text-smuggler 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 48f827fccf6e86574d27d251913a007521468df1
+  data.tar.gz: 6548856366c6a2968245383acb4b19020aba2925
+SHA512:
+  metadata.gz: cb6db323b61eacf096c542d13190d318d2e2552fc9f58e2150dd07e8f41c5eadae276321237f21b26a4c3b1528fbd1d1723fc5365f43a921e84a7849adf4a8db
+  data.tar.gz: b66e9f2f1c125ceb60a8d63ba8192f9ecb8e26c3a9476f4a1f033c0525172f93924057ac172a2aded8711052d8a43361259b3332eca56f407ce6d74c471413b5

data/.gitignore

@@ -0,0 +1,7 @@
+.DS_STORE
+*.swp
+*.sass-cache
+pkg/
+Gemfile.lock
+.bundle/
+

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+gemspec
+gem 'minitest', '>=5.8.0'
+gem 'rake'
+

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2016 Mickael Riga
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+

data/README.md

@@ -0,0 +1,45 @@
+Text Smuggler
+=============
+
+`TextSmuggler` makes it easy to obfuscate pieces of text which need to be decoded later on, using OpenSSL::Cipher. Possibly incorporated in a URL.
+
+Put this in your `Gemfile`:
+
+```
+gem 'text-smuggler'
+```
+
+Then use it like this:
+
+```
+secret_location = 'The secret location of Luke Skywalker is xxxxxx.'
+han_solo = TextSmuggler.new key: 'change_me'
+
+encoded = han_solo.encode secret_location
+
+# Now you can use this string in a database or in a URL quite safely.
+# And then when you need to decode it...
+
+decoded = han_solo.decode encoded
+```
+
+You can also initialize a `TextSmuggler` with a specific type of ciper.
+The default is `aes-256-cbc`.
+
+```
+smuggler = TextSmuggler.new({
+  key: 'change_me',
+  cipher_type: 'aes-256-cbc'
+})
+```
+
+For more details about `OpenSSL::Cipher`, you can [read documentation here](http://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/Cipher.html)
+
+Warning
+-------
+
+Bear in mind that while this method is quite safe, you should only use it when 
+you absolutely have to retrieve the data. For example, avoid saving passwords 
+in a database with this method. Passwords only need to be compared and are safer
+if they are saved with a non-reversible method (i.e. Hashed and salted).
+

data/Rakefile

@@ -0,0 +1,15 @@
+require 'rake/testtask'
+
+task :default => :test
+
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.pattern = 'test/test_*.rb'
+  unless ENV['TESTONLY'].nil?
+    t.pattern = t.pattern.sub(/\*/, ENV['TESTONLY'])
+  end
+  t.options = '--pride'
+  # t.verbose = true
+  # t.warning = true
+end
+

data/lib/text_smuggler.rb

@@ -0,0 +1,50 @@
+require 'openssl'
+require 'base64'
+
+class TextSmuggler
+
+  DEFAULT_CIPHER_TYPE = 'aes-256-cbc'
+  DEFAULT_KEY = '0123456789abcdef0123456789abcdef'
+
+  def initialize opts={}
+    @opts = {
+      cipher_type: DEFAULT_CIPHER_TYPE, 
+      key: (ENV['TEXT_SMUGGLER_KEY'] || DEFAULT_KEY)
+    }.merge(opts)
+  end
+
+  def encode s
+    cipher = cipher_for :encrypt
+    iv = cipher.random_iv
+    encrypted = cipher.update(s) + cipher.final
+    encrypted = iv + encrypted
+    url_friendly(encrypted)
+  end
+
+  def decode s
+    cipher = cipher_for :decrypt
+    encrypted = from_url_friendly s
+    cipher.iv = encrypted.slice!(0,16)
+    decrypted = cipher.update(encrypted) + cipher.final
+    decrypted
+  end
+
+  private
+
+  def cipher_for direction=:encrypt
+    cipher = OpenSSL::Cipher.new(@opts[:cipher_type])
+    cipher.public_send(direction)
+    cipher.key = @opts[:key]
+    cipher
+  end
+
+  def url_friendly s
+    Base64.strict_encode64(s).tr('+/=', '-_,')
+  end
+
+  def from_url_friendly s
+    Base64.strict_decode64(s.tr('-_,', '+/='))
+  end
+
+end
+

data/test/test_text_smuggler.rb

@@ -0,0 +1,46 @@
+require 'minitest/autorun'
+require 'text_smuggler'
+
+ENV['RACK_ENV'] = 'test'
+
+describe TextSmuggler do
+  
+  parallelize_me!
+  
+  subject { TextSmuggler.new }
+  let(:custom) { 
+    TextSmuggler.new(key: TextSmuggler::DEFAULT_KEY.reverse) 
+  }
+
+  let(:strings) {
+    [
+      'simple string', 'me@example.com', "Long text\nwith\nreturn lines",
+      'http://example.com/path/to/page?foo=1&bar=2'
+    ]
+  }
+
+  it 'Encodes text' do
+    strings.each do |s|
+      refute_equal s, subject.encode(s)
+    end
+  end
+
+  it 'Encodes something different each time' do
+    strings.each do |s|
+      refute_equal subject.encode(s), subject.encode(s)
+    end
+  end
+
+  it 'Decodes text' do
+    strings.each do |s|
+      assert_equal s, subject.decode(subject.encode(s))
+    end
+  end
+
+  it 'Encodes URL friendly text' do
+    strings.each do |s|
+      assert_match(/^[a-zA-Z0-9,\-_]+$/, subject.encode(s))
+    end
+  end
+
+end

data/text-smuggler.gemspec

@@ -0,0 +1,19 @@
+Gem::Specification.new do |s|
+
+  s.authors = ['Mickael Riga']
+  s.email = ['mig@mypeplum.com']
+  s.homepage = 'https://github.com/mig-hub/text-smuggler'
+  s.licenses = ['MIT']
+
+  s.name = 'text-smuggler'
+  s.version = '0.0.1'
+  s.summary = 'TextSmuggler is for encoding/decoding text'
+  s.description = 'TextSmuggler makes it easy to obfuscate pieces of text which need to be decoded later on using OpenSSL::Cipher. Possibly incorporated in a URL'
+
+  s.platform = Gem::Platform::RUBY
+  s.files = `git ls-files`.split("\n").sort
+  s.test_files = s.files.grep(/^test\//)
+  s.require_paths = ['lib']
+
+end
+

metadata

@@ -0,0 +1,54 @@
+--- !ruby/object:Gem::Specification
+name: text-smuggler
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Mickael Riga
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-08-10 00:00:00.000000000 Z
+dependencies: []
+description: TextSmuggler makes it easy to obfuscate pieces of text which need to
+  be decoded later on using OpenSSL::Cipher. Possibly incorporated in a URL
+email:
+- mig@mypeplum.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/text_smuggler.rb
+- test/test_text_smuggler.rb
+- text-smuggler.gemspec
+homepage: https://github.com/mig-hub/text-smuggler
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: TextSmuggler is for encoding/decoding text
+test_files:
+- test/test_text_smuggler.rb