dvelp_api_auth 0.1.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +39 -2
- data/lib/dvelp_api_auth.rb +11 -0
- data/lib/dvelp_api_auth/authentication/signature.rb +11 -9
- data/lib/dvelp_api_auth/configuration.rb +11 -0
- data/lib/dvelp_api_auth/version.rb +2 -1
- metadata +4 -4
- data/lib/dvelp_api_auth/tests/helpers.rb +0 -30
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dfb4ebfdc55abb3d82c25e4f38b0121f475f25fd
|
|
4
|
+
data.tar.gz: 02fac34e7addd44c53a5486880a2c5ba7164a8d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c64ae020f43e8e5d9a9eac9462f875d240a5ac273fe14b309f23aec140d72db9ddf7edbb9dd005ba6793494ceb928cae6e32db1a36273516dff574da4009d14b
|
|
7
|
+
data.tar.gz: b049c295a6d2af36476c8a72410ac0bc274d20ecfa57204e4e78ceb9a9c34b423d9bfb40dc5cacc4cef40a08a5421ab9c16f63fc59afbca3f029fa37c19fae48
|
data/README.md
CHANGED
|
@@ -20,10 +20,14 @@ Or install it yourself as:
|
|
|
20
20
|
|
|
21
21
|
## Usage
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
Set the secret key for the API:
|
|
24
24
|
|
|
25
25
|
```ruby
|
|
26
|
-
|
|
26
|
+
# config/initializers/dvelp_api_auth.rb
|
|
27
|
+
|
|
28
|
+
DvelpApiAuth.configure do |config|
|
|
29
|
+
config.api_auth_secret_key = 'strong secret'
|
|
30
|
+
end
|
|
27
31
|
```
|
|
28
32
|
|
|
29
33
|
## Development
|
|
@@ -32,6 +36,39 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
|
|
32
36
|
|
|
33
37
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
|
34
38
|
|
|
39
|
+
## Integration with API
|
|
40
|
+
|
|
41
|
+
#### Example of generating headers on JS
|
|
42
|
+
|
|
43
|
+
In this example we used [crypto-js](https://www.npmjs.com/package/crypto-js) javascript library.
|
|
44
|
+
|
|
45
|
+
```javascript
|
|
46
|
+
// Require library
|
|
47
|
+
const CryptoJS = require("crypto-js");
|
|
48
|
+
|
|
49
|
+
// Secret key
|
|
50
|
+
const DVELP_API_AUTH_SECRET_KEY = 'dvelp-api-auth-secret-key';
|
|
51
|
+
|
|
52
|
+
// Value for AUTHORISATION header
|
|
53
|
+
const generateAuthHeader = (timestamp) => {
|
|
54
|
+
const path = '/path-to-action'; // (URI) example '/api/resources/:id'
|
|
55
|
+
const path_utf8 = CryptoJS.enc.Utf8.parse(path);
|
|
56
|
+
const string = timestamp + CryptoJS.enc.Base64.stringify(path_utf8);
|
|
57
|
+
|
|
58
|
+
return CryptoJS.HmacSHA256(string, DVELP_API_AUTH_SECRET_KEY);
|
|
59
|
+
};
|
|
60
|
+
|
|
61
|
+
// Time of the request
|
|
62
|
+
const timestamp = Math.floor(Date.now() / 1000);
|
|
63
|
+
|
|
64
|
+
// Headers which we send with every request
|
|
65
|
+
{
|
|
66
|
+
'ACCEPT': 'application/vnd.api+json',
|
|
67
|
+
'TIMESTAMP': timestamp,
|
|
68
|
+
'AUTHORISATION': generateAuthHeader(timestamp)
|
|
69
|
+
}
|
|
70
|
+
```
|
|
71
|
+
|
|
35
72
|
## Contributing
|
|
36
73
|
|
|
37
74
|
Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/dvelp_api_auth.
