standard_id 0.1.0

data/lib/standard_id/web/session_manager.rb

@@ -0,0 +1,71 @@
+module StandardId
+  module Web
+    class SessionManager
+      attr_reader :token_manager, :request, :session, :cookies
+
+      def initialize(token_manager, request:, session:, cookies:)
+        @token_manager = token_manager
+        @request = request
+        @session = session
+        @cookies = cookies
+      end
+
+      def current_session
+        Current.session ||= load_current_session
+      end
+
+      def current_account
+        Current.account ||= current_session&.account
+      end
+
+      def sign_in_account(account)
+        token_manager.create_browser_session(account).tap do |browser_session|
+          session[:session_token] = browser_session.token
+          Current.session = browser_session
+        end
+      end
+
+      def revoke_current_session!
+        current_session&.revoke!
+        clear_session!
+      end
+
+      def set_remember_cookie(password_credential)
+        cookies[:remember_token] = token_manager.create_remember_token(password_credential)
+      end
+
+      def clear_session!
+        # TODO: make token key names configurable
+        session.delete(:session_token)
+        cookies.delete(:remember_token)
+
+        Current.session = nil
+      end
+
+      private
+
+      def load_current_session
+        Current.session ||= load_session_from_session_token
+        Current.session ||= load_session_from_remember_token
+
+        clear_session! if Current.session.blank? || Current.session.expired? || Current.session.revoked?
+
+        Current.session
+      end
+
+      def load_session_from_session_token
+        StandardId::BrowserSession.eager_load(:account).by_token(session[:session_token]).first
+      end
+
+      def load_session_from_remember_token
+        password_credential = StandardId::PasswordCredential.find_by_token_for(:remember_me, cookies[:remember_token])
+        return if password_credential.blank?
+
+        token_manager.create_browser_session(password_credential.account, remember_me: true).tap do |browser_session|
+          session[:session_token] = browser_session.token
+          cookies[:remember_token] = token_manager.create_remember_token(password_credential)
+        end
+      end
+    end
+  end
+end

data/lib/standard_id/web/token_manager.rb

@@ -0,0 +1,30 @@
+module StandardId
+  module Web
+    class TokenManager
+      attr_reader :request
+
+      def initialize(request)
+        @request = request
+      end
+
+      def create_browser_session(account)
+        StandardId::BrowserSession.create!(
+          account: account,
+          ip_address: request.remote_ip,
+          user_agent: request.user_agent,
+          expires_at: 24.hours.from_now # TODO: make configurable
+        )
+      end
+
+      def create_remember_token(password_credential)
+        {
+          value: password_credential.generate_token_for(:remember_me),
+          expires: 30.days.from_now, # TODO: make configurable
+          httponly: true,
+          secure: request.ssl?,
+          same_site: :lax
+        }
+      end
+    end
+  end
+end

data/lib/standard_id/web_engine.rb

@@ -0,0 +1,7 @@
+module StandardId
+  class WebEngine < ::Rails::Engine
+    isolate_namespace StandardId
+
+    paths["config/routes.rb"] = "config/routes/web.rb"
+  end
+end

data/lib/standard_id.rb

@@ -0,0 +1,49 @@
+require "standard_id/version"
+require "standard_id/engine"
+require "standard_id/web_engine"
+require "standard_id/api_engine"
+require "standard_id/config"
+require "standard_id/errors"
+require "standard_id/jwt_service"
+require "standard_id/web/session_manager"
+require "standard_id/web/token_manager"
+require "standard_id/web/authentication_guard"
+require "standard_id/api/session_manager"
+require "standard_id/api/token_manager"
+require "standard_id/api/authentication_guard"
+require "standard_id/oauth/base_request_flow"
+require "standard_id/oauth/token_grant_flow"
+require "standard_id/oauth/client_credentials_flow"
+require "standard_id/oauth/authorization_code_flow"
+require "standard_id/oauth/password_flow"
+require "standard_id/oauth/refresh_token_flow"
+require "standard_id/oauth/authorization_flow"
+require "standard_id/oauth/authorization_code_authorization_flow"
+require "standard_id/oauth/implicit_authorization_flow"
+require "standard_id/oauth/subflows/base"
+require "standard_id/oauth/subflows/traditional_code_grant"
+require "standard_id/oauth/subflows/social_login_grant"
+require "standard_id/oauth/passwordless_otp_flow"
+require "standard_id/passwordless/base_strategy"
+require "standard_id/passwordless/email_strategy"
+require "standard_id/passwordless/sms_strategy"
+
+module StandardId
+  class << self
+    def configure
+      yield config
+    end
+
+    def config
+      @config ||= StandardId::Config.new
+    end
+
+    def cache_store
+      @cache_store ||= config.cache_store || Rails.cache
+    end
+
+    def logger
+      @logger ||= config.logger || Rails.logger
+    end
+  end
+end

