mongrel_crypted_download 0.4

data/COPYING

@@ -0,0 +1,19 @@
+Copyright (c) 2008 Andriy Bazyuta
+
+Permission is hereby granted, free of charge, to any person obtaining 
+a copy of this software and associated documentation files (the "Software"), 
+to deal in the Software without restriction, including without limitation 
+the rights to use, copy, modify, merge, publish, distribute, sublicense, 
+and/or sell copies of the Software, and to permit persons to whom the 
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included 
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
+SOFTWARE.

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2008 Andriy Bazyuta
+
+Permission is hereby granted, free of charge, to any person obtaining 
+a copy of this software and associated documentation files (the "Software"), 
+to deal in the Software without restriction, including without limitation 
+the rights to use, copy, modify, merge, publish, distribute, sublicense, 
+and/or sell copies of the Software, and to permit persons to whom the 
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included 
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
+SOFTWARE.

data/README

@@ -0,0 +1,69 @@
+== Mongrel_crypted_download GemPlugin
+IMPORTANT!!
+Required encrypted_strings plugin http://agilewebdevelopment.com/plugins/encrypted_strings
+
+The need to send secured files in a fast and reliable way is common.
+
+Sending a file from inside of a web application can be slow
+and also utilizes an entire application thread/process until the user
+is done downloading the file. Also is crypt path by encrypted_strings plugin http://agilewebdevelopment.com/plugins/encrypted_strings
+
+
+
+<uri-prefix> is a directory that does not exist in the directory structure of the application but does
+exist in the directory structure of the server.
+example: /download_file
+
+<relative-path> is the crypted by encrypted_strings plugin path to the file.
+example: /public/attachments/
+
+<file-name> is the name of file without path.
+
+<timestamp> is the number of seconds since epoch until the time when this download expires
+example (in ruby on rails): 1.minute.from_now.to_i.to_s
+
+<token> is the SHA1 hash of the concatenation of the following items:
+
+
+To use the plugin you need to do the following:
+
+1) setup the handler within a configuration script and pass in the secret string.
+
+example configuration script:
+
+uri "/download_file", :handler => plugin('/handlers/crypteddownload')
+
+2) In your application, form a secured URI by creating the proper parameters and 
+perform an SHA1 hash of the parameters to create the proper token
+
+example code (ruby on rails):
+	
+@track = Track.find(params[:id])
+@attachment = Attachment.find(params[:id])
+
+url = CryptedDownload.generate(@attachment.filename, "/public"+@attachment.public_filename.gsub(/#{@attachment.filename}/, ''), "/download_files", request)
+
+redirect_to url
+
+
+3) Start mongel by passing in the location of the configuration script from step 1 with the -S command 
+line switch
+
+example:
+
+mongrel_rails start -S config/mongrel_crypted_download.conf
+
+
+Error messages
+
+If any of the parameters in the URI or the secret_string are missing
+the handler returns a 500 Application Error.
+
+If the token passed in as a parameter does not match the token generated
+by the handler (if someone tries to guess the token) the handler returns
+a 403 Forbidden error.
+
+If the timestamp is earlier than the current server time, meaning that the file is
+no longer a valid download then the handler returns a 408 Request Time-out Error.
+This error is not technically correct but it makes the most sense in the context of
+the handler.

data/Rakefile

@@ -0,0 +1,38 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/clean'
+require 'rake/gempackagetask'
+require 'rake/rdoctask'
+require 'tools/rakehelp'
+require 'fileutils'
+include FileUtils
+
+setup_tests
+setup_clean ["pkg", "lib/*.bundle", "*.gem", ".config"]
+
+setup_rdoc ['README', 'LICENSE', 'COPYING', 'lib/**/*.rb', 'doc/**/*.rdoc']
+
+desc "Does a full compile, test run"
+task :default => [:test, :package]
+
+version="0.4"
+name="mongrel_crypted_download"
+
+setup_gem(name, version) do |spec|
+  spec.summary = "Mongrel Crypted Download Plugin"
+  spec.description = spec.summary
+  spec.author="Andriy Bazyuta"
+  spec.add_dependency('gem_plugin', '>= 0.2.1')
+  spec.add_dependency('mongrel', '>= 0.3.13')
+  spec.files += Dir.glob("resources/**/*")
+end
+
+
+task :install => [:test, :package] do
+  sh %{sudo gem install pkg/#{name}-#{version}.gem}
+end
+
+task :uninstall => [:clean] do
+  sh %{sudo gem uninstall #{name}}
+end
+

