apache_secure_download 0.0.1.207 → 0.0.2.213
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/ChangeLog +5 -0
- data/README +14 -2
- data/Rakefile +1 -1
- data/lib/apache/secure_download/util.rb +57 -0
- data/lib/{apache_secure_download → apache/secure_download}/version.rb +1 -1
- data/lib/apache/secure_download.rb +52 -0
- metadata +5 -4
- data/lib/apache_secure_download.rb +0 -26
data/ChangeLog
CHANGED
data/README
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
== VERSION
|
|
4
4
|
|
|
5
|
-
This documentation refers to apache_secure_download version 0.0.
|
|
5
|
+
This documentation refers to apache_secure_download version 0.0.2
|
|
6
6
|
|
|
7
7
|
|
|
8
8
|
== DESCRIPTION
|
|
@@ -16,10 +16,22 @@ Place the following snippet in your Apache config:
|
|
|
16
16
|
|
|
17
17
|
<Location /secure>
|
|
18
18
|
# pass your shared secret string to the handler -- secret means SECRET!
|
|
19
|
-
RubyAccessHandler Apache::SecureDownload.new("secret
|
|
19
|
+
RubyAccessHandler Apache::SecureDownload.new("secret")
|
|
20
20
|
</Location>
|
|
21
21
|
</IfModule>
|
|
22
22
|
|
|
23
|
+
And create links to your resources with timestamp and token:
|
|
24
|
+
|
|
25
|
+
require 'apache/secure_download/util'
|
|
26
|
+
|
|
27
|
+
timestamp = 1.minute.from_now # e.g.
|
|
28
|
+
token = Apache::SecureDownload::Util.token("secret", path, timestamp)
|
|
29
|
+
|
|
30
|
+
url = path + "?timestamp=#{timestamp}&token=#{token}"
|
|
31
|
+
|
|
32
|
+
# or simply use the provided helper:
|
|
33
|
+
url = Apache::SecureDownload::Util.secure_url("secret", path, 1.minute.from_now)
|
|
34
|
+
|
|
23
35
|
|
|
24
36
|
== AUTHORS
|
|
25
37
|
|
data/Rakefile
CHANGED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
#--
|
|
2
|
+
###############################################################################
|
|
3
|
+
# #
|
|
4
|
+
# A component of apache_secure_download. #
|
|
5
|
+
# #
|
|
6
|
+
# Copyright (C) 2008 University of Cologne, #
|
|
7
|
+
# Albertus-Magnus-Platz, #
|
|
8
|
+
# 50932 Cologne, Germany #
|
|
9
|
+
# #
|
|
10
|
+
# Authors: #
|
|
11
|
+
# Jens Wille <jens.wille@uni-koeln.de> #
|
|
12
|
+
# #
|
|
13
|
+
# apache_secure_download is free software: you can redistribute it and/or #
|
|
14
|
+
# modify it under the terms of the GNU General Public License as published by #
|
|
15
|
+
# the Free Software Foundation, either version 3 of the License, or (at your #
|
|
16
|
+
# option) any later version. #
|
|
17
|
+
# #
|
|
18
|
+
# apache_secure_download is distributed in the hope that it will be useful, #
|
|
19
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
20
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General #
|
|
21
|
+
# Public License for more details. #
|
|
22
|
+
# #
|
|
23
|
+
# You should have received a copy of the GNU General Public License along #
|
|
24
|
+
# with apache_secure_download. If not, see <http://www.gnu.org/licenses/>. #
|
|
25
|
+
# #
|
|
26
|
+
###############################################################################
|
|
27
|
+
#++
|
|
28
|
+
|
|
29
|
+
require 'digest/sha1'
|
|
30
|
+
require 'uri'
|
|
31
|
+
|
|
32
|
+
module Apache
|
|
33
|
+
|
|
34
|
+
class SecureDownload
|
|
35
|
+
|
|
36
|
+
module Util
|
|
37
|
+
|
|
38
|
+
extend self
|
|
39
|
+
|
|
40
|
+
def token(secret, path, timestamp)
|
|
41
|
+
Digest::SHA1.hexdigest(secret + path + timestamp.to_s)
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def secure_url(secret, url, timestamp = Time.now + 60)
|
|
45
|
+
path, _, query = URI.split(url)[5..7]
|
|
46
|
+
path << '?' << query if query
|
|
47
|
+
|
|
48
|
+
timestamp = timestamp.to_i
|
|
49
|
+
|
|
50
|
+