|
data/lib/dvelp_api_auth.rb
CHANGED
|
@@ -3,4 +3,15 @@ require 'dvelp_api_auth/helper_methods'
|
|
|
3
3
|
Gem.find_files('dvelp_api_auth/**/*.rb').each { |f| require f }
|
|
4
4
|
|
|
5
5
|
module DvelpApiAuth
|
|
6
|
+
def self.configuration
|
|
7
|
+
@configuration ||= Configuration.new
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def self.reset
|
|
11
|
+
@configuration = Configuration.new
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def self.configure
|
|
15
|
+
yield(configuration)
|
|
16
|
+
end
|
|
6
17
|
end
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
|
|
2
3
|
require 'base64'
|
|
4
|
+
require 'openssl'
|
|
3
5
|
|
|
4
6
|
module DvelpApiAuth
|
|
5
7
|
module Authentication
|
|
@@ -9,17 +11,21 @@ module DvelpApiAuth
|
|
|
9
11
|
attr_accessor :raw_post, :request_timestamp, :body, :multipart
|
|
10
12
|
|
|
11
13
|
def initialize(
|
|
12
|
-
fullpath,
|
|
14
|
+
fullpath,
|
|
15
|
+
raw_post,
|
|
16
|
+
request_timestamp,
|
|
17
|
+
multipart = false,
|
|
18
|
+
body = nil,
|
|
19
|
+
api_secret_key = DvelpApiAuth.configuration.api_auth_secret_key
|
|
13
20
|
)
|
|
14
21
|
@fullpath = fullpath
|
|
15
22
|
@raw_post = raw_post
|
|
16
23
|
@request_timestamp = request_timestamp
|
|
17
24
|
@multipart = multipart
|
|
18
25
|
@body = body
|
|
26
|
+
@api_secret_key = api_secret_key
|
|
19
27
|
|
|
20
|
-
unless present?(@
|
|
21
|
-
raise 'Request full_path is required'
|
|
22
|
-
end
|
|
28
|
+
raise 'Request full_path is required' unless present?(@fullpath)
|
|
23
29
|
raise 'Timestamp is required' unless present?(@request_timestamp)
|
|
24
30
|
end
|
|
25
31
|
|
|
@@ -28,7 +34,7 @@ module DvelpApiAuth
|
|
|
28
34
|
|
|
29
35
|
OpenSSL::HMAC.hexdigest(
|
|
30
36
|
OpenSSL::Digest.new('SHA256'),
|
|
31
|
-
|
|
37
|
+
@api_secret_key,
|
|
32
38
|
string
|
|
33
39
|
)
|
|
34
40
|
end
|
|
@@ -54,10 +60,6 @@ module DvelpApiAuth
|
|
|
54
60
|
Base64.strict_encode64(string).chomp
|
|
55
61
|
end
|
|
56
62
|
|
|
57
|
-
def app_secret_key
|
|
58
|
-
ENV['DVELP_API_AUTH_SECRET_KEY']
|
|
59
|
-
end
|
|
60
|
-
|
|
61
63
|
def multipart?
|
|
62
64
|
@multipart
|
|
63
65
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dvelp_api_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Egor Vorobiev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-06-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -102,8 +102,8 @@ files:
|
|
|
102
102
|
- lib/dvelp_api_auth/authentication/api_request.rb
|
|
103
103
|
- lib/dvelp_api_auth/authentication/signature.rb
|
|
104
104
|
- lib/dvelp_api_auth/authentication/validator.rb
|
|
105
|
+
- lib/dvelp_api_auth/configuration.rb
|
|
105
106
|
- lib/dvelp_api_auth/helper_methods.rb
|
|
106
|
-
- lib/dvelp_api_auth/tests/helpers.rb
|
|
107
107
|
- lib/dvelp_api_auth/version.rb
|
|
108
108
|
homepage:
|
|
109
109
|
licenses: []
|
|
@@ -125,7 +125,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
125
125
|
version: '0'
|
|
126
126
|
requirements: []
|
|
127
127
|
rubyforge_project:
|
|
128
|
-
rubygems_version: 2.
|
|
128
|
+
rubygems_version: 2.6.13
|
|
129
129
|
signing_key:
|
|
130
130
|
specification_version: 4
|
|
131
131
|
summary: It provides auth between bridge and DE apps
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
module DvelpApiAuth
|
|
2
|
-
module Tests
|
|
3
|
-
module Helpers
|
|
4
|
-
def authorize!(fullpath, request_params = {})
|
|
5
|
-
set_authorisation_header(fullpath, request_params)
|
|
6
|
-
set_timestamp
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
private
|
|
10
|
-
|
|
11
|
-
def set_authorisation_header(fullpath, request_params)
|
|
12
|
-
if request_params.present? && request_params.is_a?(Hash)
|
|
13
|
-
raw_post = request_params.to_query
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
http_auth = DvelpApiAuth::Authentication::Signature.new(
|
|
17
|
-
fullpath,
|
|
18
|
-
raw_post,
|
|
19
|
-
Time.current
|
|
20
|
-
).generate
|
|
21
|
-
|
|
22
|
-
request.env['HTTP_AUTHORISATION'] = http_auth
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def set_timestamp
|
|
26
|
-
request.env['HTTP_TIMESTAMP'] = Time.current
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
end
|