http_signature 0.0.7 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 33793ff4276cb6c366f88d15abb0e38b69cdb468
-  data.tar.gz: cde3efe53a20f5ef8a94c2ed21b9341300f4ed76
+  metadata.gz: 821df2c08e3f1d58e737250711d5d45d6baf561d
+  data.tar.gz: 3ee3456c48c461e7ae328b42f5c4808a7fe9cb9d
 SHA512:
-  metadata.gz: 88cf8f428a7bafd0971b4e8d0650c8b9ee15c8f74794347afa7cdaed32da0462468f4a7f1471f1f4578886009801a822dcf990481d859dac5fa3e9b65e2e8630
-  data.tar.gz: 516d8a279e8a340df3e2aae7e8b1bd313229dd8e8643c81bda7caea37e321d1e812e692afabe2b4535281c6c35970b2b62286ffdd07178fa5a57ca2c63d0c72f
+  metadata.gz: 75c29e3608b55604dcc9bbbcae30d8907e3b830b8001fc563f2c606a88f7f071e54470d56c28ee3d2d9406aa173445b176e1c1bfe9c02ca2c3994b1559b0fe9c
+  data.tar.gz: 73ec032a5fdf6813d1ac273aadf4b90d9f583c72e023299f62383c82f8ad92d17c72010b8571a9bb7d211c2781d9f477a901f89b6da3992bc5291159d298fed2

data/.rubocop.yml

@@ -0,0 +1,5 @@
+Metrics/LineLength:
+  Max: 100
+
+Metrics/MethodLength:
+  Max: 15

data/README.md

@@ -105,16 +105,46 @@ HTTPSignature.valid?(
 )
 ```
 
-## Example usage with middleware
-### Faraday middleware on outgoing requests
-Example of using it on an outgoing request.
+## Example usage
+### NET::HTTP
+Example of using it with `NET::HTTP`. There's no real integration written so it's basically just
+getting the request object's data and create the signature and adding it to the headers.
+
+```ruby
+require 'net/http'
+require 'http_signature'
+
+uri = URI('http://example.com/hello')
+
+Net::HTTP.start(uri.host, uri.port) do |http|
+  request = Net::HTTP::Get.new(uri)
+
+  signature = HTTPSignature.create(
+    url: request.uri,
+    method: request.method,
+    headers: request.each_header.map { |k, v| [k, v] }.to_h,
+    key: 'MYSECRETKEY',
+    key_id: 'KEY_1',
+    algorithm: 'hmac-sha256',
+    body: request.body ? request.body : ''
+  )
+
+  request['Signature'] = signature
+
+  response = http.request(request) # Net::HTTPResponse
+end
+```
+
+### Faraday middleware
+Example of using it with an outgoing faraday request. IMO, this is the smoothest usage.
+Basically you set the keys and tell faraday to use the middleware.
+
 ```ruby
 require 'http_signature/faraday'
 
 HTTPSignature::Faraday.key = 'MySecureKey' # This should be long and random
 HTTPSignature::Faraday.key_id = 'key-1' # For the recipient to know which key to decrypt with
 
-
 # Tell faraday to use the middleware. Read more about it here: https://github.com/lostisland/faraday#advanced-middleware-usage
 Faraday.new('http://example.com') do |faraday|
   faraday.use(HTTPSignature::Faraday)
@@ -131,16 +161,18 @@ response = conn.get('/')
 ```
 
 ### Rack middleware for incoming requests
-I've written a quite sloppy but totally usable rack middleware that validates every incoming request.
+I've written a quite sloppy but totally usable rack middleware that validates incoming requests.
 
-#### General rack application
+#### General Rack application
 Sinatra for example
 ```ruby
 require 'http_signature/rack'
 
 HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
-# You can exclude paths where you don't want to validate the signature:
-HTTPSignature::Rack.exclude_paths = ['/']
+# You can exclude paths where you don't want to validate the signature, it's using
+# regexp so you can use `*` and stuff like that. Just watch out so you don't exclude
+# more paths than intended. Regexp can trick you when you least expect it 👻.
+HTTPSignature::Rack.exclude_paths = ['/', '/hello/*']
 
 use HTTPSignature::Rack
 run MyApp

data/http_signature.gemspec

@@ -1,9 +1,10 @@
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'http_signature/version'
 
 Gem::Specification.new do |spec|
   spec.name          = 'http_signature'
-  spec.version       = '0.0.7'
+  spec.version       = HTTPSignature::VERSION
   spec.authors       = ['Joel Larsson']
   spec.email         = ['bolmaster2@gmail.com']
 

data/lib/http_signature.rb

@@ -5,6 +5,8 @@ require 'securerandom'
 require 'base64'
 require 'uri'
 
+# Implements signing of a request according to https://tools.ietf.org/html/draft-cavage-http-signatures
+# specification.
 module HTTPSignature
   # Create signature based on the data sent in
   #
@@ -18,12 +20,10 @@ module HTTPSignature
   # @param method [Symbol] Request method, default is `:get`
   # @param algorithm [String] Algorithm to use when signing, check `supported_algorithms` for
   # @return [String] The signature header value to use in "Signature" header
-  def self.create(url:, query_string_params: {}, body: '', headers: {}, key:,
-    key_id: SecureRandom.hex(8),
-    method: :get,
-    algorithm: 'hmac-sha256'
+  def self.create(
+    url:, query_string_params: {}, body: '', headers: {}, key:, key_id: SecureRandom.hex(8),
+    method: :get, algorithm: 'hmac-sha256'
   )
-
     raise 'Unsupported algorithm :(' unless supported_algorithms.include?(algorithm)
 
     uri = URI(url)
@@ -32,12 +32,11 @@ module HTTPSignature
     headers = convert_headers(headers)
     query = create_query_string(uri, query_string_params)
 
-    string_to_sign = create_signing_string(method: method, path: path,
-      query: query, headers: headers)
-
-    signature = sign(string_to_sign, key: key, algorithm: algorithm)
-    create_signature_header(key_id: key_id, headers: headers, signature: signature,
-      algorithm: algorithm)
+    sign_string = create_signing_string(method: method, path: path, query: query, headers: headers)
+    signature = sign(sign_string, key: key, algorithm: algorithm)
+    create_signature_header(
+      key_id: key_id, headers: headers, signature: signature, algorithm: algorithm
+    )
   end
 
   def self.sign(string, key:, algorithm:)
@@ -86,7 +85,7 @@ module HTTPSignature
   # @return [String]
   def self.create_signing_string(method:, path:, query:, headers:)
     [
-      "(request-target): #{method.upcase} #{path}#{query}",
+      "(request-target): #{method.downcase} #{path}#{query}"
     ].concat(headers).join("\n")
   end
 
@@ -109,6 +108,7 @@ module HTTPSignature
     uri = URI(url)
     path = uri.path
     signature = headers.delete(:signature)
+    headers = add_digest(headers, body)
     headers = convert_headers(headers)
     query = create_query_string(uri, query_string_params)
 
@@ -141,11 +141,13 @@ module HTTPSignature
   # When query string params is also set on the url, append the params defined
   # in `query_string_params` and make a joint query string
   def self.create_query_string(uri, query_string_params)
-    if uri.query || !query_string_params.empty?
-      delimiter = uri.query.nil? ? '' : '&'
-      '?' + (query_string_params.empty? ? '' : [uri.query.to_s, delimiter, URI.encode_www_form(query_string_params)].join)
-    end
+    return if !uri.query && query_string_params.empty?
+
+    delimiter = uri.query.nil? || query_string_params.empty? ? '' : '&'
+
+    ['?', uri.query.to_s, delimiter, URI.encode_www_form(query_string_params)].join
   end
+
   # Convert a header hash into an array with header strings
   # { header: 'value'} -> ['header: value']
   def self.convert_headers(headers)
@@ -156,7 +158,6 @@ module HTTPSignature
 
   def self.add_digest(headers, body)
     headers[:digest] = create_digest(body) unless body.empty?
-
     headers
   end
 
@@ -165,9 +166,7 @@ module HTTPSignature
   end
 
   def self.key(id)
-    key = @keys.select do |o|
-      o[:id] == id
-    end.first
+    key = @keys.select { |o| o[:id] == id }.first
 
     key&.dig(:value) || (raise "Key with id #{id} could not be found")
   end

data/lib/http_signature/faraday.rb

@@ -21,8 +21,8 @@ class HTTPSignature::Faraday < Faraday::Middleware
       end
 
     # Choose which headers to sign
-    filtered_headers = %w{ Host Date Digest }
-    headers_to_sign = env[:request_headers].select { |k, v| filtered_headers.include?(k.to_s) }
+    filtered_headers = %w[Host Date Digest]
+    headers_to_sign = env[:request_headers].select { |k, _v| filtered_headers.include?(k.to_s) }
 
     signature = HTTPSignature.create(
       url: env[:url],
@@ -34,7 +34,7 @@ class HTTPSignature::Faraday < Faraday::Middleware
       body: body
     )
 
-    env[:request_headers].merge!('Signature' => signature)
+    env[:request_headers]['Signature'] = signature
 
     @app.call(env)
   end

data/lib/http_signature/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module HTTPSignature
+  VERSION = '0.1.0'
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: http_signature
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.1.0
 platform: ruby
 authors:
 - Joel Larsson
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-05-02 00:00:00.000000000 Z
+date: 2018-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -75,6 +75,7 @@ extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
 - ".gitignore"
+- ".rubocop.yml"
 - ".ruby-version"
 - Gemfile
 - Gemfile.lock
@@ -84,6 +85,7 @@ files:
 - lib/http_signature.rb
 - lib/http_signature/faraday.rb
 - lib/http_signature/rack.rb
+- lib/http_signature/version.rb
 homepage: https://github.com/bolmaster2/http-signature
 licenses:
 - MIT