cloudfront-signer 3.0.0 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.codeclimate.yml +23 -0
- data/.rspec +0 -1
- data/.rubocop.yml +2 -0
- data/.travis.yml +1 -0
- data/CHANGELOG.md +27 -0
- data/Gemfile +1 -1
- data/README.md +135 -0
- data/cloudfront-signer.gemspec +3 -3
- data/lib/cloudfront-signer.rb +2 -1
- data/lib/cloudfront-signer/version.rb +1 -1
- data/lib/generators/cloudfront/install/install_generator.rb +2 -2
- data/lib/generators/cloudfront/install/templates/{cloudfront-signer.rb → cloudfront_signer.rb} +1 -1
- data/spec/signer_spec.rb +43 -59
- data/spec/spec_helper.rb +11 -9
- metadata +14 -13
- data/ChangeLog.markdown +0 -13
- data/README.markdown +0 -107
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 55f3da387ee038729bfee7a3dcc7f1b250dba308
|
4
|
+
data.tar.gz: b514f00d64dc1d5713fe04896a9177cead4e5835
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d1905499e2278f379ea501f16f860829612b877b50b79835eef25b6a4840668435134bc5775eccfad7049ef123443cf4586472ca17dac23cf02d460fa3750b7d
|
7
|
+
data.tar.gz: 8c5470df9a7cb80dc9a05032ddb63a01ae04e3cce4f03863b45c0b3213b93ddbffa305d861c1d7d892ecf0e4eb66219052006825435dcc3ccf3fc89353c5e42f
|
data/.codeclimate.yml
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
---
|
2
|
+
engines:
|
3
|
+
bundler-audit:
|
4
|
+
enabled: true
|
5
|
+
duplication:
|
6
|
+
enabled: true
|
7
|
+
config:
|
8
|
+
languages:
|
9
|
+
- ruby
|
10
|
+
fixme:
|
11
|
+
enabled: true
|
12
|
+
markdownlint:
|
13
|
+
enabled: true
|
14
|
+
reek:
|
15
|
+
enabled: true
|
16
|
+
rubocop:
|
17
|
+
enabled: true
|
18
|
+
ratings:
|
19
|
+
paths:
|
20
|
+
- Gemfile.lock
|
21
|
+
- "**.rb"
|
22
|
+
exclude_paths:
|
23
|
+
- coverage/
|
data/.rspec
CHANGED
data/.rubocop.yml
ADDED
data/.travis.yml
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
# Change Log
|
2
|
+
|
3
|
+
## 3.0.1 / 2017-01-20
|
4
|
+
|
5
|
+
* Supports signing frozen strings. Bug reported by [@alexandermayr](https://github.com/alexandermayr).
|
6
|
+
|
7
|
+
## 3.0.0 / 2015-03-14
|
8
|
+
|
9
|
+
* Renames namespace to `Aws`. Matches used by latest [https://github.com/aws/aws-sdk-ruby](https://github.com/aws/aws-sdk-ruby).
|
10
|
+
Change proposed by [@tennantje](https://github.com/tennantje)
|
11
|
+
* Renames `sign` to `build_url` to better communicate method intent.
|
12
|
+
|
13
|
+
## 2.2.0 / 2015-04-29
|
14
|
+
|
15
|
+
* Accepted merge request from [@leonelgalan](https://github.com/leonelgalan) -
|
16
|
+
`sign_params` method returns raw params to be used in urls or cookies.
|
17
|
+
|
18
|
+
## 2.1.2 / 2015-04-16
|
19
|
+
|
20
|
+
* Accepted merge request from [@tuvistavie](https://github.com/tuvistavie) -
|
21
|
+
fixing custom policy bug.
|
22
|
+
|
23
|
+
## 2.1.1 / 2013-10-31
|
24
|
+
|
25
|
+
* Added changelog file
|
26
|
+
* Aceppted merge request from [@bullfight](https://github.com/bullfight),
|
27
|
+
Refactored configuration to allow for key to be passed in directly.
