securial 0.4.2 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e0abc0d4c0a4b2a56220ab298edd28f767b4d8909a6af78f3097421cfc2fdda
-  data.tar.gz: 9230d0f2c93d1899cb642206adf79ceec04936894720dc989cc2b25c873f8774
+  metadata.gz: a67cb5167555d544a8787d5731542215aa5d43a50955cbb4a0a929d9df39ed08
+  data.tar.gz: 6ee38fc5624167b7cf6d9307dc07224e0762a163145df864247350c523b09a5a
 SHA512:
-  metadata.gz: 04102e38f339f980e2792c6dcc0559ef68a48506c31fc6b6625f44f7cc8f0a668d32c7e42583dfb7abe2d45690ca3e0df9ed9acb916f5c1630c651966413f8b2
-  data.tar.gz: 7db35473e9c983e9c6f803889da638ac210795ea8a9bc1270efd8136fc6a7c293ac01b7b8ca53b43fa695b33e872884e215a0496763222a0159a8c0dd5efe3d0
+  metadata.gz: a85b1cd94066087eab59f7c883e4b822a16e91e03a2df80e4100f7a81cc25712427d35719bb90dbf509c028081bbd215436d097e2056e054e13433fc1b97d9ef
+  data.tar.gz: a39f8dfd001c239fc2f5612e9777f587d688c93de8070656fe7e8fa38a3610463ce18502bef35b12d75c45eb9ee5f27608f8a25d2dc00aa9394f2f8dd5a7bc38

data/README.md

@@ -19,15 +19,55 @@
 - ✅ Clean, JSON-based API responses
 - ✅ Database-agnostic support
 
-Next, mount the engine in `config/routes.rb`:
 
-```ruby
-Rails.application.routes.draw do
-  mount Securial::Engine => "/securial"
-end
-```
+### 🚀 Why Choose Securial?
+
+Securial isn't just another auth library — it's designed to give you control, flexibility, and peace of mind when building secure Rails APIs.
+
+**🔧 Built for Developers**  
+- Easy to mount and extend using familiar Rails conventions.  
+- Fully customizable controllers, serializers, and logic — no more black-box auth.
+
+**🧩 Modular by Design**  
+- Use only the components you need: JWT, sessions, API tokens — or all of them together.  
+- Clean separation of concerns makes testing and debugging simpler.
+
+**⚡ API-First Approach**  
+- JSON-only responses make Securial ideal for frontend frameworks and mobile apps.  
+- No HTML views or form helpers — just clean endpoints that work out of the box.
+
+**🛡️ Secure by Default**  
+- Uses industry best practices for token management and access control.  
+- No reliance on client-side sessions or cookies.
+
+**📦 Lightweight, Database-Agnostic**  
+- No assumptions about your schema or ORM — works with any relational database.  
+- Minimal dependencies, fast to integrate.
+
+**🌱 Ready to Grow With You**  
+- Start small with basic JWT auth, scale to multi-token API clients, admin scopes, or full RBAC.  
+- Perfect for startups, side projects, and production APIs alike.
 
-Full installation steps are available in the [Wiki › Installation](https://github.com/AlyBadawy/Securial/wiki/Installation).
+## 🚀 Installation
+
+Securial can be installed on an existing Rails application or use the `securial new app_name` command to create a new Securial-ready Rails app.
+
+### Installation on an existing Rails app:
+
+To add Securial to an existing Rails app:
+
+- Add `gem "securial"` to your GemFile
+- Run `bundle install`
+- Run `rails generate securial:install`
+- Mount the Securial engine in your Rails application `config/routes.rb` file:
+  ```ruby
+  Rails.application.routes.draw do
+    mount Securial::Engine => "/securial"
+  end
+  ```
+- Run the migrations by running the command: `rails db:migrate`
+
+💡 Full installation steps are available in the [Wiki › Installation](https://github.com/AlyBadawy/Securial/wiki/Installation).
 
 ## ⚙️ Configuration
 
@@ -49,24 +89,29 @@ After installation and mounting, **Securial** exposes endpoints like:
 
 Full details, including authentication flows and protected routes, are available in the [Wiki › Authentication module docs](https://github.com/AlyBadawy/Securial/wiki/Authentication).
 
-🧩 Modules
+## 🧩 Modules
 
 **Securial** is organized into modular components including:
 
 - Authentication
 - User Management
 - Generators
-- Securial::Identity concern
+- Identity concern
+- Configuration
 
 Explore all modules in the [Wiki](https://github.com/AlyBadawy/Securial/wiki).
 
