securial 0.6.1 → 0.8.0

data/lib/securial/config/validation.rb

@@ -1,247 +1,24 @@
 require "securial/logger"
+require "securial/config/validation/logger_validation"
+require "securial/config/validation/roles_validation"
+require "securial/config/validation/session_validation"
+require "securial/config/validation/mailer_validation"
+require "securial/config/validation/password_validation"
+require "securial/config/validation/response_validation"
+require "securial/config/validation/security_validation"
 
 module Securial
   module Config
     module Validation
-      class << self # rubocop:disable Metrics/ClassLength
-        def validate_all!(config)
-          validate_admin_role!(config)
-          validate_session_config!(config)
-          validate_mailer_sender!(config)
-          validate_password_config!(config)
-          validate_response_config!(config)
-          validate_security_config!(config)
-        end
-
-        private
-
-        def validate_admin_role!(config)
-          if config.admin_role.nil? || config.admin_role.to_s.strip.empty?
-            error_message = "Admin role is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigAdminRoleError, error_message
-          end
-
-          unless config.admin_role.is_a?(Symbol) || config.admin_role.is_a?(String)
-            error_message = "Admin role must be a Symbol or String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigAdminRoleError, error_message
-          end
-
-          if config.admin_role.to_s.pluralize.downcase == "accounts"
-            error_message = "The admin role cannot be 'account' or 'accounts' as it conflicts with the default routes."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigAdminRoleError, error_message
-          end
-        end
-
-        def validate_session_config!(config)
-          validate_session_expiry_duration!(config)
-          validate_session_algorithm!(config)
-          validate_session_secret!(config)
-        end
-
-        def validate_session_expiry_duration!(config)
-          if config.session_expiration_duration.nil?
-            error_message = "Session expiration duration is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSessionExpirationDurationError, error_message
-          end
-          if config.session_expiration_duration.class != ActiveSupport::Duration
-            error_message = "Session expiration duration must be an ActiveSupport::Duration."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSessionExpirationDurationError, error_message
-          end
-          if config.session_expiration_duration <= 0
-            Securial::ENGINE_LOGGER.fatal("Session expiration duration must be greater than 0.")
-            raise Securial::Config::Errors::ConfigSessionExpirationDurationError, "Session expiration duration must be greater than 0."
-          end
-        end
-
-        def validate_session_algorithm!(config)
-          if config.session_algorithm.blank?
-            error_message = "Session algorithm is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
-          end
-          unless config.session_algorithm.is_a?(Symbol)
-            error_message = "Session algorithm must be a Symbol."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
-          end
-          valid_algorithms = Securial::Config::VALID_SESSION_ENCRYPTION_ALGORITHMS
-          unless valid_algorithms.include?(config.session_algorithm)
-            error_message = "Invalid session algorithm. Valid options are: #{valid_algorithms.map(&:inspect).join(', ')}."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
-          end
-        end
-
-        def validate_session_secret!(config)
-          if config.session_secret.blank?
-            error_message = "Session secret is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSessionSecretError, error_message
-          end
-          unless config.session_secret.is_a?(String)
-            error_message = "Session secret must be a String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSessionSecretError, error_message
-          end
-        end
-
-        def validate_mailer_sender!(config)
-          if config.mailer_sender.blank?
-            error_message = "Mailer sender is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigMailerSenderError, error_message
-          end
-          if config.mailer_sender !~  URI::MailTo::EMAIL_REGEXP
-            error_message = "Mailer sender is not a valid email address."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigMailerSenderError, error_message
-          end
-        end
-
-        def validate_password_config!(config)
-          validate_password_reset_subject!(config)
-          validate_password_min_max_length!(config)
-          validate_password_complexity!(config)
-          validate_password_expiration!(config)
-          validate_password_reset_token!(config)
-        end
-
-        def validate_password_reset_token!(config)
-          if config.reset_password_token_secret.blank?
-            error_message = "Reset password token secret is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-          unless config.reset_password_token_secret.is_a?(String)
-            error_message = "Reset password token secret must be a String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-        end
-
-        def validate_password_reset_subject!(config)
-          if config.password_reset_email_subject.blank?
-            error_message = "Password reset email subject is not set."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-          unless config.password_reset_email_subject.is_a?(String)