|
data/Gemfile
CHANGED
data/README.md
ADDED
@@ -0,0 +1,135 @@
|
|
1
|
+
# cloudfront-signer
|
2
|
+
|
3
|
+
[![Build Status](https://travis-ci.org/leonelgalan/cloudfront-signer.svg)](https://travis-ci.org/leonelgalan/cloudfront-signer)
|
4
|
+
[![Code Climate](https://codeclimate.com/github/leonelgalan/cloudfront-signer/badges/gpa.svg)](https://codeclimate.com/github/leonelgalan/cloudfront-signer)
|
5
|
+
[![Test Coverage](https://codeclimate.com/github/leonelgalan/cloudfront-signer/badges/coverage.svg)](https://codeclimate.com/github/leonelgalan/cloudfront-signer/coverage)
|
6
|
+
[![Gem Version](https://badge.fury.io/rb/cloudfront-signer.svg)](http://badge.fury.io/rb/cloudfront-signer)
|
7
|
+
[![Dependency Status](https://gemnasium.com/leonelgalan/cloudfront-signer.svg)](https://gemnasium.com/leonelgalan/cloudfront-signer)
|
8
|
+
|
9
|
+
See the [CHANGELOG](https://github.com/leonelgalan/cloudfront-signer/blob/master/CHANGELOG.md)
|
10
|
+
for details of this release.
|
11
|
+
|
12
|
+
See Amazon docs for [Serving Private Content through CloudFront](http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/index.html?PrivateContent.html)
|
13
|
+
|
14
|
+
A fork and rewrite started by [Anthony Bouch](https://github.com/58bits) of
|
15
|
+
Dylan Vaughn's [aws_cf_signer](https://github.com/dylanvaughn/aws_cf_signer).
|
16
|
+
|
17
|
+
This version uses all class methods and a configure method to set options.
|
18
|
+
|
19
|
+
Separate helper methods exist for safe signing of urls and stream paths, each of
|
20
|
+
which has slightly different requirements. For example, urls must not contain
|
21
|
+
any spaces, whereas a stream path might. Also we might not want to html escape a
|
22
|
+
url or path if it is being supplied to a JavaScript block or Flash object.
|
23
|
+
|
24
|
+
## Installation
|
25
|
+
|
26
|
+
This gem has been publised as _cloudfront-signer_. Use `gem install
|
27
|
+
cloudfront-signer` to install this gem.
|
28
|
+
|
29
|
+
The signing class must be configured - supplying the path to a signing key, or
|
30
|
+
supplying the signing key directly as a string along with the `key_pair_id`.
|
31
|
+
Create the initializer by running:
|
32
|
+
|
33
|
+
```sh
|
34
|
+
bundle exec rails generate cloudfront:install
|
35
|
+
```
|
36
|
+
|
37
|
+
Customize the resulting *config/initializers/cloudfront\_signer.rb* file.
|
38
|
+
|
39
|
+
### Generated *cloudfront\_signer.rb*
|
40
|
+
|
41
|
+
```ruby
|
42
|
+
Aws::CF::Signer.configure do |config|
|
43
|
+
config.key_path = '/path/to/keyfile.pem'
|
44
|
+
# or config.key = ENV.fetch('PRIVATE_KEY')
|
45
|
+
config.key_pair_id = 'XXYYZZ'
|
46
|
+
config.default_expires = 3600
|
47
|
+
end
|
48
|
+
```
|
49
|
+
|
50
|
+
## Usage
|
51
|
+
|
52
|
+
Call the class `sign_url` or `sign_path` method with optional policy settings.
|
53
|
+
|
54
|
+
```ruby
|
55
|
+
Aws::CF::Signer.sign_url 'http://mydomain/path/to/my/content'
|
56
|
+
```
|
57
|
+
|
58
|
+
```ruby
|
59
|
+
Aws::CF::Signer.sign_path 'path/to/my/content', expires: Time.now + 600
|
60
|
+
```
|
61
|
+
|
62
|
+
Both `sign_url` and `sign_path` have _safe_ versions that HTML encode the result
|
63
|
+
allowing signed paths or urls to be placed in HTML markup. The 'non'-safe
|
64
|
+
versions can be used for placing signed urls or paths in JavaScript blocks or
|
65
|
+
Flash params.
