RubyGems - securial - Versions diffs - 0.7.0 → 0.8.1 - Mend

securial 0.7.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

checksums.yaml +4 -4
data/README.md +2 -5
data/app/controllers/concerns/securial/identity.rb +17 -16
data/app/controllers/securial/accounts_controller.rb +2 -2
data/app/controllers/securial/passwords_controller.rb +2 -2
data/app/controllers/securial/role_assignments_controller.rb +5 -7
data/app/controllers/securial/roles_controller.rb +1 -0
data/app/controllers/securial/sessions_controller.rb +6 -8
data/app/controllers/securial/users_controller.rb +8 -7
data/app/mailers/securial/securial_mailer.rb +17 -6
data/app/models/concerns/securial/password_resettable.rb +1 -1
data/app/models/securial/application_record.rb +1 -1
data/app/models/securial/session.rb +16 -5
data/app/models/securial/user.rb +1 -3
data/app/views/securial/securial_mailer/forgot_password.html.erb +20 -0
data/app/views/securial/securial_mailer/forgot_password.text.erb +14 -0
data/app/views/securial/securial_mailer/sign_in.html.erb +31 -0
data/app/views/securial/securial_mailer/sign_in.text.erb +17 -0
data/app/views/securial/securial_mailer/update_account.html.erb +15 -0
data/app/views/securial/securial_mailer/update_account.text.erb +11 -0
data/app/views/securial/securial_mailer/welcome.html.erb +11 -0
data/app/views/securial/securial_mailer/welcome.text.erb +8 -0
data/app/views/securial/users/_securial_user.json.jbuilder +9 -3
data/config/routes.rb +5 -1
data/db/migrate/{20250515104930_create_securial_roles.rb → 20250603130214_create_securial_roles.rb} +0 -2
data/db/migrate/{20250517155521_create_securial_users.rb → 20250604110520_create_securial_users.rb} +8 -3
data/db/migrate/{20250519075407_create_securial_sessions.rb → 20250604184841_create_securial_sessions.rb} +4 -0
data/lib/generators/securial/install/templates/securial_initializer.erb +2 -2
data/lib/generators/securial/scaffold/templates/controller.erb +1 -0
data/lib/generators/securial/scaffold/templates/routes.erb +1 -1
data/lib/securial/auth/auth_encoder.rb +8 -6
data/lib/securial/auth/session_creator.rb +6 -3
data/lib/securial/auth/token_generator.rb +26 -0
data/lib/securial/auth.rb +7 -5
data/lib/securial/config/configuration.rb +31 -13
data/lib/securial/config/validation/logger_validation.rb +29 -0
data/lib/securial/config/validation/mailer_validation.rb +24 -0
data/lib/securial/config/validation/password_validation.rb +91 -0
data/lib/securial/config/validation/response_validation.rb +37 -0
data/lib/securial/config/validation/roles_validation.rb +32 -0
data/lib/securial/config/validation/security_validation.rb +56 -0
data/lib/securial/config/validation/session_validation.rb +87 -0
data/lib/securial/config/validation.rb +16 -239
data/lib/securial/config.rb +20 -4
data/lib/securial/engine.rb +5 -79
data/lib/securial/engine_initializers.rb +33 -0
data/lib/securial/error/auth.rb +21 -0
data/lib/securial/error/base_securial_error.rb +16 -0
data/lib/securial/error/config.rb +37 -0
data/lib/securial/error.rb +9 -0
data/lib/securial/helpers/roles_helper.rb +17 -0
data/lib/securial/helpers.rb +1 -0
data/lib/securial/logger/broadcaster.rb +36 -24
data/lib/securial/logger/builder.rb +29 -44
data/lib/securial/logger/formatter.rb +35 -0
data/lib/securial/logger.rb +10 -3
data/lib/securial/middleware/request_tag_logger.rb +39 -0
data/lib/securial/middleware.rb +13 -0
data/lib/securial/version.rb +1 -1
data/lib/securial.rb +2 -26
metadata +39 -149
data/app/views/securial/securial_mailer/reset_password.html.erb +0 -5
data/app/views/securial/securial_mailer/reset_password.text.erb +0 -4
data/lib/securial/auth/errors.rb +0 -15
data/lib/securial/config/errors.rb +0 -20
data/lib/securial/inspectors/route_inspector.rb +0 -52
data/lib/securial/inspectors.rb +0 -8
data/lib/securial/key_transformer.rb +0 -32
data/lib/securial/logger/colors.rb +0 -14
data/lib/securial/middlewares/request_logger_tag.rb +0 -19
data/lib/securial/middlewares/transform_request_keys.rb +0 -33
data/lib/securial/middlewares/transform_response_keys.rb +0 -52
data/lib/securial/middlewares.rb +0 -10
data/lib/securial/security/request_rate_limiter.rb +0 -68
data/lib/securial/security.rb +0 -8
data/lib/securial/version_checker.rb +0 -31
/data/db/migrate/{20250518122749_create_securial_role_assignments.rb → 20250604123805_create_securial_role_assignments.rb} +0 -0

