cloudfront-signer 2.2.1 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ChangeLog.markdown +3 -2
- data/README.markdown +10 -22
- data/cloudfront-signer.gemspec +1 -1
- data/lib/cloudfront-signer.rb +13 -13
- data/lib/cloudfront-signer/version.rb +2 -2
- data/lib/generators/cloudfront/install/templates/cloudfront-signer.rb +1 -1
- data/spec/signer_spec.rb +18 -18
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a0cf4a0946130dcbaa507daefb6eeee51d8c7b1
|
|
4
|
+
data.tar.gz: 9f888e920595b5638d8c8848b5c280c0e803d612
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ce452e3fbb10b51f05a2c1429c7f3796874b8389ea06a76b3f3a21f1499a5fab020f34e0c1a90f3ae9e32200fbe17e03a71af91c4ee72daa46bc7634f1a0ac38
|
|
7
|
+
data.tar.gz: 11e787dc898b982519f89dbaff55ae46a8e44f2fbebb63e2c2a8f7fa3012b4d53785ca44c6011cf97ae52e7d81275f40a278f65bf902929f00ac78cb7f46522c
|
data/ChangeLog.markdown
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
###
|
|
2
|
-
*
|
|
1
|
+
### 3.0.0 / 2015-03-14
|
|
2
|
+
* Renames namespace to `Aws`. Matches used by latest _https://github.com/aws/aws-sdk-ruby_. Change proposed by https://github.com/tennantje
|
|
3
|
+
* Renames `sign` to `build_url` to better communicate method intent.
|
|
3
4
|
|
|
4
5
|
### 2.2.0 / 2015-04-29
|
|
5
6
|
* Accepted merge request from https://github.com/leonelgalan - `sign_params` method returns raw params to be used in urls or cookies.
|
data/README.markdown
CHANGED
|
@@ -27,7 +27,7 @@ and customizing the resulting _config/initializers/cloudfront-signer.rb_ file.
|
|
|
27
27
|
### Generated _cloudfront-signer.rb_
|
|
28
28
|
|
|
29
29
|
```ruby
|
|
30
|
-
|
|
30
|
+
Aws::CF::Signer.configure do |config|
|
|
31
31
|
config.key_path = '/path/to/keyfile.pem'
|
|
32
32
|
# config.key = ENV.fetch('PRIVATE_KEY') # key_path not required if key supplied directly
|
|
33
33
|
config.key_pair_id = 'XXYYZZ'
|
|
@@ -40,42 +40,30 @@ end
|
|
|
40
40
|
Call the class `sign_url` or `sign_path` method with optional policy settings.
|
|
41
41
|
|
|
42
42
|
```ruby
|
|
43
|
-
|
|
43
|
+
Aws::CF::Signer.sign_url 'http://mydomain/path/to/my/content'
|
|
44
44
|
```
|
|
45
45
|
|
|
46
|
-
or
|
|
47
|
-
|
|
48
46
|
```ruby
|
|
49
|
-
|
|
47
|
+
Aws::CF::Signer.sign_path 'path/to/my/content', expires: Time.now + 600
|
|
50
48
|
```
|
|
51
49
|
|
|
52
|
-
Streaming paths can be signed with the `sign_path` method.
|
|
53
50
|
|
|
54
|
-
|
|
55
|
-
AWS::CF::Signer.sign_path 'path/to/my/content'
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
or
|
|
51
|
+
Both `sign_url` and `sign_path` have _safe_ versions that HTML encode the result allowing signed paths or urls to be placed in HTML markup. The 'non'-safe versions can be used for placing signed urls or paths in JavaScript blocks or Flash params.
|
|
59
52
|
|
|
60
|
-
|
|
61
|
-
AWS::CF::Signer.sign_path 'path/to/my/content', expires: Time.now + 600
|
|
62
|
-
```
|
|
53
|
+
___
|
|
63
54
|
|
|
64
|
-
|
|
55
|
+
Call class method `signed_params` to get raw parameters. These values can be used to set signing cookies ([Serving Private Content through CloudFront: Using Signed Cookies](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html)). See [commit message](https://github.com/leonelgalan/cloudfront-signer/commit/fedcc3182e32133e4bd0ad0b79c0106168896c91) for additional details.
|
|
65
56
|
|
|
66
57
|
```ruby
|
|
67
|
-
|
|
58
|
+
Aws::CF::Signer.signed_params 'path/to/my/content'
|
|
68
59
|
```
|
|
69
60
|
|
|
70
|
-
Both `sign_url` and `sign_path` have _safe_ versions that HTML encode the result allowing signed paths or urls to be placed in HTML markup. The 'non'-safe versions can be used for placing signed urls or paths in JavaScript blocks or Flash params.
|
|
71
|
-
|
|
72
|
-
|
|
73
61
|
### Custom Policies
|
|
74
62
|
|
|
75
63
|
See Example Custom Policy 1 at above AWS doc link
|
|
76
64
|
|
|
77
65
|
```ruby
|
|
78
|
-
url =
|
|
66
|
+
url = Aws::CF::Signer.sign_url 'http://d604721fxaaqy9.cloudfront.net/training/orientation.avi',
|
|
79
67
|
expires: 'Sat, 14 Nov 2009 22:20:00 GMT',
|
|
80
68
|
resource: 'http://d604721fxaaqy9.cloudfront.net/training/*',
|
|
81
69
|
ip_range: '145.168.143.0/24'
|
|
@@ -85,7 +73,7 @@ url = AWS::CF::Signer.sign_url 'http://d604721fxaaqy9.cloudfront.net/training/or
|
|
|
85
73
|
See Example Custom Policy 2 at above AWS doc link
|
|
86
74
|
|
|
87
75
|
```ruby
|
|
88
|
-
|
|
76
|
+
Aws::CF::Signer.sign_url 'http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
|
|
89
77
|
starting: 'Thu, 30 Apr 2009 06:43:10 GMT',
|
|
90
78
|
expires: 'Fri, 16 Oct 2009 06:31:56 GMT',
|
|
91
79
|
resource: 'http://*',
|
|
@@ -95,7 +83,7 @@ AWS::CF::Signer.sign_url 'http://d84l721fxaaqy9.cloudfront.net/downloads/picture
|
|
|
95
83
|
You can also pass in a path to a policy file. This will supersede any other policy options
|
|
96
84
|
|
|
97
85
|
```ruby
|
|
98
|
-
|
|
86
|
+
Aws::CF::Signer.sign_url 'http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
|
|
99
87
|
policy_file: '/path/to/policy/file.txt'
|
|
100
88
|
```
|
|
101
89
|
|
data/cloudfront-signer.gemspec
CHANGED
|
@@ -4,7 +4,7 @@ require 'cloudfront-signer/version'
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |s|
|
|
6
6
|
s.name = 'cloudfront-signer'
|
|
7
|
-
s.version =
|
|
7
|
+
s.version = Aws::CF::VERSION
|
|
8
8
|
s.authors = ['Anthony Bouch', 'Leonel Galan']
|
|
9
9
|
s.email = ['tony@58bits.com', 'leonelgalan@gmail.com']
|
|
10
10
|
s.homepage = 'http://github.com/leonelgalan/cloudfront-signer'
|
data/lib/cloudfront-signer.rb
CHANGED
|
@@ -6,7 +6,7 @@ require 'base64'
|
|
|
6
6
|
require 'cloudfront-signer/version'
|
|
7
7
|
require 'json'
