Module: Philiprehberger::SignedPayload

Defined in:

lib/philiprehberger/signed_payload.rb,
lib/philiprehberger/signed_payload/errors.rb,
lib/philiprehberger/signed_payload/signer.rb,
lib/philiprehberger/signed_payload/version.rb

Defined Under Namespace

Classes: Error, ExpiredToken, InvalidSignature, MalformedToken, Signer

Constant Summary

VERSION =

'0.4.0'

Class Method Summary

• .decode(token) ⇒ Object
• .expired?(token) ⇒ Boolean
• .peek(token) ⇒ Object
• .refresh(token, key:, expires_in:, algorithm: :sha256) ⇒ Object
• .rotate(token, old_key:, new_key:, algorithm: :sha256) ⇒ Object
• .sign(data, key:, algorithm: :sha256, expires_in: nil) ⇒ Object
• .valid?(token, key:, algorithm: :sha256) ⇒ Boolean
• .verify(token, key:, algorithm: :sha256) ⇒ Object

Class Method Details

.decode(token) ⇒ Object

# File 'lib/philiprehberger/signed_payload.rb', line 43

def self.decode(token)
  encoded, _sig = token.to_s.split('.')
  raise MalformedToken, 'invalid token format' unless token.to_s.split('.').length == 2

  parsed = JSON.parse(Base64.urlsafe_decode64(encoded))
  parsed['data']
rescue JSON::ParserError
  raise MalformedToken, 'invalid payload encoding'
end

.expired?(token) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/philiprehberger/signed_payload.rb', line 35

def self.expired?(token)
  Signer.new(key: 'unused').expired?(token)
end

.peek(token) ⇒ Object

# File 'lib/philiprehberger/signed_payload.rb', line 39

def self.peek(token)
  Signer.new(key: 'unused').peek(token)
end

.refresh(token, key:, expires_in:, algorithm: :sha256) ⇒ Object

# File 'lib/philiprehberger/signed_payload.rb', line 24

def self.refresh(token, key:, expires_in:, algorithm: :sha256)
  Signer.new(key: key, algorithm: algorithm).refresh(token, expires_in: expires_in)
end

.rotate(token, old_key:, new_key:, algorithm: :sha256) ⇒ Object

# File 'lib/philiprehberger/signed_payload.rb', line 28

def self.rotate(token, old_key:, new_key:, algorithm: :sha256)
  old_signer = Signer.new(key: old_key, algorithm: algorithm)
  data = old_signer.verify(token)
  exp = old_signer.peek(token)[:exp]
  Signer.new(key: new_key, algorithm: algorithm).sign_with_exp(data, exp: exp)
end

.sign(data, key:, algorithm: :sha256, expires_in: nil) ⇒ Object

# File 'lib/philiprehberger/signed_payload.rb', line 12

def self.sign(data, key:, algorithm: :sha256, expires_in: nil)
  Signer.new(key: key, algorithm: algorithm).sign(data, expires_in: expires_in)
end

.valid?(token, key:, algorithm: :sha256) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/philiprehberger/signed_payload.rb', line 20

def self.valid?(token, key:, algorithm: :sha256)
  Signer.new(key: key, algorithm: algorithm).valid?(token)
end

.verify(token, key:, algorithm: :sha256) ⇒ Object

# File 'lib/philiprehberger/signed_payload.rb', line 16

def self.verify(token, key:, algorithm: :sha256)
  Signer.new(key: key, algorithm: algorithm).verify(token)
end