distack-urlsign 0.3.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -0
- data/.travis.yml +2 -1
- data/Rakefile +5 -0
- data/distack-urlsign.gemspec +2 -1
- data/lib/distack/urlsign/signer.rb +12 -2
- data/lib/distack/urlsign/version.rb +1 -1
- metadata +20 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7fa33d08fc927d8297e304ce2966779fdd8ca6ab
|
|
4
|
+
data.tar.gz: 3474af3ad913ee2e79ae0f2cf78ec3915c6ff7b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1ad987c2d9c6fbe61bcb5a8b5783e3d2274a9cdde280c05261573a3ca5ffc2d099c4914f36d862883288bbf05d37848be8f2b89087279575e54900ba1d1191a3
|
|
7
|
+
data.tar.gz: cb5812370e9ba645c89c271cf91c28c2f50b20bcef87e3dc4188cf915a8e189d741d8bbb1ec5d04d5ae64490d11053e5a587cf933b098ba773741bb0a55dbad4
|
data/.ruby-version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
2.2.2
|
data/.travis.yml
CHANGED
data/Rakefile
CHANGED
data/distack-urlsign.gemspec
CHANGED
|
@@ -20,7 +20,8 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
|
|
21
21
|
spec.add_dependency "rack"
|
|
22
22
|
|
|
23
|
-
spec.add_development_dependency "
|
|
23
|
+
spec.add_development_dependency "minitest", "~> 5.10.1"
|
|
24
|
+
spec.add_development_dependency "bundler", "~> 1.7"
|
|
24
25
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
25
26
|
spec.add_development_dependency "pry", "~> 0.10.1"
|
|
26
27
|
end
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
module Distack::URLSign
|
|
2
2
|
InvalidSignatureError = Class.new(StandardError)
|
|
3
|
+
MissingSignatureError = Class.new(StandardError)
|
|
4
|
+
|
|
3
5
|
|
|
4
6
|
class Signer
|
|
5
7
|
KEY_REGEX = /^[0-9A-f]+$/
|
|
@@ -43,19 +45,21 @@ module Distack::URLSign
|
|
|
43
45
|
end
|
|
44
46
|
|
|
45
47
|
q = Rack::Utils.parse_nested_query(url.query)
|
|
48
|
+
raise MissingSignatureError unless q["_signature"]
|
|
46
49
|
|
|
47
50
|
original_q = q.dup
|
|
48
51
|
original_q.delete("_signature")
|
|
49
52
|
|
|
50
53
|
original_qs = Rack::Utils.build_nested_query(original_q)
|
|
51
54
|
|
|
52
|
-
|
|
55
|
+
host_with_port = url.port == url.default_port ? url.host : "#{url.host}:#{url.port}"
|
|
56
|
+
chunks = [url.scheme, host_with_port, url.path, original_qs, url.userinfo].compact
|
|
53
57
|
digest = OpenSSL::Digest.new("sha512")
|
|
54
58
|
|
|
55
59
|
rawsig = OpenSSL::HMAC.digest(digest, @key, chunks.join)
|
|
56
60
|
signature = Base64.urlsafe_encode64(rawsig)
|
|
57
61
|
|
|
58
|
-
if secure_compare(signature, q["_signature"])
|
|
62
|
+
if secure_compare(signature, URI.decode(q["_signature"]).to_s)
|
|
59
63
|
new_url = url.dup
|
|
60
64
|
new_url.query = original_qs
|
|
61
65
|
new_url
|
|
@@ -64,6 +68,12 @@ module Distack::URLSign
|
|
|
64
68
|
end
|
|
65
69
|
end
|
|
66
70
|
|
|
71
|
+
def valid?(url)
|
|
72
|
+
!!verify(url)
|
|
73
|
+
rescue InvalidSignatureError, MissingSignatureError
|
|
74
|
+
false
|
|
75
|
+
end
|
|
76
|
+
|
|
67
77
|
private
|
|
68
78
|
|
|
69
79
|
# Constant time string comparison.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: distack-urlsign
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rodrigo Kochenburger
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-01-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -24,20 +24,34 @@ dependencies:
|
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '0'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: minitest
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 5.10.1
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 5.10.1
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: bundler
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
30
44
|
requirements:
|
|
31
45
|
- - "~>"
|
|
32
46
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '1.
|
|
47
|
+
version: '1.7'
|
|
34
48
|
type: :development
|
|
35
49
|
prerelease: false
|
|
36
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
51
|
requirements:
|
|
38
52
|
- - "~>"
|
|
39
53
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '1.
|
|
54
|
+
version: '1.7'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: rake
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -75,6 +89,7 @@ extensions: []
|
|
|
75
89
|
extra_rdoc_files: []
|
|
76
90
|
files:
|
|
77
91
|
- ".gitignore"
|
|
92
|
+
- ".ruby-version"
|
|
78
93
|
- ".travis.yml"
|
|
79
94
|
- CODE_OF_CONDUCT.md
|
|
80
95
|
- Gemfile
|
|
@@ -107,9 +122,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
107
122
|
version: '0'
|
|
108
123
|
requirements: []
|
|
109
124
|
rubyforge_project:
|
|
110
|
-
rubygems_version: 2.4.5
|
|
125
|
+
rubygems_version: 2.4.5
|
|
111
126
|
signing_key:
|
|
112
127
|
specification_version: 4
|
|
113
128
|
summary: urlsign is a simple HMAC-based implementation for URL signing and verification
|
|
114
129
|
test_files: []
|
|
115
|
-
has_rdoc:
|