azure-sas 0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 53b5149cc877e7373747a5803b482fba6172839a
+  data.tar.gz: 36508e8078da0ecc09bf016c1c2a83f2a7e8780a
+SHA512:
+  metadata.gz: d25a316b2ab6797abe5e84b105c4ed6c8807ed510ce5262d48820e795f6a0ecb6e8fe70acc18149b9224c24b83b38fbcf616dc76d4fadcd6b122c1706d39b915
+  data.tar.gz: acd524a09e1d61e79ea5ece34c485845947b39f1cd7ebf541af77ebdf9e6e3fc476e986f2215da58dbf8a4c739480c564c2d7abd2abd16c3e9239337d6023db5

data/.gitignore

@@ -0,0 +1,50 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,53 @@
+PATH
+  remote: .
+  specs:
+    azure-sas (0.1)
+      addressable
+      azure
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.0)
+      public_suffix (~> 2.0, >= 2.0.2)
+    azure (0.7.7)
+      addressable (~> 2.3)
+      azure-core (~> 0.1)
+      faraday (~> 0.9)
+      faraday_middleware (~> 0.10)
+      mime-types (>= 1, < 4.0)
+      nokogiri (~> 1.6)
+      systemu (~> 2.6)
+      thor (~> 0.19)
+    azure-core (0.1.6)
+      faraday (~> 0.9)
+      faraday_middleware (~> 0.10)
+      nokogiri (~> 1.6)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    faraday_middleware (0.11.0)
+      faraday (>= 0.7.4, < 1.0)
+    mime-types (3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0521)
+    mini_portile2 (2.1.0)
+    minitest (5.10.1)
+    multipart-post (2.0.0)
+    nokogiri (1.7.0.1)
+      mini_portile2 (~> 2.1.0)
+    public_suffix (2.0.5)
+    rake (12.0.0)
+    systemu (2.6.5)
+    thor (0.19.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  azure-sas!
+  bundler (~> 1.5)
+  minitest
+  rake
+
+BUNDLED WITH
+   1.13.6

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Michael Lutsiuk
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,6 @@
+# azure-sas
+Shared Access Signature generation for Azure
+
+I've implemented this for generating SAS for blobs on azure storage.
+https://github.com/giantmachines/azure-contrib was not suitable, because it
+depends on the deprecated version of `celluloid` and is not actively mainained.

data/Rakefile

@@ -0,0 +1,8 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+  t.test_files = FileList['test/**/*test.rb']
+end
+
+task default: :test

data/azure-sas.gemspec

@@ -0,0 +1,24 @@
+$:.unshift File.expand_path('../lib', __FILE__)
+require 'azure/sas'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'azure-sas'
+  spec.version       = Azure::SAS::VERSION
+  spec.authors       = ['Michael Lutsiuk']
+  spec.email         = ['michael.lutsiuk@gmail.com']
+  spec.summary       = 'Azure Shared Access Signature generation'
+  spec.description   = 'Implements the generation of Azure Shared Access Signature (SAS)'
+  spec.homepage      = ''
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.5'
+  spec.add_development_dependency 'rake', '~> 12.0'
+  spec.add_development_dependency 'minitest', '~> 5.10'
+  spec.add_dependency 'azure', '~> 0.7'
+  spec.add_dependency 'addressable', '~> 2.5'
+end