|
66
|
+
|
67
|
+
___
|
68
|
+
|
69
|
+
Call class method `signed_params` to get raw parameters. These values can be
|
70
|
+
used to set signing cookies (
|
71
|
+
[Serving Private Content through CloudFront: Using Signed Cookies](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html)
|
72
|
+
). See [commit message](https://github.com/leonelgalan/cloudfront-signer/commit/fedcc3182e32133e4bd0ad0b79c0106168896c91)
|
73
|
+
for additional details.
|
74
|
+
|
75
|
+
```ruby
|
76
|
+
Aws::CF::Signer.signed_params 'path/to/my/content'
|
77
|
+
```
|
78
|
+
|
79
|
+
### Custom Policies
|
80
|
+
|
81
|
+
See Example Custom Policy 1 at above AWS doc link
|
82
|
+
|
83
|
+
```ruby
|
84
|
+
url = Aws::CF::Signer.sign_url 'http://d604721fxaaqy9.cloudfront.net/training/orientation.avi',
|
85
|
+
expires: 'Sat, 14 Nov 2009 22:20:00 GMT',
|
86
|
+
resource: 'http://d604721fxaaqy9.cloudfront.net/training/*',
|
87
|
+
ip_range: '145.168.143.0/24'
|
88
|
+
```
|
89
|
+
|
90
|
+
See Example Custom Policy 2 at above AWS doc link
|
91
|
+
|
92
|
+
```ruby
|
93
|
+
Aws::CF::Signer.sign_url 'http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
|
94
|
+
starting: 'Thu, 30 Apr 2009 06:43:10 GMT',
|
95
|
+
expires: 'Fri, 16 Oct 2009 06:31:56 GMT',
|
96
|
+
resource: 'http://*',
|
97
|
+
ip_range: '216.98.35.1/32'
|
98
|
+
```
|
99
|
+
|
100
|
+
You can also pass in a path to a policy file. This will supersede any other
|
101
|
+
policy options
|
102
|
+
|
103
|
+
```ruby
|
104
|
+
Aws::CF::Signer.sign_url 'http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
|
105
|
+
policy_file: '/path/to/policy/file.txt'
|
106
|
+
```
|
107
|
+
|
108
|
+
## Patches/Pull Requests
|
109
|
+
|
110
|
+
* Fork the project.
|
111
|
+
* Make your feature addition or bug fix.
|
112
|
+
* Add tests for it.
|
113
|
+
* Commit
|
114
|
+
* Send me a pull request. Bonus points for topic branches.
|
115
|
+
|
116
|
+
## Attributions
|
117
|
+
|
118
|
+
Hat tip to [Anthony Bouch](https://github.com/58bits) for contributing to
|
119
|
+
Dylan's effort. Only reading both gem's code I was able to figure out the
|
120
|
+
signing needed for the newly introduced signed cookies.
|
121
|
+
|
122
|
+
> Dylan blazed a trail here - however, after several attempts, I was unable to
|
123
|
+
contact Dylan in order to suggest that we combine our efforts to produce a
|
124
|
+
single gem - hence the re-write and new gem here. - _Anthony Bouch_
|
125
|
+
|
126
|
+
Parts of signing code taken from a question on
|
127
|
+
[Stack Overflow](http://stackoverflow.com/questions/2632457/create-signed-urls-for-cloudfront-with-ruby)
|
128
|
+
asked by [Ben Wiseley](http://stackoverflow.com/users/315829/ben-wiseley), and
|
129
|
+
answered by [Blaz Lipuscek](http://stackoverflow.com/users/267804/blaz-lipuscek)
|
130
|
+
and [Manual M](http://stackoverflow.com/users/327914/manuel-m).
