lockbox 0.3.6 → 0.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +20 -4
- data/lib/lockbox.rb +3 -0
- data/lib/lockbox/active_storage_extensions.rb +3 -3
- data/lib/lockbox/carrier_wave_extensions.rb +31 -12
- data/lib/lockbox/log_subscriber.rb +21 -0
- data/lib/lockbox/utils.rb +28 -19
- data/lib/lockbox/version.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 72291291d3b8ac532d4c309bde141febf41d40b5228ce4d4b2541248702fe08d
|
|
4
|
+
data.tar.gz: d184e486e64cf5f0ecc882cf453fa76b18ce69b03f34d93335da7b1f70c12a01
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4badf3561effc1d381ae5ddfcdd3ce64a5bfb70e586c140df4795a392d36e5440a3d3930921f14732b349c2f93246a6f4ddfbe62ef508c2a2ad503b5f52d28f8
|
|
7
|
+
data.tar.gz: 12e48eab11c6f1aefc7a1ea8656e8d1e0cdceebe54147e573e1beb13f635149d99a5bfea0402595a8a6d53403bb498b2f404bb3a70a684908bc87decbd39c365
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -316,19 +316,35 @@ To serve encrypted files, use a controller action.
|
|
|
316
316
|
```ruby
|
|
317
317
|
def license
|
|
318
318
|
user = User.find(params[:id])
|
|
319
|
-
send_data
|
|
319
|
+
send_data lockbox.decrypt(user.license.read), type: user.license.mime_type
|
|
320
320
|
end
|
|
321
321
|
```
|
|
322
322
|
|
|
323
323
|
## Local Files
|
|
324
324
|
|
|
325
|
-
|
|
325
|
+
Generate a key
|
|
326
|
+
|
|
327
|
+
```ruby
|
|
328
|
+
key = Lockbox.generate_key
|
|
329
|
+
```
|
|
330
|
+
|
|
331
|
+
Create a lockbox
|
|
332
|
+
|
|
333
|
+
```ruby
|
|
334
|
+
lockbox = Lockbox.new(key: key)
|
|
335
|
+
```
|
|
336
|
+
|
|
337
|
+
Encrypt
|
|
326
338
|
|
|
327
339
|
```ruby
|
|
328
|
-
|
|
340
|
+
ciphertext = lockbox.encrypt(File.binread("file.txt"))
|
|
329
341
|
```
|
|
330
342
|
|
|
331
|
-
|
|
343
|
+
Decrypt
|
|
344
|
+
|
|
345
|
+
```ruby
|
|
346
|
+
lockbox.decrypt(ciphertext)
|
|
347
|
+
```
|
|
332
348
|
|
|
333
349
|
## Strings
|
|
334
350
|
|
data/lib/lockbox.rb
CHANGED
|
@@ -19,6 +19,9 @@ require "lockbox/carrier_wave_extensions" if defined?(CarrierWave)
|
|
|
19
19
|
require "lockbox/railtie" if defined?(Rails)
|
|
20
20
|
|
|
21
21
|
if defined?(ActiveSupport)
|
|
22
|
+
require "lockbox/log_subscriber"
|
|
23
|
+
Lockbox::LogSubscriber.attach_to :lockbox
|
|
24
|
+
|
|
22
25
|
ActiveSupport.on_load(:active_record) do
|
|
23
26
|
extend Lockbox::Model
|
|
24
27
|
extend Lockbox::Model::Attached
|
|
@@ -95,7 +95,7 @@ module Lockbox
|
|
|
95
95
|
|
|
96
96
|
options = Utils.encrypted_options(record, name)
|
|
97
97
|
if options
|
|
98
|
-
result = Utils.
|
|
98
|
+
result = Utils.decrypt_result(record, name, options, result)
|
|
99
99
|
end
|
|
100
100
|
|
|
101
101
|
result
|
|
@@ -106,13 +106,13 @@ module Lockbox
|
|
|
106
106
|
blob.open(**options) do |file|
|
|
107
107
|
options = Utils.encrypted_options(record, name)
|
|
108
108
|
if options
|
|
109
|
-
result = file.read
|
|
109
|
+
result = Utils.decrypt_result(record, name, options, file.read)
|
|
110
110
|
file.rewind
|
|
111
111
|
# truncate may not be available on all platforms
|
|
112
112
|
# according to the Ruby docs
|
|
113
113
|
# may need to create a new temp file instead
|
|
114
114
|
file.truncate(0)
|
|
115
|
-
file.write(
|
|
115
|
+
file.write(result)
|
|
116
116
|
file.rewind
|
|
117
117
|
end
|
|
118
118
|
|
|
@@ -5,13 +5,13 @@ module Lockbox
|
|
|
5
5
|
before :cache, :encrypt
|
|
6
6
|
|
|
7
7
|
def encrypt(file)
|
|
8
|
-
@file = CarrierWave::SanitizedFile.new(lockbox.encrypt_io(file))
|
|
8
|
+
@file = CarrierWave::SanitizedFile.new(with_notification("encrypt_file") { lockbox.encrypt_io(file) })
