verify_it 0.1.0

data/lib/verify_it/rate_limiter.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  class RateLimiter
+    def initialize(storage)
+      @storage = storage
+    end
+
+    def check_send_limit(identifier:, record:)
+      current_count = @storage.send_count(identifier: identifier, record: record)
+      max_attempts = VerifyIt.configuration.max_send_attempts
+
+      if current_count >= max_attempts
+        {
+          allowed: false,
+          reason: "Maximum send attempts (#{max_attempts}) exceeded within rate limit window"
+        }
+      else
+        { allowed: true }
+      end
+    end
+
+    def check_verification_limit(identifier:, record:)
+      current_attempts = @storage.attempts(identifier: identifier, record: record)
+      max_attempts = VerifyIt.configuration.max_verification_attempts
+
+      if current_attempts >= max_attempts
+        {
+          allowed: false,
+          locked: true,
+          reason: "Maximum verification attempts (#{max_attempts}) exceeded"
+        }
+      else
+        { allowed: true }
+      end
+    end
+
+    def check_identifier_change_limit(record:)
+      changes = @storage.identifier_changes(record: record)
+      max_changes = VerifyIt.configuration.max_identifier_changes
+
+      if changes >= max_changes
+        {
+          allowed: false,
+          reason: "Maximum identifier changes (#{max_changes}) exceeded within rate limit window"
+        }
+      else
+        { allowed: true }
+      end
+    end
+
+    def record_send(identifier:, record:)
+      @storage.increment_send_count(identifier: identifier, record: record)
+    end
+
+    def record_verification_attempt(identifier:, record:)
+      @storage.increment_attempts(identifier: identifier, record: record)
+    end
+
+    def record_identifier_change(record:, identifier:)
+      @storage.track_identifier_change(record: record, identifier: identifier)
+    end
+
+    def reset_verification_attempts(identifier:, record:)
+      @storage.reset_attempts(identifier: identifier, record: record)
+    end
+  end
+end

data/lib/verify_it/result.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  class Result
+    attr_reader :error, :message, :code, :expires_at, :attempts
+
+    def initialize(success:, error: nil, message: nil, code: nil, expires_at: nil, attempts: 0,
+                   rate_limited: false, locked: false, verified: false)
+      @success = success
+      @error = error
+      @message = message
+      @code = code
+      @expires_at = expires_at
+      @attempts = attempts
+      @rate_limited = rate_limited
+      @locked = locked
+      @verified = verified
+    end
+
+    def success?
+      @success
+    end
+
+    def rate_limited?
+      @rate_limited
+    end
+
+    def locked?
+      @locked
+    end
+
+    def verified?
+      @verified
+    end
+  end
+end

data/lib/verify_it/storage/base.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  module Storage
+    class Base
+      def store_code(identifier:, record:, code:, expires_at:)
+        raise NotImplementedError
+      end
+
+      def fetch_code(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      def delete_code(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      def increment_attempts(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      def attempts(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      def reset_attempts(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      def increment_send_count(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      def send_count(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      def reset_send_count(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      def track_identifier_change(record:, identifier:)
+        raise NotImplementedError
+      end
+
+      def identifier_changes(record:)
+        raise NotImplementedError
+      end
+
+      def cleanup(identifier:, record:)
+        raise NotImplementedError
+      end
+
+      protected
+
+      def build_key(identifier:, record:, suffix:)
+        namespace = VerifyIt.configuration.namespace
+        ns = namespace.respond_to?(:call) ? namespace.call(record) : nil
+
+        parts = []
+        parts << ns if ns
+        parts << record.class.name if record
+        parts << record.id if record.respond_to?(:id)
+        parts << identifier
+        parts << suffix
+
+        parts.join(":")
+      end
+    end
+  end
+end

