carehq 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d3d40aabe2a58bfa22dfd36fd4e4ae83b49e9e89bdc4e7e3031fdd217b204718
-  data.tar.gz: 5dc6072646b3caef0a22234634d3c8dc2c41474ad9fd5c4fa3146039077aaed3
+  metadata.gz: 3c5392d4a773b74353df2c87d0e01199673532e835874b7ecd7f73c132529279
+  data.tar.gz: 7f7cc0a7371f1aadfe7d28565dc7c4b840cb70cf87d0bdf891014db73b373741
 SHA512:
-  metadata.gz: f81342e9a3f80254ea673b38de329fcff8611335756490a5a598b7b45f5f5ca50bec23f5cd583284ae79eec2cd0d9a97dfe5264667d79259511d33bc5e96bd46
-  data.tar.gz: 906d32aa18a01523966b36ae8765b428d718a5479dbbc89f231b5d59cb30ab959616c53bc496888f6dbfabdc468b8f0b6ac30fb8537d9affa8f71e9c4a267e72
+  metadata.gz: c67df5095a77bdfdc495d29e74c7a6bd757434215257dbd90cfd28b2c065b91e457a5a7d9256f4d8dcf211f92e4192517772baf0be1b7f0e9f7cd70397ab56b2
+  data.tar.gz: 12580a56d519da1eedc9dd32d5bb977b87be6d116b56dddd032fee324424ff6c2ac57cb46774a8ee85ae8eef48e3dd1ea3663a2c180979424556f838603d1b3d

data/lib/carehq.rb

@@ -1,6 +1,9 @@
 require 'digest'
 require 'httparty'
+require 'securerandom'
+require 'openssl'
 
+require 'carehq/exceptions'
 
 class HTTPartyWrapper
     include HTTParty
@@ -40,7 +43,8 @@ class APIClient
         @api_secret = api_secret
 
         # The base URL to use when calling the API
-        @api_base_url = api_base_url
+        # Trailing slashes are removed.
+        @api_base_url = api_base_url.chomp('/')
 
         # The period of time before requests to the API should timeout
         @timeout = timeout
@@ -64,9 +68,7 @@ class APIClient
     def request(method, path, params: nil, data: nil)
         # Call the API
 
-        # Filter out params/data set to `nil` and ensure all arguments are
-        # converted to strings.
-
+        # Filter out params/data set to `nil` 
         if params
             params.delete_if {|k, v| v.nil?}
         end
@@ -75,36 +77,44 @@ class APIClient
             data.delete_if {|k, v| v.nil?}
         end
 
-        # Build the signature
-        signature_data = method.downcase == 'get' ? params : data
+        # Ensure all params/data values are strings
+        if params
+            params.each do |k, v|
+                params[k] = _ensure_string(v)
+            end
+        end
 
-        signature_values = []
-        (signature_data or {}).each_pair do |key, value|
-            signature_values.push(key)
-            if value.kind_of?(Array)
-                signature_values.concat(value)
-            else
-                signature_values.push(value)
+        if data
+            data.each do |k, v|
+                data[k] = _ensure_string(v)
             end
         end
 
-        signature_body = signature_values.join ''
+        # Ensure path does not start with a slash
+        path = path.reverse.chomp('/').reverse
 
-        timestamp = Time.now.to_f.to_s
+        # Build the signature (v2)
+        timestamp_str = Time.now.to_i.to_s
+        nonce = SecureRandom.urlsafe_base64(16)
+        string_to_sign = [
+            timestamp_str,
+            nonce,
+            method.upcase,
+            "/v1/#{path}",
+            _canonical_params_str(method.upcase == 'GET' ? params : data)
+        ].join("\n").encode('utf-8')
 
-        signature_hash = Digest::SHA1.new
-        signature_hash.update timestamp
-        signature_hash.update signature_body
-        signature_hash.update @api_secret
-        signature = signature_hash.hexdigest
+        signature = _compute_signature(@api_secret, string_to_sign)
 
         # Build the headers
         headers = {
             'Accept' => 'application/json',
             'X-CareHQ-AccountId' => @account_id,
             'X-CareHQ-APIKey' => @api_key,
+            'X-CareHQ-Nonce' => nonce,
             'X-CareHQ-Signature' => signature,
-            'X-CareHQ-Timestamp' => timestamp
+            'X-CareHQ-Signature-Version' => '2.0',
+            'X-CareHQ-Timestamp' => timestamp_str
         }
 
         # Make the request
@@ -135,6 +145,37 @@ class APIClient
 
     end
 
-end
+    private
 
-require 'carehq/exceptions'
+    def _ensure_string(val)
+        # Ensure values that will be converted to a form-encoded value are a
+        # string (or list of strings).
+
+        if val.is_a?(Array) || val.is_a?(Set)
+            return val.map {|v| v.to_s}
+        else
+            return val.to_s
+        end
+    end
+
+    def _canonical_params_str(params)
+        # Build a canonical string of params used for signing.
+        # Sort keys, sort values for each key, and join as "key=value" lines.
+        params ||= {}
+
+        parts = []
+        params.keys.sort.each do |key|
+            values = params[key]
+            values = [values] unless values.is_a?(Array) || values.is_a?(Set)
+            values.sort.each do |value|
+                parts << "#{key}=#{value}"
+            end
+        end
+
+        parts.join("\n")
+    end
+
+    def _compute_signature(secret, msg)
+        OpenSSL::HMAC.hexdigest('sha256', secret.to_s, msg.to_s)
+    end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: carehq
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Anthony Blackshaw
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-30 00:00:00.000000000 Z
+date: 2026-01-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -36,7 +36,7 @@ homepage: https://github.com/CareHQ/carehq-ruby
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -51,9 +51,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.4.20
+signing_key:
 specification_version: 4
 summary: CareHQ API client
 test_files: []