branca.rb in branca-ruby-1.0.2

- old
+ new

@@ -11,28 +11,33 @@
   class << self
     VERSION = 0xBA
 
     attr_accessor :secret_key, :ttl
 
-    def encode(message, timestamp = Time.now.utc)
+    def encode(message, timestamp = Time.now.utc, secret_key: self.secret_key)
+      cipher = create_cipher(secret_key)
       nonce = RbNaCl::Random.random_bytes(cipher.nonce_bytes)
 
       header = [VERSION, timestamp.to_i].pack('C N') + nonce
       ciphertext = cipher.encrypt(nonce, message, header)
       raw_token = header + ciphertext
 
       BaseX::Base62.encode(raw_token)
     end
 
-    def decode(token)
+    def decode(token, ttl: self.ttl, secret_key: self.secret_key)
       header, bytes = token_explode(token)
       version, timestamp, nonce = header_explode(header)
 
       raise VersionError unless version == VERSION
-      raise ExpiredTokenError if (timestamp + Branca.ttl) < Time.now.utc.to_i
+      raise ExpiredTokenError if (timestamp + ttl) < Time.now.utc.to_i
 
+      cipher = create_cipher(secret_key)
       message = cipher.decrypt(nonce, bytes.pack('C*'), header.pack('C*'))
+    rescue RbNaCl::CryptoError
+      raise DecodeError
+    else
       Decoder.new(message, Time.at(timestamp).utc)
     end
 
     def ttl
       @ttl ||= ttl_default
@@ -46,11 +51,11 @@
       yield self if block_given?
     end
 
     private
 
-    def cipher
-      @cipher ||= RbNaCl::AEAD::XChaCha20Poly1305IETF.new(secret_key)
+    def create_cipher(key)
+      RbNaCl::AEAD::XChaCha20Poly1305IETF.new(key)
     end
 
     def token_explode(token)
       bytes = BaseX::Base62.decode(token).unpack('C C4 C24 C*')
       header = bytes.shift(1 + 4 + 24)