RubyGems - dvelp_api_auth - Versions diffs - 0.1.0 - Mend

dvelp_api_auth 0.1.0

Files changed (20) hide show

checksums.yaml +7 -0
data/.gitignore +9 -0
data/.rspec +2 -0
data/.rubocop.yml +77 -0
data/.travis.yml +5 -0
data/Gemfile +5 -0
data/README.md +37 -0
data/Rakefile +7 -0
data/bin/console +15 -0
data/bin/setup +8 -0
data/dvelp_api_auth.gemspec +34 -0
data/lib/dvelp_api_auth.rb +6 -0
data/lib/dvelp_api_auth/authentication.rb +8 -0
data/lib/dvelp_api_auth/authentication/api_request.rb +61 -0
data/lib/dvelp_api_auth/authentication/signature.rb +66 -0
data/lib/dvelp_api_auth/authentication/validator.rb +68 -0
data/lib/dvelp_api_auth/helper_methods.rb +11 -0
data/lib/dvelp_api_auth/tests/helpers.rb +30 -0
data/lib/dvelp_api_auth/version.rb +4 -0
metadata +132 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 503dc12200bdbfde4944ed4eaa69eaf12ca14b1f
+  data.tar.gz: 481956fccaf7b850ae135db41400f0d8de6e822b
+SHA512:
+  metadata.gz: 1a7ae4632157f1dca253c805c3e1d24b9994f9d332d820941e5ba8beecf1dde7a6a10bedf558ba950eafd994d72f621c003364d48cfebb4f2dc621770ad1c8d6
+  data.tar.gz: f7f2be92e1cf99b0367bc74f33b680660a86e61be6d74dcc04b07cfc104d19d41209271b87021ad673a155d34fcb0a7d24756a7a35b9d4694781811d173b87ff

data/.gitignore ADDED

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec ADDED

	@@ -0,0 +1,2 @@
1	+ --format documentation
2	+ --color

data/.rubocop.yml ADDED

@@ -0,0 +1,77 @@
+AllCops:
+  TargetRubyVersion: 2.3
+  Exclude:
+    - 'spec/dummy/**/*'
+Metrics/LineLength:
+  Max: 80
+  Exclude:
+    - 'db/schema.rb'
+Metrics/MethodLength:
+  Enabled: false
+Metrics/BlockLength:
+  Exclude:
+    - './dopay_payment_engine.gemspec'
+    - './spec/**/*'
+Style/AlignParameters:
+  EnforcedStyle: with_fixed_indentation
+Style/BlockComments:
+  Exclude:
+    - 'spec/spec_helper.rb'
+Style/Documentation:
+  Enabled: false
+Style/EmptyLinesAroundBlockBody:
+  Exclude:
+    - 'db/schema.rb'
+Style/ExtraSpacing:
+  Exclude:
+    - 'bin/*'
+    - 'db/schema.rb'
+Style/FirstParameterIndentation:
+  EnforcedStyle: consistent
+Style/GuardClause:
+  Enabled: false
+Style/HashSyntax:
+  Exclude:
+    - 'Rakefile'
+    - 'lib/tasks/*.rake'
+Style/IfUnlessModifier:
+  Enabled: false
+Style/IndentArray:
+  EnforcedStyle: consistent
+Style/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+Style/NumericLiterals:
+  Exclude:
+    - 'db/schema.rb'
+Style/PercentLiteralDelimiters:
+  PreferredDelimiters:
+    '%':  ()
+    '%i': '[]'
+    '%q': ()
+    '%Q': ()
+    '%r': '{}'
+    '%s': ()
+    '%w': '[]'
+    '%W': '[]'
+    '%x': ()
+Style/StringLiterals:
+  Exclude:
+    - 'bin/*'
+    - 'db/schema.rb'

data/.travis.yml ADDED

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.2
+before_install: gem install bundler -v 1.13.6

data/Gemfile ADDED

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+source 'https://rubygems.org'
+# Specify your gem's dependencies in dvelp_api_auth.gemspec
+gemspec

data/README.md ADDED

@@ -0,0 +1,37 @@
+# DvelpApiAuth
+This gem provides an ability to auth through api
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'dvelp_api_auth'
+```
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install dvelp_api_auth
+## Usage
+First of all you need to set env variable to encrypt requests:
+```ruby
+ENV['DVELP_API_AUTH_SECRET_KEY'] = 'Some key'
+```
+## Development
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/dvelp_api_auth.

