bixby-auth 0.1.0

data/lib/api_auth/headers.rb

@@ -0,0 +1,82 @@
+module ApiAuth
+
+  # Builds the canonical string given a request object.
+  class Headers
+
+    include RequestDrivers
+
+    def initialize(request)
+      @original_request = request
+      @request = initialize_request_driver(request)
+      true
+    end
+
+    def initialize_request_driver(request)
+      clazz = request.class.to_s
+      if RequestDrivers.drivers.include?(clazz) then
+        return RequestDrivers.drivers[clazz].new(request)
+
+      elsif clazz == "ActionController::TestRequest" then
+        # special handling for rails 3 vs 4
+        if defined?(ActionDispatch) then
+          return ActionDispatchRequest.new(request)
+        else
+          return ActionControllerRequest.new(request)
+        end
+
+      elsif Module.const_defined?(:Rack) && Rack.const_defined?(:Request) && request.kind_of?(Rack::Request) then
+        # this goes last because TestRequest is also a subclass of Rack::Request
+        return RackRequest.new(request)
+      end
+
+      raise UnknownHTTPRequest, "#{clazz} is not yet supported."
+    end
+    private :initialize_request_driver
+
+    # Returns the request timestamp
+    def timestamp
+       @request.timestamp
+    end
+
+    # Returns the canonical string computed from the request's headers
+    def canonical_string
+      [ @request.content_type,
+        @request.content_md5,
+        @request.request_uri.gsub(/https?:\/\/[^(,|\?|\/)]*/,''), # remove host
+        @request.timestamp
+      ].join(",")
+    end
+
+    # Returns the authorization header from the request's headers
+    def authorization_header
+      @request.authorization_header
+    end
+
+    def set_date
+      @request.set_date if @request.timestamp.empty?
+    end
+
+    def calculate_md5
+      @request.populate_content_md5 if @request.content_md5.empty?
+    end
+
+    def md5_mismatch?
+      if @request.content_md5.empty?
+        false
+      else
+        @request.md5_mismatch?
+      end
+    end
+
+    # Sets the request's authorization header with the passed in value.
+    # The header should be the ApiAuth HMAC signature.
+    #
+    # This will return the original request object with the signed Authorization
+    # header already in place.
+    def sign_header(header)
+      @request.set_auth_header header
+    end
+
+  end
+
+end

data/lib/api_auth/helpers.rb

@@ -0,0 +1,39 @@
+module ApiAuth
+
+  module Helpers # :nodoc:
+
+    def b64_encode(string)
+      if Base64.respond_to?(:strict_encode64)
+        Base64.strict_encode64(string)
+      else
+        # Fall back to stripping out newlines on Ruby 1.8.
+        Base64.encode64(string).gsub(/\n/, '')
+      end
+    end
+
+    def md5_base64digest(string)
+      if Digest::MD5.respond_to?(:base64digest)
+        Digest::MD5.base64digest(string)
+      else
+        b64_encode(Digest::MD5.digest(string))
+      end
+    end
+
+    # Capitalizes the keys of a hash
+    def capitalize_keys(hsh)
+      capitalized_hash = {}
+      hsh.each_pair {|k,v| capitalized_hash[k.to_s.upcase] = v }
+      capitalized_hash
+    end
+
+    def time_as_httpdate
+      Helpers.time_as_httpdate
+    end
+
+    def self.time_as_httpdate
+      Time.now.utc.strftime("%a, %d %b %Y %T GMT")
+    end
+
+  end
+
+end