data/lib/verify_it/storage/database_storage.rb

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  module Storage
+    class DatabaseStorage < Base
+      def initialize
+        # Verify ActiveRecord is available
+        unless defined?(::ActiveRecord)
+          raise StandardError, "ActiveRecord is required for DatabaseStorage"
+        end
+
+        # Load models only when needed
+        require_relative "models/code"
+        require_relative "models/attempt"
+        require_relative "models/identifier_change"
+      end
+
+      def store_code(identifier:, record:, code:, expires_at:)
+        attrs = {
+          identifier: identifier.to_s,
+          code: code,
+          expires_at: expires_at
+        }
+
+        if record
+          attrs[:record_type] = record.class.name
+          attrs[:record_id] = record.id
+        end
+
+        # Find existing or create new
+        existing = find_code(identifier: identifier, record: record)
+        if existing
+          existing.update!(attrs)
+        else
+          Models::Code.create!(attrs)
+        end
+      end
+
+      def fetch_code(identifier:, record:)
+        code_record = find_code(identifier: identifier, record: record)
+        return nil unless code_record
+        return nil if code_record.expired?
+
+        code_record.code
+      end
+
+      def delete_code(identifier:, record:)
+        code_record = find_code(identifier: identifier, record: record)
+        code_record&.destroy
+      end
+
+      def increment_attempts(identifier:, record:)
+        increment_attempt_count(
+          identifier: identifier,
+          record: record,
+          attempt_type: "verification"
+        )
+      end
+
+      def attempts(identifier:, record:)
+        get_attempt_count(
+          identifier: identifier,
+          record: record,
+          attempt_type: "verification"
+        )
+      end
+
+      def reset_attempts(identifier:, record:)
+        reset_attempt_count(
+          identifier: identifier,
+          record: record,
+          attempt_type: "verification"
+        )
+      end
+
+      def increment_send_count(identifier:, record:)
+        increment_attempt_count(
+          identifier: identifier,
+          record: record,
+          attempt_type: "send"
+        )
+      end
+
+      def send_count(identifier:, record:)
+        get_attempt_count(
+          identifier: identifier,
+          record: record,
+          attempt_type: "send"
+        )
+      end
+
+      def reset_send_count(identifier:, record:)
+        reset_attempt_count(
+          identifier: identifier,
+          record: record,
+          attempt_type: "send"
+        )
+      end
+
+      def track_identifier_change(record:, identifier:)
+        attrs = {
+          identifier: identifier.to_s,
+          created_at: Time.now
+        }
+
+        if record
+          attrs[:record_type] = record.class.name
+          attrs[:record_id] = record.id
+        end
+
+        Models::IdentifierChange.create!(attrs)
+
+        # Cleanup old changes outside the rate limit window
+        cleanup_old_identifier_changes(record: record)
+      end
+
+      def identifier_changes(record:)
+        return 0 unless record
+
+        window = VerifyIt.configuration.rate_limit_window
+        Models::IdentifierChange
+          .for_record(record)
+          .recent(window)
+          .count
+      end
+
+      def cleanup(identifier:, record:)
+        # Delete codes
+        scope = Models::Code.for_identifier(identifier)
+        scope = scope.for_record(record) if record
+        scope.delete_all
+
+        # Delete attempts
+        scope = Models::Attempt.for_identifier(identifier)
+        scope = scope.for_record(record) if record
+        scope.delete_all
+      end
+
+      private
+
+      def find_code(identifier:, record:)
+        scope = Models::Code.for_identifier(identifier)
+        scope = scope.for_record(record) if record
+        scope.first
+      end
+
+      def find_attempt(identifier:, record:, attempt_type:)
+        scope = Models::Attempt
+          .for_identifier(identifier)
+          .where(attempt_type: attempt_type)
+
+        scope = scope.for_record(record) if record
+        scope.first
+      end
+
+      def increment_attempt_count(identifier:, record:, attempt_type:)
+        attempt = find_attempt(
+          identifier: identifier,
+          record: record,
+          attempt_type: attempt_type
+        )
+
+        window = VerifyIt.configuration.rate_limit_window
+        expires_at = Time.now + window
+
+        if attempt.nil? || attempt.expired?
+          # Create new attempt record
+          attrs = {
+            identifier: identifier.to_s,
+            attempt_type: attempt_type,
+            count: 1,
+            expires_at: expires_at
+          }
+
+          if record
+            attrs[:record_type] = record.class.name
+            attrs[:record_id] = record.id
+          end
+
+          # Delete old expired attempt if exists
+          attempt&.destroy
+
+          Models::Attempt.create!(attrs)
+          1
+        else
+          # Increment existing
+          attempt.increment!(:count)
+          attempt.count
+        end
+      end
+
+      def get_attempt_count(identifier:, record:, attempt_type:)
+        attempt = find_attempt(
+          identifier: identifier,
+          record: record,
+          attempt_type: attempt_type
+        )
+
+        return 0 unless attempt
+        return 0 if attempt.expired?
+
+        attempt.count
+      end
+
+      def reset_attempt_count(identifier:, record:, attempt_type:)
+        attempt = find_attempt(
+          identifier: identifier,
+          record: record,
+          attempt_type: attempt_type
+        )
+
+        attempt&.destroy
+      end
+
+      def cleanup_old_identifier_changes(record:)
+        return unless record
+
+        window = VerifyIt.configuration.rate_limit_window
+        Models::IdentifierChange
+          .for_record(record)
+          .cleanup_old(window)
+      end
+    end
+  end
+end

