http_signature 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 380bed3446ac3037d6fad403149cf70d0f407900f426da085560cb0c1ce33d9a
|
4
|
+
data.tar.gz: 33d5fb2f0881f9d16313b4f428f8cef8681868ebe8e050fc966ba03c08b2015d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6bccc2f2ce779ee10abd64fbfe11401e3edc70d13256801c87a080594176a3502233f552cf8eaf619c84010411326406ae7a23396ff248a6979a37a2f0b94851
|
7
|
+
data.tar.gz: 6c54cec92fbdb6242d2da67d3132852cf315f30848842270ddab280dfbbf9acbb0cf7ff61937e01f1c61c7d1671838495e017f0c4e76d41c2b696b6d7e4c3056
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
|
4
|
+
http_signature (0.0.3)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
@@ -14,9 +14,9 @@ PLATFORMS
|
|
14
14
|
|
15
15
|
DEPENDENCIES
|
16
16
|
bundler
|
17
|
-
|
17
|
+
http_signature!
|
18
18
|
minitest
|
19
19
|
rake
|
20
20
|
|
21
21
|
BUNDLED WITH
|
22
|
-
1.16.
|
22
|
+
1.16.1
|
data/README.md
CHANGED
@@ -6,8 +6,17 @@ Create and validate HTTP request signature according to this draft: https://tool
|
|
6
6
|
Aims to only implement the creation and validation of the signature without any external dependencies.
|
7
7
|
The idea is to implement adapters to popular http libraries to make it easy to use.
|
8
8
|
|
9
|
+
## Installation
|
10
|
+
```
|
11
|
+
gem install http_signature
|
12
|
+
```
|
13
|
+
|
9
14
|
## Usage
|
10
15
|
|
16
|
+
```ruby
|
17
|
+
require 'http_signature'
|
18
|
+
```
|
19
|
+
|
11
20
|
### Basic
|
12
21
|
The most basic usage without any extra headers. The default algorithm is `hmac-sha256`.
|
13
22
|
```ruby
|
@@ -115,52 +124,53 @@ rake test TEST=test/http_signature_test.rb TESTOPTS="--name=/appends\ the\ query
|
|
115
124
|
### Faraday middleware on outgoing requests
|
116
125
|
Example of using it on an outgoing request.
|
117
126
|
```ruby
|
118
|
-
#
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
end
|
124
|
-
|
125
|
-
# Choose which headers to sign
|
126
|
-
headers_filter = %w{ Host Date Digest }
|
127
|
-
headers_to_sign = env[:request_headers].select { |k, v| headers_filter.include?(k.to_s) }
|
128
|
-
|
129
|
-
signature = HTTPSignature.create(
|
130
|
-
url: env[:url],
|
131
|
-
method: env[:method],
|
132
|
-
headers: headers_to_sign,
|
133
|
-
key: ENV.fetch('REQUEST_SIGNATURE_KEY'),
|
134
|
-
key_id: ENV.fetch('REQUEST_SIGNATURE_KEY_ID'),
|
135
|
-
algorithm: 'hmac-sha256',
|
136
|
-
body: env[:body] ? env[:body] : ''
|
137
|
-
)
|
138
|
-
|
139
|
-
env[:request_headers].merge!('Signature' => signature)
|
140
|
-
|
141
|
-
@app.call(env)
|
142
|
-
end
|
143
|
-
end
|
127
|
+
# Two env variables are needed to be set
|
128
|
+
ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f' # This should be long and random
|
129
|
+
ENV['REQUEST_SIGNATURE_KEY_ID'] = 'my-key-id' # this is for the recipient to know which key to decrypt with
|
130
|
+
|
131
|
+
require 'http_signature/faraday'
|
144
132
|
|
145
133
|
# Tell faraday to use the middleware. Read more about it here: https://github.com/lostisland/faraday#advanced-middleware-usage
|
146
134
|
Faraday.new('http://example.com') do |faraday|
|
147
|
-
faraday.use(
|
135
|
+
faraday.use(HTTPSignature::Faraday)
|
148
136
|
faraday.adapter(Faraday.default_adapter)
|
149
137
|
end
|
150
138
|
|
139
|
+
# Now this request will contain the `Signature` header
|
151
140
|
response = conn.get('/')
|
152
141
|
```
|
153
142
|
|
154
|
-
### Rack middleware
|
143
|
+
### Rack middleware for incoming requests
|
155
144
|
I've written a quite sloppy but totally usable rack middleware that validates every incoming request.
