apache_secure_download 0.0.6.229 → 0.0.7.230
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/ChangeLog +5 -0
- data/README +5 -1
- data/lib/apache/secure_download/util.rb +5 -1
- data/lib/apache/secure_download/version.rb +1 -1
- data/lib/apache/secure_download.rb +6 -4
- metadata +2 -2
data/ChangeLog
CHANGED
data/README
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
== VERSION
|
4
4
|
|
5
|
-
This documentation refers to apache_secure_download version 0.0.
|
5
|
+
This documentation refers to apache_secure_download version 0.0.7
|
6
6
|
|
7
7
|
|
8
8
|
== DESCRIPTION
|
@@ -12,7 +12,11 @@ Place the following snippet in your Apache config:
|
|
12
12
|
# protect files by Apache Secure Download
|
13
13
|
<IfModule mod_ruby.c>
|
14
14
|
RubyRequire apache/ruby-run
|
15
|
+
|
15
16
|
RubyRequire /path/to/apache_secure_download
|
17
|
+
# or
|
18
|
+
#RubyRequire rubygems
|
19
|
+
#RubyRequire apache/secure_download
|
16
20
|
|
17
21
|
<Location /secure>
|
18
22
|
# pass your shared secret string to the handler -- secret means SECRET!
|
@@ -37,9 +37,13 @@ module Apache
|
|
37
37
|
|
38
38
|
extend self
|
39
39
|
|
40
|
+
QUERY_RE = %r{([?&])timestamp=.*?&token=.*?(&|\z)}o
|
41
|
+
|
40
42
|
# Computes the token from +secret+, +path+, and +timestamp+.
|
41
43
|
def token(secret, path, timestamp)
|
42
|
-
Digest::SHA1.hexdigest(
|
44
|
+
Digest::SHA1.hexdigest(
|
45
|
+
secret + path.sub(QUERY_RE) { $1 unless $2.empty? } + timestamp.to_s
|
46
|
+
)
|
43
47
|
end
|
44
48
|
|
45
49
|
# Creates a valid URL to the secured resource, identified by +url+. The
|
@@ -38,11 +38,13 @@ module Apache
|
|
38
38
|
# The argument +secret+ is the shared secret string that the application
|
39
39
|
# uses to create valid URLs (tokens).
|
40
40
|
def initialize(secret, options = {})
|
41
|
-
raise ArgumentError, 'secret string missing' unless secret.is_a?(String)
|
42
|
-
|
43
41
|
@secret = secret
|
44
|
-
@allow = options[:allow]
|
45
42
|
@deny = options[:deny]
|
43
|
+
@allow = options[:allow]
|
44
|
+
|
45
|
+
raise ArgumentError, 'secret string missing' unless @secret.is_a?(String)
|
46
|
+
raise ArgumentError, ':deny is not a regexp' unless @deny.nil? || @deny.is_a?(Regexp)
|
47
|
+
raise ArgumentError, ':allow is not a regexp' unless @allow.nil? || @allow.is_a?(Regexp)
|
46
48
|
end
|
47
49
|
|
48
50
|
# Checks whether the current +request+ satisfies the following requirements:
|
@@ -59,7 +61,7 @@ module Apache
|
|
59
61
|
timestamp = request.param('timestamp')
|
60
62
|
|
61
63
|
return FORBIDDEN if timestamp.to_i < Time.now.to_i
|
62
|
-
return FORBIDDEN if request.param('token') != Util.token(@secret, request.
|
64
|
+
return FORBIDDEN if request.param('token') != Util.token(@secret, request.unparsed_uri, timestamp)
|
63
65
|
|
64
66
|
return OK
|
65
67
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apache_secure_download
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7.230
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jens Wille
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-03-
|
12
|
+
date: 2008-03-31 00:00:00 +02:00
|
13
13
|
default_executable:
|
14
14
|
dependencies: []
|
15
15
|
|