory_bot/model/model_generator"
+    end
+
+    initializer "securial.extend_application_controller" do
+      ActiveSupport.on_load(:action_controller_base) do
+        include Securial::Identity
+      end
+
+      ActiveSupport.on_load(:action_controller_api) do
+        include Securial::Identity
+      end
+    end
+
+    config.generators.api_only = true
+
+    config.autoload_paths += Dir["#{config.root}/lib/generators"]
+
+    config.generators do |g|
+      g.orm :active_record, primary_key_type: :string
+
+      g.test_framework :rspec,
+                       fixtures: false,
+                       view_specs: false,
+                       helper_specs: false,
+                       routing_specs: true,
+                       controller_specs: true,
+                       request_specs: true,
+                       model_specs: true
+
+      g.fixture_replacement :factory_bot, dir: "lib/securial/factories"
+
+      # Add JBuilder configuration
+      g.template_engine :jbuilder
+    end
+
+    initializer "securial.middleware" do |app|
+      app.middleware.use Securial::Middleware::RequestLoggerTag
+    end
+
+    initializer "securial.log_engine_loaded", after: :load_config_initializers do
+      Rails.application.config.after_initialize do
+        Securial::ENGINE_LOGGER.info("[Securial] Engine fully initialized in #{Rails.env} environment.")
+      end
+    end
+  end
+end

data/lib/securial/errors/config_errors.rb

@@ -0,0 +1,12 @@
+module Securial
+  module ConfigErrors
+    class ConfigAdminRoleError < StandardError; end
+
+    class ConfigSessionExpirationDurationError < StandardError; end
+    class ConfigSessionAlgorithmError < StandardError; end
+    class ConfigSessionSecretError < StandardError; end
+
+    class ConfigMailerSenderError < StandardError; end
+    class ConfigPasswordError < StandardError; end
+  end
+end

data/lib/securial/errors/session_errors.rb

@@ -0,0 +1,6 @@
+module Securial
+  module SessionErrors
+    class SessionRevokedError < StandardError; end
+    class SessionExpiredError < StandardError; end
+  end
+end

data/lib/securial/factories/securial/role_assignments.rb

@@ -0,0 +1,6 @@
+FactoryBot.define do
+  factory :securial_role_assignment, class: "Securial::RoleAssignment" do
+    association :user, factory: :securial_user
+    association :role, factory: :securial_role
+  end
+end

data/lib/securial/factories/securial/roles.rb

@@ -0,0 +1,18 @@
+FactoryBot.define do
+  factory :securial_role, class: "Securial::Role" do
+    role_name { "MyString" }
+    hide_from_profile { false }
+
+    trait :admin do
+      role_name { "Admin" }
+    end
+
+    trait :user do
+      role_name { "User" }
+    end
+
+    trait :hidden do
+      hide_from_profile { true }
+    end
+  end
+end

data/lib/securial/factories/securial/sessions.rb

@@ -0,0 +1,12 @@
+FactoryBot.define do
+  factory :securial_session, class: "Securial::Session" do
+    ip_address { "127.0.0.1" }
+    user_agent { "Ruby/RSpec" }
+    refresh_count { 1 }
+    refresh_token { SecureRandom.hex(64) }
+    last_refreshed_at { Time.current }
+    refresh_token_expires_at { 1.week.from_now }
+    revoked { false }
+    association :user, factory: :securial_user
+  end
+end

data/lib/securial/factories/securial/users.rb

@@ -0,0 +1,17 @@
+FactoryBot.define do
+  factory :securial_user, class: "Securial::User" do
+    email_address { Faker::Internet.email }
+    password { "Password_.1" }
+    password_confirmation { "Password_.1" }
+    first_name { Faker::Name.first_name }
+    last_name { Faker::Name.last_name }
+    phone { Faker::PhoneNumber.cell_phone }
+    username { Faker::Internet.username(specifier: 3..20) }
+    bio { Faker::Lorem.paragraph }
+
+    trait :admin do
+      admin_role = Securial.configuration.admin_role.to_s.strip.titleize
+      roles { [Securial::Role.find_or_create_by(role_name: admin_role)] }
+    end
+  end
+end