-            error_message = "Password reset email subject must be a String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-        end
-
-        def validate_password_min_max_length!(config)
-          unless config.password_min_length.is_a?(Integer) && config.password_min_length > 0
-            error_message = "Password minimum length must be a positive integer."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-          unless config.password_max_length.is_a?(Integer) && config.password_max_length >= config.password_min_length
-            error_message = "Password maximum length must be an integer greater than or equal to the minimum length."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-        end
-
-        def validate_password_complexity!(config)
-          if config.password_complexity.nil? || !config.password_complexity.is_a?(Regexp)
-            error_message = "Password complexity regex is not set or is not a valid Regexp."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-        end
-
-        def validate_password_expiration!(config)
-          unless config.password_expires.is_a?(TrueClass) || config.password_expires.is_a?(FalseClass)
-            error_message = "Password expiration must be a boolean value."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-
-          if config.password_expires == true && (
-              config.password_expires_in.nil? ||
-              !config.password_expires_in.is_a?(ActiveSupport::Duration) ||
-              config.password_expires_in <= 0
-            )
-            error_message = "Password expiration duration is not set or is not a valid ActiveSupport::Duration."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigPasswordError, error_message
-          end
-        end
-
-        def validate_response_config!(config)
-          validate_response_keys_format!(config)
-          validate_timestamps_in_response!(config)
-        end
-
-        def validate_response_keys_format!(config)
-          valid_formats = Securial::Config::VALID_RESPONSE_KEYS_FORMATS
-          unless valid_formats.include?(config.response_keys_format)
-            error_message = "Invalid response_keys_format option. Valid options are: #{valid_formats.map(&:inspect).join(', ')}."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigResponseError, error_message
-          end
-        end
-
-        def validate_timestamps_in_response!(config)
-          valid_options = Securial::Config::VALID_TIMESTAMP_OPTIONS
-          unless valid_options.include?(config.timestamps_in_response)
-            error_message = "Invalid timestamps_in_response option. Valid options are: #{valid_options.map(&:inspect).join(', ')}."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigResponseError, error_message
-          end
-        end
-
-        def validate_security_config!(config)
-          validate_security_headers!(config)
-          validate_rate_limiting!(config)
-        end
-
-        def validate_security_headers!(config)
-          valid_options = Securial::Config::VALID_SECURITY_HEADERS
-          unless valid_options.include?(config.security_headers)
-            error_message = "Invalid security_headers option. Valid options are: #{valid_options.map(&:inspect).join(', ')}."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSecurityError, error_message
-          end
-        end
-
-        def validate_rate_limiting!(config) # rubocop:disable Metrics/MethodLength
-          unless config.rate_limiting_enabled.is_a?(TrueClass) || config.rate_limiting_enabled.is_a?(FalseClass)
-            error_message = "rate_limiting_enabled must be a boolean value."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSecurityError, error_message
-          end
-
-          return unless config.rate_limiting_enabled
-
-          unless
-              config.rate_limit_requests_per_minute.is_a?(Integer) &&
-              config.rate_limit_requests_per_minute > 0
-
-            error_message = "rate_limit_requests_per_minute must be a positive integer when rate limiting is enabled."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSecurityError, error_message
-          end
-
-          unless config.rate_limit_response_status.is_a?(Integer) && config.rate_limit_response_status.between?(400, 599)
-            error_message = "rate_limit_response_status must be an HTTP status code between 4xx and 5xx."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSecurityError, error_message
-          end
-
-          unless config.rate_limit_response_message.is_a?(String) && !config.rate_limit_response_message.strip.empty?
-            error_message = "rate_limit_response_message must be a non-empty String."
-            Securial::ENGINE_LOGGER.fatal(error_message)
-            raise Securial::Config::Errors::ConfigSecurityError, error_message
-          end
+      class << self
+        def validate_all!(securial_config)
+          Securial::Config::Validation::LoggerValidation.validate!(securial_config)
+          Securial::Config::Validation::RolesValidation.validate!(securial_config)
+          Securial::Config::Validation::SessionValidation.validate!(securial_config)
+          Securial::Config::Validation::MailerValidation.validate!(securial_config)
+          Securial::Config::Validation::PasswordValidation.validate!(securial_config)
+          Securial::Config::Validation::ResponseValidation.validate!(securial_config)
+          Securial::Config::Validation::SecurityValidation.validate!(securial_config)
         end
       end
     end

