Class: Pakyow::Support::MessageVerifier

Inherits:

Object

Object
Pakyow::Support::MessageVerifier

show all

Defined in:: lib/pakyow/support/message_verifier.rb

Overview

Signs and verifes messages for a key.

Defined Under Namespace

Classes: TamperedMessage

Constant Summary collapse

JOIN_CHARACTER =

"~"

Instance Attribute Summary collapse

#key ⇒ Object readonly

Returns the value of attribute key.

Class Method Summary collapse

.digest(message, key:) ⇒ Object

Generates a digest for a message with a key.
.key ⇒ Object

Generates a random key.
.valid?(digest, message:, key:) ⇒ Boolean

Returns true if the digest is valid for the message and key.

Instance Method Summary collapse

#initialize(key = self.class.key) ⇒ MessageVerifier constructor

TODO: support configuring the digest TODO: support rotations by calling ‘rotate` with options.
#sign(message) ⇒ Object

Returns a signed message.
#verify(signed) ⇒ Object

Returns the message if the signature is valid for the key, or raises ‘TamperedMessage`.

Constructor Details

#initialize(key = self.class.key) ⇒ `MessageVerifier`

TODO: support configuring the digest TODO: support rotations by calling ‘rotate` with options



19
20
21

# File 'lib/pakyow/support/message_verifier.rb', line 19

def initialize(key = self.class.key)
  @key = key
end

Instance Attribute Details

#key ⇒ `Object` (readonly)

Returns the value of attribute key.



12
13
14

# File 'lib/pakyow/support/message_verifier.rb', line 12

def key
  @key
end

Class Method Details

.digest(message, key:) ⇒ `Object`

Generates a digest for a message with a key.

# File 'lib/pakyow/support/message_verifier.rb', line 55

def digest(message, key:)
  Base64.urlsafe_encode64(
    OpenSSL::HMAC.digest(
      OpenSSL::Digest.new("sha256"), message.to_s, key.to_s
    )
  )
end

.key ⇒ `Object`

Generates a random key.



49
50
51

# File 'lib/pakyow/support/message_verifier.rb', line 49

def key
  SecureRandom.hex(24)
end

.valid?(digest, message:, key:) ⇒ `Boolean`

Returns true if the digest is valid for the message and key.

Returns:

(Boolean)



65
66
67

# File 'lib/pakyow/support/message_verifier.rb', line 65

def valid?(digest, message:, key:)
  digest == self.digest(message, key: key)
end

Instance Method Details

#sign(message) ⇒ `Object`

Returns a signed message.



25
26
27

# File 'lib/pakyow/support/message_verifier.rb', line 25

def sign(message)
  [Base64.urlsafe_encode64(message), self.class.digest(message, key: @key)].join(JOIN_CHARACTER)
end

#verify(signed) ⇒ `Object`

Returns the message if the signature is valid for the key, or raises ‘TamperedMessage`.

# File 'lib/pakyow/support/message_verifier.rb', line 31

def verify(signed)
  message, digest = signed.to_s.split(JOIN_CHARACTER, 2)

  begin
    message = Base64.urlsafe_decode64(message.to_s)
  rescue ArgumentError
  end

  if self.class.valid?(digest, message: message, key: @key)
    message
  else
    raise(TamperedMessage)
  end
end