 ## 🛠 Development & Testing
 
+- Clone the repo on your computer
+- Run `bundle install`
+- Start coding right away 🏃‍♂️
+
+
 To run the test suite:
 
 ```bash
-$ RAILS_ENV=test bundle db:schema:load
-$ bundle exec rspec
+$ bin/test
 ```
 
 View the coverage report:

data/app/controllers/concerns/securial/identity.rb

@@ -32,9 +32,9 @@ module Securial
       if auth_header.present? && auth_header.start_with?("Bearer ")
         token = auth_header.split(" ").last
         begin
-          decoded_token = AuthHelper.decode(token)
+          decoded_token = Securial::Sessions::SessionEncoder.decode(token)
           Current.session = Session.find_by!(id: decoded_token["jti"], revoked: false)
-        rescue JWT::DecodeError, ActiveRecord::RecordNotFound => e
+        rescue Securial::Sessions::Errors::SessionDecodeError, ActiveRecord::RecordNotFound => e
           render status: :unauthorized, json: { error: "Invalid token: #{e.message}" } and return
         end
       else
@@ -55,7 +55,7 @@ module Securial
     end
 
     def create_jwt_for_current_session
-      AuthHelper.encode(Current.session)
+      Securial::Sessions::SessionEncoder.encode(Current.session)
     end
 
     def internal_rails_request?

data/app/models/securial/session.rb

@@ -15,8 +15,8 @@ module Securial
     end
 
     def refresh!
-      raise Securial::SessionErrors::SessionRevokedError, "Session is revoked" if revoked
-      raise Securial::SessionErrors::SessionExpiredError, "Session is expired" if refresh_token_expires_at < Time.current
+      raise Securial::Sessions::Errors::SessionRevokedError, "Session is revoked" if revoked
+      raise Securial::Sessions::Errors::SessionExpiredError, "Session is expired" if refresh_token_expires_at < Time.current
 
       update!(refresh_token: SecureRandom.hex(64),
               refresh_count: self.refresh_count + 1,

data/app/views/securial/roles/_securial_role.json.jbuilder

@@ -3,7 +3,6 @@ json.id securial_role.id
 json.role_name securial_role.role_name
 json.hide_from_profile securial_role.hide_from_profile
 
-json.created_at securial_role.created_at
-json.updated_at securial_role.updated_at
+json.partial! "securial/shared/timestamps", record: securial_role
 
 json.url securial.roles_url(securial_role, format: :json)

data/app/views/securial/sessions/_session.json.jbuilder

@@ -9,7 +9,6 @@ json.refresh_token_expires_at securial_session.refresh_token_expires_at
 json.revoked securial_session.revoked
 json.user_id securial_session.user_id
 
-json.created_at securial_session.created_at
-json.updated_at securial_session.updated_at
+json.partial! "securial/shared/timestamps", record: securial_session
 
 json.url "No URL available for this action"

data/app/views/securial/shared/_timestamps.json.jbuilder

@@ -0,0 +1,8 @@
+if Securial.configuration.timestamps_in_response == :all ||
+  (
+    Securial.configuration.timestamps_in_response == :admins_only &&
+    current_user&.admin?
+  )
+    json.created_at record.created_at if record.respond_to?(:created_at)
+    json.updated_at record.updated_at if record.respond_to?(:updated_at)
+end

data/app/views/securial/users/_securial_user.json.jbuilder

@@ -8,7 +8,6 @@ json.bio securial_user.bio
 
 json.roles securial_user.roles, partial: "securial/roles/securial_role", as: :securial_role
 
-json.created_at securial_user.created_at
-json.updated_at securial_user.updated_at
+json.partial! "securial/shared/timestamps", record: securial_user
 
 json.url securial.user_url(securial_user, format: :json)

data/lib/generators/securial/install/templates/securial_initializer.erb

@@ -106,4 +106,15 @@ Securial.configure do |config|
   # that they cannot be tampered with. It is important to keep this
   # secret secure and not share it with anyone.
   config.reset_password_token_secret = "reset_secret"
+
+  ### Timestamp Configuration
+  ## Set whether to use timestamps in the json responses.
+  # The options are:
+  # :none - no timestamps will be included in the json responses.
+  # :admins_only - the created_at and updated_at timestamps will be included
+  #   for admin users. This is useful for keeping the json responses clean
+  #   for regular users while still providing timestamps for admin users.
+  # :all - the created_at and updated_at timestamps will be included
+  #   for all users. This is useful for debugging and development purposes.
+  config.timestamps_in_response = Rails.env.production? ? :admins_only : :all
 end

data/lib/generators/securial/jbuilder/templates/_resource.json.erb

@@ -4,7 +4,6 @@ json.id <%= singular_table_name %>.id
 json.<%= attr %> <%= singular_table_name %>.<%= attr %>
 <% end -%>
 