|
131
|
+
|
132
|
+
## License
|
133
|
+
|
134
|
+
_cloudfront-signer_ is distributed under the MIT License, portions copyright ©
|
135
|
+
2015 Dylan Vaughn, STL, Anthony Bouch, Leonel Galán
|
data/cloudfront-signer.gemspec
CHANGED
@@ -17,11 +17,11 @@ Gem::Specification.new do |s|
|
|
17
17
|
s.license = 'MIT'
|
18
18
|
|
19
19
|
s.rubyforge_project = 'cloudfront-signer'
|
20
|
-
s.add_development_dependency 'rspec'
|
21
|
-
s.add_development_dependency 'codeclimate-test-reporter'
|
20
|
+
s.add_development_dependency 'rspec', '~> 3.5'
|
21
|
+
s.add_development_dependency 'codeclimate-test-reporter', '>=1.0'
|
22
22
|
s.files = `git ls-files`.split("\n")
|
23
23
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
24
24
|
s.executables = `git ls-files -- bin/*`.split("\n")
|
25
|
-
|
25
|
+
.map { |f| File.basename f }
|
26
26
|
s.require_paths = ['lib']
|
27
27
|
end
|
data/lib/cloudfront-signer.rb
CHANGED
@@ -163,7 +163,8 @@ module Aws
|
|
163
163
|
# configuration and policy options
|
164
164
|
#
|
165
165
|
# Returns a String
|
166
|
-
def self.build_url(
|
166
|
+
def self.build_url(original_subject, configuration_options = {}, policy_options = {})
|
167
|
+
subject = original_subject.dup
|
167
168
|
# If the url or stream path already has a query string parameter -
|
168
169
|
# append to that.
|
169
170
|
separator = subject =~ /\?/ ? '&' : '?'
|
@@ -7,8 +7,8 @@ module Cloudfront
|
|
7
7
|
|
8
8
|
desc 'This generator creates an initializer file at config/initializers'
|
9
9
|
def add_initializer
|
10
|
-
template '
|
11
|
-
'config/initializers/
|
10
|
+
template 'cloudfront_signer.rb',
|
11
|
+
'config/initializers/cloudfront_signer.rb'
|
12
12
|
end
|
13
13
|
end
|
14
14
|
end
|
data/spec/signer_spec.rb
CHANGED
@@ -1,12 +1,36 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
RSpec.shared_examples 'is configured' do
|
4
|
+
it 'is configured' do
|
5
|
+
expect(Aws::CF::Signer.is_configured?).to be true
|
6
|
+
end
|
7
|
+
|
8
|
+
it 'sets the private_key' do
|
9
|
+
expect(Aws::CF::Signer.send(:private_key)).to(
|
10
|
+
be_an_instance_of(OpenSSL::PKey::RSA)
|
11
|
+
)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
RSpec.describe Aws::CF::Signer do
|
4
16
|
let(:key_pair_id) { 'APKAIKUROOUNR2BAFUUU' }
|
5
17
|
let(:key_path) do
|
6
18
|
File.expand_path File.dirname(__FILE__) + "/keys/pk-#{key_pair_id}.pem"
|
7
19
|
end
|
8
20
|
let(:key) { File.readlines(key_path).join '' }
|
9
21
|
|
22
|
+
describe 'defaults' do
|
23
|
+
it 'expire urls and paths in one hour by default' do
|
24
|
+
expect(Aws::CF::Signer.default_expires).to eq 3600
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'expires when specified' do
|
28
|
+
Aws::CF::Signer.default_expires = 600
|
29
|
+
expect(Aws::CF::Signer.default_expires).to eq 600
|
30
|
+
Aws::CF::Signer.default_expires = nil
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
10
34
|
context 'configured with key and key_pair_id' do
|
11
35
|
before do
|
12
36
|
Aws::CF::Signer.configure do |config|
|
@@ -15,90 +39,50 @@ describe Aws::CF::Signer do
|
|
15
39
|
end
|
16
40
|
end
|
17
41
|
|
18
|
-
|
19
|
-
expect(Aws::CF::Signer.is_configured?).to be true
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'sets the private_key' do
|
23
|
-
expect(Aws::CF::Signer.send(:private_key)).to(
|
24
|
-
be_an_instance_of OpenSSL::PKey::RSA
|
25
|
-
)
|
26
|
-
end
|
27
|
-
|
28
|
-
it 'should expire in one hour by default' do
|
29
|
-
url = 'http://somedomain.com/sign me'
|
30
|
-
result = Aws::CF::Signer.sign_url(url)
