securial 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1628d056fdb0a93bc954107766c8f5ed2975d4690c58dbdbe56a0d45e63eefa3
-  data.tar.gz: 166ce5d80dc63642239a0f6c26702e4bbca469c2f7d886d322aa07e119ef8928
+  metadata.gz: 6955f517ae29e92b5a870f5e951782374d39f7c5eeb19de024d818106a57cc82
+  data.tar.gz: a91673febf7143ab6b245feab4154d1d511ca62b7f78f6a94c758b974c2860ed
 SHA512:
-  metadata.gz: 997ba8dc253bf3772ef806e9c81cce2fb7a7b0dd263527f0896badf74e5ea09ab5560ca804162cde01441054ac5b5d0fca9c39dfc2607cf18086ec6bb4667af2
-  data.tar.gz: b7ff4072c37645e9dc6f1bd5551bb47ec829cbefd412221bcdf13e5a2e788450243c1e7853e918248a2b1faaea61aec40122ddea32f1ef80a1ae013367d9d349
+  metadata.gz: 18a435b9714861bf5f76e516d54b5ed0a3ad4b9d1e192825f2766fab494f90d0579a89d5f5d812b67cc33bb876a174e9341980997ead6a6a5e134bce26637fed
+  data.tar.gz: f584db4b3d36d73d0a5fe83439ef75b409e2fe971337a3ad8b25bb9335727053fed1f272057062a2061b0b2b8c01d866f91e894570c77e4320277ea69ead268c

data/app/controllers/securial/status_controller.rb

@@ -3,7 +3,7 @@ module Securial
     skip_authentication!
 
     def show
-      Securial::ENGINE_LOGGER.info("Status check initiated")
+      Securial.logger.info("Status check initiated")
     end
   end
 end

data/app/models/securial/role.rb

@@ -1,6 +1,6 @@
 module Securial
   class Role < ApplicationRecord
-    normalizes :role_name, with: ->(e) { Securial::NormalizingHelper.normalize_role_name(e) }
+    normalizes :role_name, with: ->(e) { Securial::Helpers::NormalizingHelper.normalize_role_name(e) }
 
     validates :role_name, presence: true, uniqueness: { case_sensitive: false }
 

data/app/models/securial/user.rb

@@ -2,7 +2,7 @@ module Securial
   class User < ApplicationRecord
     include Securial::PasswordResettable
 
-    normalizes :email_address, with: ->(e) { Securial::NormalizingHelper.normalize_email_address(e) }
+    normalizes :email_address, with: ->(e) { Securial::Helpers::NormalizingHelper.normalize_email_address(e) }
 
     validates :email_address,
               presence: true,
@@ -12,7 +12,7 @@ module Securial
                 maximum: 255,
               },
               format: {
-                with: Securial::RegexHelper::EMAIL_REGEX,
+                with: Securial::Helpers::RegexHelper::EMAIL_REGEX,
                 message: "must be a valid email address",
               }
 
@@ -21,7 +21,7 @@ module Securial
               uniqueness: { case_sensitive: false },
               length: { maximum: 20 },
               format: {
-                with: Securial::RegexHelper::USERNAME_REGEX,
+                with: Securial::Helpers::RegexHelper::USERNAME_REGEX,
                 message: "can only contain letters, numbers, underscores, and periods, but cannot start with a number or contain consecutive underscores or periods",
               }
 

data/lib/generators/securial/install/templates/securial_initializer.erb

@@ -11,7 +11,7 @@ Securial.configure do |config|
   config.log_to_stdout = true # Enable or disable logging to STDOUT
 
   # Set log level for file logger: :debug, :info, :warn, :error, :fatal, or :unknown
-  config.log_file_level = :info
+  config.log_file_level = :debug
 
   # Set log level for stdout logger
   config.log_stdout_level = :debug

data/lib/securial/auth/auth_encoder.rb

@@ -1,56 +1,53 @@
 module Securial
   module Auth
     module AuthEncoder
-      class << self
-        def encode(session)
-          return nil unless session && session.class == Securial::Session
-
-          base_payload = {
-            jti: session.id,
-            exp: expiry_duration.from_now.to_i,
-            sub: "session-access-token",
-            refresh_count: session.refresh_count,
-          }
-
-          session_payload = {
-            ip: session.ip_address,
-            agent: session.user_agent,
-          }
-
-          payload = base_payload.merge(session_payload)
-          begin
-            JWT.encode(payload, secret, algorithm, { kid: "hmac" })
-          rescue JWT::EncodeError => e
-            raise Errors::AuthEncodeError, "Failed to encode session: #{e.message}"
-          end
+      module_function
+
+      def encode(session)
+        return nil unless session && session.class == Securial::Session
+
+        base_payload = {
+          jti: session.id,
+          exp: expiry_duration.from_now.to_i,
+          sub: "session-access-token",
+          refresh_count: session.refresh_count,
+        }
+
+        session_payload = {
+          ip: session.ip_address,
+          agent: session.user_agent,
+        }
+
+        payload = base_payload.merge(session_payload)
+        begin
+          JWT.encode(payload, secret, algorithm, { kid: "hmac" })
+        rescue JWT::EncodeError => e
+          raise Errors::AuthEncodeError, "Failed to encode session: #{e.message}"
         end
+      end
 