data/lib/api_auth/railtie.rb

@@ -0,0 +1,129 @@
+module ApiAuth
+
+  # Integration with Rails
+  #
+  class Rails # :nodoc:
+    
+    module ControllerMethods # :nodoc:
+      
+      module InstanceMethods # :nodoc:
+        
+        def get_api_access_id_from_request
+          ApiAuth.access_id(request)
+        end
+        
+        def api_authenticated?(secret_key)
+          ApiAuth.authentic?(request, secret_key)
+        end
+        
+      end
+      
+      unless defined?(ActionController)
+        begin
+          require 'rubygems'
+          gem 'actionpack'
+          gem 'activesupport'
+          require 'action_controller'
+          require 'active_support'
+        rescue LoadError
+          nil
+        end
+      end
+      
+      if defined?(ActionController::Base)        
+        ActionController::Base.send(:include, ControllerMethods::InstanceMethods)
+      end
+      
+    end # ControllerMethods
+  
+    module ActiveResourceExtension  # :nodoc:
+    
+      module ActiveResourceApiAuth # :nodoc:
+      
+        def self.included(base)
+          base.extend(ClassMethods)
+          
+          if base.respond_to?('class_attribute')
+            base.class_attribute :hmac_access_id
+            base.class_attribute :hmac_secret_key
+            base.class_attribute :use_hmac
+          else
+            base.class_inheritable_accessor :hmac_access_id            
+            base.class_inheritable_accessor :hmac_secret_key            
+            base.class_inheritable_accessor :use_hmac            
+          end
+        
+        end
+      
+        module ClassMethods
+
+          def with_api_auth(access_id, secret_key)
+            self.hmac_access_id = access_id
+            self.hmac_secret_key = secret_key
+            self.use_hmac = true
+          
+            class << self
+              alias_method_chain :connection, :auth
+            end
+          end
+        
+          def connection_with_auth(refresh = false) 
+            c = connection_without_auth(refresh)
+            c.hmac_access_id = self.hmac_access_id
+            c.hmac_secret_key = self.hmac_secret_key
+            c.use_hmac = self.use_hmac
+            c
+          end   
+               
+        end # class methods
+      
+        module InstanceMethods
+        end
+      
+      end # BaseApiAuth
+    
+      module Connection
+      
+        def self.included(base)
+          base.send :alias_method_chain, :request, :auth
+          base.class_eval do
+            attr_accessor :hmac_secret_key, :hmac_access_id, :use_hmac
+          end
+        end
+
+        def request_with_auth(method, path, *arguments)
+          if use_hmac && hmac_access_id && hmac_secret_key
+            h = arguments.last
+            tmp = "Net::HTTP::#{method.to_s.capitalize}".constantize.new(path, h)
+            tmp.body = arguments[0] if arguments.length > 1
+            ApiAuth.sign!(tmp, hmac_access_id, hmac_secret_key)
+            arguments.last['Content-MD5'] = tmp['Content-MD5'] if tmp['Content-MD5']
+            arguments.last['DATE'] = tmp['DATE']
+            arguments.last['Authorization'] = tmp['Authorization']
+          end
+        
+          request_without_auth(method, path, *arguments)
+        end
+      
+      end # Connection
+          
+      unless defined?(ActiveResource)
+        begin
+          require 'rubygems'
+          gem 'activeresource'
+          require 'active_resource'
+        rescue LoadError
+          nil
+        end
+      end
+    
+      if defined?(ActiveResource)
+        ActiveResource::Base.send(:include, ActiveResourceApiAuth)        
+        ActiveResource::Connection.send(:include, Connection)
+      end 
+        
+    end # ActiveResourceExtension
+  
+  end # Rails
+  
+end # ApiAuth

data/lib/api_auth/request_drivers/action_controller.rb

@@ -0,0 +1,84 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class ActionControllerRequest # :nodoc:
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request.env["Authorization"] = header
+        @headers = fetch_headers
+        @request
+      end
+
+      def calculated_md5
+        body = @request.raw_post
+        md5_base64digest(body)
+      end
+
+      def populate_content_md5
+        if @request.put? || @request.post?
+          @request.env["Content-MD5"] = calculated_md5
+        end
+      end
+
+      def md5_mismatch?
+        if @request.put? || @request.post?
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+
+      def fetch_headers
+        capitalize_keys @request.env
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5 HTTP_CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.request_uri
+      end
+
+      def set_date
+        @request.env['HTTP_DATE'] = time_as_httpdate
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+
+    end
+
+    drivers["ActionController::Request"]    = ActionControllerRequest
+    drivers["ActionController::CgiRequest"] = ActionControllerRequest
+
+  end
+
+end

