shieldify 0.1.2.pre.alpha

data/lib/generators/shieldify/templates/locales/es.shieldify.yml.tt

@@ -0,0 +1,48 @@
+es:
+  shieldify:
+    models:
+      email_authenticatable:
+        confirmable:
+          email_confirmation_token:
+            errors:
+              invalid: "inválido"
+              expired: "ha expirado"
+          unconfirmed_email:
+            errors:
+              not_found: "no encontrado"
+          email_confirmation_token_generated_at:
+    mailer:
+      email_confirmation_instructions:
+        subject: "Instrucciones de Confirmación de Email"
+        title: "Instrucciones de Confirmación de Email"
+        greeting: "Hola %{email},"
+        thanks: "Por favor confirma tu email haciendo clic en el siguiente enlace:"
+        confirm_account: "Confirmar email"
+        ignore: "Si no has solicitado esta confirmación, por favor ignora este correo."
+      reset_password_instructions:
+        subject: "Instrucciones para Restablecer Contraseña"
+        title: "Instrucciones para Restablecer Contraseña"
+        greeting: "Hola %{email},"
+        instructions: "Alguien ha solicitado un enlace para cambiar tu contraseña. Puedes hacerlo a través del enlace de abajo:"
+        change_password: "Cambiar mi contraseña"
+        ignore: "Si no solicitaste esto, por favor ignora este correo. Tu contraseña no cambiará."
+        link_expiration: "Este enlace expirará en %{expiration_hours} horas."
+      unlock_instructions:
+        subject: "Instrucciones para Desbloquear Cuenta"
+        title: "Instrucciones para Desbloquear Cuenta"
+        greeting: "Hola %{email},"
+        instructions: "Tu cuenta ha sido bloqueada debido a un número excesivo de intentos de inicio de sesión fallidos. Por favor, desbloquea tu cuenta haciendo clic en el siguiente enlace:"
+        unlock_account: "Desbloquear Cuenta"
+        ignore: "Si no has solicitado esto, por favor ignora este correo. Tu cuenta permanecerá segura."
+      email_changed:
+        subject: "Correo Electrónico Actualizado"
+        title: "Correo Electrónico Actualizado"
+        greeting: "Hola %{email},"
+        message: "Recibimos una solicitud para cambiar la dirección de correo electrónico asociada a tu cuenta a %{unconfirmed_email}."
+        ignore: "Si no hiciste este cambio, por favor contacta a soporte inmediatamente."
+      password_changed:
+        subject: "Contraseña Actualizada"
+        title: "Contraseña Actualizada"
+        greeting: "Hola %{email},"
+        message: "Esta es una notificación de que tu contraseña ha sido cambiada exitosamente."
+        advice: "Si no realizaste este cambio, por favor contacta a nuestro equipo de soporte inmediatamente."

data/lib/generators/shieldify/templates/mailer_layouts/mailer.html.erb

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title><%= t('shieldify.mailer.confirmation_instructions.title') %></title>
+    <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
+  </head>
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/lib/generators/shieldify/templates/mailer_layouts/mailer.text.erb

@@ -0,0 +1,3 @@
+<%= t('shieldify.mailer.email_changed.title') %>
+
+<%= yield %>

data/lib/generators/shieldify/templates/mailer_views/email_changed.html.erb

@@ -0,0 +1,3 @@
+<h1><%= t('shieldify.mailer.email_changed.greeting', email: @user.email) %></h1>
+<p><%= t('shieldify.mailer.email_changed.message', unconfirmed_email: @user.unconfirmed_email) %></p>
+<p><%= t('shieldify.mailer.email_changed.ignore') %></p>

data/lib/generators/shieldify/templates/mailer_views/email_changed.text.erb

@@ -0,0 +1,5 @@
+<%= t('shieldify.mailer.email_changed.greeting', email: @user.email) %>
+
+<%= t('shieldify.mailer.email_changed.message', unconfirmed_email: @user.unconfirmed_email) %>
+
+<%= t('shieldify.mailer.email_changed.ignore') %>

data/lib/generators/shieldify/templates/mailer_views/email_confirmation_instructions.html.erb