-        def decode(token)
-          begin
+      def decode(token)
+        begin
           decoded = JWT.decode(token, secret, true, { algorithm: algorithm, verify_jti: true, iss: "securial" })
-          rescue JWT::DecodeError => e
-            raise Securial::Auth::Errors::AuthDecodeError, "Failed to decode session token: #{e.message}"
-          end
-          decoded.first
+        rescue JWT::DecodeError => e
+          raise Securial::Auth::Errors::AuthDecodeError, "Failed to decode session token: #{e.message}"
         end
+        decoded.first
+      end
 
-        private
-
-        def secret
-          # Config::Validation.validate_session_secret!(Securial.configuration)
-          Securial.configuration.session_secret
-        end
+      def secret
+        Securial.configuration.session_secret
+      end
 
-        def algorithm
-          # Config::Validation.validate_session_algorithm!(Securial.configuration)
-          Securial.configuration.session_algorithm.to_s.upcase
-        end
+      def algorithm
+        Securial.configuration.session_algorithm.to_s.upcase
+      end
 
-        def expiry_duration
-          # Config::Validation.validate_session_expiry_duration!(Securial.configuration)
-          Securial.configuration.session_expiration_duration
-        end
+      def expiry_duration
+        Securial.configuration.session_expiration_duration
       end
+
+      private_class_method :secret, :algorithm, :expiry_duration
     end
   end
 end

data/lib/securial/auth/session_creator.rb

@@ -1,19 +1,19 @@
 module Securial
   module Auth
     module SessionCreator
-      class << self
-        def create_session(user, request)
-          return nil unless user && user.persisted? && request.is_a?(ActionDispatch::Request)
+      module_function
 
-          user.sessions.create!(
-            user_agent: request.user_agent,
-            ip_address: request.remote_ip,
-            refresh_token: SecureRandom.hex(64),
-            last_refreshed_at: Time.current,
-            refresh_token_expires_at: 1.week.from_now,
-          ).tap do |session|
-            Current.session = session
-          end
+      def create_session(user, request)
+        return nil unless user && user.persisted? && request.is_a?(ActionDispatch::Request)
+
+        user.sessions.create!(
+          user_agent: request.user_agent,
+          ip_address: request.remote_ip,
+          refresh_token: SecureRandom.hex(64),
+          last_refreshed_at: Time.current,
+          refresh_token_expires_at: 1.week.from_now,
+        ).tap do |session|
+          Current.session = session
         end
       end
     end

data/lib/securial/auth.rb

@@ -0,0 +1,10 @@
+require "securial/auth/errors"
+require_relative "auth/auth_encoder"
+require_relative "auth/session_creator"
+
+module Securial
+  module Auth
+    # This module serves as a namespace for authentication-related components.
+    # It requires all key auth files: Errors, AuthEncoder, SessionCreator.
+  end
+end

data/lib/securial/config/configuration.rb

@@ -1,4 +1,4 @@
-require_relative "../helpers/_index"
+require "securial/helpers"
 module Securial
   module Config
     VALID_SESSION_ENCRYPTION_ALGORITHMS = [:hs256, :hs384, :hs512].freeze
@@ -11,7 +11,7 @@ module Securial
         {
           log_to_file: !Rails.env.test?,
           log_to_stdout: !Rails.env.test?,
-          log_file_level: :info,
+          log_file_level: :debug,
           log_stdout_level: :debug,
           admin_role: :admin,
           session_expiration_duration: 3.minutes,
@@ -21,7 +21,7 @@ module Securial
           password_reset_email_subject: "SECURIAL: Password Reset Instructions",
           password_min_length: 8,
           password_max_length: 128,
-          password_complexity: Securial::RegexHelper::PASSWORD_REGEX,
+          password_complexity: Securial::Helpers::RegexHelper::PASSWORD_REGEX,
           password_expires: true,
           password_expires_in: 90.days,
           reset_password_token_expires_in: 2.hours,

data/lib/securial/config/validation.rb

@@ -18,19 +18,19 @@ module Securial
         def validate_admin_role!(config)
           if config.admin_role.nil? || config.admin_role.to_s.strip.empty?
             error_message = "Admin role is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigAdminRoleError, error_message
           end
 
           unless config.admin_role.is_a?(Symbol) || config.admin_role.is_a?(String)
             error_message = "Admin role must be a Symbol or String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigAdminRoleError, error_message
           end
 
