apache_secure_download 0.0.6.229 → 0.0.7.230
Sign up to get free protection for your applications and to get access to all the features.
- data/ChangeLog +5 -0
- data/README +5 -1
- data/lib/apache/secure_download/util.rb +5 -1
- data/lib/apache/secure_download/version.rb +1 -1
- data/lib/apache/secure_download.rb +6 -4
- metadata +2 -2
data/ChangeLog
CHANGED
data/README
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
== VERSION
|
4
4
|
|
5
|
-
This documentation refers to apache_secure_download version 0.0.
|
5
|
+
This documentation refers to apache_secure_download version 0.0.7
|
6
6
|
|
7
7
|
|
8
8
|
== DESCRIPTION
|
@@ -12,7 +12,11 @@ Place the following snippet in your Apache config:
|
|
12
12
|
# protect files by Apache Secure Download
|
13
13
|
<IfModule mod_ruby.c>
|
14
14
|
RubyRequire apache/ruby-run
|
15
|
+
|
15
16
|
RubyRequire /path/to/apache_secure_download
|
17
|
+
# or
|
18
|
+
#RubyRequire rubygems
|
19
|
+
#RubyRequire apache/secure_download
|
16
20
|
|
17
21
|
<Location /secure>
|
18
22
|
# pass your shared secret string to the handler -- secret means SECRET!
|
@@ -37,9 +37,13 @@ module Apache
|
|
37
37
|
|
38
38
|
extend self
|
39
39
|
|
40
|
+
QUERY_RE = %r{([?&])timestamp=.*?&token=.*?(&|\z)}o
|
41
|
+
|
40
42
|
# Computes the token from +secret+, +path+, and +timestamp+.
|
41
43
|
def token(secret, path, timestamp)
|
42
|
-
Digest::SHA1.hexdigest(
|
44
|
+
Digest::SHA1.hexdigest(
|
45
|
+
secret + path.sub(QUERY_RE) { $1 unless $2.empty? } + timestamp.to_s
|
46
|
+
)
|
43
47
|
end
|
44
48
|
|
45
49
|
# Creates a valid URL to the secured resource, identified by +url+. The
|
@@ -38,11 +38,13 @@ module Apache
|
|
38
38
|
# The argument +secret+ is the shared secret string that the application
|
39
39
|
# uses to create valid URLs (tokens).
|
40
40
|
def initialize(secret, options = {})
|
41
|
-
raise ArgumentError, 'secret string missing' unless secret.is_a?(String)
|
42
|
-
|
43
41
|
@secret = secret
|
44
|
-
@allow = options[:allow]
|
45
42
|
@deny = options[:deny]
|
43
|
+
@allow = options[:allow]
|
44
|
+
|
45
|
+
raise ArgumentError, 'secret string missing' unless @secret.is_a?(String)
|
46
|
+
raise ArgumentError, ':deny is not a regexp' unless @deny.nil? || @deny.is_a?(Regexp)
|
47
|
+
raise ArgumentError, ':allow is not a regexp' unless @allow.nil? || @allow.is_a?(Regexp)
|
46
48
|
end
|
47
49
|
|
48
50
|
# Checks whether the current +request+ satisfies the following requirements:
|
@@ -59,7 +61,7 @@ module Apache
|
|
59
61
|
timestamp = request.param('timestamp')
|
60
62
|
|
61
63
|
return FORBIDDEN if timestamp.to_i < Time.now.to_i
|
62
|
-
return FORBIDDEN if request.param('token') != Util.token(@secret, request.
|
64
|
+
return FORBIDDEN if request.param('token') != Util.token(@secret, request.unparsed_uri, timestamp)
|
63
65
|
|
64
66
|
return OK
|
65
67
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apache_secure_download
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7.230
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jens Wille
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-03-
|
12
|
+
date: 2008-03-31 00:00:00 +02:00
|
13
13
|
default_executable:
|
14
14
|
dependencies: []
|
15
15
|
|