RubyGems - hmac-uri - Versions diffs - 0.1.0 - Mend

hmac-uri 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/CHANGELOG ADDED

@@ -0,0 +1,3 @@
+== 0.1.0 (2012-09-06)
+* Initial version.

data/README.md ADDED

@@ -0,0 +1,35 @@
+# HMAC URI
+HMAC based request signing of URI.
+## Example
+```ruby
+require 'hmac/uri'
+mac = HMAC::URI.new(secret: 'some long shared secret')
+uri = mac.sign "http://example.org/resource?id=1"
+mac.signed?(uri)           #=> true
+mac.signed?(uri, delta: 0) #=> false
+```
+## Nonce
+`HMAC::URI` generates nonces which can be used to prevent replay attacks.
+```ruby
+require 'hmac/uri'
+seen  = {}
+check = proc {|nonce, ts, delta| (Time.now.to_i - ts) < delta && !seen.include?(nonce) && seen << nonce}
+mac   = HMAC::URI.new(secret: 'some long shared secret', validator: check)
+uri   = mac.sign "http://example.org/resource?id=1"
+mac.signed?(uri)           #=> true
+mac.signed?(uri, delta: 0) #=> false
+## License
+BSD

data/lib/hmac-uri.rb ADDED

	@@ -0,0 +1 @@
1	+ require 'hmac/uri'

data/lib/hmac/uri.rb ADDED

@@ -0,0 +1,67 @@
+require 'openssl'
+require 'addressable/uri'
+# HMAC based request signing with uri
+module HMAC
+  class URI
+    def initialize options = {}
+      @secret    = options.fetch(:secret)
+      @validator = options.fetch(:validator, method(:default_validator))
+      @digest    = OpenSSL::Digest::Digest.new('sha1')
+    end
+    def sign uri
+      uri = merge_query(Addressable::URI.parse(timestamp(uri)), nonce: nonce)
+      merge_query(uri, signature: signature(uri))
+    end
+    def signed? uri, options = {}
+      delta = options.fetch(:delta, 300).to_i
+      uri   = Addressable::URI.parse(uri)
+      query = uri.query_values || {}
+      ts    = query['timestamp'].to_i
+      nonce = query['nonce']
+      hmac  = query.delete('signature')
+      uri   = uri.tap {|u| u.query_values = query}
+      validate(nonce, ts, delta) && hmac == signature(uri.to_s)
+    end
+    private
+    def default_validator nonce, ts, delta
+      nonce.to_i > 0 && valid_timestamp?(ts, delta)
+    end
+    def validate nonce, ts, delta
+      @validator.call(nonce, ts, delta)
+    end
+    def stringy_hash hash
+      hash.inject({}) {|a, (k, v)| a.tap {a[k.to_s] = Hash === v ? stringy_hash(v) : v}}
+    end
+    def nonce
+      (Time.now.to_f.round(6) * 1_000_000).to_i
+    end
+    def merge_query uri, hash
+      uri.tap do
+        uri.query_values = (uri.query_values || {}).merge(stringy_hash(hash))
+      end
+    end
+    def valid_timestamp? ts, delta
+      (Time.now.utc.to_f - ts.to_f).abs < delta
+    end
+    def timestamp uri
+      merge_query(Addressable::URI.parse(uri), timestamp: Time.now.utc.to_i)
+    end
+    def signature message
+      OpenSSL::HMAC.hexdigest(@digest, @secret, message.to_s)
+    end
+  end # URI
+end # HMAC

data/test/helper.rb ADDED

	@@ -0,0 +1,2 @@
1	+ require 'minitest/autorun'
2	+ require 'hmac/uri'

data/test/test_hmac_uri.rb ADDED

@@ -0,0 +1,43 @@
+require 'helper'
+describe 'HMAC::URI' do
+  OPTIONS       = {secret: 'foobar'}
+  EXAMPLE_URL   = 'http://example.com'
+  SIGNED_URI_RE = %r{http://example.com\?nonce=\d+&signature=.+&timestamp=\d+}
+  def signed_url
+    HMAC::URI.new(OPTIONS).sign(EXAMPLE_URL)
+  end
+  it 'should sign uri' do
+    assert_match SIGNED_URI_RE, signed_url
+  end
+  it 'should validate signed uri' do
+    assert HMAC::URI.new(OPTIONS).signed? signed_url
+  end
+  it 'should fail on invalid nonce' do
+    url = signed_url.to_s.sub %r{nonce=\d+}, 'nonce=123'
+    assert !HMAC::URI.new(OPTIONS).signed?(url), 'invalid nonce should fail check'
+  end
+  it 'should fail on invalid timestamp' do
+    url = signed_url.to_s.sub %r{timestamp=\d+}, 'timestamp=123'
+    assert !HMAC::URI.new(OPTIONS).signed?(url), 'invalid timestamp should fail check'
+  end
+  it 'should fail on stale timestamp' do
+    assert HMAC::URI.new(OPTIONS).signed?(signed_url,  delta: 1), 'valid timestamp should pass check'
+    assert !HMAC::URI.new(OPTIONS).signed?(signed_url, delta: 0), 'stale timestamp should fail check'
+  end
+  it 'should fail on repeated nonces' do
+    seen      = []
+    url       = signed_url
+    validator = proc {|n, ts, delta| ((Time.now.to_i - ts) < delta) && !seen.include?(n) && seen << n}
+    assert HMAC::URI.new(OPTIONS.merge(validator: validator)).signed?(url),  'nonce passes'
+    assert !HMAC::URI.new(OPTIONS.merge(validator: validator)).signed?(url), 'dupe nonce fails'
+  end
+end

metadata ADDED

@@ -0,0 +1,84 @@
+--- !ruby/object:Gem::Specification
+name: hmac-uri
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease:
+platform: ruby
+authors:
+- Bharanee Rathna
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2012-09-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OpenSSL based HMAC signing for request urls with shared secret
+email:
+- deepfryed@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- test/helper.rb
+- test/test_hmac_uri.rb
+- lib/hmac-uri.rb
+- lib/hmac/uri.rb
+- README.md
+- CHANGELOG
+homepage: http://github.com/deepfryed/hmac-uri
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.24
+signing_key:
+specification_version: 3
+summary: HMAC signing for urls
+test_files: []
+has_rdoc: