Class: Spree::ApiKey

Inherits:

Object

• Object
• Spree::ApiKey

Defined in:

app/models/spree/api_key.rb

Constant Summary

KEY_TYPES =

%w[publishable secret].freeze

PREFIXES =

{ 'publishable' => 'pk_', 'secret' => 'sk_' }.freeze

TOKEN_LENGTH =

24

Class Method Summary

• .compute_token_digest(plaintext) ⇒ String

  Computes the HMAC-SHA256 hex digest for a given plaintext token.

• .find_by_secret_token(plaintext) ⇒ Spree::ApiKey^?

  Finds an active secret API key by computing the HMAC-SHA256 digest of the provided plaintext token and looking up by token_digest.

• .hmac_secret ⇒ String

  Returns the HMAC secret used for token hashing.

Instance Method Summary

• #active? ⇒ Boolean

  Whether this key has not been revoked.

• #plaintext_token ⇒ String^?

  Returns the raw token value.

• #publishable? ⇒ Boolean

  Whether this is a publishable (Store API) key.

• #revoke!(user = nil) ⇒ Boolean

  Revokes this API key by setting revoked_at to the current time.

• #secret? ⇒ Boolean

  Whether this is a secret (Admin API) key.

Class Method Details

.compute_token_digest(plaintext) ⇒ String

Computes the HMAC-SHA256 hex digest for a given plaintext token.

Parameters:

• plaintext (String) —

  the raw token value

Returns:

• (String) —

  the hex-encoded HMAC-SHA256 digest

# File 'app/models/spree/api_key.rb', line 52

def self.compute_token_digest(plaintext)
  OpenSSL::HMAC.hexdigest('SHA256', hmac_secret, plaintext)
end

.find_by_secret_token(plaintext) ⇒ Spree::ApiKey^?

Finds an active secret API key by computing the HMAC-SHA256 digest of the provided plaintext token and looking up by token_digest.

Parameters:

• plaintext (String) —

  the raw secret key (e.g. “sk_abc123…”)

Returns:

• (Spree::ApiKey, nil) —

  the matching active secret key, or nil

# File 'app/models/spree/api_key.rb', line 41

def self.find_by_secret_token(plaintext)
  return nil if plaintext.blank?

  digest = compute_token_digest(plaintext)
  active.secret.find_by(token_digest: digest)
end

.hmac_secret ⇒ String

Returns the HMAC secret used for token hashing.

Returns:

• (String) —

  the application’s secret key base

# File 'app/models/spree/api_key.rb', line 59

def self.hmac_secret
  Rails.application.secret_key_base
end

Instance Method Details

#active? ⇒ Boolean

Returns whether this key has not been revoked.

Returns:

• (Boolean) —

  whether this key has not been revoked

# File 'app/models/spree/api_key.rb', line 74

def active?
  revoked_at.nil?
end

#plaintext_token ⇒ String^?

Returns the raw token value. For publishable keys this is the persisted token column. For secret keys it is only available in memory immediately after creation (not persisted).

Returns:

• (String, nil)

# File 'app/models/spree/api_key.rb', line 14

def plaintext_token
  publishable? ? token : @plaintext_token
end

#publishable? ⇒ Boolean

Returns whether this is a publishable (Store API) key.

Returns:

• (Boolean) —

  whether this is a publishable (Store API) key

# File 'app/models/spree/api_key.rb', line 64

def publishable?
  key_type == 'publishable'
end

#revoke!(user = nil) ⇒ Boolean

Revokes this API key by setting revoked_at to the current time.

Parameters:

• user (Object, nil) (defaults to: nil) —

  the user who performed the revocation

Returns:

• (Boolean) —

  true if the update succeeded

# File 'app/models/spree/api_key.rb', line 82

def revoke!(user = nil)
  update!(revoked_at: Time.current, revoked_by: user)
end

#secret? ⇒ Boolean

Returns whether this is a secret (Admin API) key.

Returns:

• (Boolean) —

  whether this is a secret (Admin API) key

# File 'app/models/spree/api_key.rb', line 69

def secret?
  key_type == 'secret'
end