http_signature 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.ruby-version +1 -0
- data/Gemfile.lock +1 -1
- data/README.md +13 -3
- data/http_signature.gemspec +1 -1
- data/lib/http_signature/faraday.rb +9 -4
- data/lib/http_signature/rack.rb +17 -3
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 6e856db84d163534a1f63dda575f6638f3a0a176
|
|
4
|
+
data.tar.gz: a0f25862111f95abf82f598902f928acfd62d3e5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a9b3e8636cc8c1689c47016fcfe271b4b2bca8bf618045894750efa695295ead602a33daa75b085647b8cf7a2d2833eba158d2bffb562bb4fdca94c4d81cbe6
|
|
7
|
+
data.tar.gz: 68027c22824a7d0468e57d287d00f5fd087861c03ca9637e356630d5f7f9cc0e498a6011d7e3600c24af9d17a1ba2cf930bf87c71d5d6a38b86b4f6a11c48aae
|
data/.ruby-version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
2.4.0
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -18,7 +18,7 @@ require 'http_signature'
|
|
|
18
18
|
```
|
|
19
19
|
|
|
20
20
|
### Basic
|
|
21
|
-
The most basic usage without any extra headers. The default algorithm is `hmac-sha256`.
|
|
21
|
+
The most basic usage without any extra headers. The default algorithm is `hmac-sha256`. This create the `Signature` header value. Next step is to add the value to the header and 💥 you're done!
|
|
22
22
|
```ruby
|
|
23
23
|
HTTPSignature.create(
|
|
24
24
|
url: 'https://example.com/foo',
|
|
@@ -110,7 +110,7 @@ HTTPSignature.valid?(
|
|
|
110
110
|
Example of using it on an outgoing request.
|
|
111
111
|
```ruby
|
|
112
112
|
require 'http_signature/faraday'
|
|
113
|
-
|
|
113
|
+
|
|
114
114
|
HTTPSignature::Faraday.key = 'MySecureKey' # This should be long and random
|
|
115
115
|
HTTPSignature::Faraday.key_id = 'key-1' # For the recipient to know which key to decrypt with
|
|
116
116
|
|
|
@@ -123,6 +123,11 @@ end
|
|
|
123
123
|
|
|
124
124
|
# Now this request will contain the `Signature` header
|
|
125
125
|
response = conn.get('/')
|
|
126
|
+
|
|
127
|
+
# Request looking like:
|
|
128
|
+
# GET / HTTP/1.1
|
|
129
|
+
# User-Agent: Faraday v0.15.0
|
|
130
|
+
# Signature: keyId="key-1",algorithm="hmac-sha256",headers="(request-target) date",signature="EzFa4vb0z+VFF8VYt9qQlzF9MTf5Izptc02OJ7aajnU="
|
|
126
131
|
```
|
|
127
132
|
|
|
128
133
|
### Rack middleware for incoming requests
|
|
@@ -134,6 +139,8 @@ Sinatra for example
|
|
|
134
139
|
require 'http_signature/rack'
|
|
135
140
|
|
|
136
141
|
HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
|
|
142
|
+
# You can exclude paths where you don't want to validate the signature:
|
|
143
|
+
HTTPSignature::Rack.exclude_paths = ['/']
|
|
137
144
|
|
|
138
145
|
use HTTPSignature::Rack
|
|
139
146
|
run MyApp
|
|
@@ -142,14 +149,17 @@ run MyApp
|
|
|
142
149
|
#### Rails
|
|
143
150
|
Checkout [this documentation](http://guides.rubyonrails.org/rails_on_rack.html). But in short, add this inside the config block:
|
|
144
151
|
```ruby
|
|
152
|
+
require 'http_signature/rack' # This doesn't have to be inside the block
|
|
145
153
|
config.middleware.use HTTPSignature::Rack
|
|
146
154
|
```
|
|
147
155
|
|
|
148
|
-
|
|
156
|
+
Don't forget to set the keys somewhere, an initializer should be suitable. Multiple keys
|
|
157
|
+
are supported to be able to easily be rotated.
|
|
149
158
|
```ruby
|
|
150
159
|
HTTPSignature.config(keys: [{ id: 'key-1', value: 'MySecureKey' }])
|
|
151
160
|
```
|
|
152
161
|
|
|
162
|
+
|
|
153
163
|
## Development
|
|
154
164
|
Install dependencies and then you can start running the tests!
|
|
155
165
|
```
|
data/http_signature.gemspec
CHANGED
|
@@ -11,9 +11,14 @@ class HTTPSignature::Faraday < Faraday::Middleware
|
|
|
11
11
|
def call(env)
|
|
12
12
|
raise 'key and key_id needs to be set' if self.class.key.nil? || self.class.key_id.nil?