data/lib/securial/helpers/auth_helper.rb

@@ -0,0 +1,46 @@
+module Securial
+  module AuthHelper
+    class << self
+      def encode(session)
+        return nil unless session && session.class == Securial::Session
+
+        base_payload = {
+          jti: session.id,
+          exp: expiry_duration.from_now.to_i,
+          sub: "session-access-token",
+          refresh_count: session.refresh_count,
+        }
+
+        session_payload = {
+          ip: session.ip_address,
+          agent: session.user_agent,
+        }
+
+        payload = base_payload.merge(session_payload)
+        JWT.encode(payload, secret, algorithm, { kid: "hmac" })
+      end
+
+      def decode(token)
+        decoded = JWT.decode(token, secret, true, { algorithm: algorithm, verify_jti: true, iss: "securial" })
+        decoded.first
+      end
+
+      private
+
+      def secret
+        Securial.validate_session_secret!
+        Securial.configuration.session_secret
+      end
+
+      def algorithm
+        Securial.validate_session_algorithm!
+        Securial.configuration.session_algorithm.to_s.upcase
+      end
+
+      def expiry_duration
+        Securial.validate_session_expiry_duration!
+        Securial.configuration.session_expiration_duration
+      end
+    end
+  end
+end

data/lib/securial/helpers/normalizing_helper.rb

@@ -0,0 +1,17 @@
+module Securial
+  module NormalizingHelper
+    module_function
+
+    def normalize_email_address(email)
+      return "" if email.empty?
+
+      email.strip.downcase
+    end
+
+    def normalize_role_name(role_name)
+      return "" if role_name.empty?
+
+      role_name.strip.downcase.titleize
+    end
+  end
+end

data/lib/securial/helpers/regex_helper.rb

@@ -0,0 +1,17 @@
+module Securial
+  module RegexHelper
+    EMAIL_REGEX = URI::MailTo::EMAIL_REGEXP
+    USERNAME_REGEX = /\A(?![0-9])[a-zA-Z](?:[a-zA-Z0-9]|[._](?![._]))*[a-zA-Z0-9]\z/
+    PASSWORD_REGEX = %r{\A(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])[a-zA-Z].*\z}
+
+    module_function
+
+    def valid_email?(email)
+      email.match?(EMAIL_REGEX)
+    end
+
+    def valid_username?(username)
+      username.match?(USERNAME_REGEX)
+    end
+  end
+end

data/lib/securial/logger.rb

@@ -0,0 +1,71 @@
+require "logger"
+require "active_support/logger"
+require "active_support/tagged_logging"
+
+module Securial
+  class Logger
+    def self.build
+      outputs = []
+
+      if Securial.configuration.log_to_file
+        log_file = Rails.root.join("log", "securial.log").open("a")
+        log_file.sync = true
+        outputs << log_file
+      end
+
+      if Securial.configuration.log_to_stdout
+        outputs << STDOUT
+      end
+
+      if outputs.empty?
+        null_logger = ::Logger.new(IO::NULL)
+        return ActiveSupport::TaggedLogging.new(null_logger)
+      end
+
+      logger = ActiveSupport::Logger.new(MultiIO.new(*outputs))
+      logger.level = resolve_log_level
+      logger.formatter = ::Logger::Formatter.new
+
+      ActiveSupport::TaggedLogging.new(logger)
+    end
+
+    def self.resolve_log_level
+      file_level = Securial.configuration.log_file_level
+      stdout_level = Securial.configuration.log_stdout_level
+
+      # Use the lower (more verbose) level of the two
+      levels = [file_level, stdout_level].compact.map do |lvl|
+        begin
+          ::Logger.const_get(lvl.to_s.upcase)
+        rescue NameError
+          nil
+        end
+      end.compact
+
+      levels.min || ::Logger::INFO
+    end
+
+    private
+
+    class MultiIO
+      def initialize(*targets)
+        @targets = targets
+      end
+
+      def write(*args)
+        @targets.each { |t| t.write(*args) }
+      end
+
+      def close
+        @targets.each do |t|
+          next if [STDOUT, STDERR].include?(t)
+          t.close
+        end
+      end
+
+      def flush
+        @targets.each { |t| t.flush if t.respond_to?(:flush) }
+      end
+    end
+  end
+end

data/lib/securial/middleware/request_logger_tag.rb

@@ -0,0 +1,18 @@
+module Securial
+  module Middleware
+    class RequestLoggerTag
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        request = ActionDispatch::Request.new(env)
+        request_id = request.request_id || SecureRandom.uuid
+
+        Securial::ENGINE_LOGGER.tagged("Securial", "RequestID:#{request_id}") do
+          @app.call(env)
+        end
+      end
+    end
+  end
+end