securial 0.8.1 → 1.0.1

data/lib/securial/cli.rb

@@ -0,0 +1,158 @@
+require "optparse"
+
+# rubocop:disable Rails/Exit, Rails/Output
+
+module Securial
+  class CLI
+    def self.start(argv)
+      new.start(argv)
+    end
+
+    def start(argv)
+      # Process options and exit if a flag was handled
+      result = handle_flags(argv)
+      exit(result) if result
+
+      # Otherwise handle commands
+      exit(handle_commands(argv))
+    end
+
+    private
+
+    def handle_flags(argv)
+      parser = create_option_parser
+
+      begin
+        parser.order!(argv)
+        nil # Continue to command handling
+      rescue OptionParser::InvalidOption => e
+        warn "ERROR: Illegal option(s): #{e.args.join(' ')}"
+        puts parser
+        1
+      end
+    end
+
+    def handle_commands(argv)
+      cmd = argv.shift
+
+      case cmd
+      when "new"
+        handle_new_command(argv)
+      else
+        puts create_option_parser
+        1
+      end
+    end
+
+    def handle_new_command(argv)
+      app_name = argv.shift
+
+      if app_name.nil?
+        puts "ERROR: Please provide an app name."
+        puts create_option_parser
+        return 1
+      end
+
+      securial_new(app_name, argv)
+      0
+    end
+
+    def create_option_parser
+      OptionParser.new do |opts|
+        opts.banner = "Usage: securial [options] <command> [command options]\n\n"
+
+        opts.separator ""
+        opts.separator "Commands:"
+        opts.separator "    new APP_NAME [rails_options...]    # Create a new Rails app with Securial pre-installed"
+        opts.separator ""
+        opts.separator "Options:"
+
+        opts.on("-v", "--version", "Show Securial version") do
+          show_version
+          exit(0)
+        end
+
+        opts.on("-h", "--help", "Show this help message") do
+          puts opts
+          exit(0)
+        end
+      end
+    end
+
+    def show_version
+      require "securial/version"
+      puts "Securial v#{Securial::VERSION}"
+    rescue LoadError
+      puts "Securial version information not available."
+    end
+
+    def securial_new(app_name, rails_options)
+      puts "🏗️  Creating new Rails app: #{app_name}"
+
+      create_rails_app(app_name, rails_options)
+      add_securial_gem(app_name)
+      install_gems(app_name)
+      install_securial(app_name)
+      mount_securial_engine(app_name)
+      print_final_instructions(app_name)
+    end
+
+    def create_rails_app(app_name, rails_options)
+      rails_command = ["rails", "new", app_name, *rails_options]
+      run(rails_command)
+    end
+
+    def add_securial_gem(app_name)
+      puts "📦  Adding Securial gem to Gemfile"
+      gemfile_path = File.join(app_name, "Gemfile")
+      File.open(gemfile_path, "a") { |f| f.puts "\ngem 'securial'" }
+    end
+
+    def install_gems(app_name)
+      run("bundle install", chdir: app_name)
+    end
+
+    def install_securial(app_name)
+      puts "🔧  Installing Securial"
+      run("bin/rails generate securial:install", chdir: app_name)
+      run("bin/rails db:migrate", chdir: app_name)
+    end
+
+    def mount_securial_engine(app_name)
+      puts "🔗  Mounting Securial engine in routes"
+      routes_path = File.join(app_name, "config/routes.rb")
+      routes = File.read(routes_path)
+      updated = routes.sub("Rails.application.routes.draw do") do |match|
+        "#{match}\n  mount Securial::Engine => '/securial'"
+      end
+      File.write(routes_path, updated)
+    end
+
+    def print_final_instructions(app_name)
+      puts <<~INSTRUCTIONS
+        🎉  Securial has been successfully installed in your Rails app!
+        ✅  Your app is ready at: ./#{app_name}
+
+        ➡️  Next steps:
+            cd #{app_name}
+        ⚙️  Optional: Configure Securial in config/initializers/securial.rb
+            rails server
+      INSTRUCTIONS
+    end
+
+    def run(command, chdir: nil)
+      puts "→ #{command.inspect}"
+      result =
+        if chdir
+          Dir.chdir(chdir) { system(*command) }
+        else
+          system(*command)
+        end
+
+      unless result
+        abort("❌ Command failed: #{command}")
+      end
+      0
+    end
+  end
+end

