distack-urlsign 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/distack-urlsign.gemspec +3 -1
  3. data/lib/distack/urlsign.rb +1 -0
  4. data/lib/distack/urlsign/signer.rb +34 -5
  5. data/lib/distack/urlsign/version.rb +2 -2
  6. metadata +15 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9802373c59138923f07b05c3dbabe7c2c37e8253
4
- data.tar.gz: 16ac31e6e57e31e10537d70ca3b7663581b39b82
3
+ metadata.gz: bde30f8bddc0975bcd335a8168978b2cb955b0d2
4
+ data.tar.gz: 6d4c08ccf86e571e7256b220d2dffd37179bc77c
5
5
  SHA512:
6
- metadata.gz: e0cf2095317d0584286fdb24a0b327e793ec133e18affc03471fdfa35aed5d1de341eead9c6abc9d51a6ab86c9f44bb3d0426e96f232341105de2ff98a9b753d
7
- data.tar.gz: 07e810377da2e0c1134ca9910813f02ae97c21d86aff4477b575bc0e09c47346689d0ab1a3f4a47466f99ec22a70e215f763c08b15f339454470733f22b9c40d
6
+ metadata.gz: c03f0fdefa293cc1754dc8bc122882e0f09d1009fb505d884fdb070de00602bb3250848390d9d557d774842aa67456192e53c3b9d71937778dd49570a07e7129
7
+ data.tar.gz: f0b417d94280566133290179ecfc7945edb9f8a0c7054e439f1998bc9302a3a76086ae66703c15873cc35b6caeb8e9f84c08f4c0b2a8211b42a6f92c77008248
data/distack-urlsign.gemspec CHANGED
@@ -5,7 +5,7 @@ require 'distack/urlsign/version'
5
5
 
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "distack-urlsign"
8
- spec.version = Distack::Urlsign::VERSION
8
+ spec.version = Distack::URLSign::VERSION
9
9
  spec.authors = ["Rodrigo Kochenburger"]
10
10
  spec.email = ["divoxx@gmail.com"]
11
11
 
@@ -18,6 +18,8 @@ Gem::Specification.new do |spec|
18
18
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
19
  spec.require_paths = ["lib"]
20
20
 
21
+ spec.add_dependency "rack"
22
+
21
23
  spec.add_development_dependency "bundler", "~> 1.9"
22
24
  spec.add_development_dependency "rake", "~> 10.0"
23
25
  spec.add_development_dependency "pry", "~> 0.10.1"
data/lib/distack/urlsign.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  require "uri"
3
3
  require "openssl"
4
4
  require "base64"
5
+ require "rack"
5
6
 
6
7
  module Distack
7
8
  module URLSign
data/lib/distack/urlsign/signer.rb CHANGED
@@ -1,4 +1,6 @@
1
1
  module Distack::URLSign
2
+ InvalidSignatureError = Class.new(StandardError)
3
+
2
4
  class Signer
3
5
  KEY_REGEX = /^[0-9A-f]+$/
4
6
 
@@ -12,7 +14,7 @@ module Distack::URLSign
12
14
 
13
15
  def sign(url)
14
16
  if url.opaque
15
- raise "can't sign or verify opaque URL"
17
+ raise "can't sign opaque URL"
16
18
  end
17
19
 
18
20
  chunks = [url.scheme, "#{url.host}:#{url.port}", url.path, url.query, url.userinfo].compact
@@ -22,16 +24,43 @@ module Distack::URLSign
22
24
  signature = Base64.urlsafe_encode64(rawsig)
23
25
 
24
26
  if url.query
25
- q = URI.decode_www_form(url.query)
27
+ q = Rack::Utils.parse_nested_query(url.query)
26
28
  else
27
- q = []
29
+ q = {}
28
30
  end
29
31
 
30
- q << ["_signature", signature]
32
+ q ["_signature"] = signature
31
33
 
32
34
  new_url = url.dup
33
- new_url.query = URI.encode_www_form(q)
35
+ new_url.query = Rack::Utils.build_nested_query(q)
34
36
  new_url
35
37
  end
38
+
39
+ def verify(url)
40
+ if url.opaque
41
+ raise "can't verify opaque URL"
42
+ end
43
+
44
+ q = Rack::Utils.parse_nested_query(url.query)
45
+
46
+ original_q = q.dup
47
+ original_q.delete("_signature")
48
+
49
+ original_qs = Rack::Utils.build_nested_query(original_q)
50
+
51
+ chunks = [url.scheme, "#{url.host}:#{url.port}", url.path, original_qs, url.userinfo].compact
52
+ digest = OpenSSL::Digest.new("sha512")
53
+
54
+ rawsig = OpenSSL::HMAC.digest(digest, @key, chunks.join)
55
+ signature = Base64.urlsafe_encode64(rawsig)
56
+
57
+ if signature == q["_signature"]
58
+ new_url = url.dup
59
+ new_url.query = original_qs
60
+ new_url
61
+ else
62
+ raise InvalidSignatureError, "signature is invalid for #{url}"
63
+ end
64
+ end
36
65
  end
37
66
  end
data/lib/distack/urlsign/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Distack
2
- module Urlsign
3
- VERSION = "0.1.0"
2
+ module URLSign
3
+ VERSION = "0.2.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: distack-urlsign
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Kochenburger
@@ -10,6 +10,20 @@ bindir: exe
10
10
  cert_chain: []
11
11
  date: 2016-02-19 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: bundler
15
29
  requirement: !ruby/object:Gem::Requirement