lib/fernet.rb
require 'fernet/errors'
require 'fernet/version'
require 'fernet/bit_packing'
require 'fernet/encryption'
require 'fernet/token'
require 'fernet/generator'
require 'fernet/verifier'
require 'fernet/secret'
require 'fernet/configuration'
Fernet::Configuration.run
module Fernet
# Public: generates a fernet token
#
# secret - a base64 encoded, 32 byte string
# message - the message being secured in plain text
#
# Examples
#
# secret = ...
# token = Fernet.generate(secret, 'my secrets')
#
# Returns the fernet token as a string
def self.generate(secret, message = '', opts = {})
# OpenSSL::Cipher loses all encoding informaion upon decoding ciphertext
# and everything comes out as ASCII. To prevent that, let's just explicitly
# convert input value to UTF-8 so we can assume the decrypted value will
# also be unicode. This is not exactly a wonderful solution, but it's
# better than just returning ASCII with mangled unicode bytes in it.
message = message.encode(Encoding::UTF_8) if message
Generator.new(opts.merge({secret: secret, message: message})).
generate
end
# Public: verifies a fernet token
#
# secret - the secret used to generate the token
# token - the token to verify as a string
# opts - an optional hash containing
# * enforce_ttl - whether to enforce TTL in this verification
# * ttl - number of seconds token is valid
#
# Both enforce_ttl and ttl can be configured globally via Configuration
#
# Raises Fernet::Token::InvalidToken if token is invalid and message
# is attempted to be extracted
#
# Examples
#
# secret = ...
# token = ...
# verifier = Fernet.verifier(secret, old_token, enforce_ttl: false)
# if verifier.valid?
# verifier.message # original message in plain text
# end
#
# verifier = Fernet.verifier(secret, old_token)
# if verifier.valid?
# verifier.message
# else
# verifier.errors
# # => { issued_timestamp: "is too far in the past: token expired" }
# verifier.error_messages
# # => ["issued_timestamp is too far in the past: token expired"]
# end
#
# verifier = Fernet.verifier(secret, old_token)
# verifier.message
# # => raises Fernet::Token::InvalidToken if token too old or invalid
#
# Returns a verifier object, which responds to `#valid?` and `#message`
def self.verifier(secret, token, opts = {})
Verifier.new(opts.merge({secret: secret, token: token}))
end
end