verify_it 0.1.0

data/lib/verify_it/storage/redis_storage.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  module Storage
+    class RedisStorage < Base
+      def initialize(redis_client)
+        @redis = redis_client
+        raise ArgumentError, "Redis client is required for RedisStorage" unless @redis
+      end
+
+      def store_code(identifier:, record:, code:, expires_at:)
+        key = build_key(identifier: identifier, record: record, suffix: "code")
+        ttl = (expires_at - Time.now).to_i
+        @redis.setex(key, ttl, code)
+      end
+
+      def fetch_code(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "code")
+        @redis.get(key)
+      end
+
+      def delete_code(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "code")
+        @redis.del(key)
+      end
+
+      def increment_attempts(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "attempts")
+        count = @redis.incr(key)
+        @redis.expire(key, VerifyIt.configuration.rate_limit_window) if count == 1
+        count
+      end
+
+      def attempts(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "attempts")
+        @redis.get(key).to_i
+      end
+
+      def reset_attempts(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "attempts")
+        @redis.del(key)
+      end
+
+      def increment_send_count(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "send_count")
+        count = @redis.incr(key)
+        @redis.expire(key, VerifyIt.configuration.rate_limit_window) if count == 1
+        count
+      end
+
+      def send_count(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "send_count")
+        @redis.get(key).to_i
+      end
+
+      def reset_send_count(identifier:, record:)
+        key = build_key(identifier: identifier, record: record, suffix: "send_count")
+        @redis.del(key)
+      end
+
+      def track_identifier_change(record:, identifier:)
+        key = build_key(identifier: "", record: record, suffix: "identifier_changes")
+        score = Time.now.to_f
+        @redis.zadd(key, score, "#{identifier}:#{score}")
+        @redis.expire(key, VerifyIt.configuration.rate_limit_window)
+
+        # Remove old entries
+        cutoff = Time.now.to_f - VerifyIt.configuration.rate_limit_window
+        @redis.zremrangebyscore(key, "-inf", cutoff)
+      end
+
+      def identifier_changes(record:)
+        key = build_key(identifier: "", record: record, suffix: "identifier_changes")
+        cutoff = Time.now.to_f - VerifyIt.configuration.rate_limit_window
+        @redis.zcount(key, cutoff, "+inf")
+      end
+
+      def cleanup(identifier:, record:)
+        pattern = build_key(identifier: identifier, record: record, suffix: "*")
+        keys = @redis.keys(pattern)
+        @redis.del(*keys) if keys.any?
+      end
+    end
+  end
+end

data/lib/verify_it/templates/initializer.rb.erb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+VerifyIt.configure do |config|
+<% if storage_type == "memory" %>
+  # Memory storage (for development/testing only)
+  config.storage = :memory
+<% elsif storage_type == "redis" %>
+  # Redis storage (recommended for production)
+  config.storage = :redis
+  config.redis_client = Redis.new(
+    url: ENV.fetch("REDIS_URL", "redis://localhost:6379/0")
+  )
+<% elsif storage_type == "database" %>
+  # Database storage (uses ActiveRecord)
+  config.storage = :database
+<% end %>
+
+  # Code settings
+  config.code_length = 6
+  config.code_ttl = 300              # 5 minutes
+  config.code_format = :numeric      # :numeric, :alphanumeric, or :alpha
+
+  # Rate limiting
+  config.max_send_attempts = 3
+  config.max_verification_attempts = 5
+  config.max_identifier_changes = 5
+  config.rate_limit_window = 3600    # 1 hour
+
+  # Delivery channels
+  config.delivery_channel = :sms     # :sms or :email
+
+  # SMS delivery (configure with your provider)
+  config.sms_sender = ->(to:, code:, context:) {
+    # Example with Twilio:
+    # twilio_client = Twilio::REST::Client.new(
+    #   ENV['TWILIO_ACCOUNT_SID'],
+    #   ENV['TWILIO_AUTH_TOKEN']
+    # )
+    # twilio_client.messages.create(
+    #   to: to,
+    #   from: ENV['TWILIO_PHONE_NUMBER'],
+    #   body: "Your verification code is: #{code}"
+    # )
+
+    # For development, just log it:
+    Rails.logger.info("SMS to #{to}: Your verification code is #{code}")
+  }
+
+  # Email delivery (configure with your mailer)
+  config.email_sender = ->(to:, code:, context:) {
+    # Example with ActionMailer:
+    # VerificationMailer.send_code(to, code, context).deliver_now
+
+    # For development, just log it:
+    Rails.logger.info("Email to #{to}: Your verification code is #{code}")
+  }
+
+  # Lifecycle callbacks (optional)
+  # config.on_send = ->(record:, identifier:, channel:) {
+  #   Rails.logger.info("Verification sent to #{identifier} via #{channel}")
+  # }
+
+  # config.on_verify_success = ->(record:, identifier:) {
+  #   Rails.logger.info("Verification successful for #{identifier}")
+  # }
+
+  # config.on_verify_failure = ->(record:, identifier:, attempts:) {
+  #   Rails.logger.warn("Verification failed for #{identifier} (#{attempts} attempts)")
+  # }
+
+  # Namespace (for multi-tenant apps)
+  # config.namespace = ->(record) {
+  #   record.respond_to?(:organization_id) ? "org:#{record.organization_id}" : nil
+  # }
+
+  # Test mode (expose codes for testing)
+  config.test_mode = Rails.env.test?
+  config.bypass_delivery = Rails.env.test?
+end