data/lib/api_auth/request_drivers/action_dispatch.rb

@@ -0,0 +1,17 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class ActionDispatchRequest < ActionControllerRequest # :nodoc:
+
+      def request_uri
+        @request.fullpath
+      end
+
+    end
+
+    drivers["ActionDispatch::Request"] = ActionDispatchRequest
+
+  end
+
+end

data/lib/api_auth/request_drivers/bixby_request.rb

@@ -0,0 +1,65 @@
+
+module ApiAuth
+  module RequestDrivers
+
+    class BixbyRequest
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = request.headers
+        true
+      end
+
+      def set_auth_header(header)
+        @headers["Authorization"] = header
+        @request
+      end
+
+      def calculated_md5
+        Digest::MD5.base64digest(@request.body || '')
+      end
+
+      def populate_content_md5
+        # Should *always* be a POST!
+        @headers["Content-MD5"] = calculated_md5
+      end
+
+      def md5_mismatch?
+        calculated_md5 != content_md5
+      end
+
+      def content_type
+        value = @headers["Content-Type"]
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = @headers["Content-MD5"]
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.path
+      end
+
+      def set_date
+        @request.headers["Date"] = time_as_httpdate
+      end
+
+      def timestamp
+        value = @headers["Date"]
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        @headers["Authorization"]
+      end
+
+    end
+
+    drivers["Bixby::SignedJsonRequest"] = BixbyRequest
+
+  end
+end

data/lib/api_auth/request_drivers/curb.rb

@@ -0,0 +1,72 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class CurbRequest # :nodoc:
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request.headers.merge!({ "Authorization" => header })
+        @headers = fetch_headers
+        @request
+      end
+
+      def populate_content_md5
+        nil #doesn't appear to be possible
+      end
+
+      def md5_mismatch?
+        false
+      end
+
+      def fetch_headers
+        capitalize_keys @request.headers
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.url
+      end
+
+      def set_date
+        @request.headers.merge!({ "DATE" => time_as_httpdate })
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+
+    end
+
+    drivers["Curl::Easy"] = CurbRequest
+
+  end
+
+end

data/lib/api_auth/request_drivers/httpi.rb

@@ -0,0 +1,82 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class HttpiRequest # :nodoc:
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request.headers["Authorization"] = header
+        @headers = fetch_headers
+        @request
+      end
+
+      def calculated_md5
+        md5_base64digest(@request.body || '')
+      end
+
+      def populate_content_md5
+        if @request.body
+          @request.headers["Content-MD5"] = calculated_md5
+        end
+      end
+
+      def md5_mismatch?
+        if @request.body
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+
+      def fetch_headers
+        capitalize_keys @request.headers
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.url.request_uri
+      end
+
+      def set_date
+        @request.headers["DATE"] = time_as_httpdate
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+
+    end
+
+    drivers["HTTPI::Request"] = HttpiRequest
+
+  end
+
+end

data/lib/api_auth/request_drivers/net_http.rb

@@ -0,0 +1,98 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class NetHttpRequest # :nodoc:
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request["Authorization"] = header
+        @headers = fetch_headers
+        @request
+      end
+
+      def calculated_md5
+        if @request.respond_to?(:body_stream) && @request.body_stream
+          body = @request.body_stream.read
+          @request.body_stream.rewind
+        else
+          body = @request.body
+        end
+
+        md5_base64digest(body || '')
+      end
+
+      def populate_content_md5
+        if @request.class::REQUEST_HAS_BODY
+          @request["Content-MD5"] = calculated_md5
+        end
+      end
+
+      def md5_mismatch?
+        if @request.class::REQUEST_HAS_BODY
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+
+      def fetch_headers
+        @request
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.path
+      end
+
+      def set_date
+        @request["DATE"] = time_as_httpdate
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+
+    end
+
+    drivers["Net::HTTP"]                  = NetHttpRequest
+    drivers["Net::HTTP::Put::Multipart"]  = NetHttpRequest
+    drivers["Net::HTTP::Post::Multipart"] = NetHttpRequest
+
+    Net::HTTP.constants.each do |c|
+      c = Net::HTTP.const_get(c)
+      if c.kind_of?(Class) && c.ancestors.include?(Net::HTTPRequest) then
+        drivers[c.to_s] = NetHttpRequest
+      end
+    end
+
+  end
+
+end