Class: Lockbox::Utils
- Inherits:
-
Object
- Object
- Lockbox::Utils
- Defined in:
- lib/lockbox/utils.rb
Class Method Summary collapse
- .build_box(context, options, table, attribute) ⇒ Object
- .decode_key(key, size: 32, name: "Key") ⇒ Object
- .decrypt_result(record, name, options, result) ⇒ Object
- .encrypt_attachable(record, name, attachable) ⇒ Object
- .encrypted?(record, name) ⇒ Boolean
- .encrypted_options(record, name) ⇒ Object
- .rebuild_attachable(attachment) ⇒ Object
Class Method Details
.build_box(context, options, table, attribute) ⇒ Object
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/lockbox/utils.rb', line 3 def self.build_box(context, , table, attribute) = .except(:attribute, :encrypted_attribute, :migrating, :attached, :type) [:encode] = false unless .key?(:encode) .each do |k, v| if v.respond_to?(:call) # context not present for pluck # still possible to use if not dependent on context [k] = context ? context.instance_exec(&v) : v.call elsif v.is_a?(Symbol) # context not present for pluck raise Error, "Not available since :#{k} depends on record" unless context [k] = context.send(v) end end unless [:key] || [:encryption_key] || [:decryption_key] [:key] = Lockbox.attribute_key(table: table, attribute: attribute, master_key: .delete(:master_key)) end if [:previous_versions].is_a?(Array) [:previous_versions] = [:previous_versions].dup [:previous_versions].each_with_index do |version, i| if !(version[:key] || version[:encryption_key] || version[:decryption_key]) && version[:master_key] [:previous_versions][i] = version.merge(key: Lockbox.attribute_key(table: table, attribute: attribute, master_key: version.delete(:master_key))) end end end Lockbox.new(**) end |
.decode_key(key, size: 32, name: "Key") ⇒ Object
38 39 40 41 42 43 44 45 46 47 |
# File 'lib/lockbox/utils.rb', line 38 def self.decode_key(key, size: 32, name: "Key") if key.encoding != Encoding::BINARY && key =~ /\A[0-9a-f]{#{size * 2}}\z/i key = [key].pack("H*") end raise Lockbox::Error, "#{name} must be 32 bytes (64 hex digits)" if key.bytesize != size raise Lockbox::Error, "#{name} must use binary encoding" if key.encoding != Encoding::BINARY key end |
.decrypt_result(record, name, options, result) ⇒ Object
90 91 92 93 94 |
# File 'lib/lockbox/utils.rb', line 90 def self.decrypt_result(record, name, , result) ActiveSupport::Notifications.instrument("decrypt_file.lockbox", {name: name}) do Utils.build_box(record, , record.class.table_name, name).decrypt(result) end end |
.encrypt_attachable(record, name, attachable) ⇒ Object
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'lib/lockbox/utils.rb', line 53 def self.encrypt_attachable(record, name, attachable) io = nil ActiveSupport::Notifications.instrument("encrypt_file.lockbox", {name: name}) do = (record, name) box = build_box(record, , record.class.table_name, name) case attachable when ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile io = attachable attachable = { io: box.encrypt_io(io), filename: attachable.original_filename, content_type: attachable.content_type } when Hash io = attachable[:io] attachable = attachable.dup attachable[:io] = box.encrypt_io(io) else # TODO raise ArgumentError raise NotImplementedError, "Could not find or build blob: expected attachable, got #{attachable.inspect}" end # don't analyze encrypted data = {"analyzed" => true} ["encrypted"] = true if [:migrating] attachable[:metadata] = (attachable[:metadata] || {}).merge() end # set content type based on unencrypted data # keep synced with ActiveStorage::Blob#extract_content_type attachable[:io].extracted_content_type = Marcel::MimeType.for(io, name: attachable[:filename].to_s, declared_type: attachable[:content_type]) attachable end |
.encrypted?(record, name) ⇒ Boolean
49 50 51 |
# File 'lib/lockbox/utils.rb', line 49 def self.encrypted?(record, name) !(record, name).nil? end |
.encrypted_options(record, name) ⇒ Object
34 35 36 |
# File 'lib/lockbox/utils.rb', line 34 def self.(record, name) record.class.respond_to?(:lockbox_attachments) ? record.class.[name.to_sym] : nil end |
.rebuild_attachable(attachment) ⇒ Object
96 97 98 99 100 101 102 |
# File 'lib/lockbox/utils.rb', line 96 def self.rebuild_attachable() { io: StringIO.new(.download), filename: .filename, content_type: .content_type } end |