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
env[:
|
|
16
|
-
|
|
14
|
+
body =
|
|
15
|
+
if env[:body] && env[:body].respond_to?(:read)
|
|
16
|
+
string = env[:body].read
|
|
17
|
+
env[:body].rewind
|
|
18
|
+
string
|
|
19
|
+
else
|
|
20
|
+
env[:body].to_s
|
|
21
|
+
end
|
|
17
22
|
|
|
18
23
|
# Choose which headers to sign
|
|
19
24
|
filtered_headers = %w{ Host Date Digest }
|
|
@@ -26,7 +31,7 @@ class HTTPSignature::Faraday < Faraday::Middleware
|
|
|
26
31
|
key: self.class.key,
|
|
27
32
|
key_id: self.class.key_id,
|
|
28
33
|
algorithm: 'hmac-sha256',
|
|
29
|
-
body:
|
|
34
|
+
body: body
|
|
30
35
|
)
|
|
31
36
|
|
|
32
37
|
env[:request_headers].merge!('Signature' => signature)
|
data/lib/http_signature/rack.rb
CHANGED
|
@@ -4,28 +4,38 @@ require 'http_signature'
|
|
|
4
4
|
|
|
5
5
|
# Rack middleware using http-signature gem to validate signature on every incoming request
|
|
6
6
|
class HTTPSignature::Rack
|
|
7
|
+
class << self
|
|
8
|
+
attr_accessor :exclude_paths
|
|
9
|
+
end
|
|
10
|
+
|
|
7
11
|
def initialize(app)
|
|
8
12
|
@app = app
|
|
13
|
+
self.class.exclude_paths ||= []
|
|
9
14
|
end
|
|
10
15
|
|
|
11
16
|
def call(env)
|
|
12
17
|
request = Rack::Request.new(env)
|
|
18
|
+
|
|
19
|
+
return @app.call(env) if path_excluded?(request.path)
|
|
20
|
+
|
|
13
21
|
return [401, {}, ['No signature header']] unless request.get_header("HTTP_SIGNATURE")
|
|
14
22
|
|
|
15
|
-
request_body = request.body.gets
|
|
16
|
-
request_headers = parse_request_headers(request)
|
|
17
23
|
begin
|
|
24
|
+
request_body = request.body.read
|
|
25
|
+
request_headers = parse_request_headers(request)
|
|
18
26
|
parsed_signature = parse_signature(request_headers)
|
|
27
|
+
key = HTTPSignature.key(parsed_signature['keyId'])
|
|
19
28
|
rescue
|
|
20
29
|
return [401, {}, ['Invalid signature :(']]
|
|
21
30
|
end
|
|
31
|
+
|
|
22
32
|
headers_to_sign = request_headers.select { |k, v| parsed_signature['headers'].include?(k) }
|
|
23
33
|
|
|
24
34
|
params = {
|
|
25
35
|
url: request.path,
|
|
26
36
|
method: request.request_method,
|
|
27
37
|
headers: headers_to_sign,
|
|
28
|
-
key:
|
|
38
|
+
key: key,
|
|
29
39
|
key_id: parsed_signature['keyId'],
|
|
30
40
|
algorithm: parsed_signature['algorithm'],
|
|
31
41
|
body: request_body ? request_body : '',
|
|
@@ -67,4 +77,8 @@ class HTTPSignature::Rack
|
|
|
67
77
|
[k, v.tr('"', '')]
|
|
68
78
|
end.to_h
|
|
69
79
|
end
|
|
80
|
+
|
|
81
|
+
def path_excluded?(path)
|
|
82
|
+
self.class.exclude_paths.include?(path)
|
|
83
|
+
end
|
|
70
84
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: http_signature
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joel Larsson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-05-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -75,6 +75,7 @@ extra_rdoc_files: []
|
|
|
75
75
|
files:
|
|
76
76
|
- ".circleci/config.yml"
|
|
77
77
|
- ".gitignore"
|
|
78
|
+
- ".ruby-version"
|
|
78
79
|
- Gemfile
|
|
79
80
|
- Gemfile.lock
|
|
80
81
|
- README.md
|
|
@@ -103,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
103
104
|
version: '0'
|
|
104
105
|
requirements: []
|
|
105
106
|
rubyforge_project:
|
|
106
|
-
rubygems_version: 2.
|
|
107
|
+
rubygems_version: 2.6.8
|
|
107
108
|
signing_key:
|
|
108
109
|
specification_version: 4
|
|
109
110
|
summary: Create and validate HTTP request signature
|