attache-api 1.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ad7f4dc9aa75177f763af313edbd2e729b12fd28
-  data.tar.gz: 8af7b0c32da05e86e13ed5964af69b6833615782
+  metadata.gz: fa024a85df979d4be9c55f08f9d1c8aef72ea2c7
+  data.tar.gz: 4bb7aadcb7d7b85894f37b610ab0e69a7abe7715
 SHA512:
-  metadata.gz: ce5a320b2c0c8652691f8f54c3ab8ed5b910a89a162c07056add5d79ab73ae06b7084ff2d6c6770d30506020d5dbc92898eb45701c195c5d654c6231d7034f41
-  data.tar.gz: 9d63f22d41a181eea617f85dbb843049404c98fb3fe7e64b0a690061a7d154313129994df0fa4eefa47327184a253e198987f0b9b91f683dedd414980bd1e830
+  metadata.gz: 11b1c84cc48a7eb82ee3c554e6402e890667e79af1ca06a03468b55a315fc42cb18ff3f24ef20b64cf9492932e6f9b78dd3a10a65fbfbcfeebdf183c8ea06e7b
+  data.tar.gz: c65f02cdf1a4d613846a9e21cee0ed21086ea78534cd86482f077cde1a467797928171ed4dc9078984a581bb4ecc4d7d0040ef0ba1895c492a3040bff7fc44aa

data/lib/attache/api/model.rb

@@ -13,6 +13,13 @@ module Attache
         Utils.array(attr_value).inject([]) do |sum, obj|
           sum + Utils.array(obj && obj.tap {|attrs|
             attrs['url'] = V1.attache_url_for(attrs['path'], geometry)
+            attrs.delete 'signature'
+            attrs.delete 'multiple' # legacy extraneous attribute that affects signature
+
+            # add signature
+            Attache::API::V1.attache_signature_for(attrs) do |generated_signature|
+              attrs['signature'] = generated_signature
+            end
           })
         end
       end
@@ -22,6 +29,15 @@ module Attache
           hash = value.respond_to?(:read) && V1.attache_upload(value) || value
           hash = JSON.parse(hash.to_s) rescue Hash(error: $!) unless hash.kind_of?(Hash)
           okay = hash.respond_to?(:[]) && (hash['path'] || hash[:path])
+
+          # check signature
+          Attache::API::V1.attache_signature_for(hash) do |generated_signature|
+            if generated_signature == hash['signature']
+              hash.delete 'signature'
+            else
+              okay = nil
+            end
+          end
           okay ? sum + [hash] : sum
         }
         Utils.array(new_value)

data/lib/attache/api/v1.rb

@@ -83,6 +83,16 @@ module Attache
         raise
       end
 
+      def attache_signature_for(hash)
+        if ATTACHE_SECRET_KEY.to_s.strip != ""
+          hash_without_signature = hash.reject {|k,v| k == 'signature' || k == 'multiple'}
+          content = hash_without_signature.sort.collect {|k,v| "#{k}=#{v}" }.join('&')
+          generated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ATTACHE_SECRET_KEY, content)
+          yield generated_signature if block_given?
+          generated_signature
+        end
+      end
+
       self.extend(self)
     end
   end

data/lib/attache/api/version.rb

@@ -1,5 +1,5 @@
 module Attache
   module API
-    VERSION = "1.0.0"
+    VERSION = "2.0.1"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: attache-api
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - choonkeat
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-16 00:00:00.000000000 Z
+date: 2016-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httpclient
@@ -130,7 +130,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: API for client lib to integrate with attache server