data/lib/securial/config/configuration.rb

@@ -1,67 +1,17 @@
 require "securial/config/validation"
+require "securial/config/signature"
 require "securial/helpers/regex_helper"
 
 module Securial
   module Config
     class Configuration
-      def self.default_config_attributes # rubocop:disable Metrics/MethodLength
-        {
-          # General configuration
-          app_name: "Securial",
-
-          # Logger configuration
-          log_to_file: !Rails.env.test?,
-          log_to_stdout: !Rails.env.test?,
-          log_file_level: :debug,
-          log_stdout_level: :debug,
-
-          # Roles configuration
-          admin_role: :admin,
-
-          session_expiration_duration: 3.minutes,
-          session_secret: "secret",
-          session_algorithm: :hs256,
-          session_refresh_token_expires_in: 1.week,
-
-          # Mailer configuration
-          mailer_sender: "no-reply@example.com",
-          mailer_sign_up_enabled: true,
-          mailer_sign_up_subject: "SECURIAL: Welcome to Our Service",
-          mailer_sign_in_enabled: true,
-          mailer_sign_in_subject: "SECURIAL: Sign In Notification",
-          mailer_update_account_enabled: true,
-          mailer_update_account_subject: "SECURIAL: Account Update Notification",
-          mailer_forgot_password_subject: "SECURIAL: Password Reset Instructions",
-
-          # Password configuration
-          password_min_length: 8,
-          password_max_length: 128,
-          password_complexity: Securial::Helpers::RegexHelper::PASSWORD_REGEX,
-          password_expires: true,
-          password_expires_in: 90.days,
-          reset_password_token_expires_in: 2.hours,
-          reset_password_token_secret: "reset_secret",
-
-          # Response configuration
-          response_keys_format: :snake_case,
-          timestamps_in_response: :all,
-
-          # Security configuration
-          security_headers: :strict,
-          rate_limiting_enabled: true,
-          rate_limit_requests_per_minute: 60,
-          rate_limit_response_status: 429,
-          rate_limit_response_message: "Too many requests, please try again later.",
-        }
-      end
-
       def initialize
-        self.class.default_config_attributes.each do |attr, default_value|
+        Securial::Config::Signature.default_config_attributes.each do |attr, default_value|
           instance_variable_set("@#{attr}", default_value)
         end
       end
 
-      default_config_attributes.each_key do |attr|
+      Securial::Config::Signature.default_config_attributes.each_key do |attr|
         define_method(attr) { instance_variable_get("@#{attr}") }
 
