branca-ruby 1.0.0 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/FUNDING.yml +13 -0
- data/.github/workflows/ruby.yml +28 -0
- data/.gitignore +0 -1
- data/.travis-libsodium.sh +8 -0
- data/.travis.yml +15 -0
- data/Gemfile +2 -0
- data/README.md +34 -4
- data/branca-ruby.gemspec +0 -3
- data/lib/branca/exceptions.rb +5 -3
- data/lib/branca/version.rb +1 -1
- data/lib/branca.rb +14 -9
- metadata +8 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: bb38a9b375ff1f3510d4f8be5d535210fa926b1852402900bfaffa78bc86954a
|
4
|
+
data.tar.gz: eb611a373fb87ac2c44c7ad98ebcfb64cf4a94d53128bb78e86d38c6553bdff8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 845eb83b9b1fdaa2fea3957cf7b930607af154e3440265fcebade68b2db40dcd0177270d7f5d5016e8d3e4446df2115448b4e8e35964f0facc85e6012cf15334
|
7
|
+
data.tar.gz: 13f6b3408237cb98b24c4489d37d5b9a9386ed8ddeb5f9cef3473ff951eb9a811b6403c0f6cf005f9d3f8667dc54bb065db95ddaf76ad6f8f04dbe9b062c8098
|
data/.github/FUNDING.yml
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
# These are supported funding model platforms
|
2
|
+
|
3
|
+
github: [thadeu] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
|
4
|
+
patreon: # Replace with a single Patreon username
|
5
|
+
open_collective: # Replace with a single Open Collective username
|
6
|
+
ko_fi: # Replace with a single Ko-fi username
|
7
|
+
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
|
8
|
+
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
|
9
|
+
liberapay: # Replace with a single Liberapay username
|
10
|
+
issuehunt: # Replace with a single IssueHunt username
|
11
|
+
otechie: # Replace with a single Otechie username
|
12
|
+
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
|
13
|
+
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
|
@@ -0,0 +1,28 @@
|
|
1
|
+
name: ci
|
2
|
+
|
3
|
+
on: [push]
|
4
|
+
|
5
|
+
permissions:
|
6
|
+
contents: read
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
rspec:
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
strategy:
|
12
|
+
matrix:
|
13
|
+
ruby-version: ['2.5', '2.6', '2.7', '3.0']
|
14
|
+
|
15
|
+
steps:
|
16
|
+
- uses: actions/checkout@v3
|
17
|
+
|
18
|
+
- name: Set up Ruby
|
19
|
+
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
20
|
+
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
21
|
+
# uses: ruby/setup-ruby@v1
|
22
|
+
uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
|
23
|
+
with:
|
24
|
+
ruby-version: ${{ matrix.ruby-version }}
|
25
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
26
|
+
|
27
|
+
- name: Run RSpec
|
28
|
+
run: bundle exec rspec --color
|
data/.gitignore
CHANGED
data/.travis.yml
ADDED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
Authenticated and encrypted API tokens using modern crypto.
|
4
4
|
|
5
|
+
[![Gem Version](https://badge.fury.io/rb/branca-ruby.svg)](https://badge.fury.io/rb/branca-ruby)
|
6
|
+
[![ci](https://github.com/thadeu/branca-ruby/actions/workflows/ruby.yml/badge.svg?branch=main)](https://github.com/thadeu/branca-ruby/actions/workflows/ruby.yml)
|
5
7
|
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE)
|
6
8
|
|
7
9
|
## What?
|
@@ -15,7 +17,7 @@ It is possible to use [Branca as an alternative to JWT](https://appelsiini.net/2
|
|
15
17
|
Add this line to your application's Gemfile, Note that you also must have [libsodium](https://download.libsodium.org/doc/) installed.
|
16
18
|
|
17
19
|
```ruby
|
18
|
-
gem 'branca-ruby', '~> 1.0.
|
20
|
+
gem 'branca-ruby', '~> 1.0.2'
|
19
21
|
```
|
20
22
|
|
21
23
|
## Configure
|
@@ -23,6 +25,8 @@ gem 'branca-ruby', '~> 1.0.0'
|
|
23
25
|
You must be configure `secret_key` and `ttl` using this.
