branca-ruby 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +28 -0
- data/.gitignore +0 -1
- data/.travis.yml +1 -1
- data/Gemfile +2 -0
- data/README.md +33 -5
- data/branca-ruby.gemspec +0 -3
- data/lib/branca/version.rb +1 -1
- data/lib/branca.rb +10 -5
- metadata +8 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b6008ca4fddab057ac61a6182d54fe929ffef0f1007cd85cb2ca783f848487e7
|
4
|
+
data.tar.gz: 2d9e5726a85bf9f3c942420c1e0c03abbff3c703c2a931db2a0b617ef2199efe
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7dc856d37376efd217e5ef37acb3ddada82f6fcf0a0140ed59b6b57dc77094fd43c40d85ee6ce5bddd8766944e91278eb15deb92624424d3e91b38dffa2693ed
|
7
|
+
data.tar.gz: 356d90d5e2203ad66b86260d28e7808874e43386e69fc87315dd9d23c4c92be53d9c7158f0c9ca7d46dcb848031b0fefaa40e729174c8cf1fe79345559342cb2
|
@@ -0,0 +1,28 @@
|
|
1
|
+
name: ci
|
2
|
+
|
3
|
+
on: [push]
|
4
|
+
|
5
|
+
permissions:
|
6
|
+
contents: read
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
rspec:
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
strategy:
|
12
|
+
matrix:
|
13
|
+
ruby-version: ['2.5', '2.6', '2.7', '3.0']
|
14
|
+
|
15
|
+
steps:
|
16
|
+
- uses: actions/checkout@v3
|
17
|
+
|
18
|
+
- name: Set up Ruby
|
19
|
+
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
20
|
+
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
21
|
+
# uses: ruby/setup-ruby@v1
|
22
|
+
uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
|
23
|
+
with:
|
24
|
+
ruby-version: ${{ matrix.ruby-version }}
|
25
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
26
|
+
|
27
|
+
- name: Run RSpec
|
28
|
+
run: bundle exec rspec --color
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
Authenticated and encrypted API tokens using modern crypto.
|
4
4
|
|
5
5
|
[![Gem Version](https://badge.fury.io/rb/branca-ruby.svg)](https://badge.fury.io/rb/branca-ruby)
|
6
|
-
[![
|
6
|
+
[![ci](https://github.com/thadeu/branca-ruby/actions/workflows/ruby.yml/badge.svg?branch=main)](https://github.com/thadeu/branca-ruby/actions/workflows/ruby.yml)
|
7
7
|
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE)
|
8
8
|
|
9
9
|
## What?
|
@@ -17,7 +17,7 @@ It is possible to use [Branca as an alternative to JWT](https://appelsiini.net/2
|
|
17
17
|
Add this line to your application's Gemfile, Note that you also must have [libsodium](https://download.libsodium.org/doc/) installed.
|
18
18
|
|
19
19
|
```ruby
|
20
|
-
gem 'branca-ruby', '~> 1.0.
|
20
|
+
gem 'branca-ruby', '~> 1.0.2'
|
21
21
|
```
|
22
22
|
|
23
23
|
## Configure
|
@@ -25,6 +25,8 @@ gem 'branca-ruby', '~> 1.0.0'
|
|
25
25
|
You must be configure `secret_key` and `ttl` using this.
|
26
26
|
|
27
27
|
```ruby
|
28
|
+
require 'branca'
|
29
|
+
|
28
30
|
Branca.configure do |config|
|
29
31
|
config.secret_key = 'supersecretkeyyoushouldnotcommit'.b
|
30
32
|
config.ttl = 86_400 # in seconds
|
@@ -51,7 +53,17 @@ Branca.encode(JSON.generate({ permissions: [] }))
|
|
51
53
|
# ATkzLjriA1ijbBcuZOJ1zMR0z5oVXDGDVjUWwrqJWszynAM4GLGiTwZnC6nUvtVIuavAVCMbwcsYqlYKejOI4
|
52
54
|
```
|
53
55
|
|
54
|
-
You can also pass `
|
56
|
+
You can also pass `secret_key` in runtime
|
57
|
+
|
58
|
+
```ruby
|
59
|
+
specific_secret_key = SecureRandom.bytes(32)
|
60
|
+
payload = "sensitive data"
|
61
|
+
token = Branca.encode(payload, secret_key: specific_secret_key)
|
62
|
+
```
|
63
|
+
|
64
|
+
Will generate a token using `secret_key` in runtime instead global `secret_key`.
|
65
|
+
|
66
|
+
So, you can also pass `timestamp` to encode.