         define_method("#{attr}=") do |value|

data/lib/securial/config/signature.rb

@@ -0,0 +1,107 @@
+module Securial
+  module Config
+    module Signature
+      LOG_LEVELS         = %i[debug info warn error fatal unknown].freeze
+      SESSION_ALGORITHMS = %i[hs256 hs384 hs512].freeze
+      SECURITY_HEADERS   = %i[strict default none].freeze
+      TIMESTAMP_OPTIONS  = %i[all admins_only none].freeze
+      RESPONSE_KEYS_FORMATS = %i[snake_case lowerCamelCase UpperCamelCase].freeze
+
+      extend self
+
+      def config_signature
+        [
+          general_signature,
+          logger_signature,
+          roles_signature,
+          session_signature,
+          mailer_signature,
+          password_signature,
+          response_signature,
+          security_signature,
+        ].reduce({}, :merge)
+      end
+
+      def default_config_attributes
+        config_signature.transform_values do |options|
+          options[:default]
+        end
+      end
+
+      private
+
+      def general_signature
+        {
+          app_name: { type: String, required: true, default: "Securial" },
+        }
+      end
+
+      def logger_signature
+        {
+          log_to_file: { type: [TrueClass, FalseClass], required: true, default: Rails.env.test? ? false : true },
+          log_file_level: { type: Symbol, required: "log_to_file", allowed_values: LOG_LEVELS, default: :debug },
+          log_to_stdout: { type: [TrueClass, FalseClass], required: true, default: Rails.env.test? ? false : true },
+          log_stdout_level: { type: Symbol, required: "log_to_stdout", allowed_values: LOG_LEVELS, default: :debug },
+        }
+      end
+
+      def roles_signature
+        {
+          admin_role: { type: Symbol, required: true, default: :admin },
+        }
+      end
+
+      def session_signature
+        {
+          session_expiration_duration: { type: ActiveSupport::Duration, required: true, default: 3.minutes },
+          session_secret: { type: String, required: true, default: "secret" },
+          session_algorithm: { type: Symbol, required: true, allowed_values: SESSION_ALGORITHMS, default: :hs256 },
+          session_refresh_token_expires_in: { type: ActiveSupport::Duration, required: true, default: 1.week },
+        }
+      end
+
+      def mailer_signature
+        {
+          mailer_sender: { type: String, required: true, default: "no-reply@example.com" },
+          mailer_sign_up_enabled: { type: [TrueClass, FalseClass], required: true, default: true },
+          mailer_sign_up_subject: { type: String, required: "mailer_sign_up_enabled", default: "SECURIAL: Welcome to Our Service" },
+          mailer_sign_in_enabled: { type: [TrueClass, FalseClass], required: true, default: true },
+          mailer_sign_in_subject: { type: String, required: "mailer_sign_in_enabled", default: "SECURIAL: Sign In Notification" },
+          mailer_update_account_enabled: { type: [TrueClass, FalseClass], required: true, default: true },
+          mailer_update_account_subject: { type: String, required: "mailer_update_account_enabled", default: "SECURIAL: Account Update Notification" },
+          mailer_forgot_password_subject: { type: String, required: true, default: "SECURIAL: Password Reset Instructions" },
+        }
+      end
+
+      def password_signature
+        {
+          password_min_length: { type: Numeric, required: true, default: 8 },
+          password_max_length: { type: Numeric, required: true, default: 128 },
+          password_complexity: { type: Regexp, required: true, default: Securial::Helpers::RegexHelper::PASSWORD_REGEX },
+          password_expires: { type: [TrueClass, FalseClass], required: true, default: true },
+          password_expires_in: { type: ActiveSupport::Duration, required: "password_expires", default: 90.days },
+          reset_password_token_expires_in: { type: ActiveSupport::Duration, required: true, default: 2.hours },
+          reset_password_token_secret: { type: String, required: true, default: "reset_secret" },
+        }
+      end
+
+      def response_signature
+        {
+          response_keys_format: { type: Symbol, required: true, allowed_values:
+            RESPONSE_KEYS_FORMATS, default: :snake_case, },
+          timestamps_in_response: { type: Symbol, required: true, allowed_values: TIMESTAMP_OPTIONS, default: :all },
+        }
+      end
+
+      def security_signature
+        {
+          security_headers: { type: Symbol, required: true, allowed_values: SECURITY_HEADERS, default: :strict },
+          rate_limiting_enabled: { type: [TrueClass, FalseClass], required: true, default: true },
+          rate_limit_requests_per_minute: { type: Numeric, required: "rate_limiting_enabled", default: 60 },
+          rate_limit_response_status: { type: Numeric, required: "rate_limiting_enabled", default: 429 },
+          rate_limit_response_message: { type: String, required: "rate_limiting_enabled", default: "Too many requests, please try again later." },
+        }
+      end
+    end
+  end
+end

data/lib/securial/config/validation.rb

@@ -1,26 +1,69 @@
 require "securial/logger"
-require "securial/config/validation/logger_validation"
-require "securial/config/validation/roles_validation"
-require "securial/config/validation/session_validation"
-require "securial/config/validation/mailer_validation"
-require "securial/config/validation/password_validation"
-require "securial/config/validation/response_validation"
-require "securial/config/validation/security_validation"
 