           if config.admin_role.to_s.pluralize.downcase == "accounts"
             error_message = "The admin role cannot be 'account' or 'accounts' as it conflicts with the default routes."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigAdminRoleError, error_message
           end
         end
@@ -44,16 +44,16 @@ module Securial
         def validate_session_expiry_duration!(config)
           if config.session_expiration_duration.nil?
             error_message = "Session expiration duration is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSessionExpirationDurationError, error_message
           end
           if config.session_expiration_duration.class != ActiveSupport::Duration
             error_message = "Session expiration duration must be an ActiveSupport::Duration."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSessionExpirationDurationError, error_message
           end
           if config.session_expiration_duration <= 0
-            Securial::ENGINE_LOGGER.fatal("Session expiration duration must be greater than 0.")
+            Securial.logger.fatal("Session expiration duration must be greater than 0.")
             raise Securial::Config::Errors::ConfigSessionExpirationDurationError, "Session expiration duration must be greater than 0."
           end
         end
@@ -61,18 +61,18 @@ module Securial
         def validate_session_algorithm!(config)
           if config.session_algorithm.blank?
             error_message = "Session algorithm is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
           end
           unless config.session_algorithm.is_a?(Symbol)
             error_message = "Session algorithm must be a Symbol."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
           end
           valid_algorithms = Securial::Config::VALID_SESSION_ENCRYPTION_ALGORITHMS
           unless valid_algorithms.include?(config.session_algorithm)
             error_message = "Invalid session algorithm. Valid options are: #{valid_algorithms.map(&:inspect).join(', ')}."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
           end
         end
@@ -80,12 +80,12 @@ module Securial
         def validate_session_secret!(config)
           if config.session_secret.blank?
             error_message = "Session secret is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSessionSecretError, error_message
           end
           unless config.session_secret.is_a?(String)
             error_message = "Session secret must be a String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSessionSecretError, error_message
           end
         end
@@ -93,12 +93,12 @@ module Securial
         def validate_mailer_sender!(config)
           if config.mailer_sender.blank?
             error_message = "Mailer sender is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigMailerSenderError, error_message
           end
           if config.mailer_sender !~  URI::MailTo::EMAIL_REGEXP
             error_message = "Mailer sender is not a valid email address."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigMailerSenderError, error_message
           end
         end
@@ -114,12 +114,12 @@ module Securial
         def validate_password_reset_token!(config)
           if config.reset_password_token_secret.blank?
             error_message = "Reset password token secret is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
           unless config.reset_password_token_secret.is_a?(String)
             error_message = "Reset password token secret must be a String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
         end
@@ -127,12 +127,12 @@ module Securial
         def validate_password_reset_subject!(config)
           if config.password_reset_email_subject.blank?
             error_message = "Password reset email subject is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
           unless config.password_reset_email_subject.is_a?(String)
             error_message = "Password reset email subject must be a String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
         end
@@ -140,12 +140,12 @@ module Securial
         def validate_password_min_max_length!(config)
           unless config.password_min_length.is_a?(Integer) && config.password_min_length > 0
             error_message = "Password minimum length must be a positive integer."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
           unless config.password_max_length.is_a?(Integer) && config.password_max_length >= config.password_min_length
             error_message = "Password maximum length must be an integer greater than or equal to the minimum length."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
         end
@@ -153,7 +153,7 @@ module Securial
         def validate_password_complexity!(config)
           if config.password_complexity.nil? || !config.password_complexity.is_a?(Regexp)
             error_message = "Password complexity regex is not set or is not a valid Regexp."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
         end
@@ -161,7 +161,7 @@ module Securial
         def validate_password_expiration!(config)
           unless config.password_expires.is_a?(TrueClass) || config.password_expires.is_a?(FalseClass)
             error_message = "Password expiration must be a boolean value."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
 
@@ -171,7 +171,7 @@ module Securial
               config.password_expires_in <= 0
             )
             error_message = "Password expiration duration is not set or is not a valid ActiveSupport::Duration."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigPasswordError, error_message
           end
         end
@@ -185,7 +185,7 @@ module Securial
           valid_formats = Securial::Config::VALID_RESPONSE_KEYS_FORMATS
           unless valid_formats.include?(config.response_keys_format)
             error_message = "Invalid response_keys_format option. Valid options are: #{valid_formats.map(&:inspect).join(', ')}."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigResponseError, error_message
           end
         end
@@ -194,7 +194,7 @@ module Securial
           valid_options = Securial::Config::VALID_TIMESTAMP_OPTIONS
           unless valid_options.include?(config.timestamps_in_response)
             error_message = "Invalid timestamps_in_response option. Valid options are: #{valid_options.map(&:inspect).join(', ')}."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigResponseError, error_message
           end
         end
@@ -208,7 +208,7 @@ module Securial
           valid_options = Securial::Config::VALID_SECURITY_HEADERS
           unless valid_options.include?(config.security_headers)
             error_message = "Invalid security_headers option. Valid options are: #{valid_options.map(&:inspect).join(', ')}."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSecurityError, error_message
           end
         end
@@ -216,7 +216,7 @@ module Securial
         def validate_rate_limiting!(config) # rubocop:disable Metrics/MethodLength
           unless config.rate_limiting_enabled.is_a?(TrueClass) || config.rate_limiting_enabled.is_a?(FalseClass)
             error_message = "rate_limiting_enabled must be a boolean value."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSecurityError, error_message
           end
 
@@ -227,19 +227,19 @@ module Securial
               config.rate_limit_requests_per_minute > 0
 
             error_message = "rate_limit_requests_per_minute must be a positive integer when rate limiting is enabled."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSecurityError, error_message
           end
 
           unless config.rate_limit_response_status.is_a?(Integer) && config.rate_limit_response_status.between?(400, 599)
             error_message = "rate_limit_response_status must be an HTTP status code between 4xx and 5xx."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSecurityError, error_message
           end
 
           unless config.rate_limit_response_message.is_a?(String) && !config.rate_limit_response_message.strip.empty?
             error_message = "rate_limit_response_message must be a non-empty String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
+            Securial.logger.fatal(error_message)
             raise Securial::Config::Errors::ConfigSecurityError, error_message
           end
         end

data/lib/securial/config.rb

@@ -0,0 +1,10 @@
+require "securial/config/configuration"
+require "securial/config/validation"
+require "securial/config/errors"
+
+module Securial
+  module Config
+    # This module acts as a namespace for configuration-related components.
+    # It requires all key config files: Configuration, Validation, Errors.
+  end
+end

data/lib/securial/engine.rb

@@ -1,13 +1,15 @@
-require_relative "./logger"
-require_relative "./key_transformer"
-require_relative "./config/_index"
-require_relative "./helpers/_index"
-require_relative "./auth/_index"
-require_relative "./inspectors/_index"
-
-require_relative "./middleware/_index"
 require "jwt"
 