|
31
|
-
expect(get_query_value(result, 'Expires').to_i).to(
|
32
|
-
eq Time.now.to_i + 3600
|
33
|
-
)
|
34
|
-
end
|
42
|
+
include_examples 'is configured'
|
35
43
|
end
|
36
44
|
|
37
45
|
context 'configured with key_path' do
|
38
46
|
before(:each) do
|
39
|
-
Aws::CF::Signer.configure
|
40
|
-
config.key_path = key_path
|
41
|
-
end
|
47
|
+
Aws::CF::Signer.configure { |config| config.key_path = key_path }
|
42
48
|
end
|
43
49
|
|
44
50
|
describe 'before default use' do
|
45
|
-
|
46
|
-
expect(Aws::CF::Signer.is_configured?).to be true
|
47
|
-
end
|
48
|
-
|
49
|
-
it 'sets the private_key' do
|
50
|
-
expect(Aws::CF::Signer.send(:private_key)).to(
|
51
|
-
be_an_instance_of OpenSSL::PKey::RSA
|
52
|
-
)
|
53
|
-
end
|
54
|
-
|
55
|
-
it 'should expire urls and paths in one hour by default' do
|
56
|
-
expect(Aws::CF::Signer.default_expires).to eq 3600
|
57
|
-
end
|
58
|
-
|
59
|
-
it 'should optionally be configured to expire urls and paths' do
|
60
|
-
Aws::CF::Signer.default_expires = 600
|
61
|
-
expect(Aws::CF::Signer.default_expires).to eq 600
|
62
|
-
Aws::CF::Signer.default_expires = nil
|
63
|
-
end
|
51
|
+
include_examples 'is configured'
|
64
52
|
end
|
65
53
|
|
66
54
|
describe 'when signing a url' do
|
67
|
-
it '
|
55
|
+
it "doesn't modifies the passed url" do
|
56
|
+
url = 'http://somedomain.com/sign'.freeze
|
57
|
+
expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
|
58
|
+
end
|
59
|
+
|
60
|
+
it 'removes spaces' do
|
68
61
|
url = 'http://somedomain.com/sign me'
|
69
62
|
expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
|
70
63
|
end
|
71
64
|
|
72
|
-
it '
|
65
|
+
it "doesn't HTML encode the signed url by default" do
|
73
66
|
url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
|
74
67
|
expect(Aws::CF::Signer.sign_url(url)).to match(/\?|=|&/)
|
75
68
|
end
|
76
69
|
|
77
|
-
it '
|
70
|
+
it 'HTML encodes the signed url when using sign_url_safe' do
|
78
71
|
url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
|
79
72
|
expect(Aws::CF::Signer.sign_url_safe(url)).not_to match(/\?|=|&/)
|
80
73
|
end
|
81
74
|
|
82
|
-
it '
|
83
|
-
url = 'http://somedomain.com/sign
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
)
|
88
|
-
end
|
89
|
-
|
90
|
-
it 'should optionally expire in ten minutes' do
|
91
|
-
url = 'http://somedomain.com/sign me'
|
92
|
-
result = Aws::CF::Signer.sign_url(url, expires: Time.now + 600)
|
93
|
-
expect(get_query_value(result, 'Expires').to_i).to(
|
94
|
-
eq Time.now.to_i + 600
|
95
|
-
)
|
75
|
+
it 'expires when specified inline' do
|
76
|
+
url = 'http://somedomain.com/sign'
|
77
|
+
signed_url = Aws::CF::Signer.sign_url(url, expires: Time.now + 600)
|
78
|
+
expires_value = get_query_value(signed_url, 'Expires').to_i
|
79
|
+
expect(expires_value).to eq(Time.now.to_i + 600)
|
96
80
|
end
|
97
81
|
end
|
98
82
|
|
99
83
|
describe 'when signing a path' do
|
100
|
-
it '
|
101
|
-
path = '/
|
84
|
+
it "doesn't remove spaces" do
|
85
|
+
path = '/prefix/sign me'
|
102
86
|
expect(Aws::CF::Signer.sign_path(path)).to match(/\s/)
|
103
87
|
end
|
104
88
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
require '
|
2
|
-
|
1
|
+
require 'simplecov'
|
2
|
+
SimpleCov.start
|
3
3
|
|
4
4
|
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
5
5
|
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
@@ -7,14 +7,16 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
|
|
7
7
|
require 'rspec'
|
8
8
|
require 'cloudfront-signer'
|
9
9
