Class: Lockbox::Utils
- Inherits:
-
Object
- Object
- Lockbox::Utils
- Defined in:
- lib/lockbox/utils.rb
Class Method Summary collapse
- .build_box(context, options, table, attribute) ⇒ Object
- .decode_key(key, size: 32, name: "Key") ⇒ Object
- .decrypt_result(record, name, options, result) ⇒ Object
- .encrypt_attachable(record, name, attachable) ⇒ Object
- .encrypted?(record, name) ⇒ Boolean
- .encrypted_options(record, name) ⇒ Object
- .rebuild_attachable(attachment) ⇒ Object
Class Method Details
.build_box(context, options, table, attribute) ⇒ Object
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/lockbox/utils.rb', line 3 def self.build_box(context, , table, attribute) = .except(:attribute, :encrypted_attribute, :migrating, :attached, :type) [:encode] = false unless .key?(:encode) .each do |k, v| if v.respond_to?(:call) # context not present for pluck # still possible to use if not dependent on context [k] = context ? context.instance_exec(&v) : v.call elsif v.is_a?(Symbol) # context not present for pluck raise Error, "Not available since :#{k} depends on record" unless context [k] = context.send(v) end end unless [:key] || [:encryption_key] || [:decryption_key] [:key] = Lockbox.attribute_key( table: .delete(:key_table) || table, attribute: .delete(:key_attribute) || attribute, master_key: .delete(:master_key), encode: false ) end if [:previous_versions].is_a?(Array) [:previous_versions] = [:previous_versions].dup [:previous_versions].each_with_index do |version, i| if !(version[:key] || version[:encryption_key] || version[:decryption_key]) && version[:master_key] [:previous_versions][i] = version.merge(key: Lockbox.attribute_key(table: table, attribute: attribute, master_key: version.delete(:master_key), encode: false)) end end end Lockbox.new(**) end |
.decode_key(key, size: 32, name: "Key") ⇒ Object
44 45 46 47 48 49 50 51 52 53 |
# File 'lib/lockbox/utils.rb', line 44 def self.decode_key(key, size: 32, name: "Key") if key.encoding != Encoding::BINARY && key =~ /\A[0-9a-f]{#{size * 2}}\z/i key = [key].pack("H*") end raise Lockbox::Error, "#{name} must be 32 bytes (64 hex digits)" if key.bytesize != size raise Lockbox::Error, "#{name} must use binary encoding" if key.encoding != Encoding::BINARY key end |
.decrypt_result(record, name, options, result) ⇒ Object
96 97 98 99 100 |
# File 'lib/lockbox/utils.rb', line 96 def self.decrypt_result(record, name, , result) ActiveSupport::Notifications.instrument("decrypt_file.lockbox", {name: name}) do Utils.build_box(record, , record.class.table_name, name).decrypt(result) end end |
.encrypt_attachable(record, name, attachable) ⇒ Object
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/lockbox/utils.rb', line 59 def self.encrypt_attachable(record, name, attachable) io = nil ActiveSupport::Notifications.instrument("encrypt_file.lockbox", {name: name}) do = (record, name) box = build_box(record, , record.class.table_name, name) case attachable when ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile io = attachable attachable = { io: box.encrypt_io(io), filename: attachable.original_filename, content_type: attachable.content_type } when Hash io = attachable[:io] attachable = attachable.dup attachable[:io] = box.encrypt_io(io) else # TODO raise ArgumentError raise NotImplementedError, "Could not find or build blob: expected attachable, got #{attachable.inspect}" end # don't analyze encrypted data = {"analyzed" => true} ["encrypted"] = true if [:migrating] attachable[:metadata] = (attachable[:metadata] || {}).merge() end # set content type based on unencrypted data # keep synced with ActiveStorage::Blob#extract_content_type attachable[:io].extracted_content_type = Marcel::MimeType.for(io, name: attachable[:filename].to_s, declared_type: attachable[:content_type]) attachable end |
.encrypted?(record, name) ⇒ Boolean
55 56 57 |
# File 'lib/lockbox/utils.rb', line 55 def self.encrypted?(record, name) !(record, name).nil? end |
.encrypted_options(record, name) ⇒ Object
40 41 42 |
# File 'lib/lockbox/utils.rb', line 40 def self.(record, name) record.class.respond_to?(:lockbox_attachments) ? record.class.[name.to_sym] : nil end |
.rebuild_attachable(attachment) ⇒ Object
102 103 104 105 106 107 108 |
# File 'lib/lockbox/utils.rb', line 102 def self.rebuild_attachable() { io: StringIO.new(.download), filename: .filename, content_type: .content_type } end |