about summary refs log tree commit diff
path: root/app/models/system_key.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/system_key.rb')
-rw-r--r--app/models/system_key.rb41
1 files changed, 41 insertions, 0 deletions
diff --git a/app/models/system_key.rb b/app/models/system_key.rb
new file mode 100644
index 000000000..f17db7c2d
--- /dev/null
+++ b/app/models/system_key.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: system_keys
+#
+#  id         :bigint(8)        not null, primary key
+#  key        :binary
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#
+class SystemKey < ApplicationRecord
+  ROTATION_PERIOD = 1.week.freeze
+
+  before_validation :set_key
+
+  scope :expired, ->(now = Time.now.utc) { where(arel_table[:created_at].lt(now - ROTATION_PERIOD * 3)) }
+
+  class << self
+    def current_key
+      previous_key = order(id: :asc).last
+
+      if previous_key && previous_key.created_at >= ROTATION_PERIOD.ago
+        previous_key.key
+      else
+        create.key
+      end
+    end
+  end
+
+  private
+
+  def set_key
+    return if key.present?
+
+    cipher = OpenSSL::Cipher.new('AES-256-GCM')
+    cipher.encrypt
+
+    self.key = cipher.random_key
+  end
+end
generated by cgit-pink (git 2.37.1) at 2024-06-28 20:13:27 +0000