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
10
|
+
module URLHelpers
|
11
|
+
def get_query_value(url, key)
|
12
|
+
query_string = url.slice((url =~ /\?/) + 1..-1)
|
13
|
+
pairs = query_string.split('&')
|
14
|
+
pairs.each do |item|
|
15
|
+
return item.split('=')[1] if item.start_with?(key)
|
16
|
+
end
|
15
17
|
end
|
16
18
|
end
|
17
19
|
|
18
|
-
RSpec.configure do |
|
19
|
-
|
20
|
+
RSpec.configure do |config|
|
21
|
+
config.include URLHelpers
|
20
22
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cloudfront-signer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Anthony Bouch
|
@@ -9,36 +9,36 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2017-01-20 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rspec
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- - "
|
18
|
+
- - "~>"
|
19
19
|
- !ruby/object:Gem::Version
|
20
|
-
version: '
|
20
|
+
version: '3.5'
|
21
21
|
type: :development
|
22
22
|
prerelease: false
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
24
24
|
requirements:
|
25
|
-
- - "
|
25
|
+
- - "~>"
|
26
26
|
- !ruby/object:Gem::Version
|
27
|
-
version: '
|
27
|
+
version: '3.5'
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
29
|
name: codeclimate-test-reporter
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
32
|
- - ">="
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version: '0'
|
34
|
+
version: '1.0'
|
35
35
|
type: :development
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
39
|
- - ">="
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version: '0'
|
41
|
+
version: '1.0'
|
42
42
|
description: A gem to sign url and stream paths for Amazon CloudFront private content.
|
43
43
|
Includes specific signing methods for both url and streaming paths, including html
|
44
44
|
'safe' escaped versions of each.
|
@@ -49,19 +49,21 @@ executables: []
|
|
49
49
|
extensions: []
|
50
50
|
extra_rdoc_files: []
|
51
51
|
files:
|
52
|
+
- ".codeclimate.yml"
|
52
53
|
- ".gitignore"
|
53
54
|
- ".rspec"
|
55
|
+
- ".rubocop.yml"
|
54
56
|
- ".travis.yml"
|
55
|
-
-
|
57
|
+
- CHANGELOG.md
|
56
58
|
- Gemfile
|
57
59
|
- LICENSE
|
58
|
-
- README.
|
60
|
+
- README.md
|
59
61
|
- Rakefile
|
60
62
|
- cloudfront-signer.gemspec
|
61
63
|
- lib/cloudfront-signer.rb
|
62
64
|
- lib/cloudfront-signer/version.rb
|
63
65
|
- lib/generators/cloudfront/install/install_generator.rb
|
64
|
-
- lib/generators/cloudfront/install/templates/
|
66
|
+
- lib/generators/cloudfront/install/templates/cloudfront_signer.rb
|
65
67
|
- spec/keys/pk-APKAIKUROOUNR2BAFUUU.pem
|
66
68
|
- spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
|
67
69
|
- spec/signer_spec.rb
|
@@ -86,7 +88,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
86
88
|
version: '0'
|
87
89
|
requirements: []
|
88
90
|
rubyforge_project: cloudfront-signer
|
89
|
-
rubygems_version: 2.
|
91
|
+
rubygems_version: 2.5.1
|
90
92
|
signing_key:
|
91
93
|
specification_version: 4
|
92
94
|
summary: A gem to sign url and stream paths for Amazon CloudFront private content.
|
@@ -95,4 +97,3 @@ test_files:
|
|
95
97
|
- spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
|
96
98
|
- spec/signer_spec.rb
|
97
99
|
- spec/spec_helper.rb
|
98
|
-
has_rdoc:
|
data/ChangeLog.markdown
DELETED
@@ -1,13 +0,0 @@
|
|
1
|
-
### 3.0.0 / 2015-03-14
|
2
|
-
* Renames namespace to `Aws`. Matches used by latest _https://github.com/aws/aws-sdk-ruby_. Change proposed by https://github.com/tennantje
|
3
|
-
* Renames `sign` to `build_url` to better communicate method intent.
