diff options
author | Imre Farkas <ifarkas@gitlab.com> | 2018-10-29 19:06:45 +0300 |
---|---|---|
committer | Jan Provaznik <jprovaznik@gitlab.com> | 2018-10-29 19:06:45 +0300 |
commit | b9652d8e4dc8544766c9371057be72cc26fe3a4b (patch) | |
tree | dd4c8407af4ef5d98a20f30069d3a348773dfbfa /lib/gitlab/crypto_helper.rb | |
parent | b5ca4ea15dee21b131b336d4189a75a283c8d1f1 (diff) |
[master] Persist only SHA digest of PersonalAccessToken#token
Diffstat (limited to 'lib/gitlab/crypto_helper.rb')
-rw-r--r-- | lib/gitlab/crypto_helper.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/lib/gitlab/crypto_helper.rb b/lib/gitlab/crypto_helper.rb new file mode 100644 index 00000000000..68d0b5d8f8a --- /dev/null +++ b/lib/gitlab/crypto_helper.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +module Gitlab + module CryptoHelper + extend self + + AES256_GCM_OPTIONS = { + algorithm: 'aes-256-gcm', + key: Settings.attr_encrypted_db_key_base_truncated, + iv: Settings.attr_encrypted_db_key_base_truncated[0..11] + }.freeze + + def sha256(value) + salt = Settings.attr_encrypted_db_key_base_truncated + ::Digest::SHA256.base64digest("#{value}#{salt}") + end + + def aes256_gcm_encrypt(value) + encrypted_token = Encryptor.encrypt(AES256_GCM_OPTIONS.merge(value: value)) + Base64.encode64(encrypted_token) + end + + def aes256_gcm_decrypt(value) + return unless value + + encrypted_token = Base64.decode64(value) + Encryptor.decrypt(AES256_GCM_OPTIONS.merge(value: encrypted_token)) + end + end +end |