|
55
67
|
|
56
68
|
```ruby
|
57
69
|
Branca.encode('with string', Time.now.utc)
|
@@ -72,8 +84,24 @@ decode.message
|
|
72
84
|
# "with string"
|
73
85
|
```
|
74
86
|
|
87
|
+
You can also pass `secret_key` or `ttl` in runtime. For example:
|
88
|
+
|
89
|
+
```ruby
|
90
|
+
specific_secret_key = SecureRandom.bytes(32)
|
91
|
+
tmp_token = "1y48BiV0jaalTYiARPdbm52IKgGEhfwq8DlP9ulKBx8LMLFrjNKe88vIGIUxsWzybIwBhmVvIam5"
|
92
|
+
token = Branca.decode(tmp_token, secret_key: specific_secret_key, ttl: 30)
|
93
|
+
```
|
94
|
+
|
95
|
+
Will decode token OR throw exception `DecodeError`
|
96
|
+
|
75
97
|
## Exceptions
|
76
98
|
|
77
|
-
Token is expired, will receive exception `Branca::ExpiredTokenError`
|
99
|
+
Token is expired, you will receive exception `Branca::ExpiredTokenError`
|
100
|
+
|
101
|
+
Invalid Version, you will receive exception `Branca::VersionError`
|
102
|
+
|
103
|
+
When handle error, you will receive exception `Branca::DecodeError`
|
104
|
+
|
105
|
+
## Contributing
|
78
106
|
|
79
|
-
|
107
|
+
We have a long list of valued contributors. Check them all at: https://github.com/thadeu/branca-ruby.
|
data/branca-ruby.gemspec
CHANGED
@@ -20,9 +20,6 @@ Gem::Specification.new do |spec|
|
|
20
20
|
end
|
21
21
|
|
22
22
|
spec.required_ruby_version = '>= 2.3.0'
|
23
|
-
|
24
|
-
spec.bindir = 'exe'
|
25
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
26
23
|
spec.require_paths = ['lib']
|
27
24
|
|
28
25
|
spec.add_dependency 'base_x', '~> 0.8.1'
|
data/lib/branca/version.rb
CHANGED
data/lib/branca.rb
CHANGED
@@ -13,7 +13,8 @@ module Branca
|
|
13
13
|
|
14
14
|
attr_accessor :secret_key, :ttl
|
15
15
|
|
16
|
-
def encode(message, timestamp = Time.now.utc)
|
16
|
+
def encode(message, timestamp = Time.now.utc, secret_key: self.secret_key)
|
17
|
+
cipher = create_cipher(secret_key)
|
17
18
|
nonce = RbNaCl::Random.random_bytes(cipher.nonce_bytes)
|
18
19
|
|
19
20
|
header = [VERSION, timestamp.to_i].pack('C N') + nonce
|
@@ -23,14 +24,18 @@ module Branca
|
|
23
24
|
BaseX::Base62.encode(raw_token)
|
24
25
|
end
|
25
26
|
|
26
|
-
def decode(token)
|
27
|
+
def decode(token, ttl: self.ttl, secret_key: self.secret_key)
|
27
28
|
header, bytes = token_explode(token)
|
28
29
|
version, timestamp, nonce = header_explode(header)
|
29
30
|
|
30
31
|
raise VersionError unless version == VERSION
|
31
|
-
raise ExpiredTokenError if (timestamp +
|
32
|
+
raise ExpiredTokenError if (timestamp + ttl) < Time.now.utc.to_i
|
32
33
|
|
34
|
+
cipher = create_cipher(secret_key)
|
33
35
|
message = cipher.decrypt(nonce, bytes.pack('C*'), header.pack('C*'))
|
36
|
+
rescue RbNaCl::CryptoError
|
37
|
+
raise DecodeError
|
38
|
+
else
|
34
39
|
Decoder.new(message, Time.at(timestamp).utc)
|
35
40
|
end
|
36
41
|
|
@@ -48,8 +53,8 @@ module Branca
|
|
48
53
|
|
49
54
|
private
|
50
55
|
|
51
|
-
def
|
52
|
-
|
56
|
+
def create_cipher(key)
|
57
|
+
RbNaCl::AEAD::XChaCha20Poly1305IETF.new(key)
|
53
58
|
end
|
54
59
|
|
55
60
|
def token_explode(token)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: branca-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thadeu Esteves
|
8
|
-
autorequire:
|
9
|
-
bindir:
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: base_x
|
@@ -101,6 +101,7 @@ executables: []
|
|
101
101
|
extensions: []
|
102
102
|
extra_rdoc_files: []
|
103
103
|
files:
|
104
|
+
- ".github/workflows/ruby.yml"
|
104
105
|
- ".gitignore"
|
105
106
|
- ".rspec"
|
106
107
|
- ".rubocop.yml"
|
@@ -121,7 +122,7 @@ homepage: https://github.com/thadeu/branca-ruby
|
|
121
122
|
licenses:
|
122
123
|
- MIT
|
123
124
|
metadata: {}
|
124
|
-
post_install_message:
|
125
|
+
post_install_message:
|
125
126
|
rdoc_options: []
|
126
127
|
require_paths:
|
127
128
|
- lib
|
@@ -136,8 +137,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
136
137
|
- !ruby/object:Gem::Version
|
137
138
|
version: '0'
|
138
139
|
requirements: []
|
139
|
-
rubygems_version: 3.
|
140
|
-
signing_key:
|
140
|
+
rubygems_version: 3.1.2
|
141
|
+
signing_key:
|
141
142
|
specification_version: 4
|
142
143
|
summary: Authenticated and encrypted API tokens using modern crypto
|
143
144
|
test_files: []
|