components/crypto.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# frozen_string_literal: true

require 'singleton'
require 'rbnacl'
require 'base64'

module NanoBot
  module Components
    class Crypto
      include Singleton

      def initialize
        password = ENV.fetch('NANO_BOTS_ENCRYPTION_PASSWORD', nil)

        password = 'UNSAFE' unless password && password != ''

        @box = RbNaCl::SecretBox.new(RbNaCl::Hash.sha256(password))
        @fixed_nonce = RbNaCl::Hash.sha256(password)[0...@box.nonce_bytes]
      end

      def encrypt(content, soft: false)
        nonce = soft ? @fixed_nonce : RbNaCl::Random.random_bytes(@box.nonce_bytes)
        Base64.urlsafe_encode64(nonce + @box.encrypt(nonce, content))
      end

      def decrypt(content)
        decoded_content = Base64.urlsafe_decode64(content)
        nonce = decoded_content[0...@box.nonce_bytes]
        cipher_text = decoded_content[@box.nonce_bytes..]

        @box.decrypt(nonce, cipher_text)
      end

      def self.encrypt(content, soft: false)
        instance.encrypt(content, soft:)
      end

      def self.decrypt(content)
        instance.decrypt(content)
      end
    end
  end
end