data/lib/verify_it/storage/memory_storage.rb

@@ -0,0 +1,136 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/time"
+
+module VerifyIt
+  module Storage
+    class MemoryStorage < Base
+      def initialize
+        @data = {}
+        @mutex = Mutex.new
+      end
+
+      def store_code(identifier:, record:, code:, expires_at:)
+        key = build_key(identifier: identifier, record: record, suffix: "code")
+        @mutex.synchronize do
+          @data[key] = { code: code, expires_at: expires_at }
+        end
+      end
+
+      def fetch_code(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "code")
+        @mutex.synchronize do
+          data = @data[key]
+          return nil unless data
+          return nil if data[:expires_at] < Time.now
+
+          data[:code]
+        end
+      end
+
+      def delete_code(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "code")
+        @mutex.synchronize do
+          @data.delete(key)
+        end
+      end
+
+      def increment_attempts(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "attempts")
+        @mutex.synchronize do
+          @data[key] ||= { count: 0, expires_at: Time.now + VerifyIt.configuration.rate_limit_window }
+          if @data[key][:expires_at] < Time.now
+            @data[key] = { count: 1, expires_at: Time.now + VerifyIt.configuration.rate_limit_window }
+          else
+            @data[key][:count] += 1
+          end
+          @data[key][:count]
+        end
+      end
+
+      def attempts(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "attempts")
+        @mutex.synchronize do
+          data = @data[key]
+          return 0 unless data
+          return 0 if data[:expires_at] < Time.now
+
+          data[:count]
+        end
+      end
+
+      def reset_attempts(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "attempts")
+        @mutex.synchronize do
+          @data.delete(key)
+        end
+      end
+
+      def increment_send_count(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "send_count")
+        @mutex.synchronize do
+          @data[key] ||= { count: 0, expires_at: Time.now + VerifyIt.configuration.rate_limit_window }
+          if @data[key][:expires_at] < Time.now
+            @data[key] = { count: 1, expires_at: Time.now + VerifyIt.configuration.rate_limit_window }
+          else
+            @data[key][:count] += 1
+          end
+          @data[key][:count]
+        end
+      end
+
+      def send_count(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "send_count")
+        @mutex.synchronize do
+          data = @data[key]
+          return 0 unless data
+          return 0 if data[:expires_at] < Time.now
+
+          data[:count]
+        end
+      end
+
+      def reset_send_count(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "send_count")
+        @mutex.synchronize do
+          @data.delete(key)
+        end
+      end
+
+      def track_identifier_change(record:, identifier:)
+        key = build_key(identifier: "", record: record, suffix: "identifier_changes")
+        @mutex.synchronize do
+          @data[key] ||= []
+          @data[key] << { identifier: identifier, timestamp: Time.now }
+          # Keep only changes within the rate limit window
+          cutoff = Time.now - VerifyIt.configuration.rate_limit_window
+          @data[key].select! { |change| change[:timestamp] > cutoff }
+        end
+      end
+
+      def identifier_changes(record:)
+        key = build_key(identifier: "", record: record, suffix: "identifier_changes")
+        @mutex.synchronize do
+          changes = @data[key] || []
+          cutoff = Time.now - VerifyIt.configuration.rate_limit_window
+          changes.select { |change| change[:timestamp] > cutoff }.count
+        end
+      end
+
+      def cleanup(identifier:, record:)
+        @mutex.synchronize do
+          keys_to_delete = @data.keys.select do |key|
+            key.include?(identifier.to_s) && (record.nil? || key.include?(record.class.name))
+          end
+          keys_to_delete.each { |key| @data.delete(key) }
+        end
+      end
+
+      def clear_all
+        @mutex.synchronize do
+          @data.clear
+        end
+      end
+    end
+  end
+end

