http_signature 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Gemfile.lock +5 -1
- data/README.md +25 -24
- data/http_signature.gemspec +2 -1
- data/lib/http_signature.rb +16 -0
- data/lib/http_signature/faraday.rb +8 -2
- data/lib/http_signature/rack.rb +1 -3
- metadata +17 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6320c8fac16dd162425c863e231bd09f61813b2e9ee5106e793c2eae062a08fc
|
|
4
|
+
data.tar.gz: 86297b14149a73e71075280e8d0cd832ef5af322789aa55a8b729f5aec3d6834
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f7da7985ac3900b7422143ecff5cda1bcc78eb4ae3f4b750bf74c296dc41f2b5411e45dbd0e5d7aebc548c782d400889f46b2be4497ba36a5cdc370133d335fe
|
|
7
|
+
data.tar.gz: 393d8df6ded354f2d96cea732bb3017e16c0801f6a94f3e749ec56aee5d7752bac754d6ae76705ae6801ea4fb761a391923eafd50616c663339e69627b4da026
|
data/.gitignore
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
*.gem
|
data/Gemfile.lock
CHANGED
|
@@ -1,12 +1,15 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
http_signature (0.0.
|
|
4
|
+
http_signature (0.0.4)
|
|
5
5
|
|
|
6
6
|
GEM
|
|
7
7
|
remote: https://rubygems.org/
|
|
8
8
|
specs:
|
|
9
|
+
faraday (0.15.0)
|
|
10
|
+
multipart-post (>= 1.2, < 3)
|
|
9
11
|
minitest (5.10.3)
|
|
12
|
+
multipart-post (2.0.0)
|
|
10
13
|
rake (12.2.1)
|
|
11
14
|
|
|
12
15
|
PLATFORMS
|
|
@@ -14,6 +17,7 @@ PLATFORMS
|
|
|
14
17
|
|
|
15
18
|
DEPENDENCIES
|
|
16
19
|
bundler
|
|
20
|
+
faraday
|
|
17
21
|
http_signature!
|
|
18
22
|
minitest
|
|
19
23
|
rake
|
data/README.md
CHANGED
|
@@ -105,30 +105,15 @@ HTTPSignature.valid?(
|
|
|
105
105
|
)
|
|
106
106
|
```
|
|
107
107
|
|
|
108
|
-
##
|
|
109
|
-
```
|
|
110
|
-
bundle install
|
|
111
|
-
```
|
|
112
|
-
|
|
113
|
-
## Test
|
|
114
|
-
The tests are written with `minitest` using specs. Run them all with `rake`:
|
|
115
|
-
```bash
|
|
116
|
-
rake test
|
|
117
|
-
```
|
|
118
|
-
Or a single with pattern matching:
|
|
119
|
-
```bash
|
|
120
|
-
rake test TEST=test/http_signature_test.rb TESTOPTS="--name=/appends\ the\ query_string_params/"
|
|
121
|
-
```
|
|
122
|
-
|
|
123
|
-
## Example usage
|
|
108
|
+
## Example usage with middleware
|
|
124
109
|
### Faraday middleware on outgoing requests
|
|
125
110
|
Example of using it on an outgoing request.
|
|
126
111
|
```ruby
|
|
127
|
-
# Two env variables are needed to be set
|
|
128
|
-
ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f' # This should be long and random
|
|
129
|
-
ENV['REQUEST_SIGNATURE_KEY_ID'] = 'my-key-id' # this is for the recipient to know which key to decrypt with
|
|
130
|
-
|
|
131
112
|
require 'http_signature/faraday'
|
|
113
|
+
# Two variables needed to be set
|
|
114
|
+
HTTPSignature::Faraday.key = 'MySecureKey' # This should be long and random
|
|
115
|
+
HTTPSignature::Faraday.key_id = 'key-1' # For the recipient to know which key to decrypt with
|
|
116
|
+
|
|
132
117
|
|
|
133
118
|
# Tell faraday to use the middleware. Read more about it here: https://github.com/lostisland/faraday#advanced-middleware-usage
|
|
134
119
|
Faraday.new('http://example.com') do |faraday|
|
|
@@ -146,10 +131,10 @@ I've written a quite sloppy but totally usable rack middleware that validates ev
|
|
|
146
131
|
#### General rack application
|
|
147
132
|
Sinatra for example
|
|
148
133
|
```ruby
|
|
149
|
-
ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
|
|
150
|
-
|
|
151
134
|
require 'http_signature/rack'
|
|
152
135
|
|
|
136
|
+
HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
|
|
137
|
+
|
|
153
138
|
use HTTPSignature::Rack
|
|
154
139
|
run MyApp
|
|
155
140
|
```
|
|
@@ -160,9 +145,25 @@ Checkout [this documentation](http://guides.rubyonrails.org/rails_on_rack.html).
|
|
|
160
145
|
config.middleware.use HTTPSignature::Rack
|
|
161
146
|
```
|
|
162
147
|
|
|
163
|
-
and don't forget to set the key env somewhere:
|
|
148
|
+
and don't forget to set the key env somewhere, an initializer should be suitable:
|
|
164
149
|
```ruby
|
|
165
|
-
|
|
150
|
+
HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
## Development
|
|
154
|
+
Install dependencies and then you can start running the tests!