+require "securial/logger"
+require "securial/key_transformer"
+require "securial/config"
+require "securial/helpers"
+require "securial/auth"
+require "securial/inspectors"
+require "securial/middlewares"
+require "securial/security"
+require "securial/version_checker"
+
 module Securial
   class Engine < ::Rails::Engine
     isolate_namespace Securial
@@ -53,13 +55,22 @@ module Securial
     end
 
     initializer "securial.middleware" do |app|
-      middleware.use Securial::Middleware::RequestLoggerTag
-      middleware.use Securial::Middleware::TransformRequestKeys
-      middleware.use Securial::Middleware::TransformResponseKeys
+      middleware.use Securial::Middlewares::RequestLoggerTag
+      middleware.use Securial::Middlewares::TransformRequestKeys
+      middleware.use Securial::Middlewares::TransformResponseKeys
+    end
+
+    initializer "securial.security.request_rate_limiter" do |app|
       if Securial.configuration.rate_limiting_enabled
-        require "rack/attack"
-        require_relative "./rack_attack"
-        middleware.use Rack::Attack
+        Securial::Security::RequestRateLimiter.apply!
+        Rails.application.config.middleware.use Rack::Attack
+      end
+    end
+
+
+    initializer "securial.version_check" do
+      config.after_initialize do
+        Securial::VersionChecker.check_latest_version
       end
     end
 
@@ -86,7 +97,7 @@ module Securial
     private
 
     def log(message)
-      Securial::ENGINE_LOGGER.info("[Securial] #{message}")
+      Securial.logger.info("[Securial] #{message}")
     end
   end
 end

data/lib/securial/helpers/normalizing_helper.rb

@@ -1,17 +1,19 @@
 module Securial
-  module NormalizingHelper
-    module_function
+  module Helpers
+    module NormalizingHelper
+      module_function
 
-    def normalize_email_address(email)
-      return "" if email.empty?
+      def normalize_email_address(email)
+        return "" if email.empty?
 
-      email.strip.downcase
-    end
+        email.strip.downcase
+      end
 
-    def normalize_role_name(role_name)
-      return "" if role_name.empty?
+      def normalize_role_name(role_name)
+        return "" if role_name.empty?
 
-      role_name.strip.downcase.titleize
+        role_name.strip.downcase.titleize
+      end
     end
   end
 end

data/lib/securial/helpers/regex_helper.rb

@@ -1,16 +1,18 @@
 module Securial
-  module RegexHelper
-    EMAIL_REGEX = URI::MailTo::EMAIL_REGEXP
-    USERNAME_REGEX = /\A(?![0-9])[a-zA-Z](?:[a-zA-Z0-9]|[._](?![._]))*[a-zA-Z0-9]\z/
-    PASSWORD_REGEX = %r{\A(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])[a-zA-Z].*\z}
+  module Helpers
+    module RegexHelper
+      EMAIL_REGEX = URI::MailTo::EMAIL_REGEXP
+      USERNAME_REGEX = /\A(?![0-9])[a-zA-Z](?:[a-zA-Z0-9]|[._](?![._]))*[a-zA-Z0-9]\z/
+      PASSWORD_REGEX = %r{\A(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])[a-zA-Z].*\z}
 
-    class << self
-      def valid_email?(email)
-        email.match?(EMAIL_REGEX)
-      end
+      class << self
+        def valid_email?(email)
+          email.match?(EMAIL_REGEX)
+        end
 
-      def valid_username?(username)
-        username.match?(USERNAME_REGEX)
+        def valid_username?(username)
+          username.match?(USERNAME_REGEX)
+        end
       end
     end
   end

data/lib/securial/helpers.rb

@@ -0,0 +1,9 @@
+require "securial/helpers/normalizing_helper"
+require "securial/helpers/regex_helper"
+
+module Securial
+  module Helpers
+    # This module acts as a namespace for helper modules.
+    # It requires all helper modules to make them available for consumers.
+  end
+end

data/lib/securial/inspectors/route_inspector.rb

@@ -17,27 +17,27 @@ module Securial
 
         # rubocop:disable Rails/Output
         def print_headers(filtered, controller)
-          Securial::ENGINE_LOGGER.debug "Securial engine routes:"
-          Securial::ENGINE_LOGGER.debug "Total routes: #{filtered.size}"
-          Securial::ENGINE_LOGGER.debug "Filtered by controller: #{controller}" if controller
-          Securial::ENGINE_LOGGER.debug "Filtered routes: #{filtered.size}" if controller
-          Securial::ENGINE_LOGGER.debug "-" * 120
-          Securial::ENGINE_LOGGER.debug "#{'Verb'.ljust(8)} #{'Path'.ljust(45)} #{'Controller#Action'.ljust(40)} Name"
-          Securial::ENGINE_LOGGER.debug "-" * 120
+          Securial.logger.debug "Securial engine routes:"
+          Securial.logger.debug "Total routes: #{filtered.size}"
+          Securial.logger.debug "Filtered by controller: #{controller}" if controller
+          Securial.logger.debug "Filtered routes: #{filtered.size}" if controller
+          Securial.logger.debug "-" * 120
+          Securial.logger.debug "#{'Verb'.ljust(8)} #{'Path'.ljust(45)} #{'Controller#Action'.ljust(40)} Name"
+          Securial.logger.debug "-" * 120
         end
 
