RubyGems - http_signature - Versions diffs - 0.0.3 → 0.0.4 - Mend

http_signature 0.0.3 → 0.0.4

Files changed (9) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/Gemfile.lock +5 -1
data/README.md +25 -24
data/http_signature.gemspec +2 -1
data/lib/http_signature.rb +16 -0
data/lib/http_signature/faraday.rb +8 -2
data/lib/http_signature/rack.rb +1 -3
metadata +17 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 380bed3446ac3037d6fad403149cf70d0f407900f426da085560cb0c1ce33d9a
-  data.tar.gz: 33d5fb2f0881f9d16313b4f428f8cef8681868ebe8e050fc966ba03c08b2015d
+  metadata.gz: 6320c8fac16dd162425c863e231bd09f61813b2e9ee5106e793c2eae062a08fc
+  data.tar.gz: 86297b14149a73e71075280e8d0cd832ef5af322789aa55a8b729f5aec3d6834
 SHA512:
-  metadata.gz: 6bccc2f2ce779ee10abd64fbfe11401e3edc70d13256801c87a080594176a3502233f552cf8eaf619c84010411326406ae7a23396ff248a6979a37a2f0b94851
-  data.tar.gz: 6c54cec92fbdb6242d2da67d3132852cf315f30848842270ddab280dfbbf9acbb0cf7ff61937e01f1c61c7d1671838495e017f0c4e76d41c2b696b6d7e4c3056
+  metadata.gz: f7da7985ac3900b7422143ecff5cda1bcc78eb4ae3f4b750bf74c296dc41f2b5411e45dbd0e5d7aebc548c782d400889f46b2be4497ba36a5cdc370133d335fe
+  data.tar.gz: 393d8df6ded354f2d96cea732bb3017e16c0801f6a94f3e749ec56aee5d7752bac754d6ae76705ae6801ea4fb761a391923eafd50616c663339e69627b4da026

data/.gitignore ADDED

	@@ -0,0 +1 @@
1	+ *.gem

data/Gemfile.lock CHANGED

@@ -1,12 +1,15 @@
 PATH
   remote: .
   specs:
-    http_signature (0.0.3)
+    http_signature (0.0.4)
 GEM
   remote: https://rubygems.org/
   specs:
+    faraday (0.15.0)
+      multipart-post (>= 1.2, < 3)
     minitest (5.10.3)
+    multipart-post (2.0.0)
     rake (12.2.1)
 PLATFORMS
@@ -14,6 +17,7 @@ PLATFORMS
 DEPENDENCIES
   bundler
+  faraday
   http_signature!
   minitest
   rake

