Sign upLogin

fernet/fernet-rb

View on GitHub
Star
lib/fernet.rb

Summary

Maintainability
A
0 mins
Test Coverage
require 'fernet/errors'
require 'fernet/version'
require 'fernet/bit_packing'
require 'fernet/encryption'
require 'fernet/token'
require 'fernet/generator'
require 'fernet/verifier'
require 'fernet/secret'
require 'fernet/configuration'

Fernet::Configuration.run

module Fernet
  # Public: generates a fernet token
  #
  # secret  - a base64 encoded, 32 byte string
  # message - the message being secured in plain text
  #
  # Examples
  #
  #   secret = ...
  #   token = Fernet.generate(secret, 'my secrets')
  #
  # Returns the fernet token as a string
  def self.generate(secret, message = '', opts = {})
    # OpenSSL::Cipher loses all encoding informaion upon decoding ciphertext
    # and everything comes out as ASCII. To prevent that, let's just explicitly
    # convert input value to UTF-8 so we can assume the decrypted value will
    # also be unicode.  This is not exactly a wonderful solution, but it's
    # better than just returning ASCII with mangled unicode bytes in it.
    message = message.encode(Encoding::UTF_8) if message

    Generator.new(opts.merge({secret: secret, message: message})).
      generate
  end

  # Public: verifies a fernet token
  #
  # secret - the secret used to generate the token
  # token  - the token to verify as a string
  # opts   - an optional hash containing
  # * enforce_ttl - whether to enforce TTL in this verification
  # * ttl         - number of seconds token is valid
  #
  # Both enforce_ttl and ttl can be configured globally via Configuration
  #
  # Raises Fernet::Token::InvalidToken if token is invalid and message
  #   is attempted to be extracted
  #
  # Examples
  #
  #   secret = ...
  #   token = ...
  #   verifier = Fernet.verifier(secret, old_token, enforce_ttl: false)
  #   if verifier.valid?
  #     verifier.message # original message in plain text
  #   end
  #
  #   verifier = Fernet.verifier(secret, old_token)
  #   if verifier.valid?
  #     verifier.message
  #   else
  #     verifier.errors
  #     # => { issued_timestamp: "is too far in the past: token expired" }
  #     verifier.error_messages
  #     # => ["issued_timestamp is too far in the past: token expired"]
  #   end
  #
  #   verifier = Fernet.verifier(secret, old_token)
  #   verifier.message
  #   # => raises Fernet::Token::InvalidToken if token too old or invalid
  #
  # Returns a verifier object, which responds to `#valid?` and `#message`
  def self.verifier(secret, token, opts = {})
    Verifier.new(opts.merge({secret: secret, token: token}))
  end
end