jmoses_api-auth 1.0.4

data/lib/api_auth/railtie.rb

@@ -0,0 +1,129 @@
+module ApiAuth
+
+  # Integration with Rails
+  #
+  class Rails # :nodoc:
+    
+    module ControllerMethods # :nodoc:
+      
+      module InstanceMethods # :nodoc:
+        
+        def get_api_access_id_from_request
+          ApiAuth.access_id(request)
+        end
+        
+        def api_authenticated?(secret_key)
+          ApiAuth.authentic?(request, secret_key)
+        end
+        
+      end
+      
+      unless defined?(ActionController)
+        begin
+          require 'rubygems'
+          gem 'actionpack'
+          gem 'activesupport'
+          require 'action_controller'
+          require 'active_support'
+        rescue LoadError
+          nil
+        end
+      end
+      
+      if defined?(ActionController::Base)        
+        ActionController::Base.send(:include, ControllerMethods::InstanceMethods)
+      end
+      
+    end # ControllerMethods
+  
+    module ActiveResourceExtension  # :nodoc:
+    
+      module ActiveResourceApiAuth # :nodoc:
+      
+        def self.included(base)
+          base.extend(ClassMethods)
+          
+          if base.respond_to?('class_attribute')
+            base.class_attribute :hmac_access_id
+            base.class_attribute :hmac_secret_key
+            base.class_attribute :use_hmac
+          else
+            base.class_inheritable_accessor :hmac_access_id            
+            base.class_inheritable_accessor :hmac_secret_key            
+            base.class_inheritable_accessor :use_hmac            
+          end
+        
+        end
+      
+        module ClassMethods
+
+          def with_api_auth(access_id, secret_key)
+            self.hmac_access_id = access_id
+            self.hmac_secret_key = secret_key
+            self.use_hmac = true
+          
+            class << self
+              alias_method_chain :connection, :auth
+            end
+          end
+        
+          def connection_with_auth(refresh = false) 
+            c = connection_without_auth(refresh)
+            c.hmac_access_id = self.hmac_access_id
+            c.hmac_secret_key = self.hmac_secret_key
+            c.use_hmac = self.use_hmac
+            c
+          end   
+               
+        end # class methods
+      
+        module InstanceMethods
+        end
+      
+      end # BaseApiAuth
+    
+      module Connection
+      
+        def self.included(base)
+          base.send :alias_method_chain, :request, :auth
+          base.class_eval do
+            attr_accessor :hmac_secret_key, :hmac_access_id, :use_hmac
+          end
+        end
+
+        def request_with_auth(method, path, *arguments)
+          if use_hmac && hmac_access_id && hmac_secret_key
+            h = arguments.last
+            tmp = "Net::HTTP::#{method.to_s.capitalize}".constantize.new(path, h)
+            tmp.body = arguments[0] if arguments.length > 1
+            ApiAuth.sign!(tmp, hmac_access_id, hmac_secret_key)
+            arguments.last['Content-MD5'] = tmp['Content-MD5'] if tmp['Content-MD5']
+            arguments.last['DATE'] = tmp['DATE']
+            arguments.last['Authorization'] = tmp['Authorization']
+          end
+        
+          request_without_auth(method, path, *arguments)
+        end
+      
+      end # Connection
+          
+      unless defined?(ActiveResource)
+        begin
+          require 'rubygems'
+          gem 'activeresource'
+          require 'active_resource'
+        rescue LoadError
+          nil
+        end
+      end
+    
+      if defined?(ActiveResource)
+        ActiveResource::Base.send(:include, ActiveResourceApiAuth)        
+        ActiveResource::Connection.send(:include, Connection)
+      end 
+        
+    end # ActiveResourceExtension
+  
+  end # Rails
+  
+end # ApiAuth

data/lib/api_auth/request_drivers/action_controller.rb

@@ -0,0 +1,85 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class ActionControllerRequest # :nodoc:
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request.env["Authorization"] = header
+        @headers = fetch_headers
+        @request
+      end
+
+      def calculated_md5
+        if @request.body
+          body = @request.raw_post
+        else
+          body = ''
+        end
+        Digest::MD5.base64digest(body)
+      end
+
+      def populate_content_md5
+        if @request.put? || @request.post?
+          @request.env["Content-MD5"] = calculated_md5
+        end
+      end
+
+      def md5_mismatch?
+        if @request.put? || @request.post?
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+
+      def fetch_headers
+        capitalize_keys @request.env
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5 HTTP_CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.request_uri
+      end
+
+      def set_date
+        @request.env['DATE'] = Time.now.utc.httpdate
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+
+    end
+
+  end
+
+end

data/lib/api_auth/request_drivers/action_dispatch.rb

@@ -0,0 +1,15 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class ActionDispatchRequest < ActionControllerRequest # :nodoc:
+
+      def request_uri
+        @request.fullpath
+      end
+
+    end
+
+  end
+
+end

