diff options
Diffstat (limited to 'app/models/concerns/token_authenticatable_strategies/encryption_helper.rb')
-rw-r--r-- | app/models/concerns/token_authenticatable_strategies/encryption_helper.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/app/models/concerns/token_authenticatable_strategies/encryption_helper.rb b/app/models/concerns/token_authenticatable_strategies/encryption_helper.rb new file mode 100644 index 00000000000..25c050820d6 --- /dev/null +++ b/app/models/concerns/token_authenticatable_strategies/encryption_helper.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +module TokenAuthenticatableStrategies + class EncryptionHelper + DYNAMIC_NONCE_IDENTIFIER = "|" + NONCE_SIZE = 12 + + def self.encrypt_token(plaintext_token) + Gitlab::CryptoHelper.aes256_gcm_encrypt(plaintext_token) + end + + def self.decrypt_token(token) + return unless token + + # The pattern of the token is "#{DYNAMIC_NONCE_IDENTIFIER}#{token}#{iv_of_12_characters}" + if token.start_with?(DYNAMIC_NONCE_IDENTIFIER) && token.size > NONCE_SIZE + DYNAMIC_NONCE_IDENTIFIER.size + token_to_decrypt = token[1...-NONCE_SIZE] + iv = token[-NONCE_SIZE..-1] + + Gitlab::CryptoHelper.aes256_gcm_decrypt(token_to_decrypt, nonce: iv) + else + Gitlab::CryptoHelper.aes256_gcm_decrypt(token) + end + end + end +end |