lib/lockbox.rb in lockbox-0.2.3 vs lib/lockbox.rb in lockbox-0.2.4
- old
+ new
@@ -4,22 +4,27 @@
# modules
require "lockbox/box"
require "lockbox/encryptor"
require "lockbox/key_generator"
+require "lockbox/io"
+require "lockbox/model"
require "lockbox/utils"
require "lockbox/version"
# integrations
require "lockbox/carrier_wave_extensions" if defined?(CarrierWave)
require "lockbox/railtie" if defined?(Rails)
if defined?(ActiveSupport)
ActiveSupport.on_load(:active_record) do
- require "lockbox/model"
extend Lockbox::Model
end
+
+ ActiveSupport.on_load(:mongoid) do
+ Mongoid::Document::ClassMethods.include(Lockbox::Model)
+ end
end
class Lockbox
class Error < StandardError; end
class DecryptionError < Error; end
@@ -47,39 +52,51 @@
unless restart
attributes = fields.map { |_, v| v[:encrypted_attribute] }
attributes += blind_indexes.map { |_, v| v[:bidx_attribute] }
- attributes.each_with_index do |attribute, i|
- relation =
- if i == 0
- relation.where(attribute => nil)
- else
- relation.or(model.where(attribute => nil))
- end
+ if defined?(ActiveRecord::Base) && model.is_a?(ActiveRecord::Base)
+ attributes.each_with_index do |attribute, i|
+ relation =
+ if i == 0
+ relation.where(attribute => nil)
+ else
+ relation.or(model.unscoped.where(attribute => nil))
+ end
+ end
end
end
- # migrate
- relation.find_each do |record|
- fields.each do |k, v|
- record.send("#{v[:attribute]}=", record.send(k)) if restart || !record.send(v[:encrypted_attribute])
+ if relation.respond_to?(:find_each)
+ relation.find_each do |record|
+ migrate_record(record, fields: fields, blind_indexes: blind_indexes, restart: restart)
end
- blind_indexes.each do |k, v|
- record.send("compute_#{k}_bidx") if restart || !record.send(v[:bidx_attribute])
+ else
+ relation.all.each do |record|
+ migrate_record(record, fields: fields, blind_indexes: blind_indexes, restart: restart)
end
- record.save(validate: false) if record.changed?
end
end
+ # private
+ def self.migrate_record(record, fields:, blind_indexes:, restart:)
+ fields.each do |k, v|
+ record.send("#{v[:attribute]}=", record.send(k)) if restart || !record.send(v[:encrypted_attribute])
+ end
+ blind_indexes.each do |k, v|
+ record.send("compute_#{k}_bidx") if restart || !record.send(v[:bidx_attribute])
+ end
+ record.save(validate: false) if record.changed?
+ end
+
def initialize(**options)
options = self.class.default_options.merge(options)
previous_versions = options.delete(:previous_versions)
@boxes =
[Box.new(options)] +
- Array(previous_versions).map { |v| Box.new(v) }
+ Array(previous_versions).map { |v| Box.new({key: options[:key]}.merge(v)) }
end
def encrypt(message, **options)
message = check_string(message, "message")
@boxes.first.encrypt(message, **options)
@@ -110,10 +127,22 @@
end
end
end
end
+ def encrypt_io(io, **options)
+ new_io = Lockbox::IO.new(encrypt(io.read, **options))
+ copy_metadata(io, new_io)
+ new_io
+ end
+
+ def decrypt_io(io, **options)
+ new_io = Lockbox::IO.new(decrypt(io.read, **options))
+ copy_metadata(io, new_io)
+ new_io
+ end
+
def self.generate_key
SecureRandom.hex(32)
end
def self.generate_key_pair
@@ -196,7 +225,17 @@
def check_string(str, name)
str = str.read if str.respond_to?(:read)
raise TypeError, "can't convert #{name} to string" unless str.respond_to?(:to_str)
str.to_str
+ end
+
+ def copy_metadata(source, target)
+ target.original_filename =
+ if source.respond_to?(:original_filename)
+ source.original_filename
+ elsif source.respond_to?(:path)
+ File.basename(source.path)
+ end
+ target.content_type = source.content_type if source.respond_to?(:content_type)
end
end