data/Rakefile ADDED

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+task default: :spec

data/bin/console ADDED

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require 'bundler/setup'
+require 'dvelp_api_auth'
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require 'irb'
+IRB.start

data/bin/setup ADDED

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+bundle install
+# Do any other automated setup that you need to do here

data/dvelp_api_auth.gemspec ADDED

@@ -0,0 +1,34 @@
+# coding: utf-8
+# frozen_string_literal: true
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'dvelp_api_auth/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'dvelp_api_auth'
+  spec.version       = DvelpApiAuth::VERSION
+  spec.authors       = ['Egor Vorobiev']
+  spec.email         = ['egor@dvelp.co.uk']
+  spec.summary       = 'It provides auth between bridge and DE apps'
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+  else
+    raise 'RubyGems 2.0 or newer is required to protect against ' \
+      'public gem pushes.'
+  end
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+  spec.add_development_dependency 'bundler', '~> 1.13'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'pry'
+end

data/lib/dvelp_api_auth.rb ADDED

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+require 'dvelp_api_auth/helper_methods'
+Gem.find_files('dvelp_api_auth/**/*.rb').each { |f| require f }
+module DvelpApiAuth
+end

data/lib/dvelp_api_auth/authentication.rb ADDED

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+module DvelpApiAuth
+  module Authentication
+    def valid_request?
+      DvelpApiAuth::Authentication::ApiRequest.new(request).valid?
+    end
+  end
+end

data/lib/dvelp_api_auth/authentication/api_request.rb ADDED

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+module DvelpApiAuth
+  module Authentication
+    class ApiRequest
+      include ::DvelpApiAuth::HelperMethods
+      attr_reader :api_request
+      def initialize(api_request)
+        @api_request = api_request
+      end
+      def valid?
+        DvelpApiAuth::Authentication::Validator.new(
+          client_authorization_code,
+          timestamp,
+          server_signature
+        ).authentic?
+      end
+      def server_signature
+        DvelpApiAuth::Authentication::Signature.new(
+          fullpath,
+          raw_post,
+          timestamp,
+          multipart?,
+          body
+        ).generate
+      end
+      def mulipart_server_signature; end
+      private
+      def timestamp
+        api_request.headers.env['HTTP_TIMESTAMP']
+      end
+      def raw_post
+        @raw_post ||= api_request.raw_post
+      end
+      def fullpath
+        @full_path ||= api_request.fullpath
+      end
+      def body
+        @body ||= api_request.body
+      end
+      def multipart?
+        present?(api_request.headers['Content-Type']) &&
+          api_request.headers['Content-Type'].try(:include?, 'multipart')
+      end
+      def client_authorization_code
+        api_request.headers.env['HTTP_AUTHORISATION']
+      end
+    end
+  end
+end

data/lib/dvelp_api_auth/authentication/signature.rb ADDED

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+require 'base64'
+module DvelpApiAuth
+  module Authentication
+    class Signature
+      include ::DvelpApiAuth::HelperMethods
+      attr_accessor :raw_post, :request_timestamp, :body, :multipart
+      def initialize(
+        fullpath, raw_post, request_timestamp, multipart = false, body = nil
+      )
+        @fullpath = fullpath
+        @raw_post = raw_post
+        @request_timestamp = request_timestamp
+        @multipart = multipart
+        @body = body
+        unless present?(@request_timestamp)
+          raise 'Request full_path is required'
+        end
+        raise 'Timestamp is required' unless present?(@request_timestamp)
+      end
+      def generate
+        string = multipart? ? multipart_key : timesensitive_string_to_sign
+        OpenSSL::HMAC.hexdigest(
+          OpenSSL::Digest.new('SHA256'),
+          app_secret_key,
+          string
+        )
+      end
+      def fullpath
+        @fullpath.split('?')[0]
+      end
+      private
+      def timesensitive_string_to_sign
+        request_timestamp.to_s + string_to_sign
+      end
+      def multipart_key
+        request_timestamp.to_s +
+          Base64.strict_encode64(fullpath).chomp +
+          body.length.to_s
+      end
+      def string_to_sign
+        string = blank?(raw_post) ? fullpath : raw_post
+        Base64.strict_encode64(string).chomp
+      end
+      def app_secret_key
+        ENV['DVELP_API_AUTH_SECRET_KEY']
+      end
+      def multipart?
+        @multipart
+      end
+    end
+  end
+end