|
|
155
|
+
```
|
|
156
|
+
bundle install
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
### Test
|
|
160
|
+
The tests are written with `minitest` using specs. Run them all with `rake`:
|
|
161
|
+
```bash
|
|
162
|
+
rake test
|
|
163
|
+
```
|
|
164
|
+
Or a single with pattern matching:
|
|
165
|
+
```bash
|
|
166
|
+
rake test TEST=test/http_signature_test.rb TESTOPTS="--name=/appends\ the\ query_string_params/"
|
|
166
167
|
```
|
|
167
168
|
|
|
168
169
|
## License
|
data/http_signature.gemspec
CHANGED
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |spec|
|
|
5
5
|
spec.name = 'http_signature'
|
|
6
|
-
spec.version = '0.0.
|
|
6
|
+
spec.version = '0.0.4'
|
|
7
7
|
spec.authors = ['Joel Larsson']
|
|
8
8
|
spec.email = ['bolmaster2@gmail.com']
|
|
9
9
|
|
|
@@ -20,4 +20,5 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.add_development_dependency 'bundler'
|
|
21
21
|
spec.add_development_dependency 'rake'
|
|
22
22
|
spec.add_development_dependency 'minitest'
|
|
23
|
+
spec.add_development_dependency 'faraday'
|
|
23
24
|
end
|
data/lib/http_signature.rb
CHANGED
|
@@ -159,4 +159,20 @@ module HTTPSignature
|
|
|
159
159
|
|
|
160
160
|
headers
|
|
161
161
|
end
|
|
162
|
+
|
|
163
|
+
def self.config(**options)
|
|
164
|
+
@keys = options[:keys]
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
def self.key(id)
|
|
168
|
+
key = @keys.select do |o|
|
|
169
|
+
o[:id] == id
|
|
170
|
+
end.first
|
|
171
|
+
|
|
172
|
+
key&.dig(:value) || (raise "Key with id #{id} could not be found")
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
class << self
|
|
176
|
+
attr_reader :keys
|
|
177
|
+
end
|
|
162
178
|
end
|
|
@@ -4,7 +4,13 @@ require 'http_signature'
|
|
|
4
4
|
require 'faraday'
|
|
5
5
|
|
|
6
6
|
class HTTPSignature::Faraday < Faraday::Middleware
|
|
7
|
+
class << self
|
|
8
|
+
attr_accessor :key, :key_id
|
|
9
|
+
end
|
|
10
|
+
|
|
7
11
|
def call(env)
|
|
12
|
+
raise 'key and key_id needs to be set' if self.class.key.nil? || self.class.key_id.nil?
|
|
13
|
+
|
|
8
14
|
if env[:body]
|
|
9
15
|
env[:request_headers].merge!('Digest' => HTTPSignature.create_digest(env[:body]))
|
|
10
16
|
end
|
|
@@ -17,8 +23,8 @@ class HTTPSignature::Faraday < Faraday::Middleware
|
|
|
17
23
|
url: env[:url],
|
|
18
24
|
method: env[:method],
|
|
19
25
|
headers: headers_to_sign,
|
|
20
|
-
key:
|
|
21
|
-
key_id:
|
|
26
|
+
key: self.class.key,
|
|
27
|
+
key_id: self.class.key_id,
|
|
22
28
|
algorithm: 'hmac-sha256',
|
|
23
29
|
body: env[:body] ? env[:body] : ''
|
|
24
30
|
)
|
data/lib/http_signature/rack.rb
CHANGED
|
@@ -4,8 +4,6 @@ require 'http_signature'
|
|
|
4
4
|
|
|
5
5
|
# Rack middleware using http-signature gem to validate signature on every incoming request
|
|
6
6
|
class HTTPSignature::Rack
|
|
7
|
-
KEY = ENV.fetch('REQUEST_SIGNATURE_KEY')
|
|
8
|
-
|
|
9
7
|
def initialize(app)
|
|
10
8
|
@app = app
|
|
11
9
|
end
|
|
@@ -27,7 +25,7 @@ class HTTPSignature::Rack
|
|
|
27
25
|
url: request.path,
|
|
28
26
|
method: request.request_method,
|
|
29
27
|
headers: headers_to_sign,
|
|
30
|
-
key:
|
|
28
|
+
key: HTTPSignature.key(parsed_signature['keyId']),
|
|
31
29
|
key_id: parsed_signature['keyId'],
|
|
32
30
|
algorithm: parsed_signature['algorithm'],
|
|
33
31
|
body: request_body ? request_body : '',
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: http_signature
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joel Larsson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-04-
|
|
11
|
+
date: 2018-04-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -52,6 +52,20 @@ dependencies:
|
|
|
52
52
|
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: faraday
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0'
|
|
62
|
+
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - ">="
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '0'
|
|
55
69
|
description: 'Create and validate HTTP request signature according to draft: https://tools.ietf.org/html/draft-cavage-http-signatures-09'
|
|
56
70
|
email:
|
|
57
71
|
- bolmaster2@gmail.com
|
|
@@ -60,6 +74,7 @@ extensions: []
|
|
|
60
74
|
extra_rdoc_files: []
|
|
61
75
|
files:
|
|
62
76
|
- ".circleci/config.yml"
|
|
77
|
+
- ".gitignore"
|
|
63
78
|
- Gemfile
|
|
64
79
|
- Gemfile.lock
|
|
65
80
|
- README.md
|