data/lib/securial/config.rb

@@ -0,0 +1,26 @@
+require "securial/config/configuration"
+require "securial/config/validation"
+
+module Securial
+  class << self
+    attr_accessor :configuration
+
+    def configuration
+      @configuration ||= Config::Configuration.new
+    end
+
+    def configuration=(config)
+      if config.is_a?(Config::Configuration)
+        @configuration = config
+        Securial::Config::Validation.validate_all!(configuration)
+      else
+        raise ArgumentError, "Expected an instance of Securial::Config::Configuration"
+      end
+    end
+
+    def configure
+      yield(configuration) if block_given?
+      Securial::Config::Validation.validate_all!(configuration)
+    end
+  end
+end

data/lib/securial/engine.rb

@@ -1,73 +1,14 @@
-require_relative "./logger"
-require_relative "./key_transformer"
-require_relative "./config/_index"
-require_relative "./helpers/_index"
-require_relative "./auth/_index"
-require_relative "./inspectors/_index"
-
-require_relative "./middleware/_index"
-require "jwt"
+require "securial/auth"
+require "securial/config"
+require "securial/helpers"
+require "securial/logger"
+require "securial/middleware"
 
 module Securial
   class Engine < ::Rails::Engine
     isolate_namespace Securial
 
-    # Set API-only mode and autoload custom generator paths
-    config.api_only = true
     config.generators.api_only = true
-    config.autoload_paths += Dir["#{config.root}/lib/generators"]
-
-    initializer "securial.filter_parameters" do |app|
-      app.config.filter_parameters += [
-        :password,
-        :password_confirmation,
-        :password_reset_token,
-        :reset_password_token
-      ]
-    end
-
-    initializer "securial.logger" do
-      Securial.const_set(:ENGINE_LOGGER, Securial::Logger.build)
-    end
-
-    initializer "securial.log_initialization" do |app|
-      log "[Initializing Engine] Host app: #{app.class.name}"
-    end
-
-    initializer "securial.validate_config" do
-      log "[Validating configuration] from `config/initializers/securial.rb`..."
-      Securial::Config::Validation.validate_all!(Securial.configuration)
-    end
-
-    initializer "securial.extend_application_controller" do
-      ActiveSupport.on_load(:action_controller_base) { include Securial::Identity }
-      ActiveSupport.on_load(:action_controller_api)  { include Securial::Identity }
-    end
-
-    initializer "securial.factory_bot", after: "factory_bot.set_factory_paths" do
-      FactoryBot.definition_file_paths << Engine.root.join("lib", "securial", "factories") if defined?(FactoryBot)
-    end
-
-    initializer "securial.factory_bot_generator" do
-      require_relative "../generators/factory_bot/model/model_generator"
-    end
-
-    initializer "securial.middleware" do |app|
-      middleware.use Securial::Middleware::RequestLoggerTag
-      middleware.use Securial::Middleware::TransformRequestKeys
-      middleware.use Securial::Middleware::TransformResponseKeys
-      if Securial.configuration.rate_limiting_enabled
-        require "rack/attack"
-        require_relative "./rack_attack"
-        middleware.use Rack::Attack
-      end
-    end
-
-    initializer "securial.log_ready", after: :load_config_initializers do
-      Rails.application.config.after_initialize do
-        log "[Engine fully initialized] Environment: #{Rails.env}"
-      end
-    end
 
     config.generators do |g|
       g.orm :active_record, primary_key_type: :string
@@ -82,11 +23,7 @@ module Securial
       g.fixture_replacement :factory_bot, dir: "lib/securial/factories"
       g.template_engine :jbuilder
     end
-
-    private
-
-    def log(message)
-      Securial::ENGINE_LOGGER.info("[Securial] #{message}")
-    end
   end
 end
+
+require_relative "engine_initializers"

