From 5d8398c8b8b51ee7363e7d45acc560f489783e34 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 2 Jun 2020 19:24:53 +0200
Subject: Add E2EE API (#13820)

---
 app/models/system_key.rb | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 app/models/system_key.rb

(limited to 'app/models/system_key.rb')

diff --git a/app/models/system_key.rb b/app/models/system_key.rb
new file mode 100644
index 000000000..f17db7c2d
--- /dev/null
+++ b/app/models/system_key.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: system_keys
+#
+#  id         :bigint(8)        not null, primary key
+#  key        :binary
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#
+class SystemKey < ApplicationRecord
+  ROTATION_PERIOD = 1.week.freeze
+
+  before_validation :set_key
+
+  scope :expired, ->(now = Time.now.utc) { where(arel_table[:created_at].lt(now - ROTATION_PERIOD * 3)) }
+
+  class << self
+    def current_key
+      previous_key = order(id: :asc).last
+
+      if previous_key && previous_key.created_at >= ROTATION_PERIOD.ago
+        previous_key.key
+      else
+        create.key
+      end
+    end
+  end
+
+  private
+
+  def set_key
+    return if key.present?
+
+    cipher = OpenSSL::Cipher.new('AES-256-GCM')
+    cipher.encrypt
+
+    self.key = cipher.random_key
+  end
+end
-- 
cgit