RubyGems - distack-urlsign - Versions diffs - 0.1.0 → 0.2.0 - Mend

distack-urlsign 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/distack-urlsign.gemspec +3 -1
data/lib/distack/urlsign.rb +1 -0
data/lib/distack/urlsign/signer.rb +34 -5
data/lib/distack/urlsign/version.rb +2 -2
metadata +15 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9802373c59138923f07b05c3dbabe7c2c37e8253
-  data.tar.gz: 16ac31e6e57e31e10537d70ca3b7663581b39b82
+  metadata.gz: bde30f8bddc0975bcd335a8168978b2cb955b0d2
+  data.tar.gz: 6d4c08ccf86e571e7256b220d2dffd37179bc77c
 SHA512:
-  metadata.gz: e0cf2095317d0584286fdb24a0b327e793ec133e18affc03471fdfa35aed5d1de341eead9c6abc9d51a6ab86c9f44bb3d0426e96f232341105de2ff98a9b753d
-  data.tar.gz: 07e810377da2e0c1134ca9910813f02ae97c21d86aff4477b575bc0e09c47346689d0ab1a3f4a47466f99ec22a70e215f763c08b15f339454470733f22b9c40d
+  metadata.gz: c03f0fdefa293cc1754dc8bc122882e0f09d1009fb505d884fdb070de00602bb3250848390d9d557d774842aa67456192e53c3b9d71937778dd49570a07e7129
+  data.tar.gz: f0b417d94280566133290179ecfc7945edb9f8a0c7054e439f1998bc9302a3a76086ae66703c15873cc35b6caeb8e9f84c08f4c0b2a8211b42a6f92c77008248

data/distack-urlsign.gemspec CHANGED Viewed

@@ -5,7 +5,7 @@ require 'distack/urlsign/version'
 Gem::Specification.new do |spec|
   spec.name          = "distack-urlsign"
-  spec.version       = Distack::Urlsign::VERSION
+  spec.version       = Distack::URLSign::VERSION
   spec.authors       = ["Rodrigo Kochenburger"]
   spec.email         = ["divoxx@gmail.com"]
@@ -18,6 +18,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
+  spec.add_dependency "rack"
   spec.add_development_dependency "bundler", "~> 1.9"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "pry", "~> 0.10.1"

data/lib/distack/urlsign.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 require "uri"
 require "openssl"
 require "base64"
+require "rack"
 module Distack
   module URLSign

data/lib/distack/urlsign/signer.rb CHANGED Viewed

@@ -1,4 +1,6 @@
 module Distack::URLSign
+  InvalidSignatureError = Class.new(StandardError)
   class Signer
     KEY_REGEX = /^[0-9A-f]+$/
@@ -12,7 +14,7 @@ module Distack::URLSign
     def sign(url)
       if url.opaque
-        raise "can't sign or verify opaque URL"
+        raise "can't sign opaque URL"
       end
       chunks = [url.scheme, "#{url.host}:#{url.port}", url.path, url.query, url.userinfo].compact
@@ -22,16 +24,43 @@ module Distack::URLSign
       signature = Base64.urlsafe_encode64(rawsig)
       if url.query
-        q = URI.decode_www_form(url.query)
+        q = Rack::Utils.parse_nested_query(url.query)
       else
-        q = []
+        q = {}
       end
-      q << ["_signature", signature]
+      q ["_signature"] = signature
       new_url = url.dup
-      new_url.query = URI.encode_www_form(q)
+      new_url.query = Rack::Utils.build_nested_query(q)
       new_url
     end
+    def verify(url)
+      if url.opaque
+        raise "can't verify opaque URL"
+      end
+      q = Rack::Utils.parse_nested_query(url.query)
+      original_q  = q.dup
+      original_q.delete("_signature")
+      original_qs = Rack::Utils.build_nested_query(original_q)
+      chunks = [url.scheme, "#{url.host}:#{url.port}", url.path, original_qs, url.userinfo].compact
+      digest = OpenSSL::Digest.new("sha512")
+      rawsig    = OpenSSL::HMAC.digest(digest, @key, chunks.join)
+      signature = Base64.urlsafe_encode64(rawsig)
+      if signature == q["_signature"]
+        new_url = url.dup
+        new_url.query = original_qs
+        new_url
+      else
+        raise InvalidSignatureError, "signature is invalid for #{url}"
+      end
+    end
   end
 end

data/lib/distack/urlsign/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Distack
-  module Urlsign
-    VERSION = "0.1.0"
+  module URLSign
+    VERSION = "0.2.0"
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: distack-urlsign
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Rodrigo Kochenburger
@@ -10,6 +10,20 @@ bindir: exe
 cert_chain: []
 date: 2016-02-19 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement