about summary refs log tree commit diff
path: root/app/models/system_key.rb
blob: f17db7c2d0a2ad8e20b47c09cb90593923649c29 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# frozen_string_literal: true

# == Schema Information
#
# Table name: system_keys
#
#  id         :bigint(8)        not null, primary key
#  key        :binary
#  created_at :datetime         not null
#  updated_at :datetime         not null
#
class SystemKey < ApplicationRecord
  ROTATION_PERIOD = 1.week.freeze

  before_validation :set_key

  scope :expired, ->(now = Time.now.utc) { where(arel_table[:created_at].lt(now - ROTATION_PERIOD * 3)) }

  class << self
    def current_key
      previous_key = order(id: :asc).last

      if previous_key && previous_key.created_at >= ROTATION_PERIOD.ago
        previous_key.key
      else
        create.key
      end
    end
  end

  private

  def set_key
    return if key.present?

    cipher = OpenSSL::Cipher.new('AES-256-GCM')
    cipher.encrypt

    self.key = cipher.random_key
  end
end