-json.created_at <%= singular_table_name %>.created_at
-json.updated_at <%= singular_table_name %>.updated_at
+json.partial! "securial/shared/timestamps", record: <%= singular_table_name %>
 
 json.url securial.<%= name.pluralize.downcase %>_url(<%= singular_table_name %>, format: :json)

data/lib/securial/config/_index.rb

@@ -0,0 +1,3 @@
+require_relative "./configuration"
+require_relative "./validation"
+require_relative "./errors"

data/lib/securial/config/configuration.rb

@@ -0,0 +1,42 @@
+module Securial
+  module Config
+    VALID_SESSION_ENCRYPTION_ALGORITHMS = [:hs256, :hs384, :hs512].freeze
+    VALID_TIMESTAMP_OPTIONS = [:all, :admins_only, :none].freeze
+
+    class Configuration
+      attr_accessor :log_to_file, :log_to_stdout
+      attr_accessor :log_file_level, :log_stdout_level
+      attr_accessor :admin_role
+      attr_accessor :session_expiration_duration
+      attr_accessor :session_secret, :session_algorithm
+      attr_accessor :mailer_sender
+      attr_accessor :password_reset_email_subject
+      attr_accessor :password_min_length, :password_max_length
+      attr_accessor :password_complexity
+      attr_accessor :password_expires_in
+      attr_accessor :reset_password_token_expires_in
+      attr_accessor :reset_password_token_secret
+      attr_accessor :timestamps_in_response
+
+      def initialize
+        @log_to_file = !Rails.env.test?
+        @log_to_stdout = !Rails.env.test?
+        @log_file_level = :info
+        @log_stdout_level = :info
+        @admin_role = :admin
+        @session_expiration_duration = 3.minutes
+        @session_secret = "secret"
+        @session_algorithm = :hs256
+        @mailer_sender = "no-reply@example.com"
+        @password_reset_email_subject = "SECURIAL: Password Reset Instructions"
+        @password_min_length = 8
+        @password_max_length = 128
+        @password_complexity = Securial::RegexHelper::PASSWORD_REGEX
+        @password_expires_in = 90.days
+        @reset_password_token_expires_in = 2.hours
+        @reset_password_token_secret = "reset_secret"
+        @timestamps_in_response = :all
+      end
+    end
+  end
+end

data/lib/securial/config/errors.rb

@@ -0,0 +1,19 @@
+module Securial
+  module Config
+    module Errors
+      class BaseConfigError < StandardError
+        def backtrace; []; end
+      end
+
+      class ConfigAdminRoleError < BaseConfigError; end
+
+      class ConfigSessionExpirationDurationError < BaseConfigError; end
+      class ConfigSessionAlgorithmError < BaseConfigError; end
+      class ConfigSessionSecretError < BaseConfigError; end
+
+      class ConfigMailerSenderError < BaseConfigError; end
+      class ConfigPasswordError < BaseConfigError; end
+      class ConfigTimestampsInResponseError < BaseConfigError; end
+    end
+  end
+end

