jwt_signed_request 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -2
- data/lib/jwt_signed_request.rb +9 -1
- data/lib/jwt_signed_request/middlewares/rack.rb +1 -1
- data/lib/jwt_signed_request/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 427fe8633c579541cd1e42bdf573b3e3d4017ad0
|
4
|
+
data.tar.gz: 393611e2bd664892a8485c9a012ed6640b4c2f04
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '0081e1187e16f6e38a8ef7dbe0acd95388c4111f0097acea9319b9b271e88d6ddcc882513b9945eb469d0ce3d5644829d12cbd7f49181fc67d5de1d6e5551c98'
|
7
|
+
data.tar.gz: c5020b652569207bfe5bd9f8c40cc28f04f646003c8bd57f5133202f17d99d9ac6fe7895da978c3ef3a774e48473d772aaa77d043184f795e8d130700e8c3269
|
data/README.md
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# JWT Signed Request
|
2
|
+
[![travis ci build](https://api.travis-ci.org/envato/jwt_signed_request.svg)](https://travis-ci.org/envato/jwt_signed_request)
|
2
3
|
|
3
4
|
Request signing and verification for Internal APIs using JWT.
|
4
5
|
|
@@ -85,7 +86,7 @@ AwEHoUQDQgAEuOC3ufTTnW0hVmCPNERb4LxaDE/OexDdlmXEjHYaixzYIduluGXd
|
|
85
86
|
conn = Faraday.new(url: URI.parse('http://example.com')) do |faraday|
|
86
87
|
faraday.use JWTSignedRequest::Middlewares::Faraday,
|
87
88
|
secret_key: OpenSSL::PKey::EC.new(private_key),
|
88
|
-
algorithm: '
|
89
|
+
algorithm: 'ES256', # optional (default: ES256)
|
89
90
|
key_id: 'my-key-id', # optional
|
90
91
|
issuer: 'my-issuer', # optional
|
91
92
|
additional_headers_to_sign: ['X-AUTH'] # optional
|
@@ -169,7 +170,7 @@ We welcome contribution from everyone. Read more about it in
|
|
169
170
|
|
170
171
|
For bug fixes, documentation changes, and small features:
|
171
172
|
|
172
|
-
1. Fork it ( https://github.com/
|
173
|
+
1. Fork it ( https://github.com/envato/jwt_signed_request/fork )
|
173
174
|
2. Create your feature branch (git checkout -b my-new-feature)
|
174
175
|
3. Commit your changes (git commit -am 'Add some feature')
|
175
176
|
4. Push to the branch (git push origin my-new-feature)
|
data/lib/jwt_signed_request.rb
CHANGED
@@ -50,12 +50,20 @@ module JWTSignedRequest
|
|
50
50
|
def self.verified_request?(request:, claims:)
|
51
51
|
claims['method'].downcase == request.request_method.downcase &&
|
52
52
|
claims['path'] == request.fullpath &&
|
53
|
-
claims['body_sha'] == Digest::SHA256.hexdigest(request
|
53
|
+
claims['body_sha'] == Digest::SHA256.hexdigest(request_body(request: request)) &&
|
54
54
|
verified_headers?(request: request, claims: claims)
|
55
55
|
end
|
56
56
|
|
57
57
|
private_class_method :verified_request?
|
58
58
|
|
59
|
+
def self.request_body(request:)
|
60
|
+
string = request.body.read
|
61
|
+
request.body.rewind
|
62
|
+
string
|
63
|
+
end
|
64
|
+
|
65
|
+
private_class_method :request_body
|
66
|
+
|
59
67
|
def self.verified_headers?(request:, claims:)
|
60
68
|
parsed_headers = JSON.parse(claims['headers'])
|
61
69
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt_signed_request
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Toan Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-01-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jwt
|
@@ -141,9 +141,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
141
|
version: '0'
|
142
142
|
requirements: []
|
143
143
|
rubyforge_project:
|
144
|
-
rubygems_version: 2.
|
144
|
+
rubygems_version: 2.5.2
|
145
145
|
signing_key:
|
146
146
|
specification_version: 4
|
147
147
|
summary: JWT request signing and verification for Internal APIs
|
148
148
|
test_files: []
|
149
|
-
has_rdoc:
|