apache_secure_download 0.0.5.228 → 0.0.6.229
Sign up to get free protection for your applications and to get access to all the features.
- data/ChangeLog +5 -0
- data/README +1 -1
- data/lib/apache/secure_download/version.rb +1 -1
- data/lib/apache/secure_download.rb +9 -24
- metadata +1 -1
data/ChangeLog
CHANGED
data/README
CHANGED
@@ -37,8 +37,12 @@ module Apache
|
|
37
37
|
# Creates a new RubyAccessHandler instance for the Apache web server.
|
38
38
|
# The argument +secret+ is the shared secret string that the application
|
39
39
|
# uses to create valid URLs (tokens).
|
40
|
-
def initialize(secret)
|
41
|
-
raise ArgumentError, 'secret string missing' unless
|
40
|
+
def initialize(secret, options = {})
|
41
|
+
raise ArgumentError, 'secret string missing' unless secret.is_a?(String)
|
42
|
+
|
43
|
+
@secret = secret
|
44
|
+
@allow = options[:allow]
|
45
|
+
@deny = options[:deny]
|
42
46
|
end
|
43
47
|
|
44
48
|
# Checks whether the current +request+ satisfies the following requirements:
|
@@ -49,6 +53,9 @@ module Apache
|
|
49
53
|
# If either condition doesn't hold true, access to the requested resource
|
50
54
|
# is forbidden!
|
51
55
|
def check_access(request)
|
56
|
+
return FORBIDDEN if @deny && request.uri =~ @deny
|
57
|
+
return OK if @allow && request.uri =~ @allow
|
58
|
+
|
52
59
|
timestamp = request.param('timestamp')
|
53
60
|
|
54
61
|
return FORBIDDEN if timestamp.to_i < Time.now.to_i
|
@@ -57,28 +64,6 @@ module Apache
|
|
57
64
|
return OK
|
58
65
|
end
|
59
66
|
|
60
|
-
class AlwaysOK
|
61
|
-
|
62
|
-
include Singleton
|
63
|
-
|
64
|
-
# Simply allow all requests.
|
65
|
-
def check_access(request)
|
66
|
-
return OK
|
67
|
-
end
|
68
|
-
|
69
|
-
end
|
70
|
-
|
71
|
-
class AlwaysFORBIDDEN
|
72
|
-
|
73
|
-
include Singleton
|
74
|
-
|
75
|
-
# Deny all requests, no matter what.
|
76
|
-
def check_access(request)
|
77
|
-
return FORBIDDEN
|
78
|
-
end
|
79
|
-
|
80
|
-
end
|
81
|
-
|
82
67
|
end
|
83
68
|
|
84
69
|
end
|