desviar 0.0.9

data/Apache-License.txt

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/Gemfile

@@ -0,0 +1,10 @@
+source 'https://rubygems.org'
+ruby '1.9.3'
+
+gem 'sinatra'
+gem 'dm-core'
+gem 'dm-migrations'
+gem 'dm-validations'
+gem 'dm-timestamps'
+gem 'syntaxi'
+gem 'rack-recaptcha'

data/README.md

@@ -0,0 +1,72 @@
+### Desviar - High-security redirection ###
+
+This is a Ruby-based app server built on Sinatra to create
+preauthorized time-limited, random URIs used in devops deployment
+scripts or in web applications such as confirmation emails.
+
+It operates similarly to TinyURL or the Amazon S3 temporary-URI
+feature: provide the tool with the URI to an existing secure resource,
+specify a number of seconds you want to authorize references to it,
+and you'll get back a temporary URI good for that amount of time.
+
+You can set it up on a DMZ network or in the cloud behind an
+iptables/nginx configuration to provide whatever ACL restrictions you
+want, and you can reference any source URI (not just those stored on
+S3).
+
+Secure content is cached in memory (sqlite3) by default; for
+troubleshooting, you can store content in a file.
+
+#### Installation ####
+
+Clone this repo, copy config/config.rb.example to config/config.rb, and
+perform the following:
+
+    sudo apt-get install rack libsqlite3-dev
+    #  package names above may differ if not using Ubuntu
+    sudo gem install bundler
+    sudo bundle install
+    rackup -p 4567
+
+Default credential of [app](http://localhost:4567) is user _desviar_, pw _password_.
+
+#### Usage ####
+
+Commands:
+* /create - generate a new pre-authenticated URI
+* /desviar/xxx - retrieve pre-authenticated content (if a URISUFFIX was specified, it must be appended to xxx)
+* /list   - display a table of most-recently uploaded URIs
+* /link/nnn - retrieve details
+
+Here's an example of creating a new link via _curl_:
+
+    curl --digest --user desviar:password http://localhost:4567/create \
+     --data "desviar_redir_uri=http://localhost/test&desviar_expiration=1800&desviar_captcha=1&desviar_notes=testing"
+
+#### Features implemented ####
+
+- [x] HTTP digest authentication for user interface
+- [ ] Parse htpasswd files to support multiple credentials
+- [x] Bypass authentication for generated URIs
+- [x] Basic HTTP authentication for remote URIs
+- [ ] HTTP digest authentication for remote URIs
+- [x] reCAPTCHA challenge for generated URIs
+- [x] Listing of database contents
+- [x] Choice of static or dynamic (REST) configuration
+- [x] Encrypted database
+- [ ] Memcached storage (for performance at scale)
+- [x] Pre-shared/concealed URI suffix
+- [ ] Activity log output (syslog)
+- [x] Database cleanup tool
+- [x] Tested under Ruby 1.9.3
+
+#### License ####
+
+Created under Apache license by rich braun, July 2013.
+
+ Copyright 2013 Richard Braun
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at 
+       [Apache.org](http://www.apache.org/licenses/LICENSE-2.0)

