branca-ruby 1.0.0 → 1.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ed83738a4d8fa5af4ce11072867964581233d64b
-  data.tar.gz: 3bd9e2a9a4ec544199ff8fc4b412e5a8aee1c168
+SHA256:
+  metadata.gz: bb38a9b375ff1f3510d4f8be5d535210fa926b1852402900bfaffa78bc86954a
+  data.tar.gz: eb611a373fb87ac2c44c7ad98ebcfb64cf4a94d53128bb78e86d38c6553bdff8
 SHA512:
-  metadata.gz: 57467de90627d3d71cf6c44678a73eff888ab63d8af956d3e8349c62f3370a4f4aefa5328df416ed99a579beae383ad1ca88a5136d57d0b5007513ea11f967bf
-  data.tar.gz: fad2dd6948928afea94699b963500585fe7d95ee2a59cb08dcd77cca3e30d1a5a85a4e19c8c5c8c58d6880c5e11b5e5c1a86cf46a3ca392df92f89b3907e522e
+  metadata.gz: 845eb83b9b1fdaa2fea3957cf7b930607af154e3440265fcebade68b2db40dcd0177270d7f5d5016e8d3e4446df2115448b4e8e35964f0facc85e6012cf15334
+  data.tar.gz: 13f6b3408237cb98b24c4489d37d5b9a9386ed8ddeb5f9cef3473ff951eb9a811b6403c0f6cf005f9d3f8667dc54bb065db95ddaf76ad6f8f04dbe9b062c8098

data/.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: [thadeu] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

data/.github/workflows/ruby.yml

@@ -0,0 +1,28 @@
+name: ci
+
+on: [push]
+
+permissions:
+  contents: read
+
+jobs:
+  rspec:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.5', '2.6', '2.7', '3.0']
+
+    steps:
+    - uses: actions/checkout@v3
+      
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+        
+    - name: Run RSpec
+      run: bundle exec rspec --color

data/.gitignore

@@ -12,7 +12,6 @@
 .rspec_status
 
 /.idea/
-.ruby-version
 .byebug_history
 .DS_store
 *.gem

data/.travis-libsodium.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -ex
+
+wget https://download.libsodium.org/libsodium/releases/libsodium-1.0.18.tar.gz
+tar -xzvf libsodium-1.0.18.tar.gz
+cd libsodium-1.0.18
+./configure --prefix=/usr
+make && make install

data/.travis.yml

@@ -0,0 +1,15 @@
+sudo: true
+language: ruby
+
+rvm:
+  - 2.5.8
+
+cache: 
+  directories:
+    - $HOME/libsodium
+
+before_install:
+  - sudo ./.travis-libsodium.sh
+  - gem install bundler -v '< 2'
+
+script: "bundle exec rspec --color"

data/Gemfile

@@ -5,4 +5,6 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in branca.gemspec
 gemspec
 
+ruby '>= 2.5.8'
+
 gem "byebug", "~> 10.0", :group => :test

data/README.md

@@ -2,6 +2,8 @@
 
 Authenticated and encrypted API tokens using modern crypto.
 
+[![Gem Version](https://badge.fury.io/rb/branca-ruby.svg)](https://badge.fury.io/rb/branca-ruby)
+[![ci](https://github.com/thadeu/branca-ruby/actions/workflows/ruby.yml/badge.svg?branch=main)](https://github.com/thadeu/branca-ruby/actions/workflows/ruby.yml)
 [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE)
 
 ## What?
@@ -15,7 +17,7 @@ It is possible to use [Branca as an alternative to JWT](https://appelsiini.net/2
 Add this line to your application's Gemfile, Note that you also must have [libsodium](https://download.libsodium.org/doc/) installed.
 
 ```ruby
-gem 'branca-ruby', '~> 1.0.0'
+gem 'branca-ruby', '~> 1.0.2'
 ```
 
 ## Configure
@@ -23,6 +25,8 @@ gem 'branca-ruby', '~> 1.0.0'
 You must be configure `secret_key` and `ttl` using this.
 
 ```ruby
+require 'branca'
+
 Branca.configure do |config|
   config.secret_key = 'supersecretkeyyoushouldnotcommit'.b
   config.ttl = 86_400 # in seconds
@@ -49,7 +53,17 @@ Branca.encode(JSON.generate({ permissions: [] }))
 # ATkzLjriA1ijbBcuZOJ1zMR0z5oVXDGDVjUWwrqJWszynAM4GLGiTwZnC6nUvtVIuavAVCMbwcsYqlYKejOI4
 ```
 
