Project

rodauth-tools

0.0
No release in over 3 years
rodauth-toolsdelano/rodauth-toolsHomepageDocumentationSource CodeBug Tracker
A collection of framework-agnostic tools and utilities for Rodauth, including database migration helpers, table inspection, and possibly... less (this is an active development area, experimental stuff that may come and go).
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
4,110
Stars
1
Forks
0
Watchers
1
 Releases
Current version
0.3.1
Total releases
2
First release
1980-01-02
Latest release
1980-01-02
 Issues
Open Issues
3
Closed Issues
10
Total Issues
13
Issue Closure Rate
76%
 Pull Requests
Open Pull Requests
2
Closed Pull Requests
1
Merged Pull Requests
50
Pull Request Acceptance Rate
94%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2025-12-04
Reverse Dependencies
0

 Dependencies

Runtime

dry-inflector
~> 1.1
rodauth
~> 2.41
sequel
~> 5.0
 Project Readme

Rodauth::Tools

Framework-agnostic utilities for Rodauth authentication. Provides external Rodauth features and Sequel migration generators.

Quick Start

# 1. Add table_guard to catch missing tables at startup
class RodauthApp < Roda
  plugin :rodauth do
    enable :login, :logout
    enable :table_guard  # ← Validates tables exist

    # Production: fail fast if tables missing
    table_guard_mode :raise
  end
end

# 2. Run your app - catches problems immediately!
# => Rodauth::ConfigurationError: Missing required database tables!
#    - accounts (feature: base)
#    - account_password_hashes (feature: base)

Overview

Rodauth::Tools provides utilities that work with any Rodauth setup, regardless of framework:

  1. External Rodauth Features - Like table_guard for validating database table setup, external_identity for tracking external IDs, and secret guards.
  2. Sequel Migration Generator - Generate Rodauth database migrations for 19 features.

This is NOT a framework adapter. It is a collection of tools extracted from framework integrations to be used in any Rodauth environment. For specific framework integration, use:

Installation

Add this line to your application's Gemfile:

gem 'rodauth-tools'

And then execute:

bundle install

Or install it yourself as:

gem install rodauth-tools

Features

1. Table Guard Feature

Validates that required database tables exist for enabled Rodauth features.

class RodauthApp < Roda
  plugin :rodauth do
    enable :login, :logout, :otp
    enable :table_guard  # ← Add this

    table_guard_mode :raise  # or :warn, :error, :halt, :silent
  end
end

Modes:

  • :silent / :skip / nil - Disable validation (debug log only)
  • :warn - Log warning message and continue execution
  • :error - Print distinctive message to error log but continue execution
  • :raise - Log error and raise Rodauth::ConfigurationError (recommended for production)
  • :halt / :exit - Log error and exit the process immediately
  • Block - Custom handler (see docs)

Introspection:

rodauth = MyApp.rodauth

# List all required tables
rodauth.list_all_required_tables
# => [:accounts, :account_password_hashes, :account_otp_keys, ...]

# Check status of each table
rodauth.table_status
# => [{method: :accounts_table, table: :accounts, exists: true}, ...]

# Get missing tables
rodauth.missing_tables
# => [{method: :otp_keys_table, table: :account_otp_keys}, ...]

Documentation: docs/features/table-guard.md

2. External Identity Feature

Store external service identifiers in your accounts table with automatic helper methods.

class RodauthApp < Roda
  plugin :rodauth do
    enable :external_identity

    # Declare columns (names used as-is)
    external_identity_column :stripe_customer_id
    external_identity_column :redis_uuid
    external_identity_column :elasticsearch_doc_id

    # Configuration
    external_identity_check_columns :autocreate  # Generate migration code
  end
end

# Usage - helper methods match column names
rodauth.stripe_customer_id   # => "cus_abc123"
rodauth.redis_uuid           # => "550e8400-e29b-41d4-..."
rodauth.elasticsearch_doc_id # => "doc_789xyz"

Key Features:

  • Declarative column configuration
  • Automatic helper method generation
  • Auto-inclusion in account_select
  • Column existence validation with migration code generation
  • Introspection API for debugging

Common Use Cases:

  • Payment integration (Stripe customer IDs)
  • Session management (Redis keys)
  • Search indexing (Elasticsearch document IDs)
  • Federated authentication (Auth0 user IDs)

Documentation: docs/features/external-identity.md

3. HMAC Secret Guard Feature

Automatically configure and validate HMAC secrets at application startup to prevent deployment errors.

