http_signature 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce69899c93af8245c7a11f207ae55d487ecc360df04c231d5ae1089afe897a6b
-  data.tar.gz: c26e3a5d0a06e97b03354cab9f3e20dc0fee3d06aca01ddd03fb55a7ab9c022e
+  metadata.gz: 380bed3446ac3037d6fad403149cf70d0f407900f426da085560cb0c1ce33d9a
+  data.tar.gz: 33d5fb2f0881f9d16313b4f428f8cef8681868ebe8e050fc966ba03c08b2015d
 SHA512:
-  metadata.gz: 0b96af0ec445b8b0f298d74e0743035ff2818d85c827892a8366cdf171338b9bf24cd5183b3317de58bcff01e191b60935e0ec4bc84fef7dcf05bc4d6d622666
-  data.tar.gz: 5b709409aa43df9606c5fadfc202721664db25005b7935e5aeb62df7755f22b8fd536f13c5972fb321a361d11e6c9e02ef77e96d553bf7766b9417b40958f6c6
+  metadata.gz: 6bccc2f2ce779ee10abd64fbfe11401e3edc70d13256801c87a080594176a3502233f552cf8eaf619c84010411326406ae7a23396ff248a6979a37a2f0b94851
+  data.tar.gz: 6c54cec92fbdb6242d2da67d3132852cf315f30848842270ddab280dfbbf9acbb0cf7ff61937e01f1c61c7d1671838495e017f0c4e76d41c2b696b6d7e4c3056

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    http-signature (0.0.2)
+    http_signature (0.0.3)
 
 GEM
   remote: https://rubygems.org/
@@ -14,9 +14,9 @@ PLATFORMS
 
 DEPENDENCIES
   bundler
-  http-signature!
+  http_signature!
   minitest
   rake
 
 BUNDLED WITH
-   1.16.0
+   1.16.1

data/README.md

@@ -6,8 +6,17 @@ Create and validate HTTP request signature according to this draft: https://tool
 Aims to only implement the creation and validation of the signature without any external dependencies.
 The idea is to implement adapters to popular http libraries to make it easy to use.
 
+## Installation
+```
+gem install http_signature
+```
+
 ## Usage
 
+```ruby
+require 'http_signature'
+```
+
 ### Basic
 The most basic usage without any extra headers. The default algorithm is `hmac-sha256`.
 ```ruby
@@ -115,52 +124,53 @@ rake test TEST=test/http_signature_test.rb TESTOPTS="--name=/appends\ the\ query
 ### Faraday middleware on outgoing requests
 Example of using it on an outgoing request.
 ```ruby
-# TODO: Move this into gem
-class AddRequestSignature < Faraday::Middleware
-  def call(env)
-    if env[:body]
-      env[:request_headers].merge!('Digest' => HTTPSignature.create_digest(env[:body]))
-    end
-
-    # Choose which headers to sign
-    headers_filter = %w{ Host Date Digest }
-    headers_to_sign = env[:request_headers].select { |k, v| headers_filter.include?(k.to_s) }
-
-    signature = HTTPSignature.create(
-      url: env[:url],
-      method: env[:method],
-      headers: headers_to_sign,
-      key: ENV.fetch('REQUEST_SIGNATURE_KEY'),
-      key_id: ENV.fetch('REQUEST_SIGNATURE_KEY_ID'),
-      algorithm: 'hmac-sha256',
-      body: env[:body] ? env[:body] : ''
-    )
-
-    env[:request_headers].merge!('Signature' => signature)
-
-    @app.call(env)
-  end
-end
+# Two env variables are needed to be set
+ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f' # This should be long and random
+ENV['REQUEST_SIGNATURE_KEY_ID'] = 'my-key-id' # this is for the recipient to know which key to decrypt with
+
+require 'http_signature/faraday'
 
 # Tell faraday to use the middleware. Read more about it here: https://github.com/lostisland/faraday#advanced-middleware-usage
 Faraday.new('http://example.com') do |faraday|
-  faraday.use(AddRequestSignature)
+  faraday.use(HTTPSignature::Faraday)
   faraday.adapter(Faraday.default_adapter)
 end
 