data/lib/securial/config/validation.rb

@@ -0,0 +1,179 @@
+require "securial/logger"
+
+module Securial
+  module Config
+    module Validation
+      class << self
+        def validate_all!(config)
+          validate_admin_role!(config)
+          validate_session_config!(config)
+          validate_mailer_sender!(config)
+          validate_password_config!(config)
+          validate_timestamps_in_response!(config)
+        end
+
+        private
+
+        def validate_admin_role!(config)
+          if config.admin_role.nil? || config.admin_role.to_s.strip.empty?
+            error_message = "Admin role is not set."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigAdminRoleError, error_message
+          end
+
+          unless config.admin_role.is_a?(Symbol) || config.admin_role.is_a?(String)
+            error_message = "Admin role must be a Symbol or String."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigAdminRoleError, error_message
+          end
+
+          if config.admin_role.to_s.pluralize.downcase == "accounts"
+            error_message = "The admin role cannot be 'account' or 'accounts' as it conflicts with the default routes."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigAdminRoleError, error_message
+          end
+        end
+
+        def validate_session_config!(config)
+          validate_session_expiry_duration!(config)
+          validate_session_algorithm!(config)
+          validate_session_secret!(config)
+        end
+
+        def validate_session_expiry_duration!(config)
+          if config.session_expiration_duration.nil?
+            error_message = "Session expiration duration is not set."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigSessionExpirationDurationError, error_message
+          end
+          if config.session_expiration_duration.class != ActiveSupport::Duration
+            error_message = "Session expiration duration must be an ActiveSupport::Duration."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigSessionExpirationDurationError, error_message
+          end
+          if config.session_expiration_duration <= 0
+            Securial::ENGINE_LOGGER.error("Session expiration duration must be greater than 0.")
+            raise Securial::Config::Errors::ConfigSessionExpirationDurationError, "Session expiration duration must be greater than 0."
+          end
+        end
+
+        def validate_session_algorithm!(config)
+          if config.session_algorithm.blank?
+            error_message = "Session algorithm is not set."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
+          end
+          unless config.session_algorithm.is_a?(Symbol)
+            error_message = "Session algorithm must be a Symbol."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
+          end
+          valid_algorithms = Securial::Config::VALID_SESSION_ENCRYPTION_ALGORITHMS
+          unless valid_algorithms.include?(config.session_algorithm)
+            error_message = "Invalid session algorithm. Valid options are: #{valid_algorithms.map(&:inspect).join(', ')}."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigSessionAlgorithmError, error_message
+          end
+        end
+
+        def validate_session_secret!(config)
+          if config.session_secret.blank?
+            error_message = "Session secret is not set."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigSessionSecretError, error_message
+          end
+          unless config.session_secret.is_a?(String)
+            error_message = "Session secret must be a String."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigSessionSecretError, error_message
+          end
+        end
+
+        def validate_mailer_sender!(config)
+          if config.mailer_sender.blank?
+            error_message = "Mailer sender is not set."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigMailerSenderError, error_message
+          end
+          if config.mailer_sender !~  URI::MailTo::EMAIL_REGEXP
+            error_message = "Mailer sender is not a valid email address."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigMailerSenderError, error_message
+          end
+        end
+
+        def validate_password_config!(config)
+          validate_password_reset_subject!(config)
+          validate_password_min_max_length!(config)
+          validate_password_complexity!(config)
+          validate_password_expiration!(config)
+          validate_password_reset_token!(config)
+        end
+
+        def validate_password_reset_token!(config)
+          if config.reset_password_token_secret.blank?
+            error_message = "Reset password token secret is not set."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigPasswordError, error_message
+          end
+          unless config.reset_password_token_secret.is_a?(String)
+            error_message = "Reset password token secret must be a String."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigPasswordError, error_message
+          end
+        end
+
+        def validate_password_reset_subject!(config)
+          if config.password_reset_email_subject.blank?
+            error_message = "Password reset email subject is not set."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigPasswordError, error_message
+          end
+          unless config.password_reset_email_subject.is_a?(String)
+            error_message = "Password reset email subject must be a String."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigPasswordError, error_message
+          end
+        end
+
+        def validate_password_min_max_length!(config)
+          unless config.password_min_length.is_a?(Integer) && config.password_min_length > 0
+            error_message = "Password minimum length must be a positive integer."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigPasswordError, error_message
+          end
+          unless config.password_max_length.is_a?(Integer) && config.password_max_length >= config.password_min_length
+            error_message = "Password maximum length must be an integer greater than or equal to the minimum length."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigPasswordError, error_message
+          end
+        end
+
+        def validate_password_complexity!(config)
+          if config.password_complexity.nil? || !config.password_complexity.is_a?(Regexp)
+            error_message = "Password complexity regex is not set or is not a valid Regexp."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigPasswordError, error_message
+          end
+        end
+
+        def validate_password_expiration!(config)
+          if config.password_expires_in.nil? || !config.password_expires_in.is_a?(ActiveSupport::Duration) || config.password_expires_in <= 0
+            error_message = "Password expiration duration is not set or is not a valid ActiveSupport::Duration."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigPasswordError, error_message
+          end
+        end
+
+        def validate_timestamps_in_response!(config)
+          valid_options = Securial::Config::VALID_TIMESTAMP_OPTIONS
+          unless valid_options.include?(config.timestamps_in_response)
+            error_message = "Invalid timestamps_in_response option. Valid options are: #{valid_options.map(&:inspect).join(', ')}."
+            Securial::ENGINE_LOGGER.error(error_message)
+            raise Securial::Config::Errors::ConfigTimestampsInResponseError, error_message
+          end
+        end
+      end
+    end
+  end
+end

data/lib/securial/engine.rb

@@ -1,14 +1,8 @@
 require_relative "./logger"
-
-Dir[File.join(__dir__, "errors", "*.rb")].each { |f| require_relative f }
-
-require_relative "./configuration"
-
-require_relative "./helpers/auth_helper"
-require_relative "./helpers/normalizing_helper"
-require_relative "./helpers/regex_helper"
-
-require_relative "./route_inspector"
+require_relative "./config/_index"
+require_relative "./helpers/_index"
+require_relative "./sessions/_index"
+require_relative "./inspectors/_index"
 
 require_relative "./middleware/request_logger_tag"
 require "jwt"
@@ -31,7 +25,12 @@ module Securial
     end
 
     initializer "securial.engine_initialized" do |app|
-      Securial::ENGINE_LOGGER.info("[Securial] Engine mounted. Host app: #{app.class.name}")
+      Securial::ENGINE_LOGGER.info("[Securial] Initializing Engine... Host app: #{app.class.name}")
+    end
+
+    initializer "securial.config" do
+      Securial::ENGINE_LOGGER.info("[Securial] Validating configuration in `config/initializers/securial.rb`...")
+      Securial::Config::Validation.validate_all!(Securial.configuration)
     end
 
     initializer "securial.factories", after: "factory_bot.set_factory_paths" do

data/lib/securial/helpers/_index.rb

@@ -0,0 +1,2 @@
+require_relative "normalizing_helper"
+require_relative "regex_helper"

data/lib/securial/helpers/regex_helper.rb

@@ -4,14 +4,14 @@ module Securial
     USERNAME_REGEX = /\A(?![0-9])[a-zA-Z](?:[a-zA-Z0-9]|[._](?![._]))*[a-zA-Z0-9]\z/
     PASSWORD_REGEX = %r{\A(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])[a-zA-Z].*\z}
 