|
156
|
-
|
145
|
+
|
146
|
+
#### General rack application
|
147
|
+
Sinatra for example
|
148
|
+
```ruby
|
149
|
+
ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
|
150
|
+
|
151
|
+
require 'http_signature/rack'
|
152
|
+
|
153
|
+
use HTTPSignature::Rack
|
154
|
+
run MyApp
|
155
|
+
```
|
156
|
+
|
157
|
+
#### Rails
|
158
|
+
Checkout [this documentation](http://guides.rubyonrails.org/rails_on_rack.html). But in short, add this inside the config block:
|
159
|
+
```ruby
|
160
|
+
config.middleware.use HTTPSignature::Rack
|
161
|
+
```
|
162
|
+
|
163
|
+
and don't forget to set the key env somewhere:
|
164
|
+
```ruby
|
165
|
+
ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
|
166
|
+
```
|
157
167
|
|
158
168
|
## License
|
159
169
|
This project is licensed under the terms of the [MIT license](https://opensource.org/licenses/MIT).
|
160
170
|
|
161
171
|
## Todo
|
162
|
-
- Structure and add middlewares into gem
|
163
172
|
- Add more example of use with different http libraries
|
173
|
+
- Refactor `.valid?` to support all algorithms
|
164
174
|
- Implement algorithms:
|
165
175
|
- ecdsa-sha256
|
166
176
|
- When creating the signing string, follow the spec exactly:
|
data/http_signature.gemspec
CHANGED
@@ -3,12 +3,12 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
3
|
|
4
4
|
Gem::Specification.new do |spec|
|
5
5
|
spec.name = 'http_signature'
|
6
|
-
spec.version = '0.0.
|
6
|
+
spec.version = '0.0.3'
|
7
7
|
spec.authors = ['Joel Larsson']
|
8
8
|
spec.email = ['bolmaster2@gmail.com']
|
9
9
|
|
10
10
|
spec.summary = 'Create and validate HTTP request signature'
|
11
|
-
spec.description = 'Create and validate HTTP request signature according to
|
11
|
+
spec.description = 'Create and validate HTTP request signature according to draft: https://tools.ietf.org/html/draft-cavage-http-signatures-09'
|
12
12
|
spec.homepage = 'https://github.com/bolmaster2/http-signature'
|
13
13
|
spec.license = 'MIT'
|
14
14
|
|
@@ -1,8 +1,9 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'http_signature'
|
4
|
+
require 'faraday'
|
4
5
|
|
5
|
-
class
|
6
|
+
class HTTPSignature::Faraday < Faraday::Middleware
|
6
7
|
def call(env)
|
7
8
|
if env[:body]
|
8
9
|
env[:request_headers].merge!('Digest' => HTTPSignature.create_digest(env[:body]))
|
@@ -12,12 +13,10 @@ class AddRequestSignature < Faraday::Middleware
|
|
12
13
|
filtered_headers = %w{ Host Date Digest }
|
13
14
|
headers_to_sign = env[:request_headers].select { |k, v| filtered_headers.include?(k.to_s) }
|
14
15
|
|
15
|
-
headers.select { |header| headers_to_sign.includes(header) }.to_h
|
16
|
-
|
17
16
|
signature = HTTPSignature.create(
|
18
17
|
url: env[:url],
|
19
18
|
method: env[:method],
|
20
|
-
headers:
|
19
|
+
headers: headers_to_sign,
|
21
20
|
key: ENV.fetch('REQUEST_SIGNATURE_KEY'),
|
22
21
|
key_id: ENV.fetch('REQUEST_SIGNATURE_KEY_ID'),
|
23
22
|
algorithm: 'hmac-sha256',
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: http_signature
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joel Larsson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-04-
|
11
|
+
date: 2018-04-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -52,8 +52,7 @@ dependencies:
|
|
52
52
|
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
|
-
description: 'Create and validate HTTP request signature according to
|
56
|
-
https://tools.ietf.org/html/draft-cavage-http-signatures-08'
|
55
|
+
description: 'Create and validate HTTP request signature according to draft: https://tools.ietf.org/html/draft-cavage-http-signatures-09'
|
57
56
|
email:
|
58
57
|
- bolmaster2@gmail.com
|
59
58
|
executables: []
|
@@ -65,10 +64,10 @@ files:
|
|
65
64
|
- Gemfile.lock
|
66
65
|
- README.md
|
67
66
|
- Rakefile
|
68
|
-
- examples/faraday_middleware.rb
|
69
|
-
- examples/rack_middleware.rb
|
70
67
|
- http_signature.gemspec
|
71
68
|
- lib/http_signature.rb
|
69
|
+
- lib/http_signature/faraday.rb
|
70
|
+
- lib/http_signature/rack.rb
|
72
71
|
homepage: https://github.com/bolmaster2/http-signature
|
73
72
|
licenses:
|
74
73
|
- MIT
|