data/lib/azure/sas.rb

@@ -0,0 +1,65 @@
+require 'addressable/uri'
+require 'azure'
+require 'uri'
+require 'time'
+
+require 'azure/sas/version'
+require 'azure/sas/canonicalized_resource'
+require 'azure/sas/options'
+require 'azure/sas/string_to_sign'
+require 'azure/sas/sign'
+
+module Azure
+  # Generates an Azure Shared Access Signature
+  # @see https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/delegating-access-with-a-shared-access-signature
+  class SAS
+    class BLOB < SAS
+      def initialize(*)
+        super
+        @options.signedresource = BLOB_RESOURCE
+      end
+
+      def signature
+        canonicalized_resource = CanonicalizedResource.new(@storage_account, @uri, blob: true).generate
+        body = StringToSign::V20120212::Blob.new(canonicalized_resource, @options).generate
+        Sign.new(@storage_access_key, body).perform
+      end
+    end
+
+    WrongOptionsError = Class.new(StandardError)
+
+    BLOB_RESOURCE = 'b'.freeze
+    CONTAINER_RESOURCE = 'c'.freeze
+
+    SIGNATURE = 'sig'.freeze
+
+    def initialize(storage_access_key, storage_account, uri, options = {})
+      @uri = Addressable::URI.parse(uri)
+      @options = Options.new
+      @storage_access_key = storage_access_key
+      @storage_account = storage_account
+
+      options.each do |key, value|
+        @options.public_send("#{key}=", value)
+      end
+    end
+
+    def generate
+      uri = @uri.dup
+      uri.query_values = (uri.query_values || {}).merge(query_values)
+      uri.to_s
+    end
+
+    private
+
+    def query_values
+      @options
+        .to_query_values
+        .merge(SIGNATURE => signature)
+    end
+
+    def signature
+      raise 'Not implemented'
+    end
+  end
+end

data/lib/azure/sas/canonicalized_resource.rb

@@ -0,0 +1,27 @@
+require 'addressable/uri'
+require 'uri'
+
+module Azure
+  class SAS
+    class CanonicalizedResource
+      def initialize(storage_account, uri, blob: true)
+        @storage_account = storage_account
+        @uri = Addressable::URI.parse(uri)
+        @blob = blob
+      end
+
+      def generate
+        path = URI.unescape(@uri.path.to_s)
+
+        resource =
+          if @blob
+            [@storage_account, *path.split('/')]
+          else
+            [@storage_account, path.split('/')[0]]
+          end
+
+        File.join('/', *resource)
+      end
+    end
+  end
+end

data/lib/azure/sas/options.rb

@@ -0,0 +1,54 @@
+module Azure
+  class SAS
+    # Holds all possible options for a SAS generation
+    class Options
+      FIELDS = {
+        signedresource: :sr,
+        signedstart: :st,
+        signedexpiry: :se,
+        signedpermissions: :sp,
+        identifier: :si
+      }.freeze
+
+      attr_accessor(*FIELDS.keys)
+
+      def validate!
+        validate_option_value(
+          :signedresource,
+          signedresource,
+          BLOB_RESOURCE, CONTAINER_RESOURCE, nil
+        )
+
+        validate_option_type(:signedstart, signedstart, Time)
+        validate_option_type(:signedexpiry, signedstart, Time)
+      end
+
+      def to_query_values
+        {
+          signedresource: signedresource,
+          signedstart: signedstart && signedstart.utc.iso8601,
+          signedexpiry: signedexpiry && signedexpiry.utc.iso8601,
+          signedpermissions: signedpermissions,
+          identifier: identifier
+        }.map do |key, value|
+          [FIELDS.fetch(key), value] if value
+        end.compact.to_h
+      end
+
+      private
+
+      def validate_option_type(name, val, type)
+        unless val.is_a?(type)
+          raise WrongOptionsError,
+            "#{name.inspect} should be of type #{type}"
+        end
+      end
+
+      def validate_option_value(name, val, *allowed)
+        raise WrongOptionsError,
+          "#{val.inspect} is not allowed value for #{name.inspect}"\
+          " (Allowed: #{allowed.map(&:inspect).join(', ')}"
+      end
+    end
+  end
+end

data/lib/azure/sas/sign.rb

@@ -0,0 +1,20 @@
+module Azure
+  class SAS
+    class Sign
+      class << self
+        attr_accessor :backend
+      end
+
+      self.backend = Azure::Core::Auth::Signer
+
+      def initialize(key, body)
+        @key = key
+        @body = body
+      end
+
+      def perform
+        self.class.backend.new(@key).sign(@body)
+      end
+    end
+  end
+end