data/lib/securial/middlewares/request_logger_tag.rb DELETED Viewed

@@ -1,19 +0,0 @@
-module Securial
-  module Middlewares
-    class RequestLoggerTag
-      def initialize(app)
-        @app = app
-      end
-      def call(env)
-        request_id = env["action_dispatch.request_id"] || env["HTTP_X_REQUEST_ID"]
-        tags = ["Securial"]
-        tags << request_id if request_id
-        logger = Securial.logger || Rails.logger || ::Logger.new(IO::NULL)
-        tagged_logger = logger.is_a?(ActiveSupport::TaggedLogging) ? logger : ActiveSupport::TaggedLogging.new(logger)
-        tagged_logger.tagged(*tags) { @app.call(env) }
-      end
-    end
-  end
-end

data/lib/securial/middlewares/transform_request_keys.rb DELETED Viewed

@@ -1,33 +0,0 @@
-# lib/securial/middlewares/transform_request_keys.rb
-require "json"
-module Securial
-  module Middlewares
-    class TransformRequestKeys
-      def initialize(app)
-        @app = app
-      end
-      def call(env)
-        if env["CONTENT_TYPE"]&.include?("application/json") && Securial.configuration.response_keys_format != :snake_case
-          req = Rack::Request.new(env)
-          if (req.body&.size || 0) > 0
-            raw = req.body.read
-            req.body.rewind
-            begin
-              parsed = JSON.parse(raw)
-              transformed = Securial::KeyTransformer.deep_transform_keys(parsed) do |key|
-                Securial::KeyTransformer.underscore(key)
-              end
-              env["rack.input"] = StringIO.new(JSON.dump(transformed))
-              env["rack.input"].rewind
-            rescue JSON::ParserError
-              # noop
-            end
-          end
-        end
-        @app.call(env)
-      end
-    end
-  end
-end

data/lib/securial/middlewares/transform_response_keys.rb DELETED Viewed

@@ -1,52 +0,0 @@
-require "json"
-module Securial
-  module Middlewares
-    class TransformResponseKeys
-      def initialize(app)
-        @app = app
-      end
-      def call(env)
-        status, headers, response = @app.call(env)
-        if json_response?(headers)
-          body = extract_body(response)
-          if body.present?
-            format = Securial.configuration.response_keys_format
-            # Only transform if not snake_case
-            if format != :snake_case
-              begin
-                transformed = Securial::KeyTransformer.deep_transform_keys(JSON.parse(body)) do |key|
-                  Securial::KeyTransformer.camelize(key, format)
-                end
-                new_body = [JSON.generate(transformed)]
-                headers["Content-Length"] = new_body.first.bytesize.to_s
-                return [status, headers, new_body]
-              rescue JSON::ParserError
-                # If not valid JSON, fall through and return original response
-              end
-            end
-          end
-        end
-        [status, headers, response]
-      end
-      private
-      def json_response?(headers)
-        headers["Content-Type"]&.include?("application/json")
-      end
-      def extract_body(response)
-        response_body = ""
-        response.each { |part| response_body << part }
-        response_body
-      end
-    end
-  end
-end