data/lib/dvelp_api_auth/authentication/validator.rb ADDED

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+module DvelpApiAuth
+  module Authentication
+    class Validator
+      include ::DvelpApiAuth::HelperMethods
+      attr_reader :client_authorization_code, :server_signature
+      def initialize(
+        client_authorization_code,
+        request_timestamp,
+        server_signature
+      )
+        @client_authorization_code = client_authorization_code
+        @request_timestamp = request_timestamp
+        @server_signature = server_signature
+        unless present?(@client_authorization_code)
+          raise 'Client authorization code is required'
+        end
+        unless present?(@server_signature)
+          raise 'Server signature is required'
+        end
+        unless present?(@request_timestamp)
+          raise 'Timestamp is required'
+        end
+      end
+      def authentic?
+        valid_signature? && valid_timestamp?
+      end
+      private
+      def valid_timestamp?
+        request_timestamp.between?(time_validity_start, time_validity_end)
+      end
+      def valid_signature?
+        client_signature_digest == server_signature_digest
+      end
+      def client_signature_digest
+        Digest::SHA1.hexdigest(client_authorization_code)
+      end
+      def server_signature_digest
+        Digest::SHA1.hexdigest(server_signature)
+      end
+      def time_validity_start
+        @time_validity_start ||= (time_benchmark - 15 * 60).to_i
+      end
+      def time_validity_end
+        @time_validity_end ||= (time_benchmark + 5 * 60).to_i
+      end
+      def time_benchmark
+        @time_benchmark ||= Time.now.utc
+      end
+      def request_timestamp
+        @request_timestamp.to_i
+      end
+    end
+  end
+end

data/lib/dvelp_api_auth/helper_methods.rb ADDED

@@ -0,0 +1,11 @@
+module DvelpApiAuth
+  module HelperMethods
+    def present?(instance)
+      instance && !instance.to_s.empty?
+    end
+    def blank?(instance)
+      !present?(instance)
+    end
+  end
+end

data/lib/dvelp_api_auth/tests/helpers.rb ADDED

@@ -0,0 +1,30 @@
+module DvelpApiAuth
+  module Tests
+    module Helpers
+      def authorize!(fullpath, request_params = {})
+        set_authorisation_header(fullpath, request_params)
+        set_timestamp
+      end
+      private
+      def set_authorisation_header(fullpath, request_params)
+        if request_params.present? && request_params.is_a?(Hash)
+          raw_post = request_params.to_query
+        end
+        http_auth = DvelpApiAuth::Authentication::Signature.new(
+          fullpath,
+          raw_post,
+          Time.current
+        ).generate
+        request.env['HTTP_AUTHORISATION'] = http_auth
+      end
+      def set_timestamp
+        request.env['HTTP_TIMESTAMP'] = Time.current
+      end
+    end
+  end
+end

data/lib/dvelp_api_auth/version.rb ADDED

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+module DvelpApiAuth
+  VERSION = '0.1.0'
+end

metadata ADDED

@@ -0,0 +1,132 @@
+--- !ruby/object:Gem::Specification
+name: dvelp_api_auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Egor Vorobiev
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2016-12-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
+email:
+- egor@dvelp.co.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- dvelp_api_auth.gemspec
+- lib/dvelp_api_auth.rb
+- lib/dvelp_api_auth/authentication.rb
+- lib/dvelp_api_auth/authentication/api_request.rb
+- lib/dvelp_api_auth/authentication/signature.rb
+- lib/dvelp_api_auth/authentication/validator.rb
+- lib/dvelp_api_auth/helper_methods.rb
+- lib/dvelp_api_auth/tests/helpers.rb
+- lib/dvelp_api_auth/version.rb
+homepage:
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.5.2
+signing_key:
+specification_version: 4
+summary: It provides auth between bridge and DE apps
+test_files: []