Module: Securial::Config::Signature

Extended by:

Signature

Included in:

Signature

Defined in:

lib/securial/config/signature.rb

Overview

Configuration schema definition and validation rules.

This module provides the complete schema for Securial’s configuration system, defining all available options, their types, validation rules, and default values. It’s used by the configuration system to validate user-provided settings.

Constant Summary

LOG_LEVELS =

Valid log levels for the logging system.

Returns:

• (Array<Symbol>) —

  Available log levels from least to most severe

%i[debug info warn error fatal unknown].freeze

SESSION_ALGORITHMS =

Supported JWT signing algorithms for session tokens.

Returns:

• (Array<Symbol>) —

  HMAC algorithms supported for JWT signing

%i[hs256 hs384 hs512].freeze

SECURITY_HEADERS =

Security header configuration options.

Returns:

• (Array<Symbol>) —

  Available security header policies

%i[strict default none].freeze

TIMESTAMP_OPTIONS =

Timestamp inclusion options for API responses.

Returns:

• (Array<Symbol>) —

  Who should see timestamps in responses

%i[all admins_only none].freeze

RESPONSE_KEYS_FORMATS =

Available key format transformations for API responses.

Returns:

• (Array<Symbol>) —

  Supported key case formats

%i[snake_case lowerCamelCase UpperCamelCase].freeze

Instance Method Summary

• #config_signature ⇒ Hash

  Returns the complete configuration schema for Securial.

• #default_config_attributes ⇒ Hash

  Extracts default values from the configuration schema.

• #general_signature ⇒ Hash private private

  General application configuration options.

• #logger_signature ⇒ Hash private private

  Logging system configuration options.

• #mailer_signature ⇒ Hash private private

  Email and notification configuration options.

• #password_signature ⇒ Hash private private

  Password policy and security configuration options.

• #response_signature ⇒ Hash private private

  API response formatting configuration options.

• #roles_signature ⇒ Hash private private

  User role and permission configuration options.

• #security_signature ⇒ Hash private private

  Security and rate limiting configuration options.

• #session_signature ⇒ Hash private private

  Session and JWT token configuration options.

Instance Method Details

#config_signature ⇒ Hash

Returns the complete configuration schema for Securial.

Combines all configuration sections into a single schema hash that defines every available configuration option, its type, validation rules, and default value.

Examples:

schema = config_signature
app_name_config = schema[:app_name]
# => { type: String, required: true, default: "Securial" }

Returns:

• (Hash) —

  Complete configuration schema with validation rules

# File 'lib/securial/config/signature.rb', line 72

def config_signature
  [
    general_signature,
    logger_signature,
    roles_signature,
    session_signature,
    mailer_signature,
    password_signature,
    response_signature,
    security_signature,
  ].reduce({}, :merge)
end

#default_config_attributes ⇒ Hash

Extracts default values from the configuration schema.

Transforms the complete configuration schema to return only the default values for each configuration option, suitable for initializing a new configuration instance.

Examples:

defaults = default_config_attributes
# => { app_name: "Securial", session_expiration_duration: 3.minutes, ... }

Returns:

• (Hash) —

  Default values for all configuration options

# File 'lib/securial/config/signature.rb', line 97

def default_config_attributes
  config_signature.transform_values do |options|
    options[:default]
  end
end

#general_signature ⇒ Hash (private)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

General application configuration options.

Returns:

• (Hash) —

  Schema for general application settings

# File 'lib/securial/config/signature.rb', line 110

def general_signature
  {
    app_name: { type: String, required: true, default: "Securial" },
  }
end

#logger_signature ⇒ Hash (private)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Logging system configuration options.

Returns:

• (Hash) —

  Schema for logging configuration

# File 'lib/securial/config/signature.rb', line 121

def logger_signature
  {
    log_to_file: { type: [TrueClass, FalseClass], required: true, default: Rails.env.test? ? false : true },
    log_file_level: { type: Symbol, required: "log_to_file", allowed_values: LOG_LEVELS, default: :debug },
    log_to_stdout: { type: [TrueClass, FalseClass], required: true, default: Rails.env.test? ? false : true },
    log_stdout_level: { type: Symbol, required: "log_to_stdout", allowed_values: LOG_LEVELS, default: :debug },
  }
end

#mailer_signature ⇒ Hash (private)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Email and notification configuration options.