-    module_function
+    class << self
+      def valid_email?(email)
+        email.match?(EMAIL_REGEX)
+      end
 
-    def valid_email?(email)
-      email.match?(EMAIL_REGEX)
-    end
-
-    def valid_username?(username)
-      username.match?(USERNAME_REGEX)
+      def valid_username?(username)
+        username.match?(USERNAME_REGEX)
+      end
     end
   end
 end

data/lib/securial/inspectors/_index.rb

@@ -0,0 +1 @@
+require_relative "route_inspector"

data/lib/securial/inspectors/route_inspector.rb

@@ -0,0 +1,52 @@
+module Securial
+  module Inspectors
+    module RouteInspector
+      def self.print_routes(controller: nil)
+        filtered = Securial::Engine.routes.routes.select do |r|
+          ctrl = r.defaults[:controller]
+          controller.nil? || ctrl == "securial/#{controller}"
+        end
+
+        print_headers(filtered, controller)
+        print_details(filtered, controller)
+        true
+      end
+
+      class << self
+        private
+
+        # rubocop:disable Rails/Output
+        def print_headers(filtered, controller)
+          Securial::ENGINE_LOGGER.debug "Securial engine routes:"
+          Securial::ENGINE_LOGGER.debug "Total routes: #{filtered.size}"
+          Securial::ENGINE_LOGGER.debug "Filtered by controller: #{controller}" if controller
+          Securial::ENGINE_LOGGER.debug "Filtered routes: #{filtered.size}" if controller
+          Securial::ENGINE_LOGGER.debug "-" * 120
+          Securial::ENGINE_LOGGER.debug "#{'Verb'.ljust(8)} #{'Path'.ljust(45)} #{'Controller#Action'.ljust(40)} Name"
+          Securial::ENGINE_LOGGER.debug "-" * 120
+        end
+
+        def print_details(filtered, controller) # rubocop:disable Rails/Output
+          if filtered.empty?
+            if controller
+              Securial::ENGINE_LOGGER.debug "No routes found for controller: #{controller}"
+            else
+              Securial::ENGINE_LOGGER.debug "No routes found for Securial engine"
+            end
+            Securial::ENGINE_LOGGER.debug "-" * 120
+            return
+          end
+
+          Securial::ENGINE_LOGGER.debug filtered.map { |r|
+            name = r.name || ""
+            verb = r.verb.to_s.ljust(8)
+            path = r.path.spec.to_s.sub(/\(\.:format\)/, "").ljust(45)
+            ctrl_action = "#{r.defaults[:controller]}##{r.defaults[:action]}"
+            "#{verb} #{path} #{ctrl_action.ljust(40)} #{name}"
+          }.join("\n")
+        end
+        # rubocop:enable Rails/Output
+      end
+    end
+  end
+end

data/lib/securial/logger.rb

@@ -7,13 +7,13 @@ module Securial
     def self.build
       outputs = []
 
-      if Securial.configuration.log_to_file
+      unless Securial.configuration.log_to_file == false
         log_file = Rails.root.join("log", "securial.log").open("a")
         log_file.sync = true
         outputs << log_file
       end
 
-      if Securial.configuration.log_to_stdout
+      unless Securial.configuration.log_to_stdout == false
         outputs << STDOUT
       end
 

data/lib/securial/sessions/_index.rb

@@ -0,0 +1,2 @@
+require_relative "errors"
+require_relative "session_encoder"

data/lib/securial/sessions/errors.rb

@@ -0,0 +1,15 @@
+module Securial
+  module Sessions
+    module Errors
+      class BaseSessionError < StandardError
+        def backtrace; []; end
+      end
+
+      class SessionEncodeError < BaseSessionError; end
+      class SessionDecodeError < BaseSessionError; end
+
+      class SessionRevokedError < BaseSessionError; end
+      class SessionExpiredError < BaseSessionError; end
+    end
+  end
+end