|
|
8
8
|
|
|
9
|
-
module
|
|
9
|
+
module Aws
|
|
10
10
|
module CF
|
|
11
11
|
class Signer
|
|
12
12
|
# Public non-inheritable class accessors
|
|
@@ -16,7 +16,7 @@ module AWS
|
|
|
16
16
|
#
|
|
17
17
|
# Examples
|
|
18
18
|
#
|
|
19
|
-
#
|
|
19
|
+
# Aws::CF::Signer.configure do |config|
|
|
20
20
|
# config.key_pair_id = "XXYYZZ"
|
|
21
21
|
# end
|
|
22
22
|
#
|
|
@@ -27,7 +27,7 @@ module AWS
|
|
|
27
27
|
#
|
|
28
28
|
# Examples
|
|
29
29
|
#
|
|
30
|
-
#
|
|
30
|
+
# Aws::CF::Signer.configure do |config|
|
|
31
31
|
# config.key_path = "/path/to/your/keyfile.pem"
|
|
32
32
|
# end
|
|
33
33
|
#
|
|
@@ -46,7 +46,7 @@ module AWS
|
|
|
46
46
|
#
|
|
47
47
|
# Examples
|
|
48
48
|
#
|
|
49
|
-
#
|
|
49
|
+
# Aws::CF::Signer.configure do |config|
|
|
50
50
|
# config.key = ENV.fetch('KEY')
|
|
51
51
|
# end
|
|
52
52
|
# Returns nothing.
|
|
@@ -64,7 +64,7 @@ module AWS
|
|
|
64
64
|
#
|
|
65
65
|
# Examples
|
|
66
66
|
#
|
|
67
|
-
#
|
|
67
|
+
# Aws::CF::Signer.configure do |config|
|
|
68
68
|
# config.default_expires = 3600
|
|
69
69
|
# end
|
|
70
70
|
#
|
|
@@ -94,7 +94,7 @@ module AWS
|
|
|
94
94
|
#
|
|
95
95
|
# Examples
|
|
96
96
|
#
|
|
97
|
-
#
|
|
97
|
+
# Aws::CF::Signer.configure do |config|
|
|
98
98
|
# config.key_path = "/path/to/yourkeyfile.pem"
|
|
99
99
|
# config.key_pair_id = "XXYYZZ"
|
|
100
100
|
# config.default_expires = 3600
|
|
@@ -132,14 +132,14 @@ module AWS
|
|
|
132
132
|
#
|
|
133
133
|
# Returns a String
|
|
134
134
|
def self.sign_url(subject, policy_options = {})
|
|
135
|
-
|
|
135
|
+
build_url subject, { remove_spaces: true }, policy_options
|
|
136
136
|
end
|
|
137
137
|
|
|
138
138
|
# Public: Sign a url (as above) and HTML encode the result.
|
|
139
139
|
#
|
|
140
140
|
# Returns a String
|
|
141
141
|
def self.sign_url_safe(subject, policy_options = {})
|
|
142
|
-
|
|
142
|
+
build_url subject, { remove_spaces: true, html_escape: true }, policy_options
|
|
143
143
|
end
|
|
144
144
|
|
|
145
145
|
# Public: Sign a stream path part or filename (spaces are allowed in
|
|
@@ -147,23 +147,23 @@ module AWS
|
|
|
147
147
|
#
|
|
148
148
|
# Returns a String
|
|
149
149
|
def self.sign_path(subject, policy_options = {})
|
|
150
|
-
|
|
150
|
+
build_url subject, { remove_spaces: false }, policy_options
|
|
151
151
|
end
|
|
152
152
|
|
|
153
153
|
# Public: Sign a stream path or filename and HTML encode the result.
|
|
154
154
|
#
|
|
155
155
|
# Returns a String
|
|
156
156
|
def self.sign_path_safe(subject, policy_options = {})
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
157
|
+
build_url subject,
|
|
158
|
+
{ remove_spaces: false, html_escape: true },
|
|
159
|
+
policy_options
|
|
160
160
|
end
|
|
161
161
|
|
|
162
162
|
# Public: Builds a signed url or stream resource name with optional
|
|
163
163
|
# configuration and policy options
|
|
164
164
|
#
|
|
165
165
|
# Returns a String
|
|
166
|
-
def self.
|
|
166
|
+
def self.build_url(subject, configuration_options = {}, policy_options = {})
|
|
167
167
|
# If the url or stream path already has a query string parameter -
|
|
168
168
|
# append to that.
|
|
169
169
|
separator = subject =~ /\?/ ? '&' : '?'
