securial 0.8.1 → 1.0.0

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: securial
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Aly Badawy
 bindir: bin
 cert_chain: []
-date: 2025-06-06 00:00:00.000000000 Z
+date: 2025-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -43,28 +43,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.11'
+        version: '2.13'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.11'
+        version: '2.13'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.10'
+        version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.10'
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: rack-attack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.7'
 description: Securial is a mountable Rails engine that provides robust, extensible
   authentication and access control for Rails applications. It supports JWT, API tokens,
   session-based auth, and is designed for easy integration with modern web and mobile
@@ -127,6 +141,7 @@ files:
 - db/migrate/20250604110520_create_securial_users.rb
 - db/migrate/20250604123805_create_securial_role_assignments.rb
 - db/migrate/20250604184841_create_securial_sessions.rb
+- db/migrate/20250606182648_seed_roles_and_users.rb
 - lib/generators/factory_bot/model/model_generator.rb
 - lib/generators/factory_bot/templates/factory.erb
 - lib/generators/securial/install/install_generator.rb
@@ -146,16 +161,14 @@ files:
 - lib/securial/auth/auth_encoder.rb
 - lib/securial/auth/session_creator.rb
 - lib/securial/auth/token_generator.rb
+- lib/securial/cli/run.rb
+- lib/securial/cli/securial_new.rb
+- lib/securial/cli/show_help.rb
+- lib/securial/cli/show_version.rb
 - lib/securial/config.rb
 - lib/securial/config/configuration.rb
+- lib/securial/config/signature.rb
 - lib/securial/config/validation.rb
-- lib/securial/config/validation/logger_validation.rb
-- lib/securial/config/validation/mailer_validation.rb
-- lib/securial/config/validation/password_validation.rb
-- lib/securial/config/validation/response_validation.rb
-- lib/securial/config/validation/roles_validation.rb
-- lib/securial/config/validation/security_validation.rb
-- lib/securial/config/validation/session_validation.rb
 - lib/securial/engine.rb
 - lib/securial/engine_initializers.rb
 - lib/securial/error.rb
@@ -167,6 +180,7 @@ files:
 - lib/securial/factories/securial/sessions.rb
 - lib/securial/factories/securial/users.rb
 - lib/securial/helpers.rb
+- lib/securial/helpers/key_transformer.rb
 - lib/securial/helpers/normalizing_helper.rb
 - lib/securial/helpers/regex_helper.rb
 - lib/securial/helpers/roles_helper.rb
@@ -176,23 +190,34 @@ files:
 - lib/securial/logger/formatter.rb
 - lib/securial/middleware.rb
 - lib/securial/middleware/request_tag_logger.rb
+- lib/securial/middleware/response_headers.rb
+- lib/securial/middleware/transform_request_keys.rb
+- lib/securial/middleware/transform_response_keys.rb
+- lib/securial/security.rb
+- lib/securial/security/request_rate_limiter.rb
 - lib/securial/version.rb
+- lib/tasks/securial_routes.rake
 - lib/tasks/securial_tasks.rake
 homepage: https://github.com/AlyBadawy/Securial/wiki
 licenses:
 - MIT
 metadata:
-  release_date: '2025-06-06'
+  release_date: '2025-06-18'
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/AlyBadawy/Securial/wiki
   source_code_uri: https://github.com/AlyBadawy/Securial
   changelog_uri: https://github.com/AlyBadawy/Securial/blob/main/CHANGELOG.md
 post_install_message: "\n    ---\n    [SECURIAL] Thank you for installing Securial!\n\n
-  \   Securial is a mountable Rails engine that provides robust,\n    extensible authentication
-  and access control for Rails applications.\n      Please review the [changelog]
-  and [WIKI] for more info on the latest\n      changes and how to use this gem/engine:\n
-  \     [changelog]:  https://github.com/AlyBadawy/Securial/blob/main/CHANGELOG.md\n
-  \     [WIKI]:       https://github.com/AlyBadawy/Securial/wiki\n    ---\n  "
+  \   Securial is a mountable Rails engine that provides robust, extensible\n    authentication
+  and access control for Rails applications. It supports JWT,\n    API tokens, session-based
+  auth, and is designed for easy integration with\n    modern web and mobile apps.\n\n
+  \   Usage:\n      securial new APP_NAME [rails_options...]    # Create a new Rails
+  app with Securial pre-installed\n      securial -v, --version                      #
+  Show the Securial gem version\n      securial -h, --help                         #
+  Show this help message\n\n    Example:\n      securial new myapp --api --database=postgresql
+  -T\n\n    More Info:\n      review the [changelog] and [WIKI] for more info on the
+  latest\n      changes and how to use this gem/engine:\n        [Changelog]:  https://github.com/AlyBadawy/Securial/blob/main/CHANGELOG.md\n
+  \       [WIKI]:       https://github.com/AlyBadawy/Securial/wiki\n    ---\n  "
 rdoc_options: []
 require_paths:
 - lib