data/lib/verify_it/templates/migration.rb.erb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+class CreateVerifyItTables < ActiveRecord::Migration[7.0]
+  def change
+    create_table :verify_it_codes do |t|
+      t.string :identifier, null: false
+      t.string :record_type
+      t.integer :record_id
+      t.string :code, null: false
+      t.datetime :expires_at, null: false
+      t.timestamps
+
+      t.index [:identifier, :record_type, :record_id], name: "index_verify_it_codes_on_record"
+      t.index :expires_at
+    end
+
+    create_table :verify_it_attempts do |t|
+      t.string :identifier, null: false
+      t.string :record_type
+      t.integer :record_id
+      t.string :attempt_type, null: false # 'verification' or 'send'
+      t.integer :count, default: 0, null: false
+      t.datetime :expires_at, null: false
+      t.timestamps
+
+      t.index [:identifier, :record_type, :record_id, :attempt_type],
+              name: "index_verify_it_attempts_on_record_and_type"
+      t.index :expires_at
+    end
+
+    create_table :verify_it_identifier_changes do |t|
+      t.string :record_type
+      t.integer :record_id
+      t.string :identifier, null: false
+      t.datetime :created_at, null: false
+
+      t.index [:record_type, :record_id], name: "index_verify_it_identifier_changes_on_record"
+      t.index :created_at
+    end
+  end
+end

data/lib/verify_it/verifiable.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  module Verifiable
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def verifies(attribute, channel: :sms)
+        define_method("send_verification_code") do |context: {}|
+          identifier = send(attribute)
+          VerifyIt.send_code(
+            to: identifier,
+            record: self,
+            channel: channel,
+            context: context
+          )
+        end
+
+        define_method("verify_code") do |code|
+          identifier = send(attribute)
+          VerifyIt.verify_code(
+            to: identifier,
+            code: code,
+            record: self
+          )
+        end
+
+        define_method("cleanup_verification") do
+          identifier = send(attribute)
+          VerifyIt.cleanup(
+            to: identifier,
+            record: self
+          )
+        end
+      end
+    end
+  end
+end