         def print_details(filtered, controller) # rubocop:disable Rails/Output
           if filtered.empty?
             if controller
-              Securial::ENGINE_LOGGER.debug "No routes found for controller: #{controller}"
+              Securial.logger.debug "No routes found for controller: #{controller}"
             else
-              Securial::ENGINE_LOGGER.debug "No routes found for Securial engine"
+              Securial.logger.debug "No routes found for Securial engine"
             end
-            Securial::ENGINE_LOGGER.debug "-" * 120
+            Securial.logger.debug "-" * 120
             return
           end
 
-          Securial::ENGINE_LOGGER.debug filtered.map { |r|
+          Securial.logger.debug filtered.map { |r|
             name = r.name || ""
             verb = r.verb.to_s.ljust(8)
             path = r.path.spec.to_s.sub(/\(\.:format\)/, "").ljust(45)

data/lib/securial/inspectors.rb

@@ -0,0 +1,8 @@
+require "securial/inspectors/route_inspector"
+
+module Securial
+  module Inspectors
+    # This module serves as a namespace for inspectors.
+    # It requires the RouteInspector to provide route inspection capabilities.
+  end
+end

data/lib/securial/logger/broadcaster.rb

@@ -0,0 +1,48 @@
+module Securial
+  module Logger
+    class Broadcaster
+      def initialize(*targets)
+        @targets = targets
+      end
+
+      ::Logger::Severity.constants.each do |severity|
+        method = severity.downcase
+        define_method(method) do |*args, &block|
+          @targets.each do |logger|
+            if logger.level <= ::Logger::Severity.const_get(severity)
+              logger.send(method, *args, &block)
+            end
+          end
+        end
+      end
+
+      def add(severity, message = nil, progname = nil, &block)
+        @targets.each do |logger|
+          if logger.level <= severity.to_i
+            logger.add(severity, message, progname, &block)
+          end
+        end
+      end
+
+      def <<(msg)
+        @targets.each { |logger| logger << msg if logger.respond_to?(:<<) }
+      end
+
+      def close
+        @targets.each { |logger| logger.close if logger.respond_to?(:close) }
+      end
+
+      def flush
+        @targets.each { |logger| logger.flush if logger.respond_to?(:flush) }
+      end
+
+      def formatter
+        @targets.first.formatter if @targets.any?
+      end
+
+      def formatter=(formatter)
+        @targets.each { |logger| logger.formatter = formatter }
+      end
+    end
+  end
+end

data/lib/securial/logger/builder.rb

@@ -0,0 +1,60 @@
+require "logger"
+require "active_support/logger"
+require "active_support/tagged_logging"
+require_relative "colors"
+require_relative "broadcaster"
+
+module Securial
+  module Logger
+    def self.build # rubocop:disable Metrics/MethodLength
+      loggers = []
+      colorize_stdout = false
+
+      unless Securial.configuration.log_to_file == false
+        file_logger = ::Logger.new(Rails.root.join("log", "securial.log"))
+        file_logger.level = resolve_level(Securial.configuration.log_file_level)
+        file_logger.formatter = ::Logger::Formatter.new
+        loggers << file_logger
+      end
+
+      unless Securial.configuration.log_to_stdout == false
+        stdout_logger = ::Logger.new(STDOUT)
+        stdout_logger.level = resolve_level(Securial.configuration.log_stdout_level)
+        stdout_logger.formatter = proc do |severity, timestamp, progname, msg|
+          color = COLORS[severity] || CLEAR
+          padded = severity.ljust(SEVERITY_WIDTH)
+          formatted = "#{timestamp.strftime("%Y-%m-%d %H:%M:%S")} #{padded} -- : #{msg}\n"
+          "#{color}#{formatted}#{CLEAR}"
+        end
+        colorize_stdout = true
+        loggers << stdout_logger
+      end
+
+      if loggers.empty?
+        null_logger = ::Logger.new(IO::NULL)
+        return ActiveSupport::TaggedLogging.new(null_logger)
+      end
+
+      broadcaster = Broadcaster.new(*loggers)
+      tagged_logger = ActiveSupport::TaggedLogging.new(broadcaster)
+
+      if colorize_stdout && !Rails.env.test?
+        tagged_logger.formatter = proc do |severity, timestamp, progname, msg|
+          color = COLORS[severity] || CLEAR
+          padded = severity.ljust(SEVERITY_WIDTH)
+          formatted = "#{timestamp.strftime("%Y-%m-%d %H:%M:%S")} #{padded} -- : #{msg}\n"
+          "#{color}#{formatted}#{CLEAR}"
+        end
+      end
+
+      tagged_logger
+    end
+
+    def self.resolve_level(level)
+      return ::Logger::INFO if level.nil?
+      ::Logger.const_get(level.to_s.upcase)
+    rescue NameError
+      ::Logger::INFO
+    end
+  end
+end