data/README.md CHANGED

@@ -105,30 +105,15 @@ HTTPSignature.valid?(
 )
 ```
-## Setup
-```
-bundle install
-```
-## Test
-The tests are written with `minitest` using specs. Run them all with `rake`:
-```bash
-rake test
-```
-Or a single with pattern matching:
-```bash
-rake test TEST=test/http_signature_test.rb TESTOPTS="--name=/appends\ the\ query_string_params/"
-```
-## Example usage
+## Example usage with middleware
 ### Faraday middleware on outgoing requests
 Example of using it on an outgoing request.
 ```ruby
-# Two env variables are needed to be set
-ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f' # This should be long and random
-ENV['REQUEST_SIGNATURE_KEY_ID'] = 'my-key-id' # this is for the recipient to know which key to decrypt with
 require 'http_signature/faraday'
+# Two variables needed to be set
+HTTPSignature::Faraday.key = 'MySecureKey' # This should be long and random
+HTTPSignature::Faraday.key_id = 'key-1' # For the recipient to know which key to decrypt with
 # Tell faraday to use the middleware. Read more about it here: https://github.com/lostisland/faraday#advanced-middleware-usage
 Faraday.new('http://example.com') do |faraday|
@@ -146,10 +131,10 @@ I've written a quite sloppy but totally usable rack middleware that validates ev
 #### General rack application
 Sinatra for example
 ```ruby
-ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
 require 'http_signature/rack'
+HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
 use HTTPSignature::Rack
 run MyApp
 ```
@@ -160,9 +145,25 @@ Checkout [this documentation](http://guides.rubyonrails.org/rails_on_rack.html).
 config.middleware.use HTTPSignature::Rack
 ```
-and don't forget to set the key env somewhere:
+and don't forget to set the key env somewhere, an initializer should be suitable:
 ```ruby
-ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
+HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
+```
+## Development
+Install dependencies and then you can start running the tests!
+```
+bundle install
+```
+### Test
+The tests are written with `minitest` using specs. Run them all with `rake`:
+```bash
+rake test
+```
+Or a single with pattern matching:
+```bash
+rake test TEST=test/http_signature_test.rb TESTOPTS="--name=/appends\ the\ query_string_params/"
 ```
 ## License

data/http_signature.gemspec CHANGED

@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 Gem::Specification.new do |spec|
   spec.name          = 'http_signature'
-  spec.version       = '0.0.3'
+  spec.version       = '0.0.4'
   spec.authors       = ['Joel Larsson']
   spec.email         = ['bolmaster2@gmail.com']
@@ -20,4 +20,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'minitest'
+  spec.add_development_dependency 'faraday'
 end

data/lib/http_signature.rb CHANGED

@@ -159,4 +159,20 @@ module HTTPSignature
     headers
   end
+  def self.config(**options)
+    @keys = options[:keys]
+  end
+  def self.key(id)
+    key = @keys.select do |o|
+      o[:id] == id
+    end.first
+    key&.dig(:value) || (raise "Key with id #{id} could not be found")
+  end
+  class << self
+    attr_reader :keys
+  end
 end

data/lib/http_signature/faraday.rb CHANGED

@@ -4,7 +4,13 @@ require 'http_signature'
 require 'faraday'
 class HTTPSignature::Faraday < Faraday::Middleware
+  class << self
+    attr_accessor :key, :key_id
+  end
   def call(env)
+    raise 'key and key_id needs to be set' if self.class.key.nil? || self.class.key_id.nil?
     if env[:body]
       env[:request_headers].merge!('Digest' => HTTPSignature.create_digest(env[:body]))
     end
@@ -17,8 +23,8 @@ class HTTPSignature::Faraday < Faraday::Middleware
       url: env[:url],
       method: env[:method],
       headers: headers_to_sign,
-      key: ENV.fetch('REQUEST_SIGNATURE_KEY'),
-      key_id: ENV.fetch('REQUEST_SIGNATURE_KEY_ID'),
+      key: self.class.key,
+      key_id: self.class.key_id,
       algorithm: 'hmac-sha256',
       body: env[:body] ? env[:body] : ''
     )

data/lib/http_signature/rack.rb CHANGED

@@ -4,8 +4,6 @@ require 'http_signature'
 # Rack middleware using http-signature gem to validate signature on every incoming request
 class HTTPSignature::Rack
-  KEY = ENV.fetch('REQUEST_SIGNATURE_KEY')
   def initialize(app)
     @app = app
   end
@@ -27,7 +25,7 @@ class HTTPSignature::Rack
       url: request.path,
       method: request.request_method,
       headers: headers_to_sign,
-      key: KEY,
+      key: HTTPSignature.key(parsed_signature['keyId']),
       key_id: parsed_signature['keyId'],
       algorithm: parsed_signature['algorithm'],
       body: request_body ? request_body : '',

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: http_signature
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Joel Larsson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-04-23 00:00:00.000000000 Z
+date: 2018-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 'Create and validate HTTP request signature according to draft: https://tools.ietf.org/html/draft-cavage-http-signatures-09'
 email:
 - bolmaster2@gmail.com
@@ -60,6 +74,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".gitignore"
 - Gemfile
 - Gemfile.lock
 - README.md