data/config/config.rb.example

@@ -0,0 +1,89 @@
+# Configuration values for Desviar
+#
+# Created 14 Jul 2013 by rich braun
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+$config = {
+
+    :msg_title => "Page title for all generated HTML output",
+:title => "Desviar",
+
+    :msg_uriprefix => "Prefix is an arbitrary string placed at beginning of URI",
+:uriprefix => "012",
+
+    :msg_urisuffix => "Suffix is a pre-shared hidden string that must be appended to fetch URI; leave blank unless you need extra security",
+:urisuffix => "",
+
+    :msg_hashlength => "Length of generated URL; if you like TinyURL, try a value of 3 or 4",
+:hashlength => 32,
+
+    :msg_exp => "Default expiration interval, in seconds",
+:exp => 900,
+
+    :msg_authprompt => "AuthPrompt appears in the browser authentication dialog",
+:authprompt => "Please Authenticate",
+
+    :msg_adminuser => "Administrative username - has access to all records",
+:adminuser => "desviar",
+
+    :msg_adminpw => "Admin PW secures the UI",
+:adminpw => "password",
+
+    :msg_authsalt => "AuthSalt is used to randomize http-digest hash",
+:authsalt => "notveryrandom",
+
+    :msg_dbmethod => "DB method - sqlite path name; use sqlite:///path/file.db to store on disk",
+:dbmethod => "sqlite:///dev/shm/desviar",
+
+    ### TODO: figure out how to maintain a persistent thread for memory DB
+    # dbmethod => "sqlite::memory:",
+
+    :msg_dbencrypt => "Method for encrypting local database, see optvals for list of values",
+:dbencrypt => "aes-256-cbc",
+
+    :msg_cryptkey => "32-byte encryption key, or nil to generate random one at startup",
+:cryptkey => nil,
+
+    :msg_captchapub => "Public key for reCAPTCHA - see http://www.google.com/recaptcha/whyrecaptcha",
+:captchapub => "",
+    :msg_captchapriv => "Private key for reCAPTCHA",
+:captchapriv => "",
+
+    :msg_recordsmax => "Records to display on /list",
+:recordsmax => 150,
+
+    :msg_contentmax => "Max content size to cache",
+:contentmax => 4194304,
+
+    :msg_log_facility => "Syslog facility - false to disable",
+:log_facility => Syslog::LOG_LOCAL1,
+
+    # Hidden config items concealed from UI/API
+:hidden => [ "hidden", "hashed" ],
+
+    # Hashed config items - secure passwords
+:hashed => [ "authsalt", "adminpw", "cryptkey", "captchapriv" ],
+
+    :msg_debug => "Debug mode",
+:debug => false
+}
+
+# Option values for drop-down selections
+
+$optvals = {
+:dbencrypt => [ false, "aes-256-cbc" ],
+:debug => [ true, false ],
+:log_facility => [
+    Syslog::LOG_LOCAL0,
+    Syslog::LOG_LOCAL1,
+    Syslog::LOG_LOCAL2,
+    Syslog::LOG_LOCAL3
+    ],
+:hashlength => [ 3, 4, 6, 8, 12, 24, 32, 48, 64 ],
+:recordsmax => [ 50, 100, 150, 250, 500 ]
+}

data/config.ru

@@ -0,0 +1,13 @@
+require File.expand_path '../desviar.rb', __FILE__
+log = File.new("desviar.log", "a+")
+  $stdout.reopen(log)
+  $stderr.reopen(log)
+
+run Rack::URLMap.new({
+  "/" => Desviar::Authorized,
+  "/0/config" => Desviar::Authorized,
+  "/0/create" => Desviar::Authorized,
+  "/0/link"   => Desviar::Authorized,
+  "/0/list"   => Desviar::Authorized,
+  "/desviar"  => Desviar::Public
+})

data/desviar.gemspec

@@ -0,0 +1,32 @@
+require './desviar'
+
+Gem::Specification.new do |spec|
+  spec.platform          = Gem::Platform::RUBY
+  spec.name              = "desviar"
+  spec.summary           = "Preauthorized secure/random URI redirection"
+  spec.authors           = ["Rich Braun"]
+  spec.email             = "richb@instantlinux.net"
+  spec.homepage          = "http://github.com/instantlinux/desviar"
+  spec.rubyforge_project = spec.name
+  spec.version           = Desviar::VERSION
+  spec.date              = Desviar::RELEASE
+# spec.test_files        = spec.files.select{ |path| path =~ /^test\/.*/ }
+  spec.require_paths     = ["config", "lib", "public", "views"]
+  spec.files             = %x[git ls-files].split.reject do |out|
+    out =~ %r{^\.} || out =~ %r{/^doc/api/}
+  end
+  spec.description       = <<-end.gsub /^    /,''
+    Desviar provides URL redirection; some possible applications include:
+    - Web signup process
+    - Continuous-deploy servers
+    - Online ticket sales
+  end
+  spec.post_install_message = <<-end.gsub(/^[ ]{4}/,'')
+    #{'-'*78}
+    Desviar v#{spec.version}
+
+    Thanks for using Desviar.
+    #{'-'*78}
+  end
+  spec.add_dependency "sinatra", ">= 1.4"
+end