|
24
26
|
|
25
27
|
```ruby
|
28
|
+
require 'branca'
|
29
|
+
|
26
30
|
Branca.configure do |config|
|
27
31
|
config.secret_key = 'supersecretkeyyoushouldnotcommit'.b
|
28
32
|
config.ttl = 86_400 # in seconds
|
@@ -49,7 +53,17 @@ Branca.encode(JSON.generate({ permissions: [] }))
|
|
49
53
|
# ATkzLjriA1ijbBcuZOJ1zMR0z5oVXDGDVjUWwrqJWszynAM4GLGiTwZnC6nUvtVIuavAVCMbwcsYqlYKejOI4
|
50
54
|
```
|
51
55
|
|
52
|
-
You can also pass `
|
56
|
+
You can also pass `secret_key` in runtime
|
57
|
+
|
58
|
+
```ruby
|
59
|
+
specific_secret_key = SecureRandom.bytes(32)
|
60
|
+
payload = "sensitive data"
|
61
|
+
token = Branca.encode(payload, secret_key: specific_secret_key)
|
62
|
+
```
|
63
|
+
|
64
|
+
Will generate a token using `secret_key` in runtime instead global `secret_key`.
|
65
|
+
|
66
|
+
So, you can also pass `timestamp` to encode.
|
53
67
|
|
54
68
|
```ruby
|
55
69
|
Branca.encode('with string', Time.now.utc)
|
@@ -70,8 +84,24 @@ decode.message
|
|
70
84
|
# "with string"
|
71
85
|
```
|
72
86
|
|
87
|
+
You can also pass `secret_key` or `ttl` in runtime. For example:
|
88
|
+
|
89
|
+
```ruby
|
90
|
+
specific_secret_key = SecureRandom.bytes(32)
|
91
|
+
tmp_token = "1y48BiV0jaalTYiARPdbm52IKgGEhfwq8DlP9ulKBx8LMLFrjNKe88vIGIUxsWzybIwBhmVvIam5"
|
92
|
+
token = Branca.decode(tmp_token, secret_key: specific_secret_key, ttl: 30)
|
93
|
+
```
|
94
|
+
|
95
|
+
Will decode token OR throw exception `DecodeError`
|
96
|
+
|
73
97
|
## Exceptions
|
74
98
|
|
75
|
-
Token is expired, will receive exception `Branca::ExpiredTokenError`
|
99
|
+
Token is expired, you will receive exception `Branca::ExpiredTokenError`
|
100
|
+
|
101
|
+
Invalid Version, you will receive exception `Branca::VersionError`
|
102
|
+
|
103
|
+
When handle error, you will receive exception `Branca::DecodeError`
|
104
|
+
|
105
|
+
## Contributing
|
76
106
|
|
77
|
-
|
107
|
+
We have a long list of valued contributors. Check them all at: https://github.com/thadeu/branca-ruby.