data/lib/securial/logger/colors.rb

@@ -0,0 +1,14 @@
+module Securial
+  module Logger
+    COLORS = {
+      "DEBUG" => "\e[36m",   # cyan
+      "INFO" => "\e[32m",    # green
+      "WARN" => "\e[33m",    # yellow
+      "ERROR" => "\e[31m",   # red
+      "FATAL" => "\e[35m",   # magenta
+      "UNKNOWN" => "\e[37m", # white
+    }.freeze
+    CLEAR = "\e[0m"
+    SEVERITY_WIDTH = 5
+  end
+end

data/lib/securial/logger.rb

@@ -1,71 +1,8 @@
-require "logger"
-require "active_support/logger"
-require "active_support/tagged_logging"
+require_relative "logger/builder"
 
 module Securial
-  class Logger
-    def self.build
-      outputs = []
-
-      unless Securial.configuration.log_to_file == false
-        log_file = Rails.root.join("log", "securial.log").open("a")
-        log_file.sync = true
-        outputs << log_file
-      end
-
-      unless Securial.configuration.log_to_stdout == false
-        outputs << STDOUT
-      end
-
-      if outputs.empty?
-        null_logger = ::Logger.new(IO::NULL)
-        return ActiveSupport::TaggedLogging.new(null_logger)
-      end
-
-      logger = ActiveSupport::Logger.new(MultiIO.new(*outputs))
-      logger.level = resolve_log_level
-      logger.formatter = ::Logger::Formatter.new
-
-      ActiveSupport::TaggedLogging.new(logger)
-    end
-
-    def self.resolve_log_level
-      file_level = Securial.configuration.log_file_level
-      stdout_level = Securial.configuration.log_stdout_level
-
-      # Use the lower (more verbose) level of the two
-      levels = [file_level, stdout_level].compact.map do |lvl|
-        begin
-          ::Logger.const_get(lvl.to_s.upcase)
-        rescue NameError
-          nil
-        end
-      end.compact
-
-      levels.min || ::Logger::INFO
-    end
-
-    private
-
-    class MultiIO
-      def initialize(*targets)
-        @targets = targets
-      end
-
-      def write(*args)
-        @targets.each { |t| t.write(*args) }
-      end
-
-      def close
-        @targets.each do |t|
-          next if [STDOUT, STDERR].include?(t)
-          t.close
-        end
-      end
-
-      def flush
-        @targets.each { |t| t.flush if t.respond_to?(:flush) }
-      end
-    end
+  module Logger
+    # This module serves as a namespace for logging functionality.
+    # It requires the Logger::Builder to provide logger building capabilities.
   end
 end

data/lib/securial/middlewares/request_logger_tag.rb

@@ -0,0 +1,19 @@
+module Securial
+  module Middlewares
+    class RequestLoggerTag
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        request_id = env["action_dispatch.request_id"] || env["HTTP_X_REQUEST_ID"]
+        tags = ["Securial"]
+        tags << request_id if request_id
+
+        logger = Securial.logger || Rails.logger || ::Logger.new(IO::NULL)
+        tagged_logger = logger.is_a?(ActiveSupport::TaggedLogging) ? logger : ActiveSupport::TaggedLogging.new(logger)
+        tagged_logger.tagged(*tags) { @app.call(env) }
+      end
+    end
+  end
+end

data/lib/securial/{middleware → middlewares}/transform_request_keys.rb

@@ -1,8 +1,8 @@
-# lib/securial/middleware/transform_request_keys.rb
+# lib/securial/middlewares/transform_request_keys.rb
 require "json"
 
 module Securial
-  module Middleware
+  module Middlewares
     class TransformRequestKeys
       def initialize(app)
         @app = app

data/lib/securial/{middleware → middlewares}/transform_response_keys.rb

@@ -1,8 +1,7 @@
-# lib/securial/middleware/transform_response_keys.rb
 require "json"
 
 module Securial
-  module Middleware
+  module Middlewares
     class TransformResponseKeys
       def initialize(app)
         @app = app
@@ -16,13 +15,21 @@ module Securial
 
           if body.present?
             format = Securial.configuration.response_keys_format
-            transformed = KeyTransformer.deep_transform_keys(JSON.parse(body)) do |key|
-              KeyTransformer.camelize(key, format)
-            end
 
-            new_body = [JSON.generate(transformed)]
-            headers["Content-Length"] = new_body.first.bytesize.to_s
-            return [status, headers, new_body]
+            # Only transform if not snake_case
+            if format != :snake_case
+              begin
+                transformed = Securial::KeyTransformer.deep_transform_keys(JSON.parse(body)) do |key|
+                  Securial::KeyTransformer.camelize(key, format)
+                end
+
+                new_body = [JSON.generate(transformed)]
+                headers["Content-Length"] = new_body.first.bytesize.to_s
+                return [status, headers, new_body]
+              rescue JSON::ParserError
+                # If not valid JSON, fall through and return original response
+              end
+            end
           end
         end
 