-You can also pass `timestamp` to encode
+You can also pass `secret_key` in runtime
+
+```ruby
+specific_secret_key = SecureRandom.bytes(32)
+payload = "sensitive data"
+token = Branca.encode(payload, secret_key: specific_secret_key)
+```
+
+Will generate a token using `secret_key` in runtime instead global `secret_key`.
+
+So, you can also pass `timestamp` to encode.
 
 ```ruby
 Branca.encode('with string', Time.now.utc)
@@ -70,8 +84,24 @@ decode.message
 # "with string"
 ```
 
+You can also pass `secret_key` or `ttl` in runtime. For example:
+
+```ruby
+specific_secret_key = SecureRandom.bytes(32)
+tmp_token = "1y48BiV0jaalTYiARPdbm52IKgGEhfwq8DlP9ulKBx8LMLFrjNKe88vIGIUxsWzybIwBhmVvIam5"
+token = Branca.decode(tmp_token, secret_key: specific_secret_key, ttl: 30)
+```
+
+Will decode token OR throw exception `DecodeError`
+
 ## Exceptions
 
-Token is expired, will receive exception `Branca::ExpiredTokenError`
+Token is expired, you will receive exception `Branca::ExpiredTokenError`
+
+Invalid Version, you will receive exception `Branca::VersionError`
+
+When handle error, you will receive exception `Branca::DecodeError`
+
+## Contributing
 
-Invalid Version, will receive exception `Branca::VersionError`
+We have a long list of valued contributors. Check them all at: https://github.com/thadeu/branca-ruby.

data/branca-ruby.gemspec

@@ -20,9 +20,6 @@ Gem::Specification.new do |spec|
   end
 
   spec.required_ruby_version = '>= 2.3.0'
-
-  spec.bindir        = 'exe'
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
   spec.add_dependency 'base_x', '~> 0.8.1'

data/lib/branca/exceptions.rb

@@ -1,15 +1,17 @@
 # frozen_string_literal: true
 
 module Branca
-  class VersionError < StandardError; end
+  class Error < StandardError; end
+  
+  class VersionError < Error; end
 
-  class DecodeError < StandardError
+  class DecodeError < Error
     def to_s
       "Can't decode token"
     end
   end
 
-  class ExpiredTokenError < StandardError
+  class ExpiredTokenError < Error
     def to_s
       'Token is expired'
     end

data/lib/branca/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Branca
-  VERSION = '1.0.0'
+  VERSION = '1.0.3'
 end

data/lib/branca.rb

@@ -8,12 +8,13 @@ require 'branca/exceptions'
 require 'branca/decoder'
 
 module Branca
-  VERSION = 0xBA
-
   class << self
-    attr_writer :secret_key, :ttl
+    VERSION = 0xBA
+
+    attr_accessor :secret_key, :ttl
 
-    def encode(message, timestamp = Time.now.utc)
+    def encode(message, timestamp = Time.now.utc, secret_key: self.secret_key)
+      cipher = create_cipher(secret_key)
       nonce = RbNaCl::Random.random_bytes(cipher.nonce_bytes)
 
       header = [VERSION, timestamp.to_i].pack('C N') + nonce
@@ -23,14 +24,18 @@ module Branca
       BaseX::Base62.encode(raw_token)
     end
 
-    def decode(token)
+    def decode(token, ttl: self.ttl, secret_key: self.secret_key)
       header, bytes = token_explode(token)
       version, timestamp, nonce = header_explode(header)
 
       raise VersionError unless version == VERSION
-      raise ExpiredTokenError if (timestamp + Branca.ttl) < Time.now.utc.to_i
+      raise ExpiredTokenError if (timestamp + ttl) < Time.now.utc.to_i
 
+      cipher = create_cipher(secret_key)
       message = cipher.decrypt(nonce, bytes.pack('C*'), header.pack('C*'))
+    rescue RbNaCl::CryptoError
+      raise DecodeError
+    else
       Decoder.new(message, Time.at(timestamp).utc)
     end
 
@@ -39,7 +44,7 @@ module Branca
     end
 
     def secret_key
-      @secret_key ||= RbNaCl::Random.random_bytes(32)
+      @secret_key&.b || RbNaCl::Random.random_bytes(32)
     end
 
     def configure
@@ -48,8 +53,8 @@ module Branca
 
     private
 
-    def cipher
-      @cipher ||= RbNaCl::AEAD::XChaCha20Poly1305IETF.new(Branca.secret_key&.b)
+    def create_cipher(key)
+      RbNaCl::AEAD::XChaCha20Poly1305IETF.new(key)
     end
 
     def token_explode(token)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: branca-ruby
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.3
 platform: ruby
 authors:
 - Thadeu Esteves
 autorequire:
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2020-10-27 00:00:00.000000000 Z
+date: 2022-08-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base_x
@@ -101,9 +101,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".travis-libsodium.sh"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -134,8 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.5.2.2
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Authenticated and encrypted API tokens using modern crypto