Ravn::Tactical::
Auth module
Authentication routines for authentication by and for Ravn::Tactical web services.
Constants
- DEFAULT_TOKEN_LIFESPAN
Default TTL for new tokens
Public Class Methods
Create a bearer auth token containing the given claims using the specified public_key. If secret_key is nil, the current host’s secret key will be used.
# File lib/ravn/tactical/auth.rb
39 def self::create_token( public_key, secret_key: nil, **claims )
40 token = claims.merge(
41 expires: DEFAULT_TOKEN_LIFESPAN.from_now.to_i
42 )
43 token_data = Yajl::Encoder.encode( token )
44
45 secret_key ||= Ravn::Crypto.key
46
47 box = RbNaCl::SimpleBox.from_keypair( public_key, secret_key )
48 crypted_data = box.encrypt( token_data )
49 self.log.debug "Crypted token is: %p (%s)" % [ crypted_data, crypted_data.encoding ]
50
51 result = [ crypted_data ].pack( 'm0' )
52 self.log.debug "Generated token: %p" % [ result ]
53
54 return result
55 endReturn the claims of the given token. If secret_key is nil, the current host’s secret key will be used. If the token is invalid, returns nil.
# File lib/ravn/tactical/auth.rb
60 def self::decode_token( token, public_key, secret_key: nil )
61 secret_key ||= begin
62 self.log.warn "Defaulting to the local secret key."
63 Ravn::Crypto.key
64 end
65
66 crypted_data = token.unpack1( 'm0' )
67 self.log.debug "Decrypting token %p (%s) using secret_key: %p, public_key: %p" %
68 [ crypted_data, crypted_data.encoding, secret_key, public_key ]
69 box = RbNaCl::SimpleBox.from_keypair( public_key, secret_key )
70 token_data = box.decrypt( crypted_data )
71
72 return Yajl::Parser.parse( token_data, symbolize_keys: true )
73 rescue => err
74 self.log.error "Error while decoding token: %s" % [ err.message ]
75 self.log.debug( err.full_message )
76 return nil
77 end