data/lib/verify_it/verifier.rb

@@ -0,0 +1,174 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  class Verifier
+    attr_reader :storage, :rate_limiter
+
+    def initialize(storage:)
+      @storage = storage
+      @rate_limiter = RateLimiter.new(storage)
+    end
+
+    def send_code(to:, record:, channel: nil, context: {})
+      channel ||= VerifyIt.configuration.delivery_channel
+
+      # Check send rate limit
+      limit_check = rate_limiter.check_send_limit(identifier: to, record: record)
+      unless limit_check[:allowed]
+        return Result.new(
+          success: false,
+          error: :rate_limited,
+          message: limit_check[:reason],
+          rate_limited: true
+        )
+      end
+
+      # Check identifier change limit
+      change_limit = rate_limiter.check_identifier_change_limit(record: record)
+      unless change_limit[:allowed]
+        return Result.new(
+          success: false,
+          error: :rate_limited,
+          message: change_limit[:reason],
+          rate_limited: true
+        )
+      end
+
+      # Generate code
+      code = CodeGenerator.generate(
+        length: VerifyIt.configuration.code_length,
+        format: VerifyIt.configuration.code_format
+      )
+      expires_at = Time.now + VerifyIt.configuration.code_ttl
+
+      # Store code
+      storage.store_code(
+        identifier: to,
+        record: record,
+        code: code,
+        expires_at: expires_at
+      )
+
+      # Reset verification attempts for new code
+      storage.reset_attempts(identifier: to, record: record)
+
+      # Record send attempt
+      rate_limiter.record_send(identifier: to, record: record)
+
+      # Track identifier change if needed
+      rate_limiter.record_identifier_change(record: record, identifier: to)
+
+      # Deliver code
+      begin
+        delivery = get_delivery_adapter(channel)
+        delivery.deliver(to: to, code: code, context: context)
+      rescue StandardError => e
+        return Result.new(
+          success: false,
+          error: :delivery_failed,
+          message: "Failed to deliver verification code: #{e.message}"
+        )
+      end
+
+      # Call on_send callback if configured
+      callback = VerifyIt.configuration.on_send
+      callback&.call(record: record, identifier: to, channel: channel)
+
+      # Build result
+      result_data = {
+        success: true,
+        message: "Verification code sent successfully",
+        expires_at: expires_at
+      }
+
+      # Include code in test mode
+      result_data[:code] = code if VerifyIt.configuration.test_mode
+
+      Result.new(**result_data)
+    end
+
+    def verify_code(to:, code:, record:)
+      # Check verification rate limit
+      limit_check = rate_limiter.check_verification_limit(identifier: to, record: record)
+      unless limit_check[:allowed]
+        return Result.new(
+          success: false,
+          error: :locked,
+          message: limit_check[:reason],
+          locked: true,
+          attempts: storage.attempts(identifier: to, record: record)
+        )
+      end
+
+      # Fetch stored code
+      stored_code = storage.fetch_code(identifier: to, record: record)
+
+      unless stored_code
+        return Result.new(
+          success: false,
+          error: :code_not_found,
+          message: "No verification code found or code has expired"
+        )
+      end
+
+      # Increment attempts
+      current_attempts = rate_limiter.record_verification_attempt(identifier: to, record: record)
+
+      # Verify code
+      if stored_code == code.to_s
+        # Success - cleanup
+        storage.delete_code(identifier: to, record: record)
+        storage.reset_attempts(identifier: to, record: record)
+        storage.reset_send_count(identifier: to, record: record)
+
+        # Call success callback if configured
+        callback = VerifyIt.configuration.on_verify_success
+        callback&.call(record: record, identifier: to)
+
+        Result.new(
+          success: true,
+          message: "Verification successful",
+          verified: true,
+          attempts: current_attempts
+        )
+      else
+        # Failure
+        max_attempts = VerifyIt.configuration.max_verification_attempts
+        locked = current_attempts >= max_attempts
+
+        # Call failure callback if configured
+        callback = VerifyIt.configuration.on_verify_failure
+        callback&.call(record: record, identifier: to, attempts: current_attempts)
+
+        Result.new(
+          success: false,
+          error: :invalid_code,
+          message: locked ? "Maximum verification attempts exceeded" : "Invalid verification code",
+          attempts: current_attempts,
+          locked: locked
+        )
+      end
+    end
+
+    def cleanup(to:, record:)
+      storage.cleanup(identifier: to, record: record)
+      Result.new(
+        success: true,
+        message: "Verification data cleaned up"
+      )
+    end
+
+    private
+
+    def get_delivery_adapter(channel)
+      case channel
+      when :sms
+        Delivery::SmsDelivery.new
+      when :email
+        Delivery::EmailDelivery.new
+      else
+        raise ArgumentError, "Invalid delivery channel: #{channel}"
+      end
+    end
+  end
+end

data/lib/verify_it/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module VerifyIt
+  VERSION = "0.1.0"
+end

data/lib/verify_it.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require_relative "verify_it/version"
+require_relative "verify_it/configuration"
+require_relative "verify_it/result"
+require_relative "verify_it/code_generator"
+require_relative "verify_it/rate_limiter"
+require_relative "verify_it/storage/base"
+require_relative "verify_it/storage/memory_storage"
+require_relative "verify_it/storage/redis_storage"
+require_relative "verify_it/storage/database_storage"
+require_relative "verify_it/delivery/base"
+require_relative "verify_it/delivery/sms_delivery"
+require_relative "verify_it/delivery/email_delivery"
+require_relative "verify_it/verifier"
+
+module VerifyIt
+  class Error < StandardError; end
+  class ConfigurationError < Error; end
+  class StorageError < Error; end
+  class DeliveryError < Error; end
+
+  class << self
+    attr_writer :configuration
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+
+    def send_code(to:, record:, channel: nil, context: {})
+      verifier.send_code(to: to, record: record, channel: channel, context: context)
+    end
+
+    def verify_code(to:, code:, record:)
+      verifier.verify_code(to: to, code: code, record: record)
+    end
+
+    def cleanup(to:, record:)
+      verifier.cleanup(to: to, record: record)
+    end
+
+    def reset!
+      @configuration = Configuration.new
+      @verifier = nil
+      @storage = nil
+    end
+
+    private
+
+    def verifier
+      @verifier ||= Verifier.new(storage: storage)
+    end
+
+    def storage
+      @storage ||= build_storage
+    end
+
+    def build_storage
+      case configuration.storage
+      when :memory
+        Storage::MemoryStorage.new
+      when :redis
+        unless configuration.redis_client
+          raise ConfigurationError, "Redis client must be configured when using :redis storage"
+        end
+
+        Storage::RedisStorage.new(configuration.redis_client)
+      when :database
+        Storage::DatabaseStorage.new
+      else
+        raise ConfigurationError, "Invalid storage type: #{configuration.storage}"
+      end
+    end
+  end
+end
+
+# Load Rails integration if Rails is present
+require_relative "verify_it/railtie" if defined?(Rails)

data/sig/verify_it.rbs

@@ -0,0 +1,4 @@
+module VerifyIt
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end