Sha256: 0e459dc915767f1f9114b2640b3ebde90d0457063ab8fb5fa75001f230e22d7c

Contents?: true

Size: 1.16 KB

Versions: 10

Compression:

Stored size: 1.16 KB

Contents

# frozen_string_literal: true

module Brevio::Session
  module Cookies::Parse
    extend self

    def perform!(cookie)
      raise NilSession if cookie.nil?
      data, iv, auth_tag = cookie.split('--').map { |value| Base64.decode64(value) }
      cipher = OpenSSL::Cipher.new(CIPHER)
      secret = OpenSSL::PKCS5.pbkdf2_hmac_sha1(brevio_config.encryption_key,
                                               SALT, 1000, cipher.key_len)

      cipher.decrypt
      cipher.key = secret
      cipher.iv  = iv
      cipher.auth_tag = auth_tag
      cipher.auth_data = ''

      cookie_payload = cipher.update(data)
      cookie_payload << cipher.final
      cookie_payload = JSON.parse(cookie_payload)
      key = JSON.parse(Base64.decode64(cookie_payload['_rails']['message']))

      "#{Config::Redis::Prefixes::SESSION}:#{key}"
    end

    private

    # https://github.com/team-brevio/brevio-id-gem/blob/master/lib/brevio_id/session/cookie_jar.rb#L79
    CIPHER = 'aes-256-gcm'
    # https://github.com/team-brevio/brevio-id-gem/blob/master/lib/brevio_id/session/cookie_jar.rb#L84
    SALT   = 'authenticated encrypted cookie'

    def brevio_config
      Config.config
    end
  end
end

Version data entries

10 entries across 10 versions & 1 rubygems

Version Path
brevio-session-1.0.0 lib/brevio/session/cookies/parse.rb
brevio-session-0.2.5 lib/brevio/session/cookies/parse.rb
brevio-session-0.2.5.pre.beta lib/brevio/session/cookies/parse.rb
brevio-session-0.2.4 lib/brevio/session/cookies/parse.rb
brevio-session-0.2.3 lib/brevio/session/cookies/parse.rb
brevio-session-0.2.2 lib/brevio/session/cookies/parse.rb
brevio-session-0.2.1 lib/brevio/session/cookies/parse.rb
brevio-session-0.2.0 lib/brevio/session/cookies/parse.rb
brevio-session-0.1.1 lib/brevio/session/cookies/parse.rb
brevio-session-0.1 lib/brevio/session/cookies/parse.rb