class RodauthApp < Roda
  plugin :rodauth do
    enable :hmac_secret_guard

    # Production: Raises error if HMAC_SECRET missing
    # Development: Uses fallback secret with warning
  end
end

Key Features:

  • Automatic loading from HMAC_SECRET environment variable
  • Production mode: Raises ConfigurationError if secret missing
  • Development mode: Logs warning and uses fallback
  • Deletes secret from ENV after loading (security)
  • Configurable production detection and error messages

Documentation: docs/features/hmac-secret-guard.md

4. JWT Secret Guard Feature

Automatically configure and validate JWT secrets at application startup to prevent deployment errors.

class RodauthApp < Roda
  plugin :rodauth do
    enable :jwt_secret_guard

    # Production: Raises error if JWT_SECRET missing
    # Development: Uses fallback secret with warning
  end
end

Key Features:

  • Automatic loading from JWT_SECRET environment variable
  • Production mode: Raises ConfigurationError if secret missing
  • Development mode: Logs warning and uses fallback
  • Deletes secret from ENV after loading (security)
  • Defines jwt_secret method for standalone use (no JWT feature required)

Documentation: docs/features/jwt-secret-guard.md

5. Sequel Migration Generator

Generate database migrations for Rodauth features.

require "rodauth/tools"

generator = Rodauth::Tools::Migration.new(
  features: [:base, :verify_account, :otp],
  prefix: "account"  # table prefix (default: "account")
)

# Get migration content
puts generator.generate

# Get Rodauth configuration
puts generator.configuration
# => {
#   accounts_table: :accounts,
#   verify_account_table: :account_verification_keys,
#   otp_keys_table: :account_otp_keys
# }

Supported Features (19 total):

  • base - Core accounts table
  • remember - Remember me functionality
  • verify_account - Account verification
  • verify_login_change - Login change verification
  • reset_password - Password reset
  • email_auth - Passwordless email authentication
  • otp - TOTP multifactor authentication
  • otp_unlock - OTP unlock
  • sms_codes - SMS codes
  • recovery_codes - Backup recovery codes
  • webauthn - WebAuthn keys
  • lockout - Account lockouts
  • active_sessions - Session management
  • account_expiration - Account expiration
  • password_expiration - Password expiration
  • single_session - Single session per account
  • audit_logging - Authentication audit logs
  • disallow_password_reuse - Password history
  • jwt_refresh - JWT refresh tokens

Console

Interactive console for testing:

bin/console

Example session:

db = setup_test_db
app = create_app(db, features: [:login, :otp])
rodauth = app.rodauth

rodauth.list_all_required_tables
rodauth.table_status
rodauth.missing_tables

Development

# Run tests
bundle exec rspec

# Run console
bin/console

Architecture

                    ┌─────────────────────────┐
                    │        Rodauth          │  ← the real work
                    │  (jeremyevans/rodauth)  │
                    └───────────┬─────────────┘
                                │
        ┌───────────────────────┼───────────────────────┐
        │                       │                       │
        ▼                       ▼                       ▼
  rodauth-rails          rodauth-tools            your own
  (janko)                (this gem)               features
        │                       │
        │               ┌───────┴───────┐
        │               │               │
        │            features      migrations
        │               │               │
        │          table_guard     sequel templates (based on rodauth-rails)
        │          external_identity
        │          *_secret_guard
        │
        └───────────────┬───────────────┘
                        │
                        ▼
                  Your Rack app

Rodauth Feature Architecture:

Rodauth Features are modules that mix into Rodauth::Auth instances at runtime. They use lifecycle hooks like post_configure for initialization and auth_value_method for user-overridable settings. See docs/rodauth-features-api.md for a DSL reference.

Documentation

Related Projects

AI Development Assistance

Version 0.3.0's features were developed with AI assistance:

  • Zed Agent (Claude Sonnet 4) - Core feature implementation: Secret Guards, Table Guard, and Migrations
  • Gemini 3 Pro - Release readiness assessment
  • GitHub Copilot - Code completion

The maintainer remains responsible for all security decisions and implementation. We believe in transparency about development tools, especially for security-focused software.

Acknowledgments

This project originated as an effort to bring some of the excellent developer experience of rodauth-rails to non-Rails environments. It started as a rack adapter (rodauth-rack) but was eventually distilled into this collection of framework-agnostic tools.

  • Migration Templates: Heavily borrowed from rodauth-rails by Janko Marohnić.
  • Inspiration: The rodauth-rails project demonstrated how much easier Rodauth configuration could be with the right tooling.

License

MIT License