Returns:

• (Hash) —

  Schema for mailer settings

# File 'lib/securial/config/signature.rb', line 160

def mailer_signature
  {
    mailer_sender: { type: String, required: true, default: "no-reply@example.com" },
    mailer_sign_up_enabled: { type: [TrueClass, FalseClass], required: true, default: true },
    mailer_sign_up_subject: { type: String, required: "mailer_sign_up_enabled", default: "SECURIAL: Welcome to Our Service" },
    mailer_sign_in_enabled: { type: [TrueClass, FalseClass], required: true, default: true },
    mailer_sign_in_subject: { type: String, required: "mailer_sign_in_enabled", default: "SECURIAL: Sign In Notification" },
    mailer_update_account_enabled: { type: [TrueClass, FalseClass], required: true, default: true },
    mailer_update_account_subject: { type: String, required: "mailer_update_account_enabled", default: "SECURIAL: Account Update Notification" },
    mailer_forgot_password_subject: { type: String, required: true, default: "SECURIAL: Password Reset Instructions" },
  }
end

#password_signature ⇒ Hash (private)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Password policy and security configuration options.

Returns:

• (Hash) —

  Schema for password management settings

# File 'lib/securial/config/signature.rb', line 178

def password_signature
  {
    password_min_length: { type: Numeric, required: true, default: 8 },
    password_max_length: { type: Numeric, required: true, default: 128 },
    password_complexity: { type: Regexp, required: true, default: Securial::Helpers::RegexHelper::PASSWORD_REGEX },
    password_expires: { type: [TrueClass, FalseClass], required: true, default: true },
    password_expires_in: { type: ActiveSupport::Duration, required: "password_expires", default: 90.days },
    reset_password_token_expires_in: { type: ActiveSupport::Duration, required: true, default: 2.hours },
    reset_password_token_secret: { type: String, required: true, default: "reset_secret" },
  }
end

#response_signature ⇒ Hash (private)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

API response formatting configuration options.

Returns:

• (Hash) —

  Schema for response formatting settings

# File 'lib/securial/config/signature.rb', line 195

def response_signature
  {
    response_keys_format: { type: Symbol, required: true, allowed_values: RESPONSE_KEYS_FORMATS, default: :snake_case },
    timestamps_in_response: { type: Symbol, required: true, allowed_values: TIMESTAMP_OPTIONS, default: :all },
  }
end

#roles_signature ⇒ Hash (private)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

User role and permission configuration options.

Returns:

• (Hash) —

  Schema for role management settings

# File 'lib/securial/config/signature.rb', line 135

def roles_signature
  {
    admin_role: { type: Symbol, required: true, default: :admin },
  }
end

#security_signature ⇒ Hash (private)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Security and rate limiting configuration options.

Returns:

• (Hash) —

  Schema for security settings

# File 'lib/securial/config/signature.rb', line 207

def security_signature
  {
    security_headers: { type: Symbol, required: true, allowed_values: SECURITY_HEADERS, default: :strict },
    rate_limiting_enabled: { type: [TrueClass, FalseClass], required: true, default: true },
    rate_limit_requests_per_minute: { type: Numeric, required: "rate_limiting_enabled", default: 60 },
    rate_limit_response_status: { type: Numeric, required: "rate_limiting_enabled", default: 429 },
    rate_limit_response_message: { type: String, required: "rate_limiting_enabled", default: "Too many requests, please try again later." },
    enable_other_profiles: { type: [TrueClass, FalseClass], required: true, default: false },
  }
end

#session_signature ⇒ Hash (private)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Session and JWT token configuration options.

Returns:

• (Hash) —

  Schema for session management settings

# File 'lib/securial/config/signature.rb', line 146

def session_signature
  {
    session_expiration_duration: { type: ActiveSupport::Duration, required: true, default: 3.minutes },
    session_secret: { type: String, required: true, default: "secret" },
    session_algorithm: { type: Symbol, required: true, allowed_values: SESSION_ALGORITHMS, default: :hs256 },
    session_refresh_token_expires_in: { type: ActiveSupport::Duration, required: true, default: 1.week },
  }
end