 module Securial
   module Config
     module Validation
-      class << self
-        def validate_all!(securial_config)
-          Securial::Config::Validation::LoggerValidation.validate!(securial_config)
-          Securial::Config::Validation::RolesValidation.validate!(securial_config)
-          Securial::Config::Validation::SessionValidation.validate!(securial_config)
-          Securial::Config::Validation::MailerValidation.validate!(securial_config)
-          Securial::Config::Validation::PasswordValidation.validate!(securial_config)
-          Securial::Config::Validation::ResponseValidation.validate!(securial_config)
-          Securial::Config::Validation::SecurityValidation.validate!(securial_config)
+      extend self
+      def validate_all!(securial_config)
+        signature = Securial::Config::Signature.config_signature
+
+        validate_required_fields!(signature, securial_config)
+        validate_types_and_values!(signature, securial_config)
+        validate_password_lengths!(securial_config)
+      end
+
+      private
+
+      def validate_required_fields!(signature, config)
+        signature.each do |key, options|
+          value = config.send(key)
+          required = options[:required]
+          if required == true && value.nil?
+            raise_error("#{key} is required but not provided.")
+          elsif required.is_a?(String)
+            dynamic_required = config.send(required)
+            signature[key][:required] = dynamic_required
+            if dynamic_required && value.nil?
+              raise_error("#{key} is required but not provided when #{required} is true.")
+            end
+          end
+        end
+      end
+
+      def validate_types_and_values!(signature, config)
+        signature.each do |key, options|
+          next unless signature[key][:required]
+          value = config.send(key)
+          types = Array(options[:type])
+
+          unless types.any? { |type| value.is_a?(type) }
+            raise_error("#{key} must be of type(s) #{types.join(', ')}, but got #{value.class}.")
+          end
+
+          if options[:type] == ActiveSupport::Duration && value <= 0
+            raise_error("#{key} must be a positive duration, but got #{value}.")
+          end
+
+          if options[:type] == Numeric && value < 0
+            raise_error("#{key} must be a non-negative numeric value, but got #{value}.")
+          end
+
+          if options[:allowed_values] && options[:allowed_values].exclude?(value)
+            raise_error("#{key} must be one of #{options[:allowed_values].join(', ')}, but got #{value}.")
+          end
+        end
+      end
+
+      def validate_password_lengths!(config)
+        if config.password_min_length > config.password_max_length
+          raise_error("password_min_length cannot be greater than password_max_length.")
         end
       end
+
+      def raise_error(msg)
+        Securial.logger.fatal msg
+        raise Securial::Error::Config::InvalidConfigurationError, msg
+      end
     end
   end
 end

data/lib/securial/config.rb

@@ -1,26 +1,27 @@
 require "securial/config/configuration"
+require "securial/config/signature"
 require "securial/config/validation"
 
-module Securial
-  class << self
-    attr_accessor :configuration
 
-    def configuration
-      @configuration ||= Config::Configuration.new
-    end
+module Securial
+  extend self
+  attr_accessor :configuration
 
-    def configuration=(config)
-      if config.is_a?(Config::Configuration)
-        @configuration = config
-        Securial::Config::Validation.validate_all!(configuration)
-      else
-        raise ArgumentError, "Expected an instance of Securial::Config::Configuration"
-      end
-    end
+  def configuration
+    @configuration ||= Config::Configuration.new
+  end
 
-    def configure
-      yield(configuration) if block_given?
+  def configuration=(config)
+    if config.is_a?(Config::Configuration)
+      @configuration = config
       Securial::Config::Validation.validate_all!(configuration)
+    else
+      raise ArgumentError, "Expected an instance of Securial::Config::Configuration"
     end
   end
+
+  def configure
+    yield(configuration) if block_given?
+    Securial::Config::Validation.validate_all!(configuration)
+  end
 end

data/lib/securial/engine.rb

@@ -1,8 +1,10 @@
 require "securial/auth"
 require "securial/config"
+require "securial/error"
 require "securial/helpers"
 require "securial/logger"
 require "securial/middleware"
+require "securial/security"
 
 module Securial
   class Engine < ::Rails::Engine

data/lib/securial/engine_initializers.rb

@@ -5,7 +5,7 @@ module Securial
         :password,
         :password_confirmation,
         :password_reset_token,
-        :reset_password_token
+        :reset_password_token,
       ]
     end
 
@@ -16,10 +16,29 @@ module Securial
       end
     end
 
-    initializer "securial.logger_middleware" do |app|
+    initializer "securial.security.request_rate_limiter" do |app|
+      if Securial.configuration.rate_limiting_enabled
+        Securial::Security::RequestRateLimiter.apply!
+        app.middleware.use Rack::Attack
+      end
+    end
+
+    initializer "securial.middleware.transform_request_keys" do |app|
+      app.middleware.use Securial::Middleware::TransformRequestKeys
+    end
+
+    initializer "securial.middleware.transform_response_keys" do |app|
+      app.middleware.use Securial::Middleware::TransformResponseKeys
+    end
+
+    initializer "securial.middleware.logger" do |app|
       app.middleware.use Securial::Middleware::RequestTagLogger
     end
 