data/lib/api_auth/request_drivers/curb.rb

@@ -0,0 +1,70 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class CurbRequest # :nodoc:
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request.headers.merge!({ "Authorization" => header })
+        @headers = fetch_headers
+        @request
+      end
+
+      def populate_content_md5
+        nil #doesn't appear to be possible
+      end
+
+      def md5_mismatch?
+        false
+      end
+
+      def fetch_headers
+        capitalize_keys @request.headers
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.url
+      end
+
+      def set_date
+        @request.headers.merge!({ "DATE" => Time.now.utc.httpdate })
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+
+    end
+
+  end
+
+end

data/lib/api_auth/request_drivers/net_http.rb

@@ -0,0 +1,78 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class NetHttpRequest # :nodoc:
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request["Authorization"] = header
+        @headers = fetch_headers
+        @request
+      end
+
+      def calculated_md5
+        Digest::MD5.base64digest(@request.body || '')
+      end
+
+      def populate_content_md5
+        if @request.class::REQUEST_HAS_BODY
+          @request["Content-MD5"] = calculated_md5
+        end
+      end
+
+      def md5_mismatch?
+        if @request.class::REQUEST_HAS_BODY
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+
+      def fetch_headers
+        @request
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.path
+      end
+
+      def set_date
+        @request["DATE"] = Time.now.utc.httpdate
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+
+    end
+
+  end
+
+end

data/lib/api_auth/request_drivers/rack.rb

@@ -0,0 +1,85 @@
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class RackRequest # :nodoc:
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request.env.merge!({ "Authorization" => header })
+        @headers = fetch_headers
+        @request
+      end
+
+      def calculated_md5
+        if @request.body
+          body = @request.body.read
+        else
+          body = ''
+        end
+        Digest::MD5.base64digest(body)
+      end
+
+      def populate_content_md5
+        if ['POST', 'PUT'].include?(@request.request_method)
+          @request.env["Content-MD5"] = calculated_md5
+        end
+      end
+
+      def md5_mismatch?
+        if ['POST', 'PUT'].include?(@request.request_method)
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+
+      def fetch_headers
+        capitalize_keys @request.env
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.url
+      end
+
+      def set_date
+        @request.env.merge!({ "DATE" => Time.now.utc.httpdate })
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+
+    end
+
+  end
+
+end

data/lib/api_auth/request_drivers/rest_client.rb

@@ -0,0 +1,93 @@
+# give access to RestClient @processed_headers
+module RestClient;class Request;attr_accessor :processed_headers;end;end
+
+module ApiAuth
+
+  module RequestDrivers # :nodoc:
+
+    class RestClientRequest # :nodoc:
+
+      include ApiAuth::Helpers
+
+      def initialize(request)
+        @request = request
+        @headers = fetch_headers
+        true
+      end
+
+      def set_auth_header(header)
+        @request.headers.merge!({ "Authorization" => header })
+        @headers = fetch_headers
+        save_headers # enforce update of processed_headers based on last updated headers
+        @request
+      end
+
+      def calculated_md5
+        if @request.payload
+          body = @request.payload.read
+        else
+          body = ''
+        end
+        Digest::MD5.base64digest(body)
+      end
+
+      def populate_content_md5
+        if [:post, :put].include?(@request.method)
+          @request.headers["Content-MD5"] = calculated_md5
+        end
+      end
+
+      def md5_mismatch?
+        if [:post, :put].include?(@request.method)
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+
+      def fetch_headers
+        capitalize_keys @request.headers
+      end
+
+      def content_type
+        value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
+        value.nil? ? "" : value
+      end
+
+      def content_md5
+        value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
+        value.nil? ? "" : value
+      end
+
+      def request_uri
+        @request.url
+      end
+
+      def set_date
+        @request.headers.merge!({ "DATE" => Time.now.utc.httpdate })
+      end
+
+      def timestamp
+        value = find_header(%w(DATE HTTP_DATE))
+        value.nil? ? "" : value
+      end
+
+      def authorization_header
+        find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
+      end
+
+    private
+
+      def find_header(keys)
+        keys.map {|key| @headers[key] }.compact.first
+      end
+      
+      def save_headers
+        @request.processed_headers = @request.make_headers(@headers)
+      end
+      
+    end
+
+  end
+
+end

data/lib/api_auth.rb

@@ -0,0 +1,16 @@
+require 'openssl'
+require 'base64'
+
+require 'api_auth/errors'
+require 'api_auth/helpers'
+
+require 'api_auth/request_drivers/net_http'
+require 'api_auth/request_drivers/curb'
+require 'api_auth/request_drivers/rest_client'
+require 'api_auth/request_drivers/action_controller'
+require 'api_auth/request_drivers/action_dispatch'
+require 'api_auth/request_drivers/rack'
+
+require 'api_auth/headers'
+require 'api_auth/base'
+require 'api_auth/railtie'