Class: EzToken
- Inherits:
-
Object
- Object
- EzToken
- Defined in:
- lib/ez_token.rb
Overview
This class helps to create and decode SHA1 encoded tokens utf-8 strings are supported:
Instance Attribute Summary collapse
-
#secret ⇒ Object
readonly
Returns the value of attribute secret.
Instance Method Summary collapse
-
#generate(params, now = Time.now.to_i) ⇒ Object
Return a token representing the params + the timestamp + a digest the digest is a generate a 40 hex-character (640bit) SHA1 encoding of the params + timestamp + secret params can be a String, an Array (each item in the array is joined with a &) or a Hash (each item in the hash is of the form key=value and each of those are joined with &).
-
#initialize(sec) ⇒ EzToken
constructor
pass your secret.
-
#verify(token, interval = nil, allow_expired = false) ⇒ Object
Decode token that was originally encoded in the form <payload>&ts=<integer timestamp>&SECRET where payload can be a string separated by &.
- #verify!(token, interval = nil) ⇒ Object
- #verify?(token, interval = nil) ⇒ Boolean
Constructor Details
#initialize(sec) ⇒ EzToken
pass your secret
10 11 12 |
# File 'lib/ez_token.rb', line 10 def initialize(sec) @secret = sec end |
Instance Attribute Details
#secret ⇒ Object (readonly)
Returns the value of attribute secret.
7 8 9 |
# File 'lib/ez_token.rb', line 7 def secret @secret end |
Instance Method Details
#generate(params, now = Time.now.to_i) ⇒ Object
Return a token representing the params + the timestamp + a digest the digest is a generate a 40 hex-character (640bit) SHA1 encoding of the params + timestamp + secret params can be a String, an Array (each item in the array is joined with a &) or a Hash (each item in the hash is of the form key=value and each of those are joined with &). We url encode the array items, the hash values and the String value. Array items and Hash values are turned into their String representation. If params is a Hash, the keys cannot contain a & or =. Values that are nil will be replaced by the empty string upon decoding/verify. For arrays, nil items in an array will be replaced by the string representation of nil which is ”.
23 24 25 26 27 28 29 30 31 32 |
# File 'lib/ez_token.rb', line 23 def generate(params, now = Time.now.to_i) # Note: for oddly utf-8 encoded strings empty? will fail, we circumvent this by testing the length first raise 'EzToken.generate: Params cannot be empty' if params.nil? || params.empty? # order hash by keys return get_hash_token(params, now) if params.class == Hash return get_array_token(params, now) if params.class == Array return get_string_token(params, now) if params.class == String raise "EzToken.generate: Params of class #{params.class} is invalid. Must be String, Hash or Array" end |
#verify(token, interval = nil, allow_expired = false) ⇒ Object
Decode token that was originally encoded in the form <payload>&ts=<integer timestamp>&SECRET where payload can be a string separated by &. Take the <payload> and turn into a String, Hash or Array depending on its format:
if there are no & and no '=' its a URL encoded String
if there are just & its an Array (separated by &)
otherwise it is a hash of the form key=value&key=value...
If interval is non-nil it represents the length in seconds for the max age of this token We return false if the decoding didnt work, we return “expired” if the interval is non-nil and
the token has expired
Otherwise we return the original payload encoded in the token.
44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/ez_token.rb', line 44 def verify(token, interval = nil, allow_expired = false) payload, ts = decode_token_into_payload(token) return false if payload == false is_expired = !interval.nil? && ts + interval < Time.now.to_i return 'expired' if allow_expired && is_expired return false if is_expired return TypeCaster.new(payload).uri_decode if payload !~ /[&=]/ # a (url encoded) string return decode_array(payload) if payload !~ /=/ # its an Array - it has a & in it decode_hash(payload) end |
#verify!(token, interval = nil) ⇒ Object
57 58 59 60 61 62 |
# File 'lib/ez_token.rb', line 57 def verify!(token, interval = nil) params = verify(token, interval, true) raise 'EzToken.verify!: Token is invalid' if params == false raise 'EzToken.verify!: Token has expired' if params == 'expired' params end |
#verify?(token, interval = nil) ⇒ Boolean
64 65 66 67 68 |
# File 'lib/ez_token.rb', line 64 def verify?(token, interval = nil) params = verify(token, interval, true) return false if params == false || params == 'expired' true end |