apache_secure_download 0.0.3.217 → 0.0.4.218
Sign up to get free protection for your applications and to get access to all the features.
- data/ChangeLog +6 -3
- data/README +3 -1
- data/lib/apache/secure_download/util.rb +44 -0
- data/lib/apache/secure_download/version.rb +1 -1
- data/lib/apache/secure_download.rb +10 -0
- metadata +2 -2
data/ChangeLog
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
= Revision history for apache_secure_download
|
|
2
2
|
|
|
3
|
+
== 0.0.4 [2008-02-26]
|
|
4
|
+
|
|
5
|
+
* Some documentation, at last
|
|
6
|
+
|
|
3
7
|
== 0.0.3 [2008-02-25]
|
|
4
8
|
|
|
5
|
-
* Apache::SecureDownload::Util.secure_url
|
|
6
|
-
|
|
7
|
-
** can create cacheable URLs by setting the <tt>:cache</tt> option
|
|
9
|
+
* Apache::SecureDownload::Util.secure_url also takes a hash with options instead of explicit expiration time
|
|
10
|
+
* Apache::SecureDownload::Util.secure_url can create cacheable URLs by setting the <tt>:cache</tt> option
|
|
8
11
|
|
|
9
12
|
== 0.0.2 [2008-02-20]
|
|
10
13
|
|
data/README
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
== VERSION
|
|
4
4
|
|
|
5
|
-
This documentation refers to apache_secure_download version 0.0.
|
|
5
|
+
This documentation refers to apache_secure_download version 0.0.4
|
|
6
6
|
|
|
7
7
|
|
|
8
8
|
== DESCRIPTION
|
|
@@ -38,6 +38,8 @@ And create links to your resources with timestamp and token:
|
|
|
38
38
|
# specify expiration time using an offset (results in Time.now + 60; also includes caching for 60 seconds):
|
|
39
39
|
url = Apache::SecureDownload::Util.secure_url("secret", path, :offset => 60)
|
|
40
40
|
|
|
41
|
+
See Apache::SecureDownload::Util.secure_url for more examples.
|
|
42
|
+
|
|
41
43
|
|
|
42
44
|
== AUTHORS
|
|
43
45
|
|
|
@@ -37,10 +37,54 @@ module Apache
|
|
|
37
37
|
|
|
38
38
|
extend self
|
|
39
39
|
|
|
40
|
+
# Computes the token from +secret+, +path+, and +timestamp+.
|
|
40
41
|
def token(secret, path, timestamp)
|
|
41
42
|
Digest::SHA1.hexdigest(secret + path + timestamp.to_s)
|
|
42
43
|
end
|
|
43
44
|
|
|
45
|
+
# Creates a valid URL to the secured resource, identified by +url+. The
|
|
46
|
+
# argument +secret+ is the shared secret string that has been passed to
|
|
47
|
+
# the relevant RubyAccessHandler instance (cf. SecureDownload.new).
|
|
48
|
+
#
|
|
49
|
+
# The expiration time may be either given as a Time (or Integer), or as
|
|
50
|
+
# a Hash with the following parameters:
|
|
51
|
+
#
|
|
52
|
+
# <tt>:expires</tt>:: Same as for the simple +expires+ argument
|
|
53
|
+
# <tt>:offset</tt>:: The amount of seconds in the future (only if
|
|
54
|
+
# <tt>:expires</tt> is not given)
|
|
55
|
+
# <tt>:cache</tt>:: A time window for which identical URLs shall be
|
|
56
|
+
# produced, on average (defaults to <tt>:offset</tt>,
|
|
57
|
+
# if given)
|
|
58
|
+
#
|
|
59
|
+
# Examples (<tt>s = "secret"</tt>):
|
|
60
|
+
#
|
|
61
|
+
# # Only the path component (and an optional query component) will be taken into account
|
|
62
|
+
# secure_url(s, "/secure/url") #=> "/secure/url?timestamp=1204024618&token=4dd9ebe9d3c9bc0efbeea7e1ee453a8c41d5e04d"
|
|
63
|
+
# secure_url(s, "http://example.com/secure/url") #=> "http://example.com/secure/url?timestamp=1204024618&token=4dd9ebe9d3c9bc0efbeea7e1ee453a8c41d5e04d"
|
|
64
|
+
# secure_url(s, "/secure/url?query=value") #=> "/secure/url?query=value×tamp=1204024618&token=4732b30f5899821426bd0c15da363c60cc4f943b"
|
|
65
|
+
#
|
|
66
|
+
# # Expires in 10 minutes
|