|
data/spec/signer_spec.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
|
-
describe
|
|
3
|
+
describe Aws::CF::Signer do
|
|
4
4
|
let(:key_pair_id) { 'APKAIKUROOUNR2BAFUUU' }
|
|
5
5
|
let(:key_path) do
|
|
6
6
|
File.expand_path File.dirname(__FILE__) + "/keys/pk-#{key_pair_id}.pem"
|
|
@@ -9,25 +9,25 @@ describe AWS::CF::Signer do
|
|
|
9
9
|
|
|
10
10
|
context 'configured with key and key_pair_id' do
|
|
11
11
|
before do
|
|
12
|
-
|
|
12
|
+
Aws::CF::Signer.configure do |config|
|
|
13
13
|
config.key_pair_id = key_pair_id
|
|
14
14
|
config.key = key
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
it 'should be configured' do
|
|
19
|
-
expect(
|
|
19
|
+
expect(Aws::CF::Signer.is_configured?).to be true
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
it 'sets the private_key' do
|
|
23
|
-
expect(
|
|
23
|
+
expect(Aws::CF::Signer.send(:private_key)).to(
|
|
24
24
|
be_an_instance_of OpenSSL::PKey::RSA
|
|
25
25
|
)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
it 'should expire in one hour by default' do
|
|
29
29
|
url = 'http://somedomain.com/sign me'
|
|
30
|
-
result =
|
|
30
|
+
result = Aws::CF::Signer.sign_url(url)
|
|
31
31
|
expect(get_query_value(result, 'Expires').to_i).to(
|
|
32
32
|
eq Time.now.to_i + 3600
|
|
33
33
|
)
|
|
@@ -36,52 +36,52 @@ describe AWS::CF::Signer do
|
|
|
36
36
|
|
|
37
37
|
context 'configured with key_path' do
|
|
38
38
|
before(:each) do
|
|
39
|
-
|
|
39
|
+
Aws::CF::Signer.configure do |config|
|
|
40
40
|
config.key_path = key_path
|
|
41
41
|
end
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
describe 'before default use' do
|
|
45
45
|
it 'should be configured' do
|
|
46
|
-
expect(
|
|
46
|
+
expect(Aws::CF::Signer.is_configured?).to be true
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
it 'sets the private_key' do
|
|
50
|
-
expect(
|
|
50
|
+
expect(Aws::CF::Signer.send(:private_key)).to(
|
|
51
51
|
be_an_instance_of OpenSSL::PKey::RSA
|
|
52
52
|
)
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
it 'should expire urls and paths in one hour by default' do
|
|
56
|
-
expect(
|
|
56
|
+
expect(Aws::CF::Signer.default_expires).to eq 3600
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
it 'should optionally be configured to expire urls and paths' do
|
|
60
|
-
|
|
61
|
-
expect(
|
|
62
|
-
|
|
60
|
+
Aws::CF::Signer.default_expires = 600
|
|
61
|
+
expect(Aws::CF::Signer.default_expires).to eq 600
|
|
62
|
+
Aws::CF::Signer.default_expires = nil
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
65
|
|
|
66
66
|
describe 'when signing a url' do
|
|
67
67
|
it 'should remove spaces from the url' do
|
|
68
68
|
url = 'http://somedomain.com/sign me'
|
|
69
|
-
expect(
|
|
69
|
+
expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
it 'should not html encode the signed url by default' do
|
|
73
73
|
url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
|
|
74
|
-
expect(
|
|
74
|
+
expect(Aws::CF::Signer.sign_url(url)).to match(/\?|=|&/)
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
it 'should optionally html encode the signed url' do
|
|
78
78
|
url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
|
|
79
|
-
expect(
|
|
79
|
+
expect(Aws::CF::Signer.sign_url_safe(url)).not_to match(/\?|=|&/)
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
it 'should expire in one hour by default' do
|
|
83
83
|
url = 'http://somedomain.com/sign me'
|
|
84
|
-
result =
|
|
84
|
+
result = Aws::CF::Signer.sign_url(url)
|
|
85
85
|
expect(get_query_value(result, 'Expires').to_i).to(
|
|
86
86
|
eq Time.now.to_i + 3600
|
|
87
87
|
)
|
|
@@ -89,7 +89,7 @@ describe AWS::CF::Signer do
|
|
|
89
89
|
|
|
90
90
|
it 'should optionally expire in ten minutes' do
|
|
91
91
|
url = 'http://somedomain.com/sign me'
|
|
92
|
-
result =
|
|
92
|
+
result = Aws::CF::Signer.sign_url(url, expires: Time.now + 600)
|
|
93
93
|
expect(get_query_value(result, 'Expires').to_i).to(
|
|
94
94
|
eq Time.now.to_i + 600
|
|
95
95
|
)
|
|
@@ -99,7 +99,7 @@ describe AWS::CF::Signer do
|
|
|
99
99
|
describe 'when signing a path' do
|
|
100
100
|
it 'should not remove spaces from the path' do
|
|
101
101
|
path = '/someprefix/sign me'
|
|
102
|
-
expect(
|
|
102
|
+
expect(Aws::CF::Signer.sign_path(path)).to match(/\s/)
|
|
103
103
|
end
|
|
104
104
|
end
|
|
105
105
|
end
|