data/desviar.rb

@@ -0,0 +1,239 @@
+# Desviar - URL redirection for security applications
+#
+# Created 14 Jul 2013
+#
+#   Copyright 2013 Richard Braun
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+require 'sinatra/base'
+require 'securerandom'
+require 'dm-core'
+require 'dm-migrations'
+require 'dm-validations'
+require 'dm-timestamps'
+require 'syntaxi'
+require 'syslog'
+require 'net/http'
+#require 'test/unit'
+require 'rack/test'
+require 'rack/recaptcha'
+
+require './config/config'
+require './lib/version'
+require './lib/encrypt'
+require './lib/model'
+# Auth parsing is work-in-progress
+# require './lib/auth.rb'
+
+module Desviar
+  class Authorized < Sinatra::Base
+
+    configure do
+      DataMapper::Logger.new($stdout, :debug) if $config[:debug]
+      DataMapper.setup(:default, $config[:dbmethod])
+      DataMapper.auto_upgrade! if DataMapper.respond_to?(:auto_upgrade!)
+      $config[:cryptkey] = SecureRandom.base64(32) if $config[:cryptkey].nil?
+    end
+
+    get '/' do
+      redirect '/create'
+    end
+  
+    # create
+    get '/create' do
+      puts request.env.inspect if $config[:debug]
+      erb :create
+    end
+  
+    # submit
+    post '/create' do
+      # Create a new data record, generating the random URI and omitting
+      #   remote-access credentials if specified.
+      @desviar = Desviar::Model::Main.new(params.merge({
+        :temp_uri => "#{$config[:uriprefix]}#{SecureRandom.urlsafe_base64($config[:hashlength])[0,$config[:hashlength]]}#{$config[:urisuffix]}",
+        :expires_at     => Time.now + params[:expiration].to_i,
+        :captcha_validated => false
+      }).delete_if {|key, val| key == "remoteuser" || key == "remotepw"})
+
+      # Cache the remote URI
+      object = URI.parse(@desviar[:redir_uri])
+      http = Net::HTTP.new(object.host, object.port)
+      http.use_ssl = @desviar[:redir_uri].index('https') == 0
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      req = Net::HTTP::Get.new(object.request_uri)
+      if params[:remoteuser] != ''
+        req.basic_auth params[:remoteuser], params[:remotepw]
+      end
+      response = http.request(req)
+      if !$config[:dbencrypt]
+        @desviar[:content] = response.body[0, $config[:contentmax]]
+      else
+        obj = Desviar::EncryptedItem::Encryptor.new(
+                  response.body[0, $config[:contentmax]], $config[:cryptkey])
+        @desviar[:content]   = obj.encrypted_data
+        @desviar[:hmac]      = obj.hmac
+        @desviar[:cipher_iv] = obj.iv
+      end
+
+      # Insert the new record and display the new link
+      if @desviar.save
+        Desviar::Public::log "Created #{@desviar.id} #{@desviar.redir_uri} #{@desviar.expires_at} #{request.ip}"
+        redirect "/link/#{@desviar.id}"
+      else
+        error 400
+      end
+    end
+  
+    # show link ID
+    get '/link/:id' do
+      @desviar = Desviar::Model::Main.get(params[:id])
+      if @desviar && DateTime.now < @desviar[:expires_at]
+        erb :show
+      else
+        error 404
+      end
+    end
+
+    # clean out expired records
+    get '/clean' do
+      # TODO: figure out the clean "native" way of DataMapper::Collection.destroy
+      #   - but this works fine for small databases
+      @desviar = DataMapper.repository(:default).adapter
+      @records = Desviar::Model::Main.all(:expires_at.lt => DateTime.now)
+      count = 0
+      @records.each do |item|
+        @desviar.execute("DELETE FROM desviar_data WHERE id=#{item.id};")
+        count += 1
+      end
+      Desviar::Public::log "Cleaned #{count} records" if count != 0
+      redirect "/list"
+    end
+
+    # list of most recent records
+    get '/list' do