data/lib/securial/sessions/session_encoder.rb

@@ -0,0 +1,56 @@
+module Securial
+  module Sessions
+    module SessionEncoder
+      class << self
+        def encode(session)
+          return nil unless session && session.class == Securial::Session
+
+          base_payload = {
+            jti: session.id,
+            exp: expiry_duration.from_now.to_i,
+            sub: "session-access-token",
+            refresh_count: session.refresh_count,
+          }
+
+          session_payload = {
+            ip: session.ip_address,
+            agent: session.user_agent,
+          }
+
+          payload = base_payload.merge(session_payload)
+          begin
+            JWT.encode(payload, secret, algorithm, { kid: "hmac" })
+          rescue JWT::EncodeError => e
+            raise Errors::SessionEncodeError, "Failed to encode session: #{e.message}"
+          end
+        end
+
+        def decode(token)
+          begin
+          decoded = JWT.decode(token, secret, true, { algorithm: algorithm, verify_jti: true, iss: "securial" })
+          rescue JWT::DecodeError => e
+            raise Securial::Sessions::Errors::SessionDecodeError, "Failed to decode session token: #{e.message}"
+          end
+          decoded.first
+        end
+
+        private
+
+        def secret
+          # Config::Validation.validate_session_secret!(Securial.configuration)
+          Securial.configuration.session_secret
+        end
+
+        def algorithm
+          # Config::Validation.validate_session_algorithm!(Securial.configuration)
+          Securial.configuration.session_algorithm.to_s.upcase
+        end
+
+        def expiry_duration
+          # Config::Validation.validate_session_expiry_duration!(Securial.configuration)
+          Securial.configuration.session_expiration_duration
+        end
+      end
+    end
+  end
+end

data/lib/securial/version.rb

@@ -1,3 +1,3 @@
 module Securial
-  VERSION = "0.4.2"
+  VERSION = "0.5.0"
 end

data/lib/securial.rb

@@ -8,17 +8,11 @@ module Securial
     attr_writer :configuration
 
     def configuration
-      @configuration ||= Configuration.new
+      @configuration ||= Securial::Config::Configuration.new
     end
 
     def configure
       yield(configuration)
-      validate_admin_role!
-      validate_session_expiry_duration!
-      validate_session_algorithm!
-      validate_session_secret!
-      validate_mailer_sender!
-      validate_password_config!
     end
 
