module Paseto

Platform-Agnostic SEcurity TOkens

Helper for verifying and parsing tokens

Constants

AuthenticationError
Error
HeaderError
Token
TokenError
UNSIGNED_LITTLE_64

An Array#pack format to pack an unsigned little-endian 64-bit integer

VERSION

Public Class Methods

decode64(str) click to toggle source
# File lib/paseto.rb, line 33
def self.decode64(str)
  Base64.urlsafe_decode64(str)
end
decode_hex(str) click to toggle source
# File lib/paseto.rb, line 42
def self.decode_hex(str)
  [str].pack('H*')
end
encode64(bin) click to toggle source
# File lib/paseto.rb, line 37
def self.encode64(bin)
  # Remove the padding on the encode64
  Base64.urlsafe_encode64(bin).gsub(/=+$/, '')
end
encode_hex(bin) click to toggle source
# File lib/paseto.rb, line 46
def self.encode_hex(bin)
  bin.unpack('H*').first
end
encode_length(num) click to toggle source

github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Common.md#pae-definition

# File lib/paseto.rb, line 20
def self.encode_length(num)
  [num].pack(UNSIGNED_LITTLE_64)
end
parse(raw) click to toggle source
# File lib/paseto/token.rb, line 29
def self.parse(raw)
  version, purpose, payload, footer = raw.split('.')

  header = "#{version}.#{purpose}"
  footer = footer.nil? ? EMPTY_FOOTER : Paseto.decode64(footer)
  payload = Paseto.decode64(payload) unless payload.nil?

  Token.new(header, payload, footer)
end
pre_auth_encode(*pieces) click to toggle source

github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Common.md#pae-definition

# File lib/paseto.rb, line 25
def self.pre_auth_encode(*pieces)
  initial_output = encode_length(pieces.length)

  pieces.reduce(initial_output) do |output, piece|
    output + encode_length(piece.length) + piece
  end
end
verify_token(token, expected_header, expected_footer) click to toggle source
# File lib/paseto/token.rb, line 18
def self.verify_token(token, expected_header, expected_footer)
  token = parse(token) unless token.is_a? Token
  raise HeaderError, "Invalid message header: #{token.header}" if token.header != expected_header

  if token.footer != expected_footer
    raise TokenError, "Invalid message footer: #{token.footer.inspect}"
  end

  token
end