data/lib/securial/engine_initializers.rb

@@ -0,0 +1,33 @@
+module Securial
+  class Engine < ::Rails::Engine
+    initializer "securial.filter_parameters" do |app|
+      app.config.filter_parameters += [
+        :password,
+        :password_confirmation,
+        :password_reset_token,
+        :reset_password_token
+      ]
+    end
+
+    initializer "securial.factory_bot", after: "factory_bot.set_factory_paths" do
+      if defined?(FactoryBot)
+        FactoryBot.definition_file_paths << Engine.root.join("lib", "securial", "factories")
+        require_relative "../generators/factory_bot/model/model_generator"
+      end
+    end
+
+    initializer "securial.logger_middleware" do |app|
+      app.middleware.use Securial::Middleware::RequestTagLogger
+    end
+
+    initializer "securial.extend_application_controller" do
+      ActiveSupport.on_load(:action_controller_base) { include Securial::Identity }
+      ActiveSupport.on_load(:action_controller_api)  { include Securial::Identity }
+    end
+
+    initializer "securial.action_mailer.preview_path", after: "action_mailer.set_configs" do |app|
+      app.config.action_mailer.preview_paths ||= []
+      app.config.action_mailer.preview_paths |= [root.join("spec/mailers/previews").to_s]
+    end
+  end
+end

data/lib/securial/error/auth.rb

@@ -0,0 +1,21 @@
+module Securial
+  module Error
+    module Auth
+      class TokenEncodeError < BaseError
+        default_message "Error while encoding session token"
+      end
+
+      class TokenDecodeError < BaseError
+        default_message "Error while decoding session token"
+      end
+
+      class TokenRevokedError < BaseError
+        default_message "Session token is revoked"
+      end
+
+      class TokenExpiredError < BaseError
+        default_message "Session token is expired"
+      end
+    end
+  end
+end

data/lib/securial/error/base_securial_error.rb

@@ -0,0 +1,16 @@
+module Securial
+  module Error
+    class BaseError < StandardError
+      def self.default_message(message = nil)
+        @default_message = message if message
+        @default_message
+      end
+
+      def initialize(message = nil)
+        super(message || self.class.default_message || "An error occurred in Securial")
+      end
+
+      def backtrace; []; end
+    end
+  end
+end

data/lib/securial/error/config.rb

@@ -0,0 +1,37 @@
+module Securial
+  module Error
+    module Config
+      class InvalidConfigurationError < Securial::Error::BaseError
+        default_message "Invalid configuration for Securial"
+      end
+
+      class LoggerValidationError < InvalidConfigurationError
+        default_message "Logger configuration validation failed"
+      end
+
+      class RolesValidationError < InvalidConfigurationError
+        default_message "Roles configuration validation failed"
+      end
+
+      class SessionValidationError < InvalidConfigurationError
+        default_message "Session configuration validation failed"
+      end
+
+      class MailerValidationError < InvalidConfigurationError
+        default_message "Mailer configuration validation failed"
+      end
+
+      class PasswordValidationError < InvalidConfigurationError
+        default_message "Password configuration validation failed"
+      end
+
+      class ResponseValidationError < InvalidConfigurationError
+        default_message "Response configuration validation failed"
+      end
+
+      class SecurityValidationError < InvalidConfigurationError
+        default_message "Security configuration validation failed"
+      end
+    end
+  end
+end

data/lib/securial/error.rb

@@ -0,0 +1,9 @@
+require "securial/error/base_securial_error"
+require "securial/error/config"
+require "securial/error/auth"
+
+module Securial
+  module Error
+    # This serves as a namespace for all Securial errors.
+  end
+end

data/lib/securial/helpers/normalizing_helper.rb

@@ -1,17 +1,19 @@
 module Securial
-  module NormalizingHelper
-    module_function
+  module Helpers
+    module NormalizingHelper
+      module_function
 
-    def normalize_email_address(email)
-      return "" if email.empty?
+      def normalize_email_address(email)
+        return "" if email.empty?
 