data/lib/azure/sas/string_to_sign.rb

@@ -0,0 +1,25 @@
+module Azure
+  class SAS
+    module StringToSign
+      module V20120212
+        # @see https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/constructing-a-service-sas
+        class Blob
+          def initialize(canonicalized_resource, options)
+            @canonicalized_resource = canonicalized_resource
+            @options = options
+          end
+
+          def generate
+            [
+              @options.signedpermissions.to_s,
+              (@options.signedstart && @options.signedstart.utc.iso8601).to_s,
+              (@options.signedexpiry && @options.signedexpiry.utc.iso8601).to_s,
+              @canonicalized_resource.to_s,
+              @options.identifier.to_s
+            ].compact.join("\n").force_encoding('UTF-8')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/azure/sas/version.rb

@@ -0,0 +1,5 @@
+module Azure
+  class SAS
+    VERSION = '0.1'.freeze
+  end
+end

data/test/azure/sas_test.rb

@@ -0,0 +1,70 @@
+require 'test_helper'
+require 'securerandom'
+
+class Azure::SasTest < Minitest::Test
+  def self.key
+    @key ||= SecureRandom.hex(10)
+  end
+
+  def self.storage
+    @storage ||= SecureRandom.hex(10)
+  end
+
+  def self.canonicalize(uri, blob: true)
+    ::Azure::SAS::CanonicalizedResource.new(storage, uri, blob: blob).generate
+  end
+
+  def self.signedstart
+    @signedstart ||= Time.now
+  end
+
+  def self.signedexpiry
+    @signedexpiry ||= Time.now
+  end
+
+  BLOB_EXAMPLES = {
+    [
+      'https://example.com/a',
+      {
+        signedresource: 'b',
+        signedpermissions: 'r',
+        signedstart: signedstart,
+        signedexpiry: signedexpiry
+      }
+    ] => [
+      'https://example.com/a?',
+      [
+        'se=',
+        signedexpiry.utc.iso8601
+      ].join,
+
+      [
+        '&sig=',
+        key,
+        'r',
+        signedstart.utc.iso8601,
+        signedexpiry.utc.iso8601,
+        canonicalize('https://example.com/a'),
+        ''
+      ].join,
+
+      '&sp=r&sr=b',
+      [
+        '&st=',
+        signedstart.utc.iso8601
+      ].join
+    ].join
+  }.freeze
+
+  def test_blob
+    BLOB_EXAMPLES.each do |args, expected|
+      actual = Azure::SAS::BLOB.new(
+        self.class.key,
+        self.class.storage,
+        *args
+      ).generate
+
+      assert_equal URI.escape(expected).to_s, URI.unescape(actual)
+    end
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,15 @@
+require 'bundler/setup'
+require 'minitest/autorun'
+require 'azure/sas'
+
+class TestSignBackend
+  def initialize(key)
+    @key = key
+  end
+
+  def sign(body)
+    @key.to_s + body.to_s.tr("\n \t", '')
+  end
+end
+
+Azure::SAS::Sign.backend = TestSignBackend

metadata

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification
+name: azure-sas
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- Michael Lutsiuk
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-01-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.10'
+- !ruby/object:Gem::Dependency
+  name: azure
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+description: Implements the generation of Azure Shared Access Signature (SAS)
+email:
+- michael.lutsiuk@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- azure-sas.gemspec
+- lib/azure/sas.rb
+- lib/azure/sas/canonicalized_resource.rb
+- lib/azure/sas/options.rb
+- lib/azure/sas/sign.rb
+- lib/azure/sas/string_to_sign.rb
+- lib/azure/sas/version.rb
+- test/azure/sas_test.rb
+- test/test_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: Azure Shared Access Signature generation
+test_files:
+- test/azure/sas_test.rb
+- test/test_helper.rb