|
4
|
-
|
5
|
-
### 2.2.0 / 2015-04-29
|
6
|
-
* Accepted merge request from https://github.com/leonelgalan - `sign_params` method returns raw params to be used in urls or cookies.
|
7
|
-
|
8
|
-
### 2.1.2 / 2015-04-16
|
9
|
-
* Accepted merge request from https://github.com/tuvistavie - fixing custom policy bug.
|
10
|
-
|
11
|
-
### 2.1.1 / 2013-10-31
|
12
|
-
* Added changelog file
|
13
|
-
* Aceppted merge request from https://github.com/bullfight, Refactored configuration to allow for key to be passed in directly.
|
data/README.markdown
DELETED
@@ -1,107 +0,0 @@
|
|
1
|
-
# cloudfront-signer [![Build Status](https://travis-ci.org/leonelgalan/cloudfront-signer.svg)](https://travis-ci.org/leonelgalan/cloudfront-signer) [![Code Climate](https://codeclimate.com/github/leonelgalan/cloudfront-signer/badges/gpa.svg)](https://codeclimate.com/github/leonelgalan/cloudfront-signer) [![Test Coverage](https://codeclimate.com/github/leonelgalan/cloudfront-signer/badges/coverage.svg)](https://codeclimate.com/github/leonelgalan/cloudfront-signer/coverage) [![Gem Version](https://badge.fury.io/rb/cloudfront-signer.svg)](http://badge.fury.io/rb/cloudfront-signer) [![Dependency Status](https://gemnasium.com/leonelgalan/cloudfront-signer.svg)](https://gemnasium.com/leonelgalan/cloudfront-signer)
|
2
|
-
|
3
|
-
See the [ChangeLog](https://github.com/58bits/cloudfront-signer/blob/master/ChangeLog.markdown) for details of this release.
|
4
|
-
|
5
|
-
See Amazon docs for [Serving Private Content through CloudFront](http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/index.html?PrivateContent.html)
|
6
|
-
|
7
|
-
A fork and rewrite started by [Anthony Bouch](https://github.com/58bits) of Dylan Vaughn's [aws_cf_signer](https://github.com/stlondemand/aws_cf_signer).
|
8
|
-
|
9
|
-
This version uses all class methods and a configure method to set options.
|
10
|
-
|
11
|
-
Seperate helper methods exist for safe signing of urls and stream paths, each of which has slightly different requirements. For example, urls must not contain any spaces, whereas a stream path can. Also we might not want to html escape a url or path if it is being supplied to a JavaScript block or Flash object.
|
12
|
-
|
13
|
-
## Installation
|
14
|
-
|
15
|
-
This gem has been publised as `cloudfront-signer`. Use `gem install cloudfront-signer` to install this gem.
|
16
|
-
|
17
|
-
Alternatively, place a copy of cloudfront-signer.rb (and the cloundfront-signer sub directory) in your lib directory.
|
18
|
-
|
19
|
-
In either case the signing class must be configured - supplying the path to a signing key, or supplying the signing key directly as a string along with the `key_pair_id`. Create the initializer by running:
|
20
|
-
|
21
|
-
```sh
|
22
|
-
bundle exec rails generate cloudfront:install
|
23
|
-
```
|
24
|
-
|
25
|
-
and customizing the resulting _config/initializers/cloudfront-signer.rb_ file.
|
26
|
-
|
27
|
-
### Generated _cloudfront-signer.rb_
|
28
|
-
|
29
|
-
```ruby
|
30
|
-
Aws::CF::Signer.configure do |config|
|
31
|
-
config.key_path = '/path/to/keyfile.pem'
|
32
|
-
# config.key = ENV.fetch('PRIVATE_KEY') # key_path not required if key supplied directly
|
33
|
-
config.key_pair_id = 'XXYYZZ'
|
34
|
-
config.default_expires = 3600
|
35
|
-
end
|
36
|
-
```
|
37
|
-
|
38
|
-
## Usage
|
39
|
-
|
40
|
-
Call the class `sign_url` or `sign_path` method with optional policy settings.