@@ -0,0 +1,7 @@
+<h1><%= t('shieldify.mailer.email_confirmation_instructions.greeting', email: @user.unconfirmed_email) %></h1>
+
+<p><%= t('shieldify.mailer.email_confirmation_instructions.thanks') %></p>
+
+<p><%= link_to t('shieldify.mailer.email_confirmation_instructions.confirm_account'), users_email_confirmation_url(token: @token) %></p>
+
+<p><%= t('shieldify.mailer.email_confirmation_instructions.ignore') %></p>

data/lib/generators/shieldify/templates/mailer_views/email_confirmation_instructions.text.erb

@@ -0,0 +1,7 @@
+<%= t('shieldify.mailer.email_confirmation_instructions.greeting', email: @user.unconfirmed_email) %>
+
+<%= t('shieldify.mailer.email_confirmation_instructions.thanks') %>
+
+<%= users_email_confirmation_url(token: @token) %>
+
+<%= t('shieldify.mailer.email_confirmation_instructions.ignore') %>

data/lib/generators/shieldify/templates/mailer_views/password_changed.html.erb

@@ -0,0 +1,3 @@
+<h1><%= t('shieldify.mailer.password_changed.greeting', email: @user.email) %></h1>
+<p><%= t('shieldify.mailer.password_changed.message') %></p>
+<p><%= t('shieldify.mailer.password_changed.advice') %></p>

data/lib/generators/shieldify/templates/mailer_views/password_changed.text.erb

@@ -0,0 +1,5 @@
+<%= t('shieldify.mailer.password_changed.greeting', email: @user.email) %>
+
+<%= t('shieldify.mailer.password_changed.message') %>
+
+<%= t('shieldify.mailer.password_changed.advice') %>

data/lib/generators/shieldify/templates/mailer_views/reset_email_password_instructions.html.erb

@@ -0,0 +1,5 @@
+<h1><%= t('shieldify.mailer.reset_password_instructions.greeting', name: @user.name) %></h1>
+<p><%= t('shieldify.mailer.reset_password_instructions.instructions') %></p>
+<p><%= link_to t('shieldify.mailer.reset_password_instructions.change_password'), edit_password_url(@user.reset_password_token) %></p>
+<p><%= t('shieldify.mailer.reset_password_instructions.link_expiration', expiration_hours: 24) %></p>
+<p><%= t('shieldify.mailer.reset_password_instructions.ignore') %></p>

data/lib/generators/shieldify/templates/mailer_views/reset_email_password_instructions.text.erb

@@ -0,0 +1,9 @@
+<%= t('shieldify.mailer.reset_password_instructions.greeting', name: @user.name) %>
+
+<%= t('shieldify.mailer.reset_password_instructions.instructions') %>
+
+<%= edit_password_url(@user.reset_password_token) %>
+
+<%= t('shieldify.mailer.reset_password_instructions.link_expiration', expiration_hours: 24) %>
+
+<%= t('shieldify.mailer.reset_password_instructions.ignore') %>

data/lib/generators/shieldify/templates/mailer_views/unlock_access_instructions.html.erb

@@ -0,0 +1,4 @@
+<h1><%= t('shieldify.mailer.unlock_instructions.greeting', name: @user.name) %></h1>
+<p><%= t('shieldify.mailer.unlock_instructions.instructions') %></p>
+<p><%= link_to t('shieldify.mailer.unlock_instructions.unlock_account'), unlock_url(@user.unlock_token) %></p>
+<p><%= t('shieldify.mailer.unlock_instructions.ignore') %></p>

data/lib/generators/shieldify/templates/mailer_views/unlock_access_instructions.text.erb