data/lib/securial/middlewares.rb

@@ -0,0 +1,10 @@
+require_relative "middlewares/transform_request_keys"
+require_relative "middlewares/transform_response_keys"
+require_relative "middlewares/request_logger_tag"
+
+module Securial
+  module Middleware
+    # This module serves as a namespace for middlewares.
+    # It requires the necessary middleware files to provide functionality.
+  end
+end

data/lib/securial/security/request_rate_limiter.rb

@@ -0,0 +1,68 @@
+require "rack/attack"
+require "securial/config"
+require "securial/logger"
+
+module Securial
+  module Security
+    module RequestRateLimiter
+      module_function
+
+      def apply! # rubocop:disable Metrics/MethodLength
+        resp_status = Securial.configuration.rate_limit_response_status
+        resp_message = Securial.configuration.rate_limit_response_message
+        # Throttle login attempts by IP
+        Rack::Attack.throttle("securial/logins/ip",
+                              limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
+                              period: 1.minute
+        ) do |req|
+          if req.path.include?("sessions/login") && req.post?
+            req.ip
+          end
+        end
+
+        # Throttle login attempts by username/email
+        Rack::Attack.throttle("securial/logins/email",
+                              limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
+                              period: 1.minute
+        ) do |req|
+          if req.path.include?("sessions/login") && req.post?
+            req.params["email_address"].to_s.downcase.strip
+          end
+        end
+
+        # Throttle password reset requests by IP
+        Rack::Attack.throttle("securial/password_resets/ip",
+                              limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
+                              period: 1.minute
+        ) do |req|
+          if req.path.include?("password/forgot") && req.post?
+            req.ip
+          end
+        end
+
+        # Throttle password reset requests by email
+        Rack::Attack.throttle("securial/password_resets/email",
+                              limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
+                              period: 1.minute
+        ) do |req|
+          if req.path.include?("password/forgot") && req.post?
+            req.params["email_address"].to_s.downcase.strip
+          end
+        end
+
+        # Custom response for throttled requests
+        Rack::Attack.throttled_responder = lambda do |request|
+          retry_after = (request.env["rack.attack.match_data"] || {})[:period]
+          [
+            resp_status,
+            {
+              "Content-Type" => "application/json",
+              "Retry-After" => retry_after.to_s,
+            },
+            [{ error: resp_message }.to_json]
+          ]
+        end
+      end
+    end
+  end
+end

data/lib/securial/security.rb

@@ -0,0 +1,8 @@
+require "securial/security/request_rate_limiter"
+
+module Securial
+  module Security
+    # This module serves as a namespace for security-related functionality.
+    # It can be extended with additional security features in the future.
+  end
+end

data/lib/securial/version.rb

@@ -1,3 +1,3 @@
 module Securial
-  VERSION = "0.6.1".freeze
+  VERSION = "0.7.0".freeze
 end

data/lib/securial/version_checker.rb

@@ -0,0 +1,31 @@
+require "net/http"
+require "json"
+
+module Securial
+  module VersionChecker
+    module_function
+
+    def check_latest_version
+      begin
+        rubygems_api_url = "https://rubygems.org/api/v1/versions/securial/latest.json"
+        uri = URI(rubygems_api_url)
+        http = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https", open_timeout: 5, read_timeout: 5)
+        response = http.request(Net::HTTP::Get.new(uri))
+        latest = JSON.parse(response.body)["version"]
+
+        current = Securial::VERSION
+        if Gem::Version.new(latest) > Gem::Version.new(current)
+          Securial.logger.info "A newer version (#{latest}) of Securial is available. You are using #{current}."
+          Securial.logger.info "Please consider updating!"
+          Securial.logger.debug "You can update Securial by running the following command in your terminal:"
+          Securial.logger.debug "`bundle update securial`"
+        else
+          Securial.logger.info "You are using the latest version of Securial (#{current})."
+          Securial.logger.debug "No updates available at this time."
+        end
+      rescue => e
+        Securial.logger.debug("Version check failed: #{e.message}")
+      end
+    end
+  end
+end

data/lib/securial.rb

@@ -1,11 +1,13 @@
 require "securial/version"
 require "securial/engine"
+require "securial/logger"
 
 require "jbuilder"
 
 module Securial
   class << self
     attr_accessor :configuration
+    attr_accessor :logger
 
     def configuration
       @configuration ||= Securial::Config::Configuration.new
@@ -20,6 +22,10 @@ module Securial
       yield(configuration)
     end
 
+    def logger
+      @logger ||= Securial::Logger.build
+    end
+
     # Returns the pluralized form of the admin role.
     # This behavior is intentional and aligns with the project's routing conventions.
     def admin_namespace