url + "#{query ? '&' : '?'}timestamp=#{timestamp}&token=#{token(secret, path, timestamp)}"
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
end
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
#--
|
|
2
|
+
###############################################################################
|
|
3
|
+
# #
|
|
4
|
+
# apache_secure_download -- Apache module providing secure downloading #
|
|
5
|
+
# functionality #
|
|
6
|
+
# #
|
|
7
|
+
# Copyright (C) 2008 University of Cologne, #
|
|
8
|
+
# Albertus-Magnus-Platz, #
|
|
9
|
+
# 50932 Cologne, Germany #
|
|
10
|
+
# #
|
|
11
|
+
# Authors: #
|
|
12
|
+
# Jens Wille <jens.wille@uni-koeln.de> #
|
|
13
|
+
# #
|
|
14
|
+
# apache_secure_download is free software: you can redistribute it and/or #
|
|
15
|
+
# modify it under the terms of the GNU General Public License as published by #
|
|
16
|
+
# the Free Software Foundation, either version 3 of the License, or (at your #
|
|
17
|
+
# option) any later version. #
|
|
18
|
+
# #
|
|
19
|
+
# apache_secure_download is distributed in the hope that it will be useful, #
|
|
20
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
21
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General #
|
|
22
|
+
# Public License for more details. #
|
|
23
|
+
# #
|
|
24
|
+
# You should have received a copy of the GNU General Public License along #
|
|
25
|
+
# with apache_secure_download. If not, see <http://www.gnu.org/licenses/>. #
|
|
26
|
+
# #
|
|
27
|
+
###############################################################################
|
|
28
|
+
#++
|
|
29
|
+
|
|
30
|
+
require 'rubygems'
|
|
31
|
+
require 'apache/secure_download/util'
|
|
32
|
+
|
|
33
|
+
module Apache
|
|
34
|
+
|
|
35
|
+
class SecureDownload
|
|
36
|
+
|
|
37
|
+
def initialize(secret)
|
|
38
|
+
raise ArgumentError, 'secret string missing' unless @secret = secret
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def check_access(request)
|
|
42
|
+
timestamp = request.param('timestamp')
|
|
43
|
+
|
|
44
|
+
return FORBIDDEN if timestamp.to_i < Time.now.to_i
|
|
45
|
+
return FORBIDDEN if request.param('token') != Util.token(@secret, request.uri, timestamp)
|
|
46
|
+
|
|
47
|
+
return OK
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apache_secure_download
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2.213
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jens Wille
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2008-02-
|
|
12
|
+
date: 2008-02-20 00:00:00 +01:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies: []
|
|
15
15
|
|
|
@@ -24,8 +24,9 @@ extra_rdoc_files:
|
|
|
24
24
|
- ChangeLog
|
|
25
25
|
- README
|
|
26
26
|
files:
|
|
27
|
-
- lib/
|
|
28
|
-
- lib/
|
|
27
|
+
- lib/apache/secure_download.rb
|
|
28
|
+
- lib/apache/secure_download/version.rb
|
|
29
|
+
- lib/apache/secure_download/util.rb
|
|
29
30
|
- COPYING
|
|
30
31
|
- README
|
|
31
32
|
- ChangeLog
|
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
require 'digest/sha1'
|
|
2
|
-
|
|
3
|
-
module Apache
|
|
4
|
-
|
|
5
|
-
class SecureDownload
|
|
6
|
-
|
|
7
|
-
def initialize(secret)
|
|
8
|
-
raise ArgumentError, 'secret string missing' unless @secret = secret
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def check_access(request)
|
|
12
|
-
return FORBIDDEN if request.param('timestamp').to_i < Time.now.to_i
|
|
13
|
-
return FORBIDDEN if request.param('token') != compute_token(request)
|
|
14
|
-
|
|
15
|
-
return OK
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
private
|
|
19
|
-
|
|
20
|
-
def compute_token(request)
|
|
21
|
-
Digest::SHA1.hexdigest(@secret + request.uri + request.param('timestamp'))
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
end
|