-      email.strip.downcase
-    end
+        email.strip.downcase
+      end
 
-    def normalize_role_name(role_name)
-      return "" if role_name.empty?
+      def normalize_role_name(role_name)
+        return "" if role_name.empty?
 
-      role_name.strip.downcase.titleize
+        role_name.strip.downcase.titleize
+      end
     end
   end
 end

data/lib/securial/helpers/regex_helper.rb

@@ -1,16 +1,18 @@
 module Securial
-  module RegexHelper
-    EMAIL_REGEX = URI::MailTo::EMAIL_REGEXP
-    USERNAME_REGEX = /\A(?![0-9])[a-zA-Z](?:[a-zA-Z0-9]|[._](?![._]))*[a-zA-Z0-9]\z/
-    PASSWORD_REGEX = %r{\A(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])[a-zA-Z].*\z}
+  module Helpers
+    module RegexHelper
+      EMAIL_REGEX = URI::MailTo::EMAIL_REGEXP
+      USERNAME_REGEX = /\A(?![0-9])[a-zA-Z](?:[a-zA-Z0-9]|[._](?![._]))*[a-zA-Z0-9]\z/
+      PASSWORD_REGEX = %r{\A(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])[a-zA-Z].*\z}
 
-    class << self
-      def valid_email?(email)
-        email.match?(EMAIL_REGEX)
-      end
+      class << self
+        def valid_email?(email)
+          email.match?(EMAIL_REGEX)
+        end
 
-      def valid_username?(username)
-        username.match?(USERNAME_REGEX)
+        def valid_username?(username)
+          username.match?(USERNAME_REGEX)
+        end
       end
     end
   end

data/lib/securial/helpers/roles_helper.rb

@@ -0,0 +1,17 @@
+module Securial
+  module Helpers
+    module RolesHelper
+      # This module provides helper methods related to roles.
+      # It can be extended with additional role-related functionality as needed.
+      class << self
+        def protected_namespace
+          Securial.configuration.admin_role.to_s.strip.underscore.pluralize
+        end
+
+        def titleized_admin_role
+          Securial.configuration.admin_role.to_s.strip.titleize
+        end
+      end
+    end
+  end
+end

data/lib/securial/helpers.rb

@@ -0,0 +1,10 @@
+require "securial/helpers/normalizing_helper"
+require "securial/helpers/regex_helper"
+require "securial/helpers/roles_helper"
+
+module Securial
+  module Helpers
+    # This module acts as a namespace for helper modules.
+    # It requires all helper modules to make them available for consumers.
+  end
+end

data/lib/securial/logger/broadcaster.rb

@@ -0,0 +1,60 @@
+module Securial
+  module Logger
+    class Broadcaster
+      def initialize(loggers)
+        @loggers = loggers
+      end
+
+      ::Logger::Severity.constants.each do |severity|
+        define_method(severity.downcase) do |*args, &block|
+          @loggers.each { |logger| logger.public_send(severity.downcase, *args, &block) }
+        end
+      end
+
+      def <<(msg)
+        @loggers.each { |logger| logger << msg }
+      end
+
+      def close
+        @loggers.each(&:close)
+      end
+
+      def formatter=(_formatter)
+        # Do nothing
+      end
+
+      def formatter
+        nil
+      end
+
+      def loggers
+        @loggers
+      end
+
+      def tagged(*tags, &block)
+        # If all loggers support tagged, nest the calls, otherwise just yield.
+        taggable_loggers = @loggers.select { |logger| logger.respond_to?(:tagged) }
+        if taggable_loggers.any?
+          # Nest tags for all taggable loggers
+          taggable_loggers.reverse.inject(block) do |blk, logger|
+            proc { logger.tagged(*tags, &blk) }
+          end.call
+        else
+          yield
+        end
+      end
+
+      def respond_to_missing?(method, include_private = false)
+        @loggers.any? { |logger| logger.respond_to?(method, include_private) } || super
+      end
+
+      def method_missing(method, *args, &block)
+        if @loggers.all? { |logger| logger.respond_to?(method) }
+          @loggers.map { |logger| logger.send(method, *args, &block) }
+        else
+          super
+        end
+      end
+    end
+  end
+end