     # Returns the pluralized form of the admin role.
@@ -26,69 +20,5 @@ module Securial
     def admin_namespace
       configuration.admin_role.to_s.pluralize.downcase
     end
-
-    def validate_admin_role!
-      error_message = "The admin role cannot be 'account' or 'accounts' as it conflicts with the default routes."
-
-      if configuration.admin_role.to_s.pluralize.downcase == "accounts"
-        Securial::ENGINE_LOGGER.error(error_message)
-        raise Securial::ConfigErrors::ConfigAdminRoleError, error_message
-      end
-    end
-
-    def validate_session_expiry_duration!
-      if configuration.session_expiration_duration.nil?
-        error_message = "Session expiration duration is not set."
-        Securial::ENGINE_LOGGER.error(error_message)
-        raise Securial::ConfigErrors::ConfigSessionExpirationDurationError, error_message
-      end
-      if configuration.session_expiration_duration.class != ActiveSupport::Duration
-        error_message = "Session expiration duration must be an ActiveSupport::Duration."
-        Securial::ENGINE_LOGGER.error(error_message)
-        raise Securial::ConfigErrors::ConfigSessionExpirationDurationError, error_message
-      end
-      if configuration.session_expiration_duration <= 0
-        Securial::ENGINE_LOGGER.error("Session expiration duration must be greater than 0.")
-        raise Securial::ConfigErrors::ConfigSessionExpirationDurationError, "Session expiration duration must be greater than 0."
-      end
-    end
-
-    def validate_session_algorithm!
-      valid_algorithms = [:hs256, :hs384, :hs512]
-      unless valid_algorithms.include?(configuration.session_algorithm)
-        error_message = "Invalid session algorithm. Valid options are: #{valid_algorithms.join(', ')}."
-        Securial::ENGINE_LOGGER.error(error_message)
-        raise Securial::ConfigErrors::ConfigSessionAlgorithmError, error_message
-      end
-    end
-
-    def validate_session_secret!
-      if configuration.session_secret.blank?
-        error_message = "Session secret is not set."
-        Securial::ENGINE_LOGGER.error(error_message)
-        raise Securial::ConfigErrors::ConfigSessionSecretError, error_message
-      end
-    end
-
-    def validate_mailer_sender!
-      if configuration.mailer_sender.blank?
-        error_message = "Mailer sender is not set."
-        Securial::ENGINE_LOGGER.error(error_message)
-        raise Securial::ConfigErrors::ConfigMailerSenderError, error_message
-      end
-      if configuration.mailer_sender !~  URI::MailTo::EMAIL_REGEXP
-        error_message = "Mailer sender is not a valid email address."
-        Securial::ENGINE_LOGGER.error(error_message)
-        raise Securial::ConfigErrors::ConfigMailerSenderError, error_message
-      end
-    end
-
-    def validate_password_config!
-      if configuration.password_reset_email_subject.blank?
-        error_message = "Password reset email subject is not set."
-        Securial::ENGINE_LOGGER.error(error_message)
-        raise Securial::ConfigErrors::ConfigMailerSenderError, error_message
-      end
-    end
   end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: securial
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
 platform: ruby
 authors:
 - Aly Badawy
 bindir: bin
 cert_chain: []
-date: 2025-05-27 00:00:00.000000000 Z
+date: 2025-05-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -353,9 +353,6 @@ files:
 - app/views/layouts/securial/mailer.html.erb
 - app/views/layouts/securial/mailer.text.erb
 - app/views/securial/accounts/show.json.jbuilder
-- app/views/securial/passwords/_password.json.jbuilder
-- app/views/securial/passwords/index.json.jbuilder
-- app/views/securial/passwords/show.json.jbuilder
 - app/views/securial/role_assignments/show.json.jbuilder
 - app/views/securial/roles/_securial_role.json.jbuilder
 - app/views/securial/roles/index.json.jbuilder
@@ -365,6 +362,7 @@ files:
 - app/views/securial/sessions/_session.json.jbuilder
 - app/views/securial/sessions/index.json.jbuilder
 - app/views/securial/sessions/show.json.jbuilder
+- app/views/securial/shared/_timestamps.json.jbuilder
 - app/views/securial/status/show.json.jbuilder
 - app/views/securial/users/_securial_user.json.jbuilder
 - app/views/securial/users/index.json.jbuilder
@@ -390,27 +388,32 @@ files:
 - lib/generators/securial/scaffold/templates/routes.erb
 - lib/generators/securial/scaffold/templates/routing_spec.erb
 - lib/securial.rb
-- lib/securial/configuration.rb
+- lib/securial/config/_index.rb
+- lib/securial/config/configuration.rb
+- lib/securial/config/errors.rb
+- lib/securial/config/validation.rb
 - lib/securial/engine.rb
-- lib/securial/errors/config_errors.rb
-- lib/securial/errors/session_errors.rb
 - lib/securial/factories/securial/role_assignments.rb
 - lib/securial/factories/securial/roles.rb
 - lib/securial/factories/securial/sessions.rb
 - lib/securial/factories/securial/users.rb
-- lib/securial/helpers/auth_helper.rb
+- lib/securial/helpers/_index.rb
 - lib/securial/helpers/normalizing_helper.rb
 - lib/securial/helpers/regex_helper.rb
+- lib/securial/inspectors/_index.rb
+- lib/securial/inspectors/route_inspector.rb
 - lib/securial/logger.rb
 - lib/securial/middleware/request_logger_tag.rb
-- lib/securial/route_inspector.rb
+- lib/securial/sessions/_index.rb
+- lib/securial/sessions/errors.rb
+- lib/securial/sessions/session_encoder.rb
 - lib/securial/version.rb
 - lib/tasks/securial_tasks.rake
 homepage: https://github.com/AlyBadawy/Securial/wiki
 licenses:
 - MIT
 metadata:
-  release_date: '2025-05-27'
+  release_date: '2025-05-28'
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/AlyBadawy/Securial/wiki
   source_code_uri: https://github.com/AlyBadawy/Securial

data/app/views/securial/passwords/_password.json.jbuilder

@@ -1,2 +0,0 @@
-json.extract! password, :id, :forgot_password, :reset_password, :created_at, :updated_at
-json.url password_url(password, format: :json)

data/app/views/securial/passwords/index.json.jbuilder

@@ -1 +0,0 @@
-json.array! @passwords, partial: "securial/passwords/password", as: :password

data/app/views/securial/passwords/show.json.jbuilder

@@ -1 +0,0 @@
-json.partial! "securial/passwords/password", password: @password

data/lib/securial/configuration.rb

@@ -1,35 +0,0 @@
-module Securial
-  class Configuration
-    attr_accessor :log_to_file, :log_to_stdout
-    attr_accessor :log_file_level, :log_stdout_level
-    attr_accessor :admin_role
-    attr_accessor :session_expiration_duration
-    attr_accessor :session_secret, :session_algorithm
-    attr_accessor :mailer_sender
-    attr_accessor :password_reset_email_subject
-    attr_accessor :password_min_length, :password_max_length
-    attr_accessor :password_complexity
-    attr_accessor :password_expires_in
-    attr_accessor :reset_password_token_expires_in
-    attr_accessor :reset_password_token_secret
-
-    def initialize
-      @log_to_file = !Rails.env.test?
-      @log_to_stdout = !Rails.env.test?
-      @log_file_level = :info
-      @log_stdout_level = :info
-      @admin_role = :admin
-      @session_expiration_duration = 3.minutes
-      @session_secret = "secret"
-      @session_algorithm = :hs256
-      @mailer_sender = "no-reply@example.com"
-      @password_reset_email_subject = "SECURIAL: Password Reset Instructions"
-      @password_min_length = 8
-      @password_max_length = 128
-      @password_complexity = Securial::RegexHelper::PASSWORD_REGEX
-      @password_expires_in = 90.days
-      @reset_password_token_expires_in = 2.hours
-      @reset_password_token_secret = "reset_secret"
-    end
-  end
-end