@@ -0,0 +1,7 @@
+<%= t('shieldify.mailer.unlock_instructions.greeting', name: @user.name) %>
+
+<%= t('shieldify.mailer.unlock_instructions.instructions') %>
+
+<%= unlock_url(@user.unlock_token) %>
+
+<%= t('shieldify.mailer.unlock_instructions.ignore') %>

data/lib/generators/shieldify/templates/migration.rb.tt

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class ShieldifyCreateUsers < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :users do |t|
+      ## Email registerable
+      t.string :email, default: ""
+      t.string :password_digest, default: ""
+
+      ## Email confirmable
+      t.string :unconfirmed_email
+      t.string :email_confirmation_token
+      t.string :email_confirmation_token_generated_at
+
+      t.timestamps null: false
+    end
+
+    create_table :jwt_sessions do |t|
+      t.string :jti, null: false
+      t.references :user, null: false, foreign_key: true
+
+      t.timestamps
+    end
+
+    add_index :users, :email, unique: true
+    add_index :jwt_sessions, :jti, unique: true
+  end
+end

data/lib/generators/shieldify/templates/model.rb.tt

@@ -0,0 +1,2 @@
+class User < ApplicationRecord
+end

data/lib/shieldify/controllers/helpers.rb

@@ -0,0 +1,29 @@
+module Shieldify
+  module Controllers
+    module Helpers
+      def current_user
+        warden.user
+      end
+
+      def user_signed_in?
+        !!current_user
+      end
+
+      def authenticate_user!
+        unless user_signed_in?
+          respond_to_unauthorized
+        end
+      end
+
+      private
+
+      def warden
+        request.env['warden']
+      end
+
+      def respond_to_unauthorized
+        render json: { error: 'No autorizado' }, status: :unauthorized
+      end
+    end
+  end
+end

data/lib/shieldify/failure_app.rb

@@ -0,0 +1,8 @@
+module Shieldify  
+  class FailureApp
+    def self.call(env)
+      error_message = env['warden.options'][:message] || 'Unauthorized'
+      [401, { 'Content-Type' => 'application/json' }, [{ error: error_message }.to_json]]
+    end
+  end
+end

