Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tonytonyjan/rack_encrypted_cookie
Rack middleware for signed encrypted session cookie
https://github.com/tonytonyjan/rack_encrypted_cookie
Last synced: about 1 month ago
JSON representation
Rack middleware for signed encrypted session cookie
- Host: GitHub
- URL: https://github.com/tonytonyjan/rack_encrypted_cookie
- Owner: tonytonyjan
- Created: 2016-12-05T13:37:19.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2018-09-11T01:53:01.000Z (over 6 years ago)
- Last Synced: 2024-10-31T13:45:01.938Z (about 2 months ago)
- Language: Ruby
- Size: 13.7 KB
- Stars: 4
- Watchers: 4
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Rack::Session::EncryptedCookie [![Build Status](https://travis-ci.org/tonytonyjan/rack_encrypted_cookie.svg?branch=master)](https://travis-ci.org/tonytonyjan/rack_encrypted_cookie)
# Installation
```
gem install rack_encrypted_cookie
```# Usage
In your project, replace `Rack::Session::Cookie` with `Rack::Session::EncryptedCookie`, and it will just work. `Rack::Session::EncryptedCookie` is **FULLY COMPATIBLE** with `Rack::Session::Cookie`, even accepts all options.
# Minimal Example
```ruby
require 'rack/session/encrypted_cookie'app = lambda do |env|
session = env['rack.session']
session[:count] ||= 0
session[:count] += 1
[200, {}, [session[:count].to_s]]
endapp = Rack::Builder.app(app) do
use Rack::Session::EncryptedCookie, secret: 'secret_key_base'
endRack::Handler::WEBrick.run app
```# Options
option | default
---------------|----------------------------
`:salt` | `'encrypted cookie'`
`:signed_salt` | `'signed encrypted cookie'`
`:iterations` | `1024`
`:key_size` | `32`
`:cipher` | `'AES-256-CBC'`A list of supported algorithms can be obtained by
```ruby
puts OpenSSL::Cipher.ciphers
```# How it works
In `Rack::Session::Cookie`, the `:secret` option is used for signing, while `Rack::Session::EncryptedCookie` treats it as a secrete key base, which is used to generate derived keys (one for signing, another for encryption) using PBKDF2 with an SHA1-based HMAC.
# Cookie Structure
## `Rack::Session::EncryptedCookie`
```
+-------------------------- uri encode -------------------------+
| +----------------------- base64 ------------+ +-- hex -+ |
| | +------- base64 ------+ +- base64 -+ | | | |
| | | +-- AES-256-CBC --+ | | | | | | |
| | | | marshal | | "--" | iv | | "--" | hmac | |
| | | +-----------------+ | | | | | | |
| | +---------------------+ +----------+ | | | |
| +-------------------------------------------+ +--------+ |
+---------------------------------------------------------------+
```## `Rack::Session::Cookie`
```
+--------- uri encode ----------+
| +-- base64 -+ +-- hex -+ |
| | marshal | "--" | hmac | |
| +-----------+ +--------+ |
+-------------------------------+
```# TODO
- Support AEAD cipher like 'aes-256-gcm'