+    initializer "securial.middleware.response_headers" do |app|
+      app.middleware.use Securial::Middleware::ResponseHeaders
+    end
+
     initializer "securial.extend_application_controller" do
       ActiveSupport.on_load(:action_controller_base) { include Securial::Identity }
       ActiveSupport.on_load(:action_controller_api)  { include Securial::Identity }

data/lib/securial/error/base_securial_error.rb

@@ -1,13 +1,15 @@
 module Securial
   module Error
     class BaseError < StandardError
+      class_attribute :_default_message, instance_writer: false
+
       def self.default_message(message = nil)
-        @default_message = message if message
-        @default_message
+        self._default_message = message if message
+        self._default_message
       end
 
       def initialize(message = nil)
-        super(message || self.class.default_message || "An error occurred in Securial")
+        super(message || self.class._default_message || "An error occurred in Securial")
       end
 
       def backtrace; []; end

data/lib/securial/error/config.rb

@@ -4,34 +4,6 @@ module Securial
       class InvalidConfigurationError < Securial::Error::BaseError
         default_message "Invalid configuration for Securial"
       end
-
-      class LoggerValidationError < InvalidConfigurationError
-        default_message "Logger configuration validation failed"
-      end
-
-      class RolesValidationError < InvalidConfigurationError
-        default_message "Roles configuration validation failed"
-      end
-
-      class SessionValidationError < InvalidConfigurationError
-        default_message "Session configuration validation failed"
-      end
-
-      class MailerValidationError < InvalidConfigurationError
-        default_message "Mailer configuration validation failed"
-      end
-
-      class PasswordValidationError < InvalidConfigurationError
-        default_message "Password configuration validation failed"
-      end
-
-      class ResponseValidationError < InvalidConfigurationError
-        default_message "Response configuration validation failed"
-      end
-
-      class SecurityValidationError < InvalidConfigurationError
-        default_message "Security configuration validation failed"
-      end
     end
   end
 end

data/lib/securial/helpers/key_transformer.rb

@@ -0,0 +1,33 @@
+module Securial
+  module Helpers
+    module KeyTransformer
+      extend self
+
+      def camelize(str, format)
+        case format
+        when :lowerCamelCase
+          str.to_s.camelize(:lower)
+        when :UpperCamelCase
+          str.to_s.camelize
+        else
+          str.to_s
+        end
+      end
+
+      def self.underscore(str)
+        str.to_s.underscore
+      end
+
+      def self.deep_transform_keys(obj, &block)
+        case obj
+        when Hash
+          obj.transform_keys(&block).transform_values { |v| deep_transform_keys(v, &block) }
+        when Array
+          obj.map { |e| deep_transform_keys(e, &block) }
+        else
+          obj
+        end
+      end
+    end
+  end
+end

data/lib/securial/helpers/normalizing_helper.rb

@@ -1,7 +1,7 @@
 module Securial
   module Helpers
     module NormalizingHelper
-      module_function
+      extend self
 
       def normalize_email_address(email)
         return "" if email.empty?

data/lib/securial/helpers/regex_helper.rb

@@ -5,14 +5,13 @@ module Securial
       USERNAME_REGEX = /\A(?![0-9])[a-zA-Z](?:[a-zA-Z0-9]|[._](?![._]))*[a-zA-Z0-9]\z/
       PASSWORD_REGEX = %r{\A(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])[a-zA-Z].*\z}
 
-      class << self
-        def valid_email?(email)
-          email.match?(EMAIL_REGEX)
-        end
+      extend self
+      def valid_email?(email)
+        email.match?(EMAIL_REGEX)
+      end
 
-        def valid_username?(username)
-          username.match?(USERNAME_REGEX)
-        end
+      def valid_username?(username)
+        username.match?(USERNAME_REGEX)
       end
     end
   end

data/lib/securial/helpers/roles_helper.rb

@@ -3,14 +3,13 @@ module Securial
     module RolesHelper
       # This module provides helper methods related to roles.
       # It can be extended with additional role-related functionality as needed.
-      class << self
-        def protected_namespace
-          Securial.configuration.admin_role.to_s.strip.underscore.pluralize
-        end
+      extend self
+      def protected_namespace
+        Securial.configuration.admin_role.to_s.strip.underscore.pluralize
+      end
 
-        def titleized_admin_role
-          Securial.configuration.admin_role.to_s.strip.titleize
-        end
+      def titleized_admin_role
+        Securial.configuration.admin_role.to_s.strip.titleize
       end
     end
   end

data/lib/securial/helpers.rb

@@ -1,6 +1,7 @@
 require "securial/helpers/normalizing_helper"
 require "securial/helpers/regex_helper"
 require "securial/helpers/roles_helper"
+require "securial/helpers/key_transformer"
 
 module Securial
   module Helpers