data/lib/shieldify/jwt_service.rb

@@ -0,0 +1,158 @@
+require 'jwt'
+
+class JwtService
+  @secret_key = Shieldify::Configuration.jwt_secret
+  @issuer = Shieldify::Configuration.jwt_issuer
+  @jwt_exp = Shieldify::Configuration.jwt_exp
+  
+  class << self
+    # Generates a new JWT token for a user using their unique identifier.
+    #
+    # @param user_id [Integer] The unique identifier for the user for whom the token is being generated.
+    #
+    # This method constructs a JWT payload containing several fields including the user's ID, the token's
+    # expiration time, and other standard JWT claims. The JWT is then encoded using the HS256 algorithm
+    # with a secret key stored in the service's configuration. The method handles encoding issues and returns
+    # a structured array containing the results of the token generation process.
+    #
+    # The method can be called with or without a block:
+    #
+    # Without a block, it returns an array with four elements:
+    # - [Boolean] `result`: true if the token is successfully generated, false if an error occurred.
+    # - [String, nil] `token`: the generated JWT token if successful, otherwise nil.
+    # - [String, nil] `jti`: the unique JWT ID if successful, otherwise nil.
+    # - [String, nil] `errors`: description of the error if token generation failed, otherwise nil.
+    #
+    # With a block, the block is yielded with the same four elements, allowing for inline handling:
+    #
+    # Usage Examples:
+    #
+    # Without a block:
+    #   success, token, jti, error = JwtService.encode(user_id)
+    #   if success
+    #     puts "JWT generated successfully: #{token}, JTI: #{jti}"
+    #   else
+    #     puts "Error: #{error}"
+    #   end
+    #
+    # With a block:
+    #   JwtService.encode(user_id) do |success, token, jti, error|
+    #     if success
+    #       puts "JWT generated successfully: #{token}, JTI: #{jti}"
+    #     else
+    #       puts "Error: #{error}"
+    #     end
+    #   end
+    #
+    # This method provides a reliable way to generate JWTs with a standard set of claims and handles
+    # any exceptions that may occur during the encoding process.
+    def encode(user_id)
+      begin
+        payload = jwt_payload(user_id)
+        jti = payload[:jti]
+        token = JWT.encode(payload, secret_key, 'HS256')
+        result = [true, token, jti, nil]
+      rescue StandardError => e
+        result = [false, nil, nil, e.message]
+      end
+
+      if block_given?
+        yield(*result)
+      else
+        result
+      end
+    end
+
+    # Decodes a JWT token to verify its authenticity and check if it is still valid.
+    #
+    # @param token [String] The JWT token to be decoded.
+    #
+    # This method uses JWT.decode to attempt to decode the token using a predefined secret key and issuer.
+    # It handles various errors that might occur during the decoding process, such as expiration or incorrect
+    # formatting of the token. It encapsulates the results and errors into a structured array format.
+    #
+    # The method can be called with or without a block:
+    #
+    # Without a block, it returns an array with three elements:
+    # - [Boolean] `result`: true if the token is successfully decoded, false if an error occurred.
+    # - [Hash, nil] `payload`: the decoded payload of the token if successful, otherwise nil.
+    # - [String, nil] `errors`: description of the error if decoding failed, otherwise nil.
+    #
+    # With a block, the block is yielded with the same three elements, allowing for inline handling:
+    #
+    # Usage Examples:
+    #
+    # Without a block:
+    #   success, payload, error = JwtService.decode(token)
+    #   if success
+    #     puts "Decoded Payload: #{payload}"
+    #   else
+    #     puts "Error: #{error}"
+    #   end
+    #
+    # With a block:
+    #   JwtService.decode(token) do |success, payload, error|
+    #     if success
+    #       puts "Decoded Payload: #{payload}"
+    #     else
+    #       puts "Error: #{error}"
+    #     end
+    #   end
+    #
+    # This method ensures robust handling of JWTs by validating their integrity and relevance,
+    # adhering to the security settings defined by the secret_key and issuer configuration.
+    def decode(token)
+      decoded_token = JWT.decode(token, secret_key, true, decode_options).first
+      result = [true, decoded_token, nil] # result: true (success), payload: decoded_token, errors: nil
+    rescue *jwt_exceptions => e
+      result = [false, nil, e.message]
+    rescue => e
+      result = [false, nil, "Unexpected error: #{e.message}"]
+    ensure
+      if block_given?
+        yield(*result)
+      else
+        result
+      end
+    end
+
+    private
+
+    def decode_options
+      { algorithm: 'HS256', verify_iss: true, iss: issuer, verify_expiration: true }
+    end
+
+    def jwt_payload(user_id)
+      {
+        sub: user_id,
+        exp: jwt_exp,
+        nbf: Time.now.to_i,
+        iss: issuer,
+        jti: SecureRandom.hex,
+        iat: Time.now.to_i
+      }
+    end
+
+    def jwt_exceptions
+      [
+        JWT::ExpiredSignature,
+        JWT::InvalidIssuerError,
+        JWT::DecodeError,
+        JWT::VerificationError,
+        JWT::InvalidIatError
+      ]
+    end
+
+    def secret_key
+      @secret_key
+    end
+
+    def issuer
+      @issuer
+    end
+
+    def jwt_exp
+      @jwt_exp
+    end
+  end
+end

data/lib/shieldify/mailer.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Shieldify
+  class Mailer < Shieldify::Configuration.parent_mailer.constantize
+    layout 'layouts/shieldify/mailer'
+
+    default(
+      from: Shieldify::Configuration.mailer_sender,
+      reply_to: Shieldify::Configuration.reply_to
+    )
+
+    def base_mailer
+      initialize_email_resources(params)
+      
+      mail(define_headers)
+    end
+
+    private
+
+    def define_headers
+      headers = {
+        to: email_to,
+        subject: define_subject,
+        template_path: "shieldify/mailer",
+        template_name: action
+      }
+
+      headers.store(:reply_to, reply_to) if instance_variable_defined?(:@reply_to)
+      headers.store(:from, from) if instance_variable_defined?(:@from)
+      headers
+    end
+
+    def initialize_email_resources(options)
+      options.each do |key, value|
+        self.class.send(:attr_accessor, key)
+        instance_variable_set("@#{key}", value)
+      end
+    end
+
+    def define_subject
+      I18n.t("shieldify.mailer.#{action}.subject")
+    end
+  end
+end

