dvelp_api_auth 0.1.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +39 -2
- data/lib/dvelp_api_auth.rb +11 -0
- data/lib/dvelp_api_auth/authentication/signature.rb +11 -9
- data/lib/dvelp_api_auth/configuration.rb +11 -0
- data/lib/dvelp_api_auth/version.rb +2 -1
- metadata +4 -4
- data/lib/dvelp_api_auth/tests/helpers.rb +0 -30
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dfb4ebfdc55abb3d82c25e4f38b0121f475f25fd
|
|
4
|
+
data.tar.gz: 02fac34e7addd44c53a5486880a2c5ba7164a8d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c64ae020f43e8e5d9a9eac9462f875d240a5ac273fe14b309f23aec140d72db9ddf7edbb9dd005ba6793494ceb928cae6e32db1a36273516dff574da4009d14b
|
|
7
|
+
data.tar.gz: b049c295a6d2af36476c8a72410ac0bc274d20ecfa57204e4e78ceb9a9c34b423d9bfb40dc5cacc4cef40a08a5421ab9c16f63fc59afbca3f029fa37c19fae48
|
data/README.md
CHANGED
|
@@ -20,10 +20,14 @@ Or install it yourself as:
|
|
|
20
20
|
|
|
21
21
|
## Usage
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
Set the secret key for the API:
|
|
24
24
|
|
|
25
25
|
```ruby
|
|
26
|
-
|
|
26
|
+
# config/initializers/dvelp_api_auth.rb
|
|
27
|
+
|
|
28
|
+
DvelpApiAuth.configure do |config|
|
|
29
|
+
config.api_auth_secret_key = 'strong secret'
|
|
30
|
+
end
|
|
27
31
|
```
|
|
28
32
|
|
|
29
33
|
## Development
|
|
@@ -32,6 +36,39 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
|
|
32
36
|
|
|
33
37
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
|
34
38
|
|
|
39
|
+
## Integration with API
|
|
40
|
+
|
|
41
|
+
#### Example of generating headers on JS
|
|
42
|
+
|
|
43
|
+
In this example we used [crypto-js](https://www.npmjs.com/package/crypto-js) javascript library.
|
|
44
|
+
|
|
45
|
+
```javascript
|
|
46
|
+
// Require library
|
|
47
|
+
const CryptoJS = require("crypto-js");
|
|
48
|
+
|
|
49
|
+
// Secret key
|
|
50
|
+
const DVELP_API_AUTH_SECRET_KEY = 'dvelp-api-auth-secret-key';
|
|
51
|
+
|
|
52
|
+
// Value for AUTHORISATION header
|
|
53
|
+
const generateAuthHeader = (timestamp) => {
|
|
54
|
+
const path = '/path-to-action'; // (URI) example '/api/resources/:id'
|
|
55
|
+
const path_utf8 = CryptoJS.enc.Utf8.parse(path);
|
|
56
|
+
const string = timestamp + CryptoJS.enc.Base64.stringify(path_utf8);
|
|
57
|
+
|
|
58
|
+
return CryptoJS.HmacSHA256(string, DVELP_API_AUTH_SECRET_KEY);
|
|
59
|
+
};
|
|
60
|
+
|
|
61
|
+
// Time of the request
|
|
62
|
+
const timestamp = Math.floor(Date.now() / 1000);
|
|
63
|
+
|
|
64
|
+
// Headers which we send with every request
|
|
65
|
+
{
|
|
66
|
+
'ACCEPT': 'application/vnd.api+json',
|
|
67
|
+
'TIMESTAMP': timestamp,
|
|
68
|
+
'AUTHORISATION': generateAuthHeader(timestamp)
|
|
69
|
+
}
|
|
70
|
+
```
|
|
71
|
+
|
|
35
72
|
## Contributing
|
|
36
73
|
|
|
37
74
|
Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/dvelp_api_auth.
