micro_service-signed_request-utils 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +9 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +9 -0
  5. data/Gemfile +4 -0
  6. data/README.md +50 -0
  7. data/Rakefile +6 -0
  8. data/bin/console +14 -0
  9. data/bin/setup +8 -0
  10. data/lib/micro_service/signed_request/utils.rb +86 -0
  11. data/lib/micro_service/signed_request/utils/version.rb +7 -0
  12. data/micro_service-signed_request-utils.gemspec +27 -0
  13. metadata +111 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 36caeceb65c31ee0762b8456ccbf3ad0d14437ed
4
+ data.tar.gz: c504135e8a5c0e3cb303073486ab7ff2eb7f1c25
5
+ SHA512:
6
+ metadata.gz: b939695c792771c96f7b65d28ecb0caf3ed72695ffbb9578927a8b0d4a22996721f8285742da15b2170bbef18424255de7762748bed7b6f4ff7f2f1a0f3fce53
7
+ data.tar.gz: a84e74e1eb026e22d461bf2b18154dd8bef7efabb23a80b1a1c4099d3384374862cf6822abcfce8de9db7e03b2f1ffe0ab04c7f48d4a56446dc481acfaf730f4
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,9 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.0
4
+ - 2.1.1
5
+ - 2.0.0
6
+ - 1.9.3
7
+ before_install: gem install bundler -v 1.11.2
8
+ script:
9
+ - bundle exec rspec
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in micro_service-signed_request-utils.gemspec
4
+ gemspec
data/README.md ADDED
@@ -0,0 +1,50 @@
1
+ [![Gem Version](https://badge.fury.io/rb/micro_service-signed_request-utils.svg)](http://badge.fury.io/rb/micro_service-signed_request-utils)
2
+ [![Build Status](https://travis-ci.org/butchmarshall/micro_service-signed_request-utils.svg?branch=master)](https://travis-ci.org/butchmarshall/micro_service-signed_request-utils)
3
+
4
+ # MicroService::SignedRequest::Utils
5
+
6
+ Utility functions to sign and validate signed request headers
7
+
8
+ ## Installation
9
+
10
+ Add this line to your application's Gemfile:
11
+
12
+ ```ruby
13
+ gem 'micro_service-signed_request-utils'
14
+ ```
15
+
16
+ And then execute:
17
+
18
+ $ bundle
19
+
20
+ Or install it yourself as:
21
+
22
+ $ gem install micro_service-signed_request-utils
23
+
24
+ ## Usage
25
+
26
+ To check if an authentication header is valid
27
+
28
+ ```ruby
29
+ require 'micro_service/signed_request/utils'
30
+
31
+ MicroService::SignedRequest::Utils.authenticate("SignedRequest algorithm=...", "8bd2952b851747e8f2c937b340fed6e1.s")
32
+ ```
33
+
34
+ To create a signature (not really useful except for unit testing)
35
+
36
+ ```ruby
37
+ require 'micro_service/signed_request/utils'
38
+
39
+ timestamp = Time.now.to_i*1000
40
+ str = "algorithm=HmacSHA256&client_id=682a638ba74a4ff5fa6afa344b163e03.i&url=https%3A%2F%asdf%3A8443&tenant_id=b22e3911-28ef-480c-ae3b-ca791ba86952&timestamp=#{timestamp}";
41
+ secret = "8bd2952b851747e8f2c937b340fed6e1.s";
42
+ algorithm = "sha256";
43
+
44
+ MicroService::SignedRequest::Utils.sign(str, secret, algorithm)
45
+ ```
46
+
47
+ ## Contributing
48
+
49
+ Bug reports and pull requests are welcome on GitHub at https://github.com/butchmarshall/micro_service-signed_request-utils.
50
+
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "micro_service/signed_request/utils"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/lib/micro_service/signed_request/utils.rb ADDED
@@ -0,0 +1,86 @@
1
+ require "micro_service/signed_request/utils/version"
2
+ require "base64"
3
+ require "openssl"
4
+ require "cgi"
5
+ require "cgi/query_string"
6
+ require "time"
7
+
8
+ module MicroService # :nodoc:
9
+ module SignedRequest # :nodoc:
10
+ module Utils # :nodoc:
11
+ module_function
12
+
13
+ # Sign a string with a secret
14
+ #
15
+ # Sign a string with a secret and get the signature
16
+ #
17
+ # * *Args* :
18
+ # - +string+ -> the string to sign
19
+ # - +secret+ -> the secret to use
20
+ # * *Returns* :
21
+ # - the signature
22
+ # * *Raises* :
23
+ # - +ArgumentError+ -> if no algorithm passed and algorithm could not be derived from the string
24
+ #
25
+ def sign(string, secret, algorithm = nil)
26
+ plain = ::Base64.decode64(secret.gsub(/\.s$/,''))
27
+
28
+ # if no override algorithm passed try and extract from string
29
+ if algorithm.nil?