data/lib/verify_it/storage/models/attempt.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  module Storage
+    module Models
+      class Attempt < ::ActiveRecord::Base
+        self.table_name = "verify_it_attempts"
+
+        validates :identifier, presence: true
+        validates :attempt_type, presence: true, inclusion: { in: %w[verification send] }
+        validates :count, presence: true, numericality: { only_integer: true, greater_than_or_equal_to: 0 }
+        validates :expires_at, presence: true
+
+        scope :active, -> { where("expires_at > ?", Time.now) }
+        scope :expired, -> { where("expires_at <= ?", Time.now) }
+        scope :for_identifier, ->(identifier) { where(identifier: identifier) }
+        scope :for_record, ->(record) do
+          where(record_type: record.class.name, record_id: record.id)
+        end
+        scope :verification_type, -> { where(attempt_type: "verification") }
+        scope :send_type, -> { where(attempt_type: "send") }
+
+        def expired?
+          expires_at <= Time.now
+        end
+
+        def self.cleanup_expired
+          expired.delete_all
+        end
+      end
+    end
+  end
+end

data/lib/verify_it/storage/models/code.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  module Storage
+    module Models
+      class Code < ::ActiveRecord::Base
+        self.table_name = "verify_it_codes"
+
+        validates :identifier, presence: true
+        validates :code, presence: true
+        validates :expires_at, presence: true
+
+        scope :active, -> { where("expires_at > ?", Time.now) }
+        scope :expired, -> { where("expires_at <= ?", Time.now) }
+        scope :for_identifier, ->(identifier) { where(identifier: identifier) }
+        scope :for_record, ->(record) do
+          where(record_type: record.class.name, record_id: record.id)
+        end
+
+        def expired?
+          expires_at <= Time.now
+        end
+
+        def self.cleanup_expired
+          expired.delete_all
+        end
+      end
+    end
+  end
+end

data/lib/verify_it/storage/models/identifier_change.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  module Storage
+    module Models
+      class IdentifierChange < ::ActiveRecord::Base
+        self.table_name = "verify_it_identifier_changes"
+
+        validates :identifier, presence: true
+        validates :created_at, presence: true
+
+        scope :for_record, ->(record) do
+          where(record_type: record.class.name, record_id: record.id)
+        end
+        scope :recent, ->(window) { where("created_at > ?", Time.now - window) }
+
+        def self.cleanup_old(window)
+          where("created_at <= ?", Time.now - window).delete_all
+        end
+      end
+    end
+  end
+end