data/lib/shieldify/middleware/authentication.rb

@@ -0,0 +1,27 @@
+module Shieldify
+  class Middleware
+    class Authentication
+      attr_reader :app
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        env['warden'].authenticate!(:email, :jwt)
+
+        status, headers, response = app.call(env)
+        headers = headers_with_token(env, headers)
+        [status, headers, response]
+      end
+
+      private
+
+      def headers_with_token(env, headers)
+        token = env["auth.jwt"]
+        headers['Authorization'] = "Bearer #{token}"
+        headers
+      end
+    end
+  end
+end

data/lib/shieldify/middleware.rb

@@ -0,0 +1,36 @@
+module Shieldify
+  class Middleware
+    attr_reader :app, :request
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @request = Rack::Request.new(env)
+
+      if should_authenticate?
+        builder = Rack::Builder.new
+        builder.use(Shieldify::Middleware::Authentication)
+        builder.run(app)
+        builder.call(env)
+      else
+        app.call(env)
+      end
+    end
+
+    private
+
+    def should_authenticate?
+      should_authenticate_by_email? || should_authenticate_by_jwt?
+    end
+
+    def should_authenticate_by_email?
+      request.path.end_with?('/shfy/login')
+    end
+
+    def should_authenticate_by_jwt?
+      request.env['HTTP_AUTHORIZATION'].present?
+    end
+  end
+end

data/lib/shieldify/model_extensions.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Shieldify
+  # This module provides extensions for models to include Shieldify functionality.
+  # It allows dynamic inclusion of modules and submodules for various authentication features.
+  #
+  # The primary purpose of this module is to simplify the process of adding authentication
+  # capabilities to models in a Rails application. By including this module,
+  # developers can easily integrate functionalities such as email-based authentication,
+  # user registration, email confirmation, and more, depending on the modules and submodules
+  # specified.
+  #
+  # This module uses ActiveSupport::Concern to extend the including model with class methods
+  # and associations necessary for managing JWT sessions and other authentication-related tasks.
+  #
+  # @example Including the module in a User model
+  #   # To use this module, include it in your model (typically a User model).
+  #   # Then, use the `shieldify` method to specify the desired modules and submodules.
+  #   # In this example, the User model is being extended with email authentication,
+  #   # and two submodules: registerable and confirmable.
+  #   class User < ApplicationRecord
+  #     include Shieldify::ModelExtensions
+  #
+  #     # The `shieldify` method is called with a hash where the key is the main module
+  #     # (:email_authenticatable) and the value is an array of submodules
+  #     # (%i[registerable confirmable]).
+  #     # This will dynamically include the corresponding modules and submodules
+  #     # from the Shieldify::Models namespace into the User model.
+  #     shieldify email_authenticatable: %i[registerable confirmable]
+  #   end
+  #
+  # @see Shieldify::ModelExtensions#shieldify
+  module ModelExtensions
+    extend ActiveSupport::Concern
+
+    class_methods do
+      # Dynamically includes modules. Accepts a hash where the keys are symbols
+      # of main modules and the values are arrays of submodules to include.
+      #
+      # @example
+      #   shieldify email_authenticatable: %i[registerable confirmable]
+      #
+      # This method is intended to be used within a user class or any other class
+      # that acts as a user.
+      #
+      # @param modules [Hash<Symbol, Array<Symbol>>] A hash where the keys are main modules and the values are arrays of submodules to include.
+      # @return [void]
+      def shieldify(modules)
+        modules.each do |parent, submodules|
+          include_parent_module(parent)
+
+          submodules.each do |submodule|
+            include_submodule(parent, submodule)
+          end
+        end
+
+        has_many :jwt_sessions, dependent: :destroy
+      end
+
+      private
+
+      # Includes the parent module based on the provided symbol
+      def include_parent_module(parent_module)
+        include "Shieldify::Models::#{parent_module.to_s.camelize}".constantize
+      end
+
+      # Includes a specific submodule within a parent module
+      def include_submodule(parent_module, submodule)
+        include "Shieldify::Models::#{parent_module.to_s.camelize}::#{submodule.to_s.camelize}".constantize
+      end
+    end
+  end
+end