http_signature 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.ruby-version +1 -0
- data/Gemfile.lock +1 -1
- data/README.md +13 -3
- data/http_signature.gemspec +1 -1
- data/lib/http_signature/faraday.rb +9 -4
- data/lib/http_signature/rack.rb +17 -3
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 6e856db84d163534a1f63dda575f6638f3a0a176
|
4
|
+
data.tar.gz: a0f25862111f95abf82f598902f928acfd62d3e5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3a9b3e8636cc8c1689c47016fcfe271b4b2bca8bf618045894750efa695295ead602a33daa75b085647b8cf7a2d2833eba158d2bffb562bb4fdca94c4d81cbe6
|
7
|
+
data.tar.gz: 68027c22824a7d0468e57d287d00f5fd087861c03ca9637e356630d5f7f9cc0e498a6011d7e3600c24af9d17a1ba2cf930bf87c71d5d6a38b86b4f6a11c48aae
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.4.0
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -18,7 +18,7 @@ require 'http_signature'
|
|
18
18
|
```
|
19
19
|
|
20
20
|
### Basic
|
21
|
-
The most basic usage without any extra headers. The default algorithm is `hmac-sha256`.
|
21
|
+
The most basic usage without any extra headers. The default algorithm is `hmac-sha256`. This create the `Signature` header value. Next step is to add the value to the header and 💥 you're done!
|
22
22
|
```ruby
|
23
23
|
HTTPSignature.create(
|
24
24
|
url: 'https://example.com/foo',
|
@@ -110,7 +110,7 @@ HTTPSignature.valid?(
|
|
110
110
|
Example of using it on an outgoing request.
|
111
111
|
```ruby
|
112
112
|
require 'http_signature/faraday'
|
113
|
-
|
113
|
+
|
114
114
|
HTTPSignature::Faraday.key = 'MySecureKey' # This should be long and random
|
115
115
|
HTTPSignature::Faraday.key_id = 'key-1' # For the recipient to know which key to decrypt with
|
116
116
|
|
@@ -123,6 +123,11 @@ end
|
|
123
123
|
|
124
124
|
# Now this request will contain the `Signature` header
|
125
125
|
response = conn.get('/')
|
126
|
+
|
127
|
+
# Request looking like:
|
128
|
+
# GET / HTTP/1.1
|
129
|
+
# User-Agent: Faraday v0.15.0
|
130
|
+
# Signature: keyId="key-1",algorithm="hmac-sha256",headers="(request-target) date",signature="EzFa4vb0z+VFF8VYt9qQlzF9MTf5Izptc02OJ7aajnU="
|
126
131
|
```
|
127
132
|
|
128
133
|
### Rack middleware for incoming requests
|
@@ -134,6 +139,8 @@ Sinatra for example
|
|
134
139
|
require 'http_signature/rack'
|
135
140
|
|
136
141
|
HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
|
142
|
+
# You can exclude paths where you don't want to validate the signature:
|
143
|
+
HTTPSignature::Rack.exclude_paths = ['/']
|
137
144
|
|
138
145
|
use HTTPSignature::Rack
|
139
146
|
run MyApp
|
@@ -142,14 +149,17 @@ run MyApp
|
|
142
149
|
#### Rails
|
143
150
|
Checkout [this documentation](http://guides.rubyonrails.org/rails_on_rack.html). But in short, add this inside the config block:
|
144
151
|
```ruby
|
152
|
+
require 'http_signature/rack' # This doesn't have to be inside the block
|
145
153
|
config.middleware.use HTTPSignature::Rack
|
146
154
|
```
|
147
155
|
|
148
|
-
|
156
|
+
Don't forget to set the keys somewhere, an initializer should be suitable. Multiple keys
|
157
|
+
are supported to be able to easily be rotated.
|
149
158
|
```ruby
|
150
159
|
HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
|
151
160
|
```
|
152
161
|
|
162
|
+
|
153
163
|
## Development
|
154
164
|
Install dependencies and then you can start running the tests!
|
155
165
|
```
|
data/http_signature.gemspec
CHANGED
@@ -11,9 +11,14 @@ class HTTPSignature::Faraday < Faraday::Middleware
|
|
11
11
|
def call(env)
|
12
12
|
raise 'key and key_id needs to be set' if self.class.key.nil? || self.class.key_id.nil?
