message_verifier

Verify and generate Rails ActiveSupport::MessageVerifier signed tokens
0.2.0 Latest release released

message_verifier.cr

Build Status

Ruby on Rails compatible ActiveSupport::MessageVerifier implementation for Crystal. Allows verified message passing back and forth between ruby and crystal-lang implementations.

Why? Perhaps you have a microservice written in Crystal and it needs to communicate with a ruby/rails app (or vice-versa), and the data passed between those services needs to be verified to be trustworthy?

Installation

Add this to your application's shard.yml:

dependencies:
  message_verifier:
    github: danielwestendorf/message_verifier.cr

Usage

require "message_verifier"

Verify a message

verifier = MessageVerifier::Verifier.new("s3Krit", digest: :sha256)

msg = "eyJfcmFpbHMiOnsibWVzc2FnZSI6IkxTMHRDbTFsYzNOaFoyVTZJRTVsZG1WeUlHZHZibTVoSUdkcGRtVWdlVzkxSUhWd0xDQnVaWFpsY2lCbmIyNXVZU0JzWlhRZ2VXOTFJR1J2ZDI0SyIsImV4cCI6IjIwMTktMDEtMDNUMDA6MjI6MjMuMTc4MDQ0MDAwWiIsInB1ciI6ImV4YW1wbGUifX0=--efc837c7279a1030109ec7519418c8934a2cb38d2ce2882a826acf422e432f5e"

puts "Verified message: #{verifier.verify(msg, purpose: :example, parser: :JSON)}"

Generate a message

verifier = MessageVerifier::Verifier.new("s3Krit", digest: OpenSSL::Algorithm::SHA256)

msg = { "foo" => "bar" }

puts verifier.generate(msg.to_json, purpose: :example, expires_at: Time.now  + 1.week, parser: :JSON)

See it in action

Examples of passing messages back and forth between ruby and crystal implementations.

gem install activesupport if not installed already

$ echo "Very special message" | crystal run examples/sign.cr  | ruby examples/verify.rb
$ echo "Some other special message" | ruby examples/sign.rb | crystal run examples/verify.cr

Progress

  • [x] Message expiration dates, freshness
    • Messages which have expired will return nil or raise a MessageVerifier::InvalidSignature exception
  • [x] Message purposes
  • [x] Message Serializers
    • [x] JSON
    • [x] YAML
  • [x] Signature Digest Algorithms
  • [ ] Rotating keys

Contributing

  1. Fork it (https://github.com/danielwestendorf/message_verifier.cr/fork)
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

Contributors

message_verifier:
  github: danielwestendorf/message_verifier.cr
  version: ~> 0.2.0
License MIT
Crystal 0.28.0

Authors

Dependencies 0

Development Dependencies 0

Dependents 0

Last synced .
search fire star recently