Module: Philiprehberger::SignedPayload
- Defined in:
- lib/philiprehberger/signed_payload.rb,
lib/philiprehberger/signed_payload/errors.rb,
lib/philiprehberger/signed_payload/signer.rb,
lib/philiprehberger/signed_payload/version.rb
Defined Under Namespace
Classes: Error, ExpiredToken, InvalidSignature, MalformedToken, Signer
Constant Summary
collapse
- VERSION =
'0.5.0'
Class Method Summary
collapse
-
.decode(token) ⇒ Object
-
.expired?(token) ⇒ Boolean
-
.peek(token) ⇒ Object
-
.refresh(token, key:, expires_in:, algorithm: :sha256) ⇒ Object
-
.rotate(token, old_key:, new_key:, algorithm: :sha256) ⇒ Object
-
.sign(data, key:, algorithm: :sha256, expires_in: nil) ⇒ Object
-
.valid?(token, key:, algorithm: :sha256) ⇒ Boolean
-
.verify(token, key:, algorithm: :sha256) ⇒ Object
Class Method Details
.decode(token) ⇒ Object
52
53
54
55
56
57
58
59
60
|
# File 'lib/philiprehberger/signed_payload.rb', line 52
def self.decode(token)
encoded, _sig = token.to_s.split('.')
raise MalformedToken, 'invalid token format' unless token.to_s.split('.').length == 2
parsed = JSON.parse(Base64.urlsafe_decode64(encoded))
parsed['data']
rescue JSON::ParserError
raise MalformedToken, 'invalid payload encoding'
end
|
.expired?(token) ⇒ Boolean
44
45
46
|
# File 'lib/philiprehberger/signed_payload.rb', line 44
def self.expired?(token)
Signer.new(key: 'unused').expired?(token)
end
|
.peek(token) ⇒ Object
48
49
50
|
# File 'lib/philiprehberger/signed_payload.rb', line 48
def self.peek(token)
Signer.new(key: 'unused').peek(token)
end
|
.refresh(token, key:, expires_in:, algorithm: :sha256) ⇒ Object
33
34
35
|
# File 'lib/philiprehberger/signed_payload.rb', line 33
def self.refresh(token, key:, expires_in:, algorithm: :sha256)
Signer.new(key: key, algorithm: algorithm).refresh(token, expires_in: expires_in)
end
|
.rotate(token, old_key:, new_key:, algorithm: :sha256) ⇒ Object
37
38
39
40
41
42
|
# File 'lib/philiprehberger/signed_payload.rb', line 37
def self.rotate(token, old_key:, new_key:, algorithm: :sha256)
old_signer = Signer.new(key: old_key, algorithm: algorithm)
data = old_signer.verify(token)
exp = old_signer.peek(token)[:exp]
Signer.new(key: new_key, algorithm: algorithm).sign_with_exp(data, exp: exp)
end
|
.sign(data, key:, algorithm: :sha256, expires_in: nil) ⇒ Object
12
13
14
|
# File 'lib/philiprehberger/signed_payload.rb', line 12
def self.sign(data, key:, algorithm: :sha256, expires_in: nil)
Signer.new(key: key, algorithm: algorithm).sign(data, expires_in: expires_in)
end
|
.valid?(token, key:, algorithm: :sha256) ⇒ Boolean
26
27
28
29
30
31
|
# File 'lib/philiprehberger/signed_payload.rb', line 26
def self.valid?(token, key:, algorithm: :sha256)
verify(token, key: key, algorithm: algorithm)
true
rescue Error
false
end
|
.verify(token, key:, algorithm: :sha256) ⇒ Object
16
17
18
19
20
21
22
23
24
|
# File 'lib/philiprehberger/signed_payload.rb', line 16
def self.verify(token, key:, algorithm: :sha256)
if key.is_a?(Array)
raise ArgumentError, 'no keys provided' if key.empty?
Signer.new(key: key.first, algorithm: algorithm).verify(token, keys: key)
else
Signer.new(key: key, algorithm: algorithm).verify(token)
end
end
|