|
data/branca-ruby.gemspec
CHANGED
@@ -20,9 +20,6 @@ Gem::Specification.new do |spec|
|
|
20
20
|
end
|
21
21
|
|
22
22
|
spec.required_ruby_version = '>= 2.3.0'
|
23
|
-
|
24
|
-
spec.bindir = 'exe'
|
25
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
26
23
|
spec.require_paths = ['lib']
|
27
24
|
|
28
25
|
spec.add_dependency 'base_x', '~> 0.8.1'
|
data/lib/branca/exceptions.rb
CHANGED
@@ -1,15 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Branca
|
4
|
-
class
|
4
|
+
class Error < StandardError; end
|
5
|
+
|
6
|
+
class VersionError < Error; end
|
5
7
|
|
6
|
-
class DecodeError <
|
8
|
+
class DecodeError < Error
|
7
9
|
def to_s
|
8
10
|
"Can't decode token"
|
9
11
|
end
|
10
12
|
end
|
11
13
|
|
12
|
-
class ExpiredTokenError <
|
14
|
+
class ExpiredTokenError < Error
|
13
15
|
def to_s
|
14
16
|
'Token is expired'
|
15
17
|
end
|
data/lib/branca/version.rb
CHANGED
data/lib/branca.rb
CHANGED
@@ -8,12 +8,13 @@ require 'branca/exceptions'
|
|
8
8
|
require 'branca/decoder'
|
9
9
|
|
10
10
|
module Branca
|
11
|
-
VERSION = 0xBA
|
12
|
-
|
13
11
|
class << self
|
14
|
-
|
12
|
+
VERSION = 0xBA
|
13
|
+
|
14
|
+
attr_accessor :secret_key, :ttl
|
15
15
|
|
16
|
-
def encode(message, timestamp = Time.now.utc)
|
16
|
+
def encode(message, timestamp = Time.now.utc, secret_key: self.secret_key)
|
17
|
+
cipher = create_cipher(secret_key)
|
17
18
|
nonce = RbNaCl::Random.random_bytes(cipher.nonce_bytes)
|
18
19
|
|
19
20
|
header = [VERSION, timestamp.to_i].pack('C N') + nonce
|
@@ -23,14 +24,18 @@ module Branca
|
|
23
24
|
BaseX::Base62.encode(raw_token)
|
24
25
|
end
|
25
26
|
|
26
|
-
def decode(token)
|
27
|
+
def decode(token, ttl: self.ttl, secret_key: self.secret_key)
|
27
28
|
header, bytes = token_explode(token)
|
28
29
|
version, timestamp, nonce = header_explode(header)
|
29
30
|
|
30
31
|
raise VersionError unless version == VERSION
|
31
|
-
raise ExpiredTokenError if (timestamp +
|
32
|
+
raise ExpiredTokenError if (timestamp + ttl) < Time.now.utc.to_i
|
32
33
|
|
34
|
+
cipher = create_cipher(secret_key)
|
33
35
|
message = cipher.decrypt(nonce, bytes.pack('C*'), header.pack('C*'))
|
36
|
+
rescue RbNaCl::CryptoError
|
37
|
+
raise DecodeError
|
38
|
+
else
|
34
39
|
Decoder.new(message, Time.at(timestamp).utc)
|
35
40
|
end
|
36
41
|
|
@@ -39,7 +44,7 @@ module Branca
|
|
39
44
|
end
|
40
45
|
|
41
46
|
def secret_key
|
42
|
-
@secret_key
|
47
|
+
@secret_key&.b || RbNaCl::Random.random_bytes(32)
|
43
48
|
end
|
44
49
|
|
45
50
|
def configure
|
@@ -48,8 +53,8 @@ module Branca
|
|
48
53
|
|
49
54
|
private
|
50
55
|
|
51
|
-
def
|
52
|
-
|
56
|
+
def create_cipher(key)
|
57
|
+
RbNaCl::AEAD::XChaCha20Poly1305IETF.new(key)
|
53
58
|
end
|
54
59
|
|
55
60
|
def token_explode(token)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: branca-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thadeu Esteves
|
8
8
|
autorequire:
|
9
|
-
bindir:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-08-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: base_x
|
@@ -101,9 +101,13 @@ executables: []
|
|
101
101
|
extensions: []
|
102
102
|
extra_rdoc_files: []
|
103
103
|
files:
|
104
|
+
- ".github/FUNDING.yml"
|
105
|
+
- ".github/workflows/ruby.yml"
|
104
106
|
- ".gitignore"
|
105
107
|
- ".rspec"
|
106
108
|
- ".rubocop.yml"
|
109
|
+
- ".travis-libsodium.sh"
|
110
|
+
- ".travis.yml"
|
107
111
|
- Gemfile
|
108
112
|
- LICENSE
|
109
113
|
- README.md
|
@@ -134,8 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
134
138
|
- !ruby/object:Gem::Version
|
135
139
|
version: '0'
|
136
140
|
requirements: []
|
137
|
-
|
138
|
-
rubygems_version: 2.5.2.2
|
141
|
+
rubygems_version: 3.3.7
|
139
142
|
signing_key:
|
140
143
|
specification_version: 4
|
141
144
|
summary: Authenticated and encrypted API tokens using modern crypto
|