data/lib/securial/config/validation/logger_validation.rb

@@ -1,29 +0,0 @@
-require "securial/error"
-
-module Securial
-  module Config
-    module Validation
-      module LoggerValidation
-        class << self
-          LEVELS = %i[debug info warn error fatal unknown].freeze
-
-          def validate!(securial_config)
-            allowed_options = {
-              log_to_file: [securial_config.log_to_file, [true, false], "boolean"],
-              log_to_stdout: [securial_config.log_to_stdout, [true, false], "boolean"],
-              log_file_level: [securial_config.log_file_level, LEVELS, "symbol"],
-              log_stdout_level: [securial_config.log_stdout_level, LEVELS, "symbol"],
-            }
-
-            allowed_options.each do |attr, (value, allowed, type)|
-              unless allowed.include?(value)
-                allowed_values = type == "symbol" ? allowed.map { |v| ":#{v}" }.join(", ") : allowed.join(", ")
-                raise Securial::Error::Config::LoggerValidationError, "#{attr} must be a #{type}. Allowed values: #{allowed_values}. Received: #{value.inspect}"
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/securial/config/validation/mailer_validation.rb

@@ -1,24 +0,0 @@
-require "securial/error"
-
-module Securial
-  module Config
-    module Validation
-      module MailerValidation
-        class << self
-          def validate!(securial_config)
-            if securial_config.mailer_sender.blank?
-              error_message = "Mailer sender is not set."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::MailerValidationError, error_message
-            end
-            if securial_config.mailer_sender !~  URI::MailTo::EMAIL_REGEXP
-              error_message = "Mailer sender is not a valid email address."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::MailerValidationError, error_message
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/securial/config/validation/password_validation.rb

@@ -1,91 +0,0 @@
-require "securial/error"
-
-module Securial
-  module Config
-    module Validation
-      module PasswordValidation
-        class << self
-          def validate!(securial_config)
-            validate_password_reset_subject!(securial_config)
-            validate_password_min_max_length!(securial_config)
-            validate_password_complexity!(securial_config)
-            validate_password_expiration!(securial_config)
-            validate_password_reset_token!(securial_config)
-          end
-
-          private
-
-          def validate_password_reset_token!(securial_config)
-            if securial_config.reset_password_token_secret.blank?
-              error_message = "Reset password token secret is not set."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-            unless securial_config.reset_password_token_secret.is_a?(String)
-              error_message = "Reset password token secret must be a String."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-            unless securial_config.reset_password_token_expires_in.is_a?(ActiveSupport::Duration) && securial_config.reset_password_token_expires_in > 0
-              error_message = "Reset password token expiration must be a valid ActiveSupport::Duration greater than 0."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-          end
-
-          def validate_password_reset_subject!(securial_config)
-            if securial_config.mailer_forgot_password_subject.blank?
-              error_message = "Password reset email subject is not set."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-            unless securial_config.mailer_forgot_password_subject.is_a?(String)
-              error_message = "Password reset email subject must be a String."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-          end
-
-          def validate_password_min_max_length!(securial_config)
-            unless securial_config.password_min_length.is_a?(Integer) && securial_config.password_min_length > 0
-              error_message = "Password minimum length must be a positive integer."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-            unless securial_config.password_max_length.is_a?(Integer) && securial_config.password_max_length >= securial_config.password_min_length
-              error_message = "Password maximum length must be an integer greater than or equal to the minimum length."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-          end
-
-          def validate_password_complexity!(securial_config)
-            if securial_config.password_complexity.nil? || !securial_config.password_complexity.is_a?(Regexp)
-              error_message = "Password complexity regex is not set or is not a valid Regexp."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-          end
-
-          def validate_password_expiration!(securial_config)
-            unless securial_config.password_expires.is_a?(TrueClass) || securial_config.password_expires.is_a?(FalseClass)
-              error_message = "Password expiration must be a boolean value."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-
-            if securial_config.password_expires == true && (
-              securial_config.password_expires_in.nil? ||
-              !securial_config.password_expires_in.is_a?(ActiveSupport::Duration) ||
-              securial_config.password_expires_in <= 0
-              )
-              error_message = "Password expiration duration is not set or is not a valid ActiveSupport::Duration."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::PasswordValidationError, error_message
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/securial/config/validation/response_validation.rb

