Encrypt access_token and refresh_token

This commit is contained in:
bumi 2020-04-09 00:41:54 +02:00
parent 4b0a054596
commit 73ccddee94
6 changed files with 19 additions and 2 deletions

View File

@ -21,9 +21,12 @@ gem 'jbuilder'
# Reduces boot times through caching; required in config/boot.rb
gem 'bootsnap', '>= 1.4.2', require: false
gem 'lockbox'
# gem 'airrecord'
gem 'google-api-client'
gem 'rack-cors'
gem "sentry-raven"
gem 'sentry-raven'
group :development, :test do
# Call 'byebug' anywhere in the code to stop execution and get a debugger console

View File

@ -100,6 +100,7 @@ GEM
listen (3.2.1)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
lockbox (0.3.4)
loofah (2.5.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
@ -224,6 +225,7 @@ DEPENDENCIES
google-api-client
jbuilder
listen
lockbox
pg
puma
rack-cors

View File

@ -1,6 +1,9 @@
class Authentication < ApplicationRecord
belongs_to :user
encrypts :access_token
encrypts :refresh_token
def expired?
expires_at <= Time.current
end

View File

@ -0,0 +1,8 @@
class AddLockboxColumns < ActiveRecord::Migration[6.0]
def change
add_column :authentications, :access_token_ciphertext, :text
add_column :authentications, :refresh_token_ciphertext, :text
remove_column :authentications, :access_token
remove_column :authentications, :refresh_token
end
end

View File

@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2020_04_05_161905) do
ActiveRecord::Schema.define(version: 2020_04_08_212150) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"

View File

@ -1,3 +1,4 @@
GOOGLE_CLIENT_ID=clientid
GOOGLE_CLIENT_SECRET=secret
GOOGLE_PROJECT_ID=projectid
LOCKBOX_MASTER_KEY=f7b18b63d3f7ec48fa78bab327cdf81b0969020f70dc16947b14572cde3e2b7d