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: securial
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Aly Badawy
 bindir: bin
 cert_chain: []
-date: 2025-05-30 00:00:00.000000000 Z
+date: 2025-06-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -251,7 +251,7 @@ files:
 - lib/generators/factory_bot/templates/factory.erb
 - lib/generators/securial/install/install_generator.rb
 - lib/generators/securial/install/templates/securial_initializer.erb
-- lib/generators/securial/install/views_generastor.rb
+- lib/generators/securial/install/views_generator.rb
 - lib/generators/securial/jbuilder/jbuilder_generator.rb
 - lib/generators/securial/jbuilder/templates/_resource.json.erb
 - lib/generators/securial/jbuilder/templates/index.json.erb
@@ -262,11 +262,11 @@ files:
 - lib/generators/securial/scaffold/templates/routes.erb
 - lib/generators/securial/scaffold/templates/routing_spec.erb
 - lib/securial.rb
-- lib/securial/auth/_index.rb
+- lib/securial/auth.rb
 - lib/securial/auth/auth_encoder.rb
 - lib/securial/auth/errors.rb
 - lib/securial/auth/session_creator.rb
-- lib/securial/config/_index.rb
+- lib/securial/config.rb
 - lib/securial/config/configuration.rb
 - lib/securial/config/errors.rb
 - lib/securial/config/validation.rb
@@ -275,25 +275,30 @@ files:
 - lib/securial/factories/securial/roles.rb
 - lib/securial/factories/securial/sessions.rb
 - lib/securial/factories/securial/users.rb
-- lib/securial/helpers/_index.rb
+- lib/securial/helpers.rb
 - lib/securial/helpers/normalizing_helper.rb
 - lib/securial/helpers/regex_helper.rb
-- lib/securial/inspectors/_index.rb
+- lib/securial/inspectors.rb
 - lib/securial/inspectors/route_inspector.rb
 - lib/securial/key_transformer.rb
 - lib/securial/logger.rb
-- lib/securial/middleware/_index.rb
-- lib/securial/middleware/request_logger_tag.rb
-- lib/securial/middleware/transform_request_keys.rb
-- lib/securial/middleware/transform_response_keys.rb
-- lib/securial/rack_attack.rb
+- lib/securial/logger/broadcaster.rb
+- lib/securial/logger/builder.rb
+- lib/securial/logger/colors.rb
+- lib/securial/middlewares.rb
+- lib/securial/middlewares/request_logger_tag.rb
+- lib/securial/middlewares/transform_request_keys.rb
+- lib/securial/middlewares/transform_response_keys.rb
+- lib/securial/security.rb
+- lib/securial/security/request_rate_limiter.rb
 - lib/securial/version.rb
+- lib/securial/version_checker.rb
 - lib/tasks/securial_tasks.rake
 homepage: https://github.com/AlyBadawy/Securial/wiki
 licenses:
 - MIT
 metadata:
-  release_date: '2025-05-30'
+  release_date: '2025-06-01'
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/AlyBadawy/Securial/wiki
   source_code_uri: https://github.com/AlyBadawy/Securial

data/lib/securial/auth/_index.rb

@@ -1,3 +0,0 @@
-require_relative "errors"
-require_relative "auth_encoder"
-require_relative "session_creator"

data/lib/securial/config/_index.rb

@@ -1,3 +0,0 @@
-require_relative "./configuration"
-require_relative "./validation"
-require_relative "./errors"

data/lib/securial/helpers/_index.rb

@@ -1,2 +0,0 @@
-require_relative "normalizing_helper"
-require_relative "regex_helper"

data/lib/securial/inspectors/_index.rb

@@ -1 +0,0 @@
-require_relative "route_inspector"

data/lib/securial/middleware/_index.rb

@@ -1,3 +0,0 @@
-require_relative "./transform_request_keys"
-require_relative "./transform_response_keys"
-require_relative "./request_logger_tag"

data/lib/securial/middleware/request_logger_tag.rb

@@ -1,18 +0,0 @@
-module Securial
-  module Middleware
-    class RequestLoggerTag
-      def initialize(app)
-        @app = app
-      end
-
-      def call(env)
-        request = ActionDispatch::Request.new(env)
-        request_id = request.request_id || SecureRandom.uuid
-
-        Securial::ENGINE_LOGGER.tagged("Securial", "RequestID:#{request_id}") do
-          @app.call(env)
-        end
-      end
-    end
-  end
-end

data/lib/securial/rack_attack.rb

@@ -1,48 +0,0 @@
-Rails.application.config.to_prepare do
-  class Rack::Attack
-    limit = Securial.configuration.rate_limit_requests_per_minute
-    resp_status = Securial.configuration.rate_limit_response_status
-    resp_message = Securial.configuration.rate_limit_response_message
-
-    ### Throttle login attempts by IP ###
-    throttle("securial/logins/ip", limit: limit, period: 1.minute) do |req|
-      if req.path.include?("sessions/login") && req.post?
-        req.ip
-      end
-    end
-
-    ### Throttle login attempts by username ###
-    throttle("securial/logins/email", limit: 5, period: 1.minute) do |req|
-      if req.path.include?("sessions/login") && req.post?
-        req.params["email_address"].to_s.downcase.strip
-      end
-    end
-
-    ### TODO: Add throttling for other endpoints as needed ###
-    # Example: Throttle password reset requests by email
-    throttle("securial/password_resets/ip", limit: 5, period: 1.minute) do |req|
-      if req.path.include?("password/forgot") && req.post?
-        req.ip
-      end
-    end
-
-    throttle("securial/password_resets/email", limit: 5, period: 1.minute) do |req|
-      if req.path.include?("password/forgot") && req.post?
-        req.params["email_address"].to_s.downcase.strip
-      end
-    end
-
-    ### Custom response ###
-    self.throttled_responder = lambda do |request|
-      retry_after = (request.env["rack.attack.match_data"] || {})[:period]
-      [
-        resp_status,
-        {
-          "Content-Type" => "application/json",
-          "Retry-After" => retry_after.to_s,
-        },
-        [{ error: resp_message }.to_json]
-      ]
-    end
-  end
-end