@@ -1,37 +0,0 @@
-require "securial/error"
-
-module Securial
-  module Config
-    module Validation
-      module ResponseValidation
-        class << self
-          VALID_TIMESTAMP_OPTIONS = %i[all admins_only none].freeze
-          VALID_RESPONSE_KEYS_FORMATS = %i[snake_case lowerCamelCase UpperCamelCase].freeze
-
-          def validate!(securial_config)
-            validate_response_keys_format!(securial_config)
-            validate_timestamps_in_response!(securial_config)
-          end
-
-          private
-
-          def validate_response_keys_format!(securial_config)
-            unless VALID_RESPONSE_KEYS_FORMATS.include?(securial_config.response_keys_format)
-              error_message = "Invalid response_keys_format option. Valid options are: #{VALID_RESPONSE_KEYS_FORMATS.map(&:inspect).join(', ')}."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::ResponseValidationError, error_message
-            end
-          end
-
-          def validate_timestamps_in_response!(securial_config)
-            unless VALID_TIMESTAMP_OPTIONS.include?(securial_config.timestamps_in_response)
-              error_message = "Invalid timestamps_in_response option. Valid options are: #{VALID_TIMESTAMP_OPTIONS.map(&:inspect).join(', ')}."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::ResponseValidationError, error_message
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/securial/config/validation/roles_validation.rb

@@ -1,32 +0,0 @@
-require "securial/error"
-
-module Securial
-  module Config
-    module Validation
-      module RolesValidation
-        class << self
-          def validate!(securial_config)
-            if securial_config.admin_role.nil? || securial_config.admin_role.to_s.strip.empty?
-              error_message = "Admin role is not set."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::RolesValidationError, error_message
-            end
-
-            unless securial_config.admin_role.is_a?(Symbol) || securial_config.admin_role.is_a?(String)
-              error_message = "Admin role must be a Symbol or String."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::RolesValidationError, error_message
-            end
-
-            admin_role_downcase = securial_config.admin_role.to_s.downcase
-            if admin_role_downcase == "account" || admin_role_downcase == "accounts"
-              error_message = "The admin role cannot be 'account' or 'accounts' as it conflicts with the default routes."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::RolesValidationError, error_message
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/securial/config/validation/security_validation.rb