|
13
13
|
|
14
|
-
|
15
|
-
env[:
|
16
|
-
|
14
|
+
body =
|
15
|
+
if env[:body] && env[:body].respond_to?(:read)
|
16
|
+
string = env[:body].read
|
17
|
+
env[:body].rewind
|
18
|
+
string
|
19
|
+
else
|
20
|
+
env[:body].to_s
|
21
|
+
end
|
17
22
|
|
18
23
|
# Choose which headers to sign
|
19
24
|
filtered_headers = %w{ Host Date Digest }
|
@@ -26,7 +31,7 @@ class HTTPSignature::Faraday < Faraday::Middleware
|
|
26
31
|
key: self.class.key,
|
27
32
|
key_id: self.class.key_id,
|
28
33
|
algorithm: 'hmac-sha256',
|
29
|
-
body:
|
34
|
+
body: body
|
30
35
|
)
|
31
36
|
|
32
37
|
env[:request_headers].merge!('Signature' => signature)
|
data/lib/http_signature/rack.rb
CHANGED
@@ -4,28 +4,38 @@ require 'http_signature'
|
|
4
4
|
|
5
5
|
# Rack middleware using http-signature gem to validate signature on every incoming request
|
6
6
|
class HTTPSignature::Rack
|
7
|
+
class << self
|
8
|
+
attr_accessor :exclude_paths
|
9
|
+
end
|
10
|
+
|
7
11
|
def initialize(app)
|
8
12
|
@app = app
|
13
|
+
self.class.exclude_paths ||= []
|
9
14
|
end
|
10
15
|
|
11
16
|
def call(env)
|
12
17
|
request = Rack::Request.new(env)
|
18
|
+
|
19
|
+
return @app.call(env) if path_excluded?(request.path)
|
20
|
+
|
13
21
|
return [401, {}, ['No signature header']] unless request.get_header("HTTP_SIGNATURE")
|
14
22
|
|
15
|
-
request_body = request.body.gets
|
16
|
-
request_headers = parse_request_headers(request)
|
17
23
|
begin
|
24
|
+
request_body = request.body.read
|
25
|
+
request_headers = parse_request_headers(request)
|
18
26
|
parsed_signature = parse_signature(request_headers)
|
27
|
+
key = HTTPSignature.key(parsed_signature['keyId'])
|
19
28
|
rescue
|
20
29
|
return [401, {}, ['Invalid signature :(']]
|
21
30
|
end
|
31
|
+
|
22
32
|
headers_to_sign = request_headers.select { |k, v| parsed_signature['headers'].include?(k) }
|
23
33
|
|
24
34
|
params = {
|
25
35
|
url: request.path,
|
26
36
|
method: request.request_method,
|
27
37
|
headers: headers_to_sign,
|
28
|
-
key:
|
38
|
+
key: key,
|
29
39
|
key_id: parsed_signature['keyId'],
|
30
40
|
algorithm: parsed_signature['algorithm'],
|
31
41
|
body: request_body ? request_body : '',
|
@@ -67,4 +77,8 @@ class HTTPSignature::Rack
|
|
67
77
|
[k, v.tr('"', '')]
|
68
78
|
end.to_h
|
69
79
|
end
|
80
|
+
|
81
|
+
def path_excluded?(path)
|
82
|
+
self.class.exclude_paths.include?(path)
|
83
|
+
end
|
70
84
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: http_signature
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joel Larsson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-05-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -75,6 +75,7 @@ extra_rdoc_files: []
|
|
75
75
|
files:
|
76
76
|
- ".circleci/config.yml"
|
77
77
|
- ".gitignore"
|
78
|
+
- ".ruby-version"
|
78
79
|
- Gemfile
|
79
80
|
- Gemfile.lock
|
80
81
|
- README.md
|
@@ -103,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
104
|
version: '0'
|
104
105
|
requirements: []
|
105
106
|
rubyforge_project:
|
106
|
-
rubygems_version: 2.
|
107
|
+
rubygems_version: 2.6.8
|
107
108
|
signing_key:
|
108
109
|
specification_version: 4
|
109
110
|
summary: Create and validate HTTP request signature
|