+      @desviar = Desviar::Model::Main.all(:limit => $config[:recordsmax], :order => [ :created_at.desc ])
+      @total = @desviar.length
+      @count = [ @total, $config[:recordsmax] ].min
+      erb :list
+    end
+
+    # configuration
+    get '/config' do
+      erb :config
+    end
+
+    # submit
+    post '/config' do
+      params['config'].each do |opt, val|
+        if $config[opt.to_sym].class == Fixnum
+          $config[opt.to_sym] = val.to_i
+        elsif val != "" || !$config[:hashed].include?(opt)
+          $config[opt.to_sym] = case val
+            when "true" then true
+            when "false" then false
+            when "nil" then nil
+            else val
+            end
+        end
+      end
+
+      DataMapper::Logger.new($stdout, :debug) if $config[:debug]
+      $config[:cryptkey] = SecureRandom.base64(32) if $config[:cryptkey].nil?
+
+      puts $config.inspect if $config[:debug]
+      Desviar::Public::log "Configuration updated"
+      redirect "/list"
+    end
+
+    def self.new(*)
+  #   TODO: htpasswd parsing
+  #   Desviar::Auth::authenticate!
+      app = Rack::Auth::Digest::MD5.new(super) do |username|
+        {$config[:adminuser] => $config[:adminpw]}[username]
+      end
+      app.realm  = $config[:authprompt]
+      app.opaque = $config[:authsalt]
+      app
+    end
+
+  end
+
+  #############################################
+  # Class Desviar::Public - routes without auth
+
+  class Public < Sinatra::Base
+
+    configure do
+      use Rack::Recaptcha, :public_key => $config[:captchapub], :private_key => $config[:captchapriv]
+      helpers Rack::Recaptcha::Helpers
+    end
+
+    # display content
+    get '/:temp_uri' do
+      @desviar = Desviar::Model::Main.first(:temp_uri => params[:temp_uri])
+      cache_control :public, :max_age => 30
+      if @desviar && DateTime.now < @desviar[:expires_at]
+        if @desviar[:captcha] && !@desviar[:captcha_validated]
+          @button = @desviar[:captcha_button]
+          erb :captcha
+        else
+          @desviar.update(:captcha_validated => false) if @desviar[:captcha_validated]
+          if !$config[:dbencrypt]
+            @content = @desviar[:content]
+          else
+            obj = Desviar::EncryptedItem::Decryptor::for({
+                'cipher'         => $config[:dbencrypt], 
+                'version'        => 2, 
+                'encrypted_data' => @desviar[:content],
+                'iv'             => Base64.encode64(@desviar[:cipher_iv]),
+                'hmac'           => @desviar[:hmac]}, $config[:cryptkey])
+            @content = obj.for_decrypted_item
+          end
+          Desviar::Public::log "Fetched #{@desviar.id} #{@desviar.redir_uri} #{@desviar.content.bytesize} #{@desviar.notes[0,50]}"
+          erb :content, :layout => false
+        end
+      else
+        error 404
+      end
+    end
+
+    # handle reCAPTCHA
+    post '/:temp_uri' do
+      if recaptcha_valid?
+        @desviar = Desviar::Model::Main.first(:temp_uri => params[:temp_uri],
+                                       :fields => [ :id, :temp_uri, :captcha_validated ])
+        @desviar.update(:captcha_validated => true)
+      end
+      redirect "/desviar/#{params[:temp_uri]}"
+    end
+
+    def self.log(message, priority = Syslog::LOG_INFO)
+      if $config[:log_facility]    
+        Syslog.open($0, Syslog::LOG_PID | Syslog::LOG_CONS | $config[:log_facility]) { |obj| obj.info message }
+      end
+      puts "#{Time.now} #{message}" if $config[:debug]
+    end
+  end
+
+=begin
+  # TODO - switch to MiniTest, move to test subdir
+  class Test <Test::Unit::TestCase
+    include Rack::Test::Methods
+
+    def app
+      Desviar
+    end
+ 
+    def test_list
+      get '/list'
+      assert last_response.ok?
+    end
+  end
+=end
+end
+