30
+ paramMap = ::CGI.parse string
31
+
32
+ if !paramMap.has_key?("algorithm")
33
+ raise ArgumentError, "missing algorithm"
34
+ end
35
+
36
+ algorithm = paramMap["algorithm"].first.gsub(/^hmac/i,'')
37
+ end
38
+
39
+ hmac = ::OpenSSL::HMAC.digest(algorithm, plain, string)
40
+ Base64::encode64(hmac).gsub(/\n$/,'')
41
+ end
42
+
43
+ # Validates an authorization header
44
+ #
45
+ # Validates that an authorization header sent by a signed request microservice
46
+ #
47
+ # * *Args* :
48
+ # - +authorization_header+ -> the entire Authorization header sent
49
+ # - +client_secret+ -> the client secret to authenticate the header with
50
+ # * *Returns* :
51
+ # - the signature
52
+ # * *Raises* :
53
+ # - +ArgumentError+ -> if the authorization_header does not contain header_prefix
54
+ # - +ArgumentError+ -> if the heauthorization_header does not contain all the required parameters
55
+ # - +ArgumentError+ -> if the heauthorization_header has expired (more than 5 minutes old)
56
+ #
57
+ def validate(authorization_header, client_secret, header_prefix = "SignedRequest")
58
+ # Validate header_prefix part of header
59
+ if !authorization_header.match(/^#{header_prefix}/)
60
+ raise ArgumentError, "authorization header is not properly formatted, must start with #{header_prefix}"
61
+ end
62
+
63
+ paramMap = ::CGI.parse authorization_header.gsub(/^#{header_prefix}\s/,'')
64
+
65
+ # Validate all parameters are passed from header
66
+ if !paramMap.has_key?("algorithm") ||
67
+ !paramMap.has_key?("client_id") ||
68
+ !paramMap.has_key?("service_url") ||
69
+ !paramMap.has_key?("timestamp") ||
70
+ !paramMap.has_key?("signature")
71
+ raise ArgumentError, "authorization header is partial"
72
+ end
73
+
74
+ # Validate timestamp is still valid
75
+ timestamp = Time.at(paramMap["timestamp"].first.to_i/1000)
76
+ secondsPassed = Time.now - timestamp
77
+
78
+ if secondsPassed < 0 || secondsPassed > (5*60)
79
+ raise ArgumentError, "authorization is rejected since it's #{ secondsPassed } seconds old (max. allowed is 5 minutes)"
80
+ end
81
+
82
+ self.sign(authorization_header.gsub(/^#{header_prefix}\s/,'').gsub(/\&signature[^$]+/,''), client_secret) === paramMap["signature"].first
83
+ end
84
+ end
85
+ end
86
+ end
data/lib/micro_service/signed_request/utils/version.rb ADDED
@@ -0,0 +1,7 @@
1
+ module MicroService
2
+ module SignedRequest
3
+ module Utils
4
+ VERSION = "0.0.1"
5
+ end
6
+ end
7
+ end
data/micro_service-signed_request-utils.gemspec ADDED
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'micro_service/signed_request/utils/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "micro_service-signed_request-utils"
8
+ spec.version = MicroService::SignedRequest::Utils::VERSION
9
+ spec.authors = ["Butch Marshall"]
10
+ spec.email = ["butch.a.marshall@gmail.com"]
11
+
12
+ spec.summary = "Utility functions for handling signed requests in the Microservice gem"
13
+ spec.description = "Utility functions for handling signed requests in the Microservice gem"
14
+ spec.homepage = "https://github.com/butchmarshall/ruby-microservice-signed_request-utils"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
+ spec.bindir = "exe"
19
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
+ spec.require_paths = ["lib"]
21
+
22
+ spec.add_dependency "cgi-query_string", "~> 0.1.0"
23
+
24
+ spec.add_development_dependency "bundler", ">= 1"
25
+ spec.add_development_dependency "rake", "~> 10.0"
26
+ spec.add_development_dependency "rspec"
27
+ end
metadata ADDED
@@ -0,0 +1,111 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: micro_service-signed_request-utils
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Butch Marshall
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2016-04-17 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: cgi-query_string
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 0.1.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 0.1.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '1'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '1'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: Utility functions for handling signed requests in the Microservice gem
70
+ email:
71
+ - butch.a.marshall@gmail.com
72
+ executables: []
73
+ extensions: []
74
+ extra_rdoc_files: []
75
+ files:
76
+ - ".gitignore"
77
+ - ".rspec"
78
+ - ".travis.yml"
79
+ - Gemfile
80
+ - README.md
81
+ - Rakefile
82
+ - bin/console
83
+ - bin/setup
84
+ - lib/micro_service/signed_request/utils.rb
85
+ - lib/micro_service/signed_request/utils/version.rb
86
+ - micro_service-signed_request-utils.gemspec
87
+ homepage: https://github.com/butchmarshall/ruby-microservice-signed_request-utils
88
+ licenses:
89
+ - MIT
90
+ metadata: {}
91
+ post_install_message:
92
+ rdoc_options: []
93
+ require_paths:
94
+ - lib
95
+ required_ruby_version: !ruby/object:Gem::Requirement
96
+ requirements:
97
+ - - ">="
98
+ - !ruby/object:Gem::Version
99
+ version: '0'
100
+ required_rubygems_version: !ruby/object:Gem::Requirement
101
+ requirements:
102
+ - - ">="
103
+ - !ruby/object:Gem::Version
104
+ version: '0'
105
+ requirements: []
106
+ rubyforge_project:
107
+ rubygems_version: 2.4.6
108
+ signing_key:
109
+ specification_version: 4
110
+ summary: Utility functions for handling signed requests in the Microservice gem
111
+ test_files: []