data/lib/tasks/standard_id_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :standard_id do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,186 @@
+--- !ruby/object:Gem::Specification
+name: standard_id
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Jaryl Sim
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+description: StandardId is an authentication engine that provides a complete, secure-by-default
+  solution for identity management, reducing boilerplate and eliminating common security
+  pitfalls.
+email:
+- code@jaryl.dev
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/stylesheets/standard_id/application.css
+- app/controllers/concerns/standard_id/api_authentication.rb
+- app/controllers/concerns/standard_id/web_authentication.rb
+- app/controllers/standard_id/api/authorization_controller.rb
+- app/controllers/standard_id/api/base_controller.rb
+- app/controllers/standard_id/api/oauth/base_controller.rb
+- app/controllers/standard_id/api/oauth/tokens_controller.rb
+- app/controllers/standard_id/api/oidc/logout_controller.rb
+- app/controllers/standard_id/api/passwordless_controller.rb
+- app/controllers/standard_id/api/providers_controller.rb
+- app/controllers/standard_id/api/userinfo_controller.rb
+- app/controllers/standard_id/web/account_controller.rb
+- app/controllers/standard_id/web/auth/callback/providers_controller.rb
+- app/controllers/standard_id/web/base_controller.rb
+- app/controllers/standard_id/web/login_controller.rb
+- app/controllers/standard_id/web/logout_controller.rb
+- app/controllers/standard_id/web/reset_password/confirm_controller.rb
+- app/controllers/standard_id/web/reset_password/start_controller.rb
+- app/controllers/standard_id/web/sessions_controller.rb
+- app/controllers/standard_id/web/signup_controller.rb
+- app/forms/standard_id/web/reset_password_confirm_form.rb
+- app/forms/standard_id/web/reset_password_start_form.rb
+- app/forms/standard_id/web/signup_form.rb
+- app/helpers/standard_id/application_helper.rb
+- app/jobs/standard_id/application_job.rb
+- app/mailers/standard_id/application_mailer.rb
+- app/models/concerns/standard_id/account_associations.rb
+- app/models/concerns/standard_id/credentiable.rb
+- app/models/standard_id/application_record.rb
+- app/models/standard_id/authorization_code.rb
+- app/models/standard_id/browser_session.rb
+- app/models/standard_id/client_application.rb
+- app/models/standard_id/client_secret_credential.rb
+- app/models/standard_id/credential.rb
+- app/models/standard_id/device_session.rb
+- app/models/standard_id/email_identifier.rb
+- app/models/standard_id/identifier.rb
+- app/models/standard_id/password_credential.rb
+- app/models/standard_id/passwordless_challenge.rb
+- app/models/standard_id/phone_number_identifier.rb
+- app/models/standard_id/service_session.rb
+- app/models/standard_id/session.rb
+- app/models/standard_id/username_identifier.rb
+- app/views/standard_id/web/account/edit.html.erb
+- app/views/standard_id/web/account/show.html.erb
+- app/views/standard_id/web/login/show.html.erb
+- app/views/standard_id/web/reset_password/confirm/show.html.erb
+- app/views/standard_id/web/reset_password/start/show.html.erb
+- app/views/standard_id/web/sessions/index.html.erb
+- app/views/standard_id/web/signup/show.html.erb
+- config/initializers/generators.rb
+- config/initializers/migration_helpers.rb
+- config/routes/api.rb
+- config/routes/web.rb
+- db/migrate/20250830000000_create_standard_id_client_applications.rb
+- db/migrate/20250830171553_create_standard_id_password_credentials.rb
+- db/migrate/20250830232800_create_standard_id_identifiers.rb
+- db/migrate/20250831075703_create_standard_id_credentials.rb
+- db/migrate/20250831154635_create_standard_id_sessions.rb
+- db/migrate/20250901134520_create_standard_id_client_secret_credentials.rb
+- db/migrate/20250903063000_create_standard_id_authorization_codes.rb
+- db/migrate/20250903135906_create_standard_id_passwordless_challenges.rb
+- lib/generators/standard_id/install/install_generator.rb
+- lib/generators/standard_id/install/templates/standard_id.rb
+- lib/standard_id.rb
+- lib/standard_id/api/authentication_guard.rb
+- lib/standard_id/api/session_manager.rb
+- lib/standard_id/api/token_manager.rb
+- lib/standard_id/api_engine.rb
+- lib/standard_id/config.rb
+- lib/standard_id/engine.rb
+- lib/standard_id/errors.rb
+- lib/standard_id/jwt_service.rb
+- lib/standard_id/oauth/authorization_code_authorization_flow.rb
+- lib/standard_id/oauth/authorization_code_flow.rb
+- lib/standard_id/oauth/authorization_flow.rb
+- lib/standard_id/oauth/base_request_flow.rb
+- lib/standard_id/oauth/client_credentials_flow.rb
+- lib/standard_id/oauth/implicit_authorization_flow.rb
+- lib/standard_id/oauth/password_flow.rb
+- lib/standard_id/oauth/passwordless_otp_flow.rb
+- lib/standard_id/oauth/refresh_token_flow.rb
+- lib/standard_id/oauth/subflows/base.rb
+- lib/standard_id/oauth/subflows/social_login_grant.rb
+- lib/standard_id/oauth/subflows/traditional_code_grant.rb
+- lib/standard_id/oauth/token_grant_flow.rb
+- lib/standard_id/passwordless/base_strategy.rb
+- lib/standard_id/passwordless/email_strategy.rb
+- lib/standard_id/passwordless/sms_strategy.rb
+- lib/standard_id/version.rb
+- lib/standard_id/web/authentication_guard.rb
+- lib/standard_id/web/session_manager.rb
+- lib/standard_id/web/token_manager.rb
+- lib/standard_id/web_engine.rb
+- lib/tasks/standard_id_tasks.rake
+homepage: https://github.com/rarebit-one/standard_id
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/rarebit-one/standard_id
+  source_code_uri: https://github.com/rarebit-one/standard_id
+  changelog_uri: https://github.com/rarebit-one/standard_id/blob/main/CHANGELOG.md
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.7
+specification_version: 4
+summary: A comprehensive authentication engine for Rails, built on the security primitives
+  introduced in Rails 7/8.
+test_files: []