class Pakyow::Support::MessageVerifier

Signs and verifes messages for a key.

Constants

JOIN_CHARACTER

Attributes

key[R]

Public Class Methods

digest(message, key:) click to toggle source

Generates a digest for a message with a key.

# File lib/pakyow/support/message_verifier.rb, line 55
def digest(message, key:)
  Base64.urlsafe_encode64(
    OpenSSL::HMAC.digest(
      OpenSSL::Digest.new("sha256"), message.to_s, key.to_s
    )
  )
end
key() click to toggle source

Generates a random key.

# File lib/pakyow/support/message_verifier.rb, line 49
def key
  SecureRandom.hex(24)
end
new(key = self.class.key) click to toggle source

TODO: support configuring the digest TODO: support rotations by calling `rotate` with options

# File lib/pakyow/support/message_verifier.rb, line 19
def initialize(key = self.class.key)
  @key = key
end
valid?(digest, message:, key:) click to toggle source

Returns true if the digest is valid for the message and key.

# File lib/pakyow/support/message_verifier.rb, line 65
def valid?(digest, message:, key:)
  digest == self.digest(message, key: key)
end

Public Instance Methods

sign(message) click to toggle source

Returns a signed message.

# File lib/pakyow/support/message_verifier.rb, line 25
def sign(message)
  [Base64.urlsafe_encode64(message), self.class.digest(message, key: @key)].join(JOIN_CHARACTER)
end
verify(signed) click to toggle source

Returns the message if the signature is valid for the key, or raises `TamperedMessage`.

# File lib/pakyow/support/message_verifier.rb, line 31
def verify(signed)
  message, digest = signed.to_s.split(JOIN_CHARACTER, 2)

  begin
    message = Base64.urlsafe_decode64(message.to_s)
  rescue ArgumentError
  end

  if self.class.valid?(digest, message: message, key: @key)
    message
  else
    raise(TamperedMessage)
  end
end