|
data/lib/dvelp_api_auth.rb
CHANGED
|
@@ -3,4 +3,15 @@ require 'dvelp_api_auth/helper_methods'
|
|
|
3
3
|
Gem.find_files('dvelp_api_auth/**/*.rb').each { |f| require f }
|
|
4
4
|
|
|
5
5
|
module DvelpApiAuth
|
|
6
|
+
def self.configuration
|
|
7
|
+
@configuration ||= Configuration.new
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def self.reset
|
|
11
|
+
@configuration = Configuration.new
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def self.configure
|
|
15
|
+
yield(configuration)
|
|
16
|
+
end
|
|
6
17
|
end
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
|
|
2
3
|
require 'base64'
|
|
4
|
+
require 'openssl'
|
|
3
5
|
|
|
4
6
|
module DvelpApiAuth
|
|
5
7
|
module Authentication
|
|
@@ -9,17 +11,21 @@ module DvelpApiAuth
|
|
|
9
11
|
attr_accessor :raw_post, :request_timestamp, :body, :multipart
|
|
10
12
|
|
|
11
13
|
def initialize(
|
|
12
|
-
fullpath,
|
|
14
|
+
fullpath,
|
|
15
|
+
raw_post,
|
|
16
|
+
request_timestamp,
|
|
17
|
+
multipart = false,
|
|
18
|
+
body = nil,
|
|
19
|
+
api_secret_key = DvelpApiAuth.configuration.api_auth_secret_key
|
|
13
20
|
)
|
|
14
21
|
@fullpath = fullpath
|
|
15
22
|
@raw_post = raw_post
|
|
16
23
|
@request_timestamp = request_timestamp
|
|
17
24
|
@multipart = multipart
|
|
18
25
|
@body = body
|
|
26
|
+
@api_secret_key = api_secret_key
|
|
19
27
|
|
|
20
|
-
unless present?(@
|
|
21
|
-
raise 'Request full_path is required'
|
|
22
|
-
end
|
|
28
|
+
raise 'Request full_path is required' unless present?(@fullpath)
|
|
23
29
|
raise 'Timestamp is required' unless present?(@request_timestamp)
|
|
24
30
|
end
|
|
25
31
|
|
|
@@ -28,7 +34,7 @@ module DvelpApiAuth
|
|
|
28
34
|
|
|
29
35
|
OpenSSL::HMAC.hexdigest(
|
|
30
36
|
OpenSSL::Digest.new('SHA256'),
|
|
31
|
-
|
|
37
|
+
@api_secret_key,
|
|
32
38
|
string
|
|
33
39
|
)
|
|
34
40
|
end
|
|
@@ -54,10 +60,6 @@ module DvelpApiAuth
|
|
|
54
60
|
Base64.strict_encode64(string).chomp
|
|
55
61
|
end
|
|
56
62
|
|
|
57
|
-
def app_secret_key
|
|
58
|
-
ENV['DVELP_API_AUTH_SECRET_KEY']
|
|
59
|
-
end
|
|
60
|
-
|
|
61
63
|
def multipart?
|
|
62
64
|
@multipart
|
|
63
65
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dvelp_api_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Egor Vorobiev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-06-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -102,8 +102,8 @@ files:
|
|
|
102
102
|
- lib/dvelp_api_auth/authentication/api_request.rb
|
|
103
103
|
- lib/dvelp_api_auth/authentication/signature.rb
|
|
104
104
|
- lib/dvelp_api_auth/authentication/validator.rb
|
|
105
|
+
- lib/dvelp_api_auth/configuration.rb
|
|
105
106
|
- lib/dvelp_api_auth/helper_methods.rb
|
|
106
|
-
- lib/dvelp_api_auth/tests/helpers.rb
|
|
107
107
|
- lib/dvelp_api_auth/version.rb
|
|
108
108
|
homepage:
|
|
109
109
|
licenses: []
|
|
@@ -125,7 +125,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
125
125
|
version: '0'
|
|
126
126
|
requirements: []
|
|
127
127
|
rubyforge_project:
|
|
128
|
-
rubygems_version: 2.
|
|
128
|
+
rubygems_version: 2.6.13
|
|
129
129
|
signing_key:
|
|
130
130
|
specification_version: 4
|
|
131
131
|
summary: It provides auth between bridge and DE apps
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
module DvelpApiAuth
|
|
2
|
-
module Tests
|
|
3
|
-
module Helpers
|
|
4
|
-
def authorize!(fullpath, request_params = {})
|
|
5
|
-
set_authorisation_header(fullpath, request_params)
|
|
6
|
-
set_timestamp
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
private
|
|
10
|
-
|
|
11
|
-
def set_authorisation_header(fullpath, request_params)
|
|
12
|
-
if request_params.present? && request_params.is_a?(Hash)
|
|
13
|
-
raw_post = request_params.to_query
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
http_auth = DvelpApiAuth::Authentication::Signature.new(
|
|
17
|
-
fullpath,
|
|
18
|
-
raw_post,
|
|
19
|
-
Time.current
|
|
20
|
-
).generate
|
|
21
|
-
|
|
22
|
-
request.env['HTTP_AUTHORISATION'] = http_auth
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def set_timestamp
|
|
26
|
-
request.env['HTTP_TIMESTAMP'] = Time.current
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
end
|