data/lib/securial/middlewares.rb DELETED Viewed

@@ -1,10 +0,0 @@
-require_relative "middlewares/transform_request_keys"
-require_relative "middlewares/transform_response_keys"
-require_relative "middlewares/request_logger_tag"
-module Securial
-  module Middleware
-    # This module serves as a namespace for middlewares.
-    # It requires the necessary middleware files to provide functionality.
-  end
-end

data/lib/securial/security/request_rate_limiter.rb DELETED Viewed

@@ -1,68 +0,0 @@
-require "rack/attack"
-require "securial/config"
-require "securial/logger"
-module Securial
-  module Security
-    module RequestRateLimiter
-      module_function
-      def apply! # rubocop:disable Metrics/MethodLength
-        resp_status = Securial.configuration.rate_limit_response_status
-        resp_message = Securial.configuration.rate_limit_response_message
-        # Throttle login attempts by IP
-        Rack::Attack.throttle("securial/logins/ip",
-                              limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
-                              period: 1.minute
-        ) do |req|
-          if req.path.include?("sessions/login") && req.post?
-            req.ip
-          end
-        end
-        # Throttle login attempts by username/email
-        Rack::Attack.throttle("securial/logins/email",
-                              limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
-                              period: 1.minute
-        ) do |req|
-          if req.path.include?("sessions/login") && req.post?
-            req.params["email_address"].to_s.downcase.strip
-          end
-        end
-        # Throttle password reset requests by IP
-        Rack::Attack.throttle("securial/password_resets/ip",
-                              limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
-                              period: 1.minute
-        ) do |req|
-          if req.path.include?("password/forgot") && req.post?
-            req.ip
-          end
-        end
-        # Throttle password reset requests by email
-        Rack::Attack.throttle("securial/password_resets/email",
-                              limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
-                              period: 1.minute
-        ) do |req|
-          if req.path.include?("password/forgot") && req.post?
-            req.params["email_address"].to_s.downcase.strip
-          end
-        end
-        # Custom response for throttled requests
-        Rack::Attack.throttled_responder = lambda do |request|
-          retry_after = (request.env["rack.attack.match_data"] || {})[:period]
-          [
-            resp_status,
-            {
-              "Content-Type" => "application/json",
-              "Retry-After" => retry_after.to_s,
-            },
-            [{ error: resp_message }.to_json]
-          ]
-        end
-      end
-    end
-  end
-end

data/lib/securial/security.rb DELETED Viewed

@@ -1,8 +0,0 @@
-require "securial/security/request_rate_limiter"
-module Securial
-  module Security
-    # This module serves as a namespace for security-related functionality.
-    # It can be extended with additional security features in the future.
-  end
-end

data/lib/securial/version_checker.rb DELETED Viewed

@@ -1,31 +0,0 @@
-require "net/http"
-require "json"
-module Securial
-  module VersionChecker
-    module_function
-    def check_latest_version
-      begin
-        rubygems_api_url = "https://rubygems.org/api/v1/versions/securial/latest.json"
-        uri = URI(rubygems_api_url)
-        http = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https", open_timeout: 5, read_timeout: 5)
-        response = http.request(Net::HTTP::Get.new(uri))
-        latest = JSON.parse(response.body)["version"]
-        current = Securial::VERSION
-        if Gem::Version.new(latest) > Gem::Version.new(current)
-          Securial.logger.info "A newer version (#{latest}) of Securial is available. You are using #{current}."
-          Securial.logger.info "Please consider updating!"
-          Securial.logger.debug "You can update Securial by running the following command in your terminal:"
-          Securial.logger.debug "`bundle update securial`"
-        else
-          Securial.logger.info "You are using the latest version of Securial (#{current})."
-          Securial.logger.debug "No updates available at this time."
-        end
-      rescue => e
-        Securial.logger.debug("Version check failed: #{e.message}")
-      end
-    end
-  end
-end

/data/db/migrate/{20250518122749_create_securial_role_assignments.rb → 20250604123805_create_securial_role_assignments.rb} RENAMED Viewed

File without changes