From 019902872bff9de73afc4ce9795c17e47480808e Mon Sep 17 00:00:00 2001 From: Thein Lin Kyaw Date: Thu, 17 Aug 2023 15:53:13 +0630 Subject: [PATCH] update client key encryption --- app/controllers/clients_controller.rb | 11 +-- app/models/batch_line_item.rb | 133 +++++++++++++------------- app/models/client.rb | 12 ++- 3 files changed, 80 insertions(+), 76 deletions(-) diff --git a/app/controllers/clients_controller.rb b/app/controllers/clients_controller.rb index b984b96..963434d 100644 --- a/app/controllers/clients_controller.rb +++ b/app/controllers/clients_controller.rb @@ -24,11 +24,10 @@ class ClientsController < ApplicationController # POST /clients # POST /clients.json def create - @client = Client.new(client_params) + @client = Client.new(client_params) cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc") - key=cipher.random_key - secrect_key= Base64.encode64(key) - @client.secrect_key=secrect_key + secrect_key = cipher.random_key + @client.secrect_key = secrect_key respond_to do |format| if @client.save @@ -68,7 +67,7 @@ class ClientsController < ApplicationController # DELETE /clients/1.json def destroy message="Client was successfully destroyed." - + find_batch=Batch.find_by_id(@client.id) if !find_batch.nil? message='Unable to delete client named '+ @client.name.to_s+'.' @@ -90,6 +89,6 @@ class ClientsController < ApplicationController # Never trust parameters from the scary internet, only allow the white list through. def client_params - params.require(:client).permit(:name,:email, :phone, :address,:location_code) + params.require(:client).permit(:name,:email, :phone, :address,:location_code) end end diff --git a/app/models/batch_line_item.rb b/app/models/batch_line_item.rb index 0675292..fd752d2 100644 --- a/app/models/batch_line_item.rb +++ b/app/models/batch_line_item.rb @@ -1,15 +1,15 @@ class BatchLineItem < ApplicationRecord - belongs_to :batch - attr_accessor :secret_token - attr_accessor :location - attr_accessor :product_type + belongs_to :batch + attr_accessor :secret_token + attr_accessor :location + attr_accessor :product_type require 'digest/md5' CARD = "Card" WRISTBAND = "Wristband" ACCOUNT_CARD = "Account Card" - + def self.generate_account_no(location_code) super_merchant = "101" account_type='1' @@ -20,12 +20,12 @@ class BatchLineItem < ApplicationRecord account_no = super_merchant+account_type+location+random_account_no find_account_no = BatchLineItem.find_by_asset_identity(account_no) - if !find_account_no.nil? + if !find_account_no.nil? o = [('0'..'9')].map { |i| i.to_a }.flatten random_account_no = (0...9).map { o[rand(o.length)] }.join - account_no = super_merchant+account_type+location+random_account_no + account_no = super_merchant+account_type+location+random_account_no end - return account_no + return account_no end def self.generate_security_code @@ -33,11 +33,11 @@ class BatchLineItem < ApplicationRecord security_code = (0...8).map { o[rand(o.length)] }.join find_account_no = BatchLineItem.find_by_security_code(security_code) - if !find_account_no.nil? + if !find_account_no.nil? o = [('0'..'8')].map { |i| i.to_a }.flatten - security_code = (0...8).map { o[rand(o.length)] }.join + security_code = (0...8).map { o[rand(o.length)] }.join end - return security_code + return security_code end def self.generate_barcode @@ -45,12 +45,12 @@ class BatchLineItem < ApplicationRecord # barcode = (0...8).map { o[rand(o.length)] }.join barcode= rand(1_000_000_0..9_999_999_9) find_account_no = BatchLineItem.find_by_barcode(barcode) - if !find_account_no.nil? + if !find_account_no.nil? # o = [('0'..'9')].map { |i| i.to_a }.flatten - # barcode = (0...8).map { o[rand(o.length)] }.join - barcode = rand(1_000_000_0..9_999_999_9) + # barcode = (0...8).map { o[rand(o.length)] }.join + barcode = rand(1_000_000_0..9_999_999_9) end - return barcode + return barcode end def self.generate_serial_no(client_id) find_lookup=Lookup.find_by_name('generate_serial_no') @@ -58,52 +58,52 @@ class BatchLineItem < ApplicationRecord max_value=find_lookup.max_value max_value=max_value +1 prefix=find_lookup.prefix - max_length=find_lookup.max_length - sufix_len=max_length-prefix.length - sufix_str="0" * sufix_len - value_len= max_value.to_s.length - + max_length=find_lookup.max_length + sufix_len=max_length-prefix.length + sufix_str="0" * sufix_len + value_len= max_value.to_s.length + start=0 ends=sufix_len-value_len-1 sufix_str= sufix_str[start..ends] prefix_len=prefix.to_s.length client_len= client_id.to_s.length - ends= prefix_len -client_len -1 + ends= prefix_len -client_len -1 prefix=prefix[start..ends] prefix_str=prefix.to_s + client_id.to_s - serial_no=prefix_str.to_s+sufix_str+max_value.to_s - return serial_no + serial_no=prefix_str.to_s+sufix_str+max_value.to_s + return serial_no end end def self.to_csv(client_id,location_code) encrypt_key="" - - find_client=Client.find_by_id(client_id) + + find_client=Client.find_by_id(client_id) if !find_client.nil? - encrypt_key=find_client.secrect_key + encrypt_key=find_client.secrect_key end attributes = %w{serial_no asset_identity batch_id manufacture_uid asset_type secret_token location} CSV.generate(headers: true) do |csv| - csv << attributes - all.each do |encoder| - if encoder.product_type_id ==1 - - str="account_no="+encoder.asset_identity.to_s+"&manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s - + csv << attributes + all.each do |encoder| + if encoder.product_type_id ==1 + + str="account_no="+encoder.asset_identity.to_s+"&manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s + elsif encoder.product_type_id == 3 - + attributes = attributes+ %w{security_code} str="account_no="+encoder.asset_identity.to_s+"&manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s+"&security_code="+encoder.security_code.to_s - else - str="manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s - end + else + str="manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s + end - encryptd_data=BatchLineItem.encrypted(str,encrypt_key) + encryptd_data=BatchLineItem.encrypted(str,encrypt_key) encoder.secret_token=encryptd_data - encoder.location=location_code + encoder.location=location_code csv << attributes.map{ |attr| encoder.send(attr)} end end @@ -111,50 +111,47 @@ class BatchLineItem < ApplicationRecord def self.to_csv_seller(client_id,location_code) encrypt_key="" - - find_client=Client.find_by_id(client_id) + + find_client=Client.find_by_id(client_id) if !find_client.nil? - encrypt_key=find_client.secrect_key + encrypt_key=find_client.secrect_key end attributes = %w{serial_no asset_identity batch_id manufacture_uid asset_type secret_token location barcode} CSV.generate(headers: true) do |csv| - csv << attributes - all.each do |encoder| - if encoder.product_type_id ==1 - - str="account_no="+encoder.asset_identity.to_s+"&manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s - + csv << attributes + all.each do |encoder| + if encoder.product_type_id ==1 + + str="account_no="+encoder.asset_identity.to_s+"&manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s + elsif encoder.product_type_id == 3 - + attributes = attributes+ %w{security_code} str="account_no="+encoder.asset_identity.to_s+"&manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s+"&security_code="+encoder.security_code.to_s - else + else str="manufacture_uid="+encoder.manufacture_uid.to_s+"&serial_no="+encoder.serial_no.to_s+"&barcode="+encoder.barcode.to_s - end + end - encryptd_data=BatchLineItem.encrypted(str,encrypt_key) + encryptd_data=BatchLineItem.encrypted(str,encrypt_key) encoder.secret_token=encryptd_data - encoder.location=location_code + encoder.location=location_code csv << attributes.map{ |attr| encoder.send(attr)} end end end - def self.encrypted(message,encrypt_key) - cipher = OpenSSL::Cipher::Cipher.new("aes-128-cbc") + def self.encrypted(message,encrypt_key) + cipher = OpenSSL::Cipher.new("aes-256-cbc") cipher.encrypt - key = Digest::SHA1.hexdigest(encrypt_key) - iv =encrypt_key - cipher.key = encrypt_key - cipher.iv = encrypt_key + cipher.iv = encrypt_key[0,16] encrypted = cipher.update(message) encrypted << cipher.final encrypted=Base64.encode64(encrypted) - return encrypted + return encrypted end def self.create_product(asset_identity,serial_no,batch_id,manufacture_uid,card_type,security_code=nil) batchLineItem=BatchLineItem.new @@ -175,7 +172,7 @@ class BatchLineItem < ApplicationRecord max_serail_no=lookup.max_value lookup.max_value=max_serail_no.to_i+1 lookup.save - + card_qty=batch.qty_processing.to_i success_qty=batch.qty_success @@ -190,15 +187,15 @@ class BatchLineItem < ApplicationRecord batch.save @result=false,'Error occurs in registration encoder!' - end - end + end + end def self.get_array - arr=Array.new + arr=Array.new (1..100).each do |i| - str= SecureRandom.hex - uid=str[0..13] + str= SecureRandom.hex + uid=str[0..13] arr.push(uid) - end - @arr=arr - end + end + @arr=arr + end end diff --git a/app/models/client.rb b/app/models/client.rb index b7cb74d..282d811 100644 --- a/app/models/client.rb +++ b/app/models/client.rb @@ -1,6 +1,14 @@ class Client < ApplicationRecord validates :name, presence: { message: "Please enter client name." } - validates :name, :uniqueness => {:message =>"This client name is already taken." } ,on: :create + validates :name, :uniqueness => {:message =>"This client name is already taken." } ,on: :create validates :location_code ,presence: { message: "Please enter client location code." } - validates :location_code, :uniqueness => {:message =>"This location code is already taken." } ,on: :create + validates :location_code, :uniqueness => {:message =>"This location code is already taken." } ,on: :create + + def secrect_key + Base64.decode64(super) + end + + def secrect_key=(value) + super(Base64.encode64(value)) + end end