|
41
|
-
|
42
|
-
```ruby
|
43
|
-
Aws::CF::Signer.sign_url 'http://mydomain/path/to/my/content'
|
44
|
-
```
|
45
|
-
|
46
|
-
```ruby
|
47
|
-
Aws::CF::Signer.sign_path 'path/to/my/content', expires: Time.now + 600
|
48
|
-
```
|
49
|
-
|
50
|
-
|
51
|
-
Both `sign_url` and `sign_path` have _safe_ versions that HTML encode the result allowing signed paths or urls to be placed in HTML markup. The 'non'-safe versions can be used for placing signed urls or paths in JavaScript blocks or Flash params.
|
52
|
-
|
53
|
-
___
|
54
|
-
|
55
|
-
Call class method `signed_params` to get raw parameters. These values can be used to set signing cookies ([Serving Private Content through CloudFront: Using Signed Cookies](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html)). See [commit message](https://github.com/leonelgalan/cloudfront-signer/commit/fedcc3182e32133e4bd0ad0b79c0106168896c91) for additional details.
|
56
|
-
|
57
|
-
```ruby
|
58
|
-
Aws::CF::Signer.signed_params 'path/to/my/content'
|
59
|
-
```
|
60
|
-
|
61
|
-
### Custom Policies
|
62
|
-
|
63
|
-
See Example Custom Policy 1 at above AWS doc link
|
64
|
-
|
65
|
-
```ruby
|
66
|
-
url = Aws::CF::Signer.sign_url 'http://d604721fxaaqy9.cloudfront.net/training/orientation.avi',
|
67
|
-
expires: 'Sat, 14 Nov 2009 22:20:00 GMT',
|
68
|
-
resource: 'http://d604721fxaaqy9.cloudfront.net/training/*',
|
69
|
-
ip_range: '145.168.143.0/24'
|
70
|
-
)
|
71
|
-
```
|
72
|
-
|
73
|
-
See Example Custom Policy 2 at above AWS doc link
|
74
|
-
|
75
|
-
```ruby
|
76
|
-
Aws::CF::Signer.sign_url 'http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
|
77
|
-
starting: 'Thu, 30 Apr 2009 06:43:10 GMT',
|
78
|
-
expires: 'Fri, 16 Oct 2009 06:31:56 GMT',
|
79
|
-
resource: 'http://*',
|
80
|
-
ip_range: '216.98.35.1/32'
|
81
|
-
```
|
82
|
-
|
83
|
-
You can also pass in a path to a policy file. This will supersede any other policy options
|
84
|
-
|
85
|
-
```ruby
|
86
|
-
Aws::CF::Signer.sign_url 'http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
|
87
|
-
policy_file: '/path/to/policy/file.txt'
|
88
|
-
```
|
89
|
-
|
90
|
-
## Patches/Pull Requests
|
91
|
-
|
92
|
-
* Fork the project.
|
93
|
-
* Make your feature addition or bug fix.
|
94
|
-
* Add tests for it.
|
95
|
-
* Commit
|
96
|
-
* Send me a pull request. Bonus points for topic branches.
|
97
|
-
|
98
|
-
## Attributions
|
99
|
-
Hat tip to [Anthony Bouch](https://github.com/58bits) for contributing to Dylan's effort. Only reading both gem's code I was able to figure out the signing needed for the newly introduced signed cookies.
|
100
|
-
|
101
|
-
> Dylan blazed a trail here - however, after several attempts, I was unable to contact Dylan in order to suggest that we combine our efforts to produce a single gem - hence the re-write and new gem here. - **Anthony Bouch**
|
102
|
-
|
103
|
-
Parts of signing code taken from a question on [Stack Overflow](http://stackoverflow.com/questions/2632457/create-signed-urls-for-cloudfront-with-ruby) asked by [Ben Wiseley](http://stackoverflow.com/users/315829/ben-wiseley), and answered by [Blaz Lipuscek](http://stackoverflow.com/users/267804/blaz-lipuscek) and [Manual M](http://stackoverflow.com/users/327914/manuel-m).
|
104
|
-
|
105
|
-
## License
|
106
|
-
|
107
|
-
cloudfront-signer is distributed under the MIT License, portions copyright © 2015 Dylan Vaughn, STL, Anthony Bouch, Leonel Galán
|