@@ -1,56 +0,0 @@
-require "securial/error"
-
-module Securial
-  module Config
-    module Validation
-      module SecurityValidation
-        class << self
-          VALID_SECURITY_HEADERS = %i[strict default none].freeze
-
-          def validate!(securial_config)
-            validate_security_headers!(securial_config)
-            validate_rate_limiting!(securial_config)
-          end
-
-          private
-
-          def validate_security_headers!(securial_config)
-            unless VALID_SECURITY_HEADERS.include?(securial_config.security_headers)
-              error_message = "Invalid security_headers option. Valid options are: #{VALID_SECURITY_HEADERS.map(&:inspect).join(', ')}."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SecurityValidationError, error_message
-            end
-          end
-
-          def validate_rate_limiting!(securial_config) # rubocop:disable Metrics/MethodLength
-            unless securial_config.rate_limiting_enabled.is_a?(TrueClass) || securial_config.rate_limiting_enabled.is_a?(FalseClass)
-              error_message = "rate_limiting_enabled must be a boolean value."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SecurityValidationError, error_message
-            end
-
-            return unless securial_config.rate_limiting_enabled
-
-            unless securial_config.rate_limit_requests_per_minute.is_a?(Integer) && securial_config.rate_limit_requests_per_minute > 0
-              error_message = "rate_limit_requests_per_minute must be a positive integer when rate limiting is enabled."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SecurityValidationError, error_message
-            end
-
-            unless securial_config.rate_limit_response_status.is_a?(Integer) && securial_config.rate_limit_response_status.between?(400, 599)
-              error_message = "rate_limit_response_status must be an HTTP status code between 4xx and 5xx."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SecurityValidationError, error_message
-            end
-
-            unless securial_config.rate_limit_response_message.is_a?(String) && !securial_config.rate_limit_response_message.strip.empty?
-              error_message = "rate_limit_response_message must be a non-empty String."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SecurityValidationError, error_message
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/securial/config/validation/session_validation.rb

@@ -1,87 +0,0 @@
-require "securial/error"
-
-module Securial
-  module Config
-    module Validation
-      module SessionValidation
-        class << self
-          VALID_SESSION_ENCRYPTION_ALGORITHMS = %i[hs256 hs384 hs512].freeze
-
-          def validate!(securial_config)
-            validate_session_expiry_duration!(securial_config)
-            validate_session_algorithm!(securial_config)
-            validate_session_secret!(securial_config)
-            validate_session_refresh_token!(securial_config)
-          end
-
-          private
-
-          def validate_session_expiry_duration!(securial_config)
-            if securial_config.session_expiration_duration.nil?
-              error_message = "Session expiration duration is not set."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-            if securial_config.session_expiration_duration.class != ActiveSupport::Duration
-              error_message = "Session expiration duration must be an ActiveSupport::Duration."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-            if securial_config.session_expiration_duration <= 0
-              Securial.logger.fatal("Session expiration duration must be greater than 0.")
-              raise Securial::Error::Config::SessionValidationError, "Session expiration duration must be greater than 0."
-            end
-          end
-
-          def validate_session_algorithm!(securial_config)
-            if securial_config.session_algorithm.blank?
-              error_message = "Session algorithm is not set."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-            unless securial_config.session_algorithm.is_a?(Symbol)
-              error_message = "Session algorithm must be a Symbol."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-            unless VALID_SESSION_ENCRYPTION_ALGORITHMS.include?(securial_config.session_algorithm)
-              error_message = "Invalid session algorithm. Valid options are: #{VALID_SESSION_ENCRYPTION_ALGORITHMS.map(&:inspect).join(', ')}."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-          end
-
-          def validate_session_secret!(securial_config)
-            if securial_config.session_secret.blank?
-              error_message = "Session secret is not set."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-            unless securial_config.session_secret.is_a?(String)
-              error_message = "Session secret must be a String."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-          end
-
-          def validate_session_refresh_token!(securial_config)
-            if securial_config.session_refresh_token_expires_in.nil?
-              error_message = "Session refresh token expiration duration is not set."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-            if securial_config.session_refresh_token_expires_in.class != ActiveSupport::Duration
-              error_message = "Session refresh token expiration duration must be an ActiveSupport::Duration."
-              Securial.logger.fatal(error_message)
-              raise Securial::Error::Config::SessionValidationError, error_message
-            end
-            if securial_config.session_refresh_token_expires_in <= 0
-              Securial.logger.fatal("Session refresh token expiration duration must be greater than 0.")
-              raise Securial::Error::Config::SessionValidationError, "Session refresh token expiration duration must be greater than 0."
-            end
-          end
-        end
-      end
-    end
-  end
-end