+# Now this request will contain the `Signature` header
 response = conn.get('/')
 ```
 
-### Rack middleware
+### Rack middleware for incoming requests
 I've written a quite sloppy but totally usable rack middleware that validates every incoming request.
-[See it here](examples/rack_middleware.rb). Soon I'll add it to the gem.
+
+#### General rack application
+Sinatra for example
+```ruby
+ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
+
+require 'http_signature/rack'
+
+use HTTPSignature::Rack
+run MyApp
+```
+
+#### Rails
+Checkout [this documentation](http://guides.rubyonrails.org/rails_on_rack.html). But in short, add this inside the config block:
+```ruby
+config.middleware.use HTTPSignature::Rack
+```
+
+and don't forget to set the key env somewhere:
+```ruby
+ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
+```
 
 ## License
 This project is licensed under the terms of the [MIT license](https://opensource.org/licenses/MIT).
 
 ## Todo
-- Structure and add middlewares into gem
 - Add more example of use with different http libraries
+- Refactor `.valid?` to support all algorithms
 - Implement algorithms:
   - ecdsa-sha256
 - When creating the signing string, follow the spec exactly:

data/http_signature.gemspec

@@ -3,12 +3,12 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = 'http_signature'
-  spec.version       = '0.0.2'
+  spec.version       = '0.0.3'
   spec.authors       = ['Joel Larsson']
   spec.email         = ['bolmaster2@gmail.com']
 
   spec.summary       = 'Create and validate HTTP request signature'
-  spec.description   = 'Create and validate HTTP request signature according to this draft: https://tools.ietf.org/html/draft-cavage-http-signatures-08'
+  spec.description   = 'Create and validate HTTP request signature according to draft: https://tools.ietf.org/html/draft-cavage-http-signatures-09'
   spec.homepage      = 'https://github.com/bolmaster2/http-signature'
   spec.license       = 'MIT'
 

data/{examples/faraday_middleware.rb → lib/http_signature/faraday.rb}

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
 require 'http_signature'
+require 'faraday'
 
-class AddRequestSignature < Faraday::Middleware
+class HTTPSignature::Faraday < Faraday::Middleware
   def call(env)
     if env[:body]
       env[:request_headers].merge!('Digest' => HTTPSignature.create_digest(env[:body]))
@@ -12,12 +13,10 @@ class AddRequestSignature < Faraday::Middleware
     filtered_headers = %w{ Host Date Digest }
     headers_to_sign = env[:request_headers].select { |k, v| filtered_headers.include?(k.to_s) }
 
-    headers.select { |header| headers_to_sign.includes(header) }.to_h
-
     signature = HTTPSignature.create(
       url: env[:url],
       method: env[:method],
-      headers: headers,
+      headers: headers_to_sign,
       key: ENV.fetch('REQUEST_SIGNATURE_KEY'),
       key_id: ENV.fetch('REQUEST_SIGNATURE_KEY_ID'),
       algorithm: 'hmac-sha256',

data/{examples/rack_middleware.rb → lib/http_signature/rack.rb}

@@ -3,7 +3,7 @@
 require 'http_signature'
 
 # Rack middleware using http-signature gem to validate signature on every incoming request
-class ValidateRequestSignature
+class HTTPSignature::Rack
   KEY = ENV.fetch('REQUEST_SIGNATURE_KEY')
 
   def initialize(app)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: http_signature
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Joel Larsson
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-04-22 00:00:00.000000000 Z
+date: 2018-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,8 +52,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 'Create and validate HTTP request signature according to this draft:
-  https://tools.ietf.org/html/draft-cavage-http-signatures-08'
+description: 'Create and validate HTTP request signature according to draft: https://tools.ietf.org/html/draft-cavage-http-signatures-09'
 email:
 - bolmaster2@gmail.com
 executables: []
@@ -65,10 +64,10 @@ files:
 - Gemfile.lock
 - README.md
 - Rakefile
-- examples/faraday_middleware.rb
-- examples/rack_middleware.rb
 - http_signature.gemspec
 - lib/http_signature.rb
+- lib/http_signature/faraday.rb
+- lib/http_signature/rack.rb
 homepage: https://github.com/bolmaster2/http-signature
 licenses:
 - MIT