data/lib/securial/errors/config_errors.rb

@@ -1,12 +0,0 @@
-module Securial
-  module ConfigErrors
-    class ConfigAdminRoleError < StandardError; end
-
-    class ConfigSessionExpirationDurationError < StandardError; end
-    class ConfigSessionAlgorithmError < StandardError; end
-    class ConfigSessionSecretError < StandardError; end
-
-    class ConfigMailerSenderError < StandardError; end
-    class ConfigPasswordError < StandardError; end
-  end
-end

data/lib/securial/errors/session_errors.rb

@@ -1,6 +0,0 @@
-module Securial
-  module SessionErrors
-    class SessionRevokedError < StandardError; end
-    class SessionExpiredError < StandardError; end
-  end
-end

data/lib/securial/helpers/auth_helper.rb

@@ -1,46 +0,0 @@
-module Securial
-  module AuthHelper
-    class << self
-      def encode(session)
-        return nil unless session && session.class == Securial::Session
-
-        base_payload = {
-          jti: session.id,
-          exp: expiry_duration.from_now.to_i,
-          sub: "session-access-token",
-          refresh_count: session.refresh_count,
-        }
-
-        session_payload = {
-          ip: session.ip_address,
-          agent: session.user_agent,
-        }
-
-        payload = base_payload.merge(session_payload)
-        JWT.encode(payload, secret, algorithm, { kid: "hmac" })
-      end
-
-      def decode(token)
-        decoded = JWT.decode(token, secret, true, { algorithm: algorithm, verify_jti: true, iss: "securial" })
-        decoded.first
-      end
-
-      private
-
-      def secret
-        Securial.validate_session_secret!
-        Securial.configuration.session_secret
-      end
-
-      def algorithm
-        Securial.validate_session_algorithm!
-        Securial.configuration.session_algorithm.to_s.upcase
-      end
-
-      def expiry_duration
-        Securial.validate_session_expiry_duration!
-        Securial.configuration.session_expiration_duration
-      end
-    end
-  end
-end

data/lib/securial/route_inspector.rb

@@ -1,50 +0,0 @@
-module Securial
-  module RouteInspector
-    def self.print_routes(controller: nil)
-      filtered = Securial::Engine.routes.routes.select do |r|
-        ctrl = r.defaults[:controller]
-        controller.nil? || ctrl == "securial/#{controller}"
-      end
-
-      print_headers(filtered, controller)
-      print_details(filtered, controller)
-      true
-    end
-
-    class << self
-      private
-
-      # rubocop:disable Rails/Output
-      def print_headers(filtered, controller)
-        Securial::ENGINE_LOGGER.debug "Securial engine routes:"
-        Securial::ENGINE_LOGGER.debug "Total routes: #{filtered.size}"
-        Securial::ENGINE_LOGGER.debug "Filtered by controller: #{controller}" if controller
-        Securial::ENGINE_LOGGER.debug "Filtered routes: #{filtered.size}" if controller
-        Securial::ENGINE_LOGGER.debug "-" * 120
-        Securial::ENGINE_LOGGER.debug "#{'Verb'.ljust(8)} #{'Path'.ljust(45)} #{'Controller#Action'.ljust(40)} Name"
-        Securial::ENGINE_LOGGER.debug "-" * 120
-      end
-
-      def print_details(filtered, controller) # rubocop:disable Rails/Output
-        if filtered.empty?
-          if controller
-            Securial::ENGINE_LOGGER.debug "No routes found for controller: #{controller}"
-          else
-            Securial::ENGINE_LOGGER.debug "No routes found for Securial engine"
-          end
-          Securial::ENGINE_LOGGER.debug "-" * 120
-          return
-        end
-
-        Securial::ENGINE_LOGGER.debug filtered.map { |r|
-          name = r.name || ""
-          verb = r.verb.to_s.ljust(8)
-          path = r.path.spec.to_s.sub(/\(\.:format\)/, "").ljust(45)
-          ctrl_action = "#{r.defaults[:controller]}##{r.defaults[:action]}"
-          "#{verb} #{path} #{ctrl_action.ljust(40)} #{name}"
-        }.join("\n")
-      end
-      # rubocop:enable Rails/Output
-    end
-  end
-end