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
# TODO safe to memoize?
|
|
12
12
|
def read
|
|
13
13
|
r = super
|
|
14
|
-
lockbox.decrypt(r) if r
|
|
14
|
+
with_notification("decrypt_file") { lockbox.decrypt(r) } if r
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def size
|
|
@@ -40,20 +40,39 @@ module Lockbox
|
|
|
40
40
|
define_method :lockbox do
|
|
41
41
|
@lockbox ||= begin
|
|
42
42
|
table = model ? model.class.table_name : "_uploader"
|
|
43
|
-
attribute =
|
|
44
|
-
if mounted_as
|
|
45
|
-
mounted_as.to_s
|
|
46
|
-
else
|
|
47
|
-
uploader = self
|
|
48
|
-
while uploader.parent_version
|
|
49
|
-
uploader = uploader.parent_version
|
|
50
|
-
end
|
|
51
|
-
uploader.class.name.sub(/Uploader\z/, "").underscore
|
|
52
|
-
end
|
|
43
|
+
attribute = lockbox_name
|
|
53
44
|
|
|
54
45
|
Utils.build_box(self, options, table, attribute)
|
|
55
46
|
end
|
|
56
47
|
end
|
|
48
|
+
|
|
49
|
+
def lockbox_name
|
|
50
|
+
if mounted_as
|
|
51
|
+
mounted_as.to_s
|
|
52
|
+
else
|
|
53
|
+
uploader = self
|
|
54
|
+
while uploader.parent_version
|
|
55
|
+
uploader = uploader.parent_version
|
|
56
|
+
end
|
|
57
|
+
uploader.class.name.sub(/Uploader\z/, "").underscore
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def with_notification(type)
|
|
62
|
+
if defined?(ActiveSupport::Notifications)
|
|
63
|
+
name = lockbox_name
|
|
64
|
+
|
|
65
|
+
# get version
|
|
66
|
+
version, _ = parent_version && parent_version.versions.find { |k, v| v == self }
|
|
67
|
+
name = "#{name} #{version} version" if version
|
|
68
|
+
|
|
69
|
+
ActiveSupport::Notifications.instrument("#{type}.lockbox", {name: name}) do
|
|
70
|
+
yield
|
|
71
|
+
end
|
|
72
|
+
else
|
|
73
|
+
yield
|
|
74
|
+
end
|
|
75
|
+
end
|
|
57
76
|
end
|
|
58
77
|
end
|
|
59
78
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Lockbox
|
|
2
|
+
class LogSubscriber < ActiveSupport::LogSubscriber
|
|
3
|
+
def encrypt_file(event)
|
|
4
|
+
return unless logger.debug?
|
|
5
|
+
|
|
6
|
+
payload = event.payload
|
|
7
|
+
name = "Encrypt File (#{event.duration.round(1)}ms)"
|
|
8
|
+
|
|
9
|
+
debug " #{color(name, YELLOW, true)} Encrypted #{payload[:name]}"
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def decrypt_file(event)
|
|
13
|
+
return unless logger.debug?
|
|
14
|
+
|
|
15
|
+
payload = event.payload
|
|
16
|
+
name = "Decrypt File (#{event.duration.round(1)}ms)"
|
|
17
|
+
|
|
18
|
+
debug " #{color(name, YELLOW, true)} Decrypted #{payload[:name]}"
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
data/lib/lockbox/utils.rb
CHANGED
|
@@ -47,27 +47,30 @@ module Lockbox
|
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def self.encrypt_attachable(record, name, attachable)
|
|
50
|
-
options = encrypted_options(record, name)
|
|
51
|
-
box = build_box(record, options, record.class.table_name, name)
|
|
52
50
|
io = nil
|
|
53
51
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
52
|
+
ActiveSupport::Notifications.instrument("encrypt_file.lockbox", {name: name}) do
|
|
53
|
+
options = encrypted_options(record, name)
|
|
54
|
+
box = build_box(record, options, record.class.table_name, name)
|
|
55
|
+
|
|
56
|
+
case attachable
|
|
57
|
+
when ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile
|
|
58
|
+
io = attachable
|
|
59
|
+
attachable = {
|
|
60
|
+
io: box.encrypt_io(io),
|
|
61
|
+
filename: attachable.original_filename,
|
|
62
|
+
content_type: attachable.content_type
|
|
63
|
+
}
|
|
64
|
+
when Hash
|
|
65
|
+
io = attachable[:io]
|
|
66
|
+
attachable = {
|
|
67
|
+
io: box.encrypt_io(io),
|
|
68
|
+
filename: attachable[:filename],
|
|
69
|
+
content_type: attachable[:content_type]
|
|
70
|
+
}
|
|
71
|
+
else
|
|
72
|
+
raise NotImplementedError, "Not supported"
|
|
73
|
+
end
|
|
71
74
|
end
|
|
72
75
|
|
|
73
76
|
# set content type based on unencrypted data
|
|
@@ -76,5 +79,11 @@ module Lockbox
|
|
|
76
79
|
|
|
77
80
|
attachable
|
|
78
81
|
end
|
|
82
|
+
|
|
83
|
+
def self.decrypt_result(record, name, options, result)
|
|
84
|
+
ActiveSupport::Notifications.instrument("decrypt_file.lockbox", {name: name}) do
|
|
85
|
+
Utils.build_box(record, options, record.class.table_name, name).decrypt(result)
|
|
86
|
+
end
|
|
87
|
+
end
|
|
79
88
|
end
|
|
80
89
|
end
|
data/lib/lockbox/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lockbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
@@ -42,16 +42,16 @@ dependencies:
|
|
|
42
42
|
name: combustion
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - "
|
|
45
|
+
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.
|
|
47
|
+
version: '1.3'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - "
|
|
52
|
+
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.
|
|
54
|
+
version: '1.3'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rails
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -184,6 +184,7 @@ files:
|
|
|
184
184
|
- lib/lockbox/encryptor.rb
|
|
185
185
|
- lib/lockbox/io.rb
|
|
186
186
|
- lib/lockbox/key_generator.rb
|
|
187
|
+
- lib/lockbox/log_subscriber.rb
|
|
187
188
|
- lib/lockbox/migrator.rb
|
|
188
189
|
- lib/lockbox/model.rb
|
|
189
190
|
- lib/lockbox/padding.rb
|