mini_uri 0.9.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8bc5b0c532b9e09aa353ddc62aae101d7e428e10
+  data.tar.gz: fdc697dba42b5d81dc18610ee9b5550775d185bb
+SHA512:
+  metadata.gz: 6d89b7cb28b6d63123f6b3fbf46f3f0dde2965359ec786732cca2cc8358d924f66f15866c451417a34ec4732536e0deac5719d11ad930acef9dd49dcecc0161c
+  data.tar.gz: 125c4a8c61eba66749e2d7ada7bad5b3f29519133f5aee8ad6c49e0c748937c2dd45060f3776e61958243fdf25171f69c4c9597b864d38732f427387bb857799

data/.gitignore

@@ -0,0 +1 @@
+Gemfile.lock

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in mini_uri.gemspec
+gemspec

data/License.md

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Alex Pilon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,66 @@
+# MiniUri
+
+Generate short(ish), practically unguessable URI for app models, implemented in Plain Old Ruby. MiniUri uses reflection to create uniquely identifiable URI, so `Foo.new.to_muri` and `Bar.new.to_muri` will be different. Should your app use MiniUri to issue permalinks, the links are no longer valid if the secret changes or, as a result of the reflection if the namespace of your class changes (change module, change class name, etc).
+
+NOTE: MiniUri is meant for a specific use case. It was designed for issuing links to "protected" or "unlisted" resources. Despite a cryptographic review, and the potential for use outside this use case, at this time I recommend it be used strictly for sharing unlisted resources (things that are public, but that you'd rather not have the masses and web crawlers have access to, like a sign-in portal tailored to a user or client). A future goal of this project is to allow for pre-authorized actions, however I will wait to see how the gem fares in the wild first.
+
+Please load your secret to `ENV['MINI_URI_SECRET']`, MiniUri assumes no responsibility for your secret. Please make sure it is securely stored, and generated by a good random number generator. A good secret should be 256 bits in length.
+
+NOTE: many secrets are encoded and stored as hex or base64, it is advised to remove the encoding or else risk diluting the entropy of your secret, for hex you can do the following (ruby 2):
+
+```ruby
+secret = '000E0000000000'
+secret.length
+# => 14
+ENV["MINI_URI_SECRET"] = [secret].pack('H*')
+ENV["MINI_URI_SECRET"].length
+# => 7
+```
+For Base64 use the appropriate method in the Base64 standard library
+
+## Installation
+
+```
+gem install mini_uri
+```
+
+## Usage
+
+Include MiniUri in any of your app's models.
+```ruby
+require 'mini_uri'
+
+class User
+  include MiniUri
+
+  attr_accessor :id
+end
+```
+MiniUri assumes the model class has an integer attribute `:id` since this is the common practice, however you can generate on any integer value you want.
+```ruby
+ENV['MINI_URI_SECRET'] = 'this is a bad secret'
+
+user = User.new
+user.id = 12345
+user.to_muri
+# => "3D7-6xtqryABGqkHNGSieho1Do"
+
+User.new.to_muri(12345)
+# => "3D7-6xtqryABGqkHNGSieho1Do"
+```
+now say you have an endpoint `/user/:mini_uri`, in the corresponding controller you could retrieve the actual id and record
+```ruby
+def show
+  id = User.muri_to_id(params[:mini_uri])
+  if id == nil
+    render_404
+  else
+    @user = User.find(id)
+  end
+end
+```
+
+## Special Thanks
+* [Geoff Longman](https://github.com/glongman)
+* [Carlisle Adams](http://www.site.uottawa.ca/~cadams/)
+* [Everyone at Fullscript](http://fullscript.com/)

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec) do |task|
+  task.rspec_opts = '--color'
+end
+
+task :default => :spec

data/lib/mini_uri.rb

@@ -0,0 +1,50 @@
+# MiniUri
+# Author: Alex Pilon
+# Email: apilo088@gmail.com
+# Security considerations drawn from
+# https://tools.ietf.org/html/rfc2104
+# https://tools.ietf.org/html/rfc4868
+# https://tools.ietf.org/html/rfc6234
+
+require 'openssl'
+require 'base62'
+
+module MiniUri
+
+  DELIMITER = '-'
+  HMAC_SIZE = 16 # bytes
+  DIGEST = OpenSSL::Digest.new('sha256')
+
+  attr_reader :id
+
+  def MiniUri.included(klass)
+    klass.extend(ClassMethods)
+  end
+
+  def MiniUri.hmac(message, secret, n = HMAC_SIZE)
+    raise ArgumentError, "truncated hmacs should not be less than 10 bytes" if n > 32 || n < 10
+    # generate a 256 bit (32 byte) hmac, then truncate it to n bytes
+    hmac_truncated = OpenSSL::HMAC.digest(DIGEST, secret, message)[0, n]
+    # convert raw bytes to hex string (which doubles the size because of 2's complement)
+    # then convert to an integer, to be encoded finally to a base62 string
+    Digest::hexencode(hmac_truncated).hex.base62_encode
+  end
+
+  def to_muri(int_id = id)
+    raise ArgumentError, "id should be an Integer" unless int_id.is_a?(Integer)
+    encoded_id = int_id.base62_encode
+    encoded_id + DELIMITER + MiniUri.hmac(self.class.name + encoded_id, ENV["MINI_URI_SECRET"])
+  end
+
+  module ClassMethods
+    def muri_to_id(mini_uri)
+      raise ArgumentError, "mini_uri should be a String" unless mini_uri.is_a?(String)
+      args = mini_uri.strip.split(DELIMITER)
+      return nil if args.length != 2
+      encoded_id, expected_hmac = args
+      if expected_hmac == MiniUri.hmac(self.name + encoded_id, ENV["MINI_URI_SECRET"])
+        encoded_id.base62_decode
+      end
+    end
+  end
+end

data/mini_uri.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = "mini_uri"
+  spec.version       = "0.9.1"
+  spec.authors       = ["Alex Pilon"]
+  spec.email         = ["apilo088@gmail.com"]
+
+  spec.summary       = "Generate short, uncrawlable URI"
+  spec.description   = "Generate short, uncrawlable URI"
+  spec.homepage      = "https://github.com/MadMub/mini-uri"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.12"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_dependency "base62", "~> 1.0"
+end

metadata

@@ -0,0 +1,106 @@
+--- !ruby/object:Gem::Specification
+name: mini_uri
+version: !ruby/object:Gem::Version
+  version: 0.9.1
+platform: ruby
+authors:
+- Alex Pilon
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-08-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: base62
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: Generate short, uncrawlable URI
+email:
+- apilo088@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- License.md
+- README.md
+- Rakefile
+- lib/mini_uri.rb
+- mini_uri.gemspec
+homepage: https://github.com/MadMub/mini-uri
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.3
+signing_key: 
+specification_version: 4
+summary: Generate short, uncrawlable URI
+test_files: []