did_will_sign 0.0.1

data/README

@@ -0,0 +1,55 @@
+will_sign
+=========
+
+Create time-based HMAC hashes from URLs.
+
+USAGE
+=====
+
+  # not really Rails-specific, works with POROs
+  class FooController < ApplicationController
+    include WillSign
+  
+  protected
+    def sign_secret
+      :monkey # this should be something unique and special.
+    end
+
+  public
+    def index
+      url  = "/foo/bar"
+      hash = sign_url(url)
+      redirect_to "#{url}?token=#{hash}"
+    end
+
+    def show
+      url  = request.request_uri.split("?").first # "/foo/bar"
+      hash = params[:token]
+      if signed_url?(url, hash)
+        ...
+      else
+        raise "Token expired"
+      end
+    end
+  end
+
+The default expiry for urls is 300 seconds (5 minutes).  You can set a custom
+expiry like this:
+
+  sign_url("foo/bar", 120) # 2 minutes
+
+Or...
+
+  WillSign.default_expiry = 180
+  sign_url("foo/bar") # 3 minutes
+
+CREDITS
+=======
+
+Thanks to Digisynd for funding this plugin, and TV for insight in how to properly
+hash URLs.
+
+TODO
+====
+
+gem spec...

data/lib/will_sign.rb

@@ -0,0 +1,42 @@
+require 'hmac-sha1'
+
+module WillSign
+  # maximum allowed expiry
+  def self.default_expiry
+    @default_expiry ||= 300
+  end
+  
+  def self.default_expiry=(value)
+    @default_expiry = value.to_i
+  end
+
+  # relies on #sign_secret reader
+
+  # creates a header value like TIME:HASH
+  def sign_url(url, expiry = WillSign.default_expiry)
+    expiry = (Time.now.utc + expiry).to_i.to_s
+    pieces = split_url url
+    create_hash_from_url_and_expiry pieces, expiry
+  end
+  
+  def signed_url?(url, given)
+    return false if url.nil? || given.nil? || given.size.zero?
+    expiry, hash = given.split(":")
+    expiry = expiry.to_i
+    now    = Time.now.utc.to_i
+    return false if expiry < now
+    pieces = split_url url
+    result = create_hash_from_url_and_expiry pieces, expiry
+    result == given
+  end
+
+protected
+  def split_url(url)
+    url.split("/"). \
+      delete_if { |piece| piece.nil? || piece.size.zero? }
+  end
+
+  def create_hash_from_url_and_expiry(pieces, expiry)
+    "#{expiry}:#{HMAC::SHA1.hexdigest(sign_secret.to_s, (pieces << expiry).join("/"))}"
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+require 'rubygems'
+begin
+  gem 'rspec'
+rescue Gem::LoadError
+end
+
+$:.unshift File.dirname(__FILE__) + '/../../rspec/lib/'
+$:.unshift File.dirname(__FILE__) + '/../lib'
+
+require 'ruby-debug'
+require 'spec'
+require 'will_sign'
+
+Debugger.start

data/spec/will_sign_spec.rb

@@ -0,0 +1,62 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe "WillSign" do
+  include WillSign
+  before do
+    @now = Time.utc(2007, 12, 31, 23, 58)
+    Time.stub!(:now).and_return(@now)
+    @hash = "1199145780:828170e4e98edc8b9d3f097695d2b0004234cb8e"
+  end
+  
+  describe "#sign_url" do
+    it "signs url with default expiry" do
+      sign_url("foo/bar").should == @hash
+    end
+    
+    it "ignores beginning slash" do
+      sign_url("/foo/bar").should == @hash
+    end
+    
+    it "ignores trailing slash" do
+      sign_url("foo/bar/").should == @hash
+    end
+  end
+  
+  describe "#signed_url?" do
+    it "recognizes url with hash" do
+      signed_url?('foo/bar', @hash).should be_true
+    end
+  
+    it "recognizes url with beginning slash and hash" do
+      signed_url?('/foo/bar', @hash).should be_true
+    end
+  
+    it "recognizes url with trailing slash and hash" do
+      signed_url?('foo/bar/', @hash).should be_true
+    end
+    
+    it "recognizes nearly expired hash" do
+      Time.stub!(:now).and_return(@now + WillSign.default_expiry)
+      signed_url?('foo/bar', @hash).should be_true
+    end
+    
+    it "doesn't recognize expired hash" do
+      Time.stub!(:now).and_return(@now + WillSign.default_expiry + 1)
+      signed_url?('foo/bar', @hash).should be_false
+    end
+    
+    it "doesn't recognize nil url" do
+      signed_url?(nil, @hash).should be_false
+    end
+        
+    it "doesn't recognize nil hash" do
+      signed_url?('foo/bar', nil).should be_false
+    end
+    
+    it "doesn't recognize blank hash" do
+      signed_url?('foo/bar', '').should be_false
+    end
+  end
+
+  def sign_secret() :monkey end
+end

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification 
+name: did_will_sign
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- technoweenie
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-02-14 00:00:00 +01:00
+default_executable: 
+dependencies: []
+
+description: Small module for creating time-based hashes based on URLs
+email: 
+- technoweenie@gmail.com
+- didier@nocoffee.fr
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+files: 
+- lib/will_sign.rb
+- README
+- spec/spec_helper.rb
+- spec/will_sign_spec.rb
+has_rdoc: true
+homepage: https://github.com/technoweenie/will_sign
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.4.2
+signing_key: 
+specification_version: 3
+summary: Small module for creating time-based hashes based on URLs
+test_files: 
+- spec/spec_helper.rb
+- spec/will_sign_spec.rb