|
67
|
+
# secure_url(s, "/secure/url", Time.now + 600) #=> "/secure/url?timestamp=1204025158&token=efefcd93f8065836cf576b34e1849075c3d56bbf"
|
|
68
|
+
# secure_url(s, "/secure/url", :offset => 600) #=> "/secure/url?timestamp=1204026000&token=58eb12f9fc3fcd984fe4e918d3fd0590392c172d"
|
|
69
|
+
#
|
|
70
|
+
# # Setting an offset will also allow caching; turn it off explicitly
|
|
71
|
+
# secure_url(s, "/secure/url", :offset => 600, :cache => false) #=> "/secure/url?timestamp=1204025158&token=efefcd93f8065836cf576b34e1849075c3d56bbf"
|
|
72
|
+
#
|
|
73
|
+
# # Produce identical URLs for a window of 1 minute (on average)
|
|
74
|
+
# t = Time.now
|
|
75
|
+
# secure_url(s, "/secure/url", :expires => t, :cache => 60) #=> "/secure/url?timestamp=1204024620&token=d4f9145f45c5826b50506c770cc204e22c3b7a21"
|
|
76
|
+
# secure_url(s, "/secure/url", :expires => t + 30, :cache => 60) #=> "/secure/url?timestamp=1204024620&token=d4f9145f45c5826b50506c770cc204e22c3b7a21"
|
|
77
|
+
# secure_url(s, "/secure/url", :expires => t + 60, :cache => 60) #=> "/secure/url?timestamp=1204024680&token=ccf279daf1787d34ad063cbf5851ee88aae967fb"
|
|
78
|
+
# secure_url(s, "/secure/url", :expires => t + 90, :cache => 60) #=> "/secure/url?timestamp=1204024680&token=ccf279daf1787d34ad063cbf5851ee88aae967fb"
|
|
79
|
+
#
|
|
80
|
+
# # Same as before, but use offset
|
|
81
|
+
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?timestamp=1204024680&token=ccf279daf1787d34ad063cbf5851ee88aae967fb"
|
|
82
|
+
# # 30 seconds later...
|
|
83
|
+
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?timestamp=1204024680&token=ccf279daf1787d34ad063cbf5851ee88aae967fb"
|
|
84
|
+
# # 30 seconds later...
|
|
85
|
+
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?timestamp=1204024740&token=c7dcea5679ad539a7bad1dc4b7f44eb3dd36d6e8"
|
|
86
|
+
# # 30 seconds later...
|
|
87
|
+
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?timestamp=1204024740&token=c7dcea5679ad539a7bad1dc4b7f44eb3dd36d6e8"
|
|
44
88
|
def secure_url(secret, url, expires = Time.now + 60)
|
|
45
89
|
path, _, query = URI.split(url)[5..7]
|
|
46
90
|
path << '?' << query if query
|
|
@@ -34,10 +34,20 @@ module Apache
|
|
|
34
34
|
|
|
35
35
|
class SecureDownload
|
|
36
36
|
|
|
37
|
+
# Creates a new RubyAccessHandler instance for the Apache web server.
|
|
38
|
+
# The argument +secret+ is the shared secret string that the application
|
|
39
|
+
# uses to create valid URLs (tokens).
|
|
37
40
|
def initialize(secret)
|
|
38
41
|
raise ArgumentError, 'secret string missing' unless @secret = secret
|
|
39
42
|
end
|
|
40
43
|
|
|
44
|
+
# Checks whether the current +request+ satisfies the following requirements:
|
|
45
|
+
#
|
|
46
|
+
# 1. The expiration time lies in the future (i.e., not expired)
|
|
47
|
+
# 2. The token is valid for the requested URL and the given timestamp
|
|
48
|
+
#
|
|
49
|
+
# If either condition doesn't hold true, access to the requested resource
|
|
50
|
+
# is forbidden!
|
|
41
51
|
def check_access(request)
|
|
42
52
|
timestamp = request.param('timestamp')
|
|
43
53
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apache_secure_download
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4.218
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jens Wille
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2008-02-
|
|
12
|
+
date: 2008-02-26 00:00:00 +01:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies: []
|
|
15
15
|
|