data/lib/mongrel_crypted_download/init.rb

@@ -0,0 +1,62 @@
+require 'gem_plugin'
+require 'mongrel'
+require 'digest/sha1'
+
+class CryptedDownload < GemPlugin::Plugin "/handlers"
+	include Mongrel::HttpHandlerPlugin	
+  
+  def process(request, response)
+    query = Mongrel::HttpRequest.query_parse(request.params['QUERY_STRING'])	
+		cookies  = Mongrel::HttpRequest.query_parse(request.params['HTTP_COOKIE'])
+		secret_string  = cookies.keys.first
+		
+		query['path'] = CGI::unescape(query['path'])
+		
+		if secret_string.nil? or query['token'].nil? or query['timestamp'].nil? or query['path'].nil?
+			response.start(500){}
+		elsif query['timestamp'].to_i < Time.now.to_i
+			response.start(408){}
+		elsif query['token'] == Digest::SHA1.hexdigest("#{secret_string}#{query['path']}#{query['timestamp']}").to_s
+			send_file(File.expand_path("." + query['path'].decrypt(:symmetric, :key => secret_string) + query['file-name']), response)
+		else
+			response.start(403){}
+		end
+  end
+	
+	def self.generate(file_name, path, uri_prefix, request)
+	   secret_string  = request.cookies.keys.first
+	   
+	   path = path.encrypt(:symmetric, :key => secret_string)
+     timestamp = 1.minute.from_now.to_i.to_s
+     token = Digest::SHA1.hexdigest(secret_string + path + timestamp)
+     path = CGI::escape(path)
+     
+     return "#{uri_prefix}/?token=#{token}&path=#{path}&file-name=#{file_name}&timestamp=#{timestamp}"
+      
+  end
+
+  
+		
+	private
+	  
+		# Sends the contents of a file back to the user.
+		def send_file(path, response)
+			# first we setup the headers and status then we do a very fast send on the socket directly
+			file_status = File.stat(path)
+	
+			response.status = 200
+			# Set the last modified times as well and etag for all files
+			response.header[Mongrel::Const::LAST_MODIFIED] = file_status.mtime.httpdate
+			# Calculated the same as apache, not sure how well the works on win32
+			response.header[Mongrel::Const::ETAG] = Mongrel::Const::ETAG_FORMAT % [file_status.mtime.to_i, file_status.size, file_status.ino]
+			#set the content type to something generic for now
+			response.header[Mongrel::Const::CONTENT_TYPE] = @default_content_type
+			#set the content disposition and filename
+			response.header['Content-Disposition'] = "attachment; filename=\"#{File.basename(path)}\""
+	
+			# send a status with out content length
+			response.send_status(file_status.size)
+			response.send_header
+	    response.send_file(path)
+	 end
+end

data/resources/defaults.yaml

@@ -0,0 +1,2 @@
+--- 
+:debug: false

data/tools/rakehelp.rb

@@ -0,0 +1,105 @@
+
+def make(makedir)
+    Dir.chdir(makedir) do
+        sh(PLATFORM =~ /win32/ ? 'nmake' : 'make')
+    end
+end
+
+
+def extconf(dir)
+    Dir.chdir(dir) do ruby "extconf.rb" end
+end
+
+
+def setup_tests
+    Rake::TestTask.new do |t|
+        t.libs << "test"
+        t.test_files = FileList['test/test*.rb']
+        t.verbose = true
+    end
+end
+
+
+def setup_clean otherfiles
+    files = ['build/*', '**/*.o', '**/*.so', '**/*.a', 'lib/*-*', '**/*.log'] + otherfiles
+    CLEAN.include(files)
+end
+
+
+def setup_rdoc files
+    Rake::RDocTask.new do |rdoc|
+        rdoc.rdoc_dir = 'doc/rdoc'
+        rdoc.options << '--line-numbers'
+        rdoc.rdoc_files.add(files)
+    end
+end
+
+
+def setup_extension(dir, extension)
+    ext = "ext/#{dir}"
+    ext_so = "#{ext}/#{extension}.#{Config::CONFIG['DLEXT']}"
+    ext_files = FileList[
+    "#{ext}/*.c",
+    "#{ext}/*.h",
+    "#{ext}/extconf.rb",
+    "#{ext}/Makefile",
+    "lib"
+    ] 
+    
+    task "lib" do
+        directory "lib"
+    end
+
+    desc "Builds just the #{extension} extension"
+    task extension.to_sym => ["#{ext}/Makefile", ext_so ]
+
+    file "#{ext}/Makefile" => ["#{ext}/extconf.rb"] do
+        extconf "#{ext}"
+    end
+
+    file ext_so => ext_files do
+        make "#{ext}"
+        cp ext_so, "lib"
+    end
+end
+
+
+def base_gem_spec(pkg_name, pkg_version)
+  pkg_version = pkg_version
+  pkg_name    = pkg_name
+  pkg_file_name = "#{pkg_name}-#{pkg_version}"
+  Gem::Specification.new do |s|
+    s.name = pkg_name
+    s.version = pkg_version
+    s.platform = Gem::Platform::RUBY
+    s.has_rdoc = true
+    s.extra_rdoc_files = [ "README" ]
+    
+    s.files = %w(COPYING LICENSE README Rakefile) +
+      Dir.glob("{bin,doc/rdoc,test,lib}/**/*") + 
+      Dir.glob("ext/**/*.{h,c,rb}") +
+      Dir.glob("examples/**/*.rb") +
+      Dir.glob("tools/*.rb")
+    
+    s.require_path = "lib"
+    s.extensions = FileList["ext/**/extconf.rb"].to_a
+    s.bindir = "bin"
+  end
+end
+
+def setup_gem(pkg_name, pkg_version)
+  spec = base_gem_spec(pkg_name, pkg_version)
+  yield spec if block_given?
+    
+  Rake::GemPackageTask.new(spec) do |p|
+    p.gem_spec = spec
+    p.need_tar = true
+  end
+end
+
+def setup_win32_gem(pkg_name, pkg_version)
+  spec = base_gem_spec(pkg_name, pkg_version)
+  yield spec if block_given?
+
+  Gem::Builder.new(spec).build
+end

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification 
+name: mongrel_crypted_download
+version: !ruby/object:Gem::Version 
+  version: "0.4"
+platform: ruby
+authors: 
+- Andriy Bazyuta
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2008-06-19 00:00:00 +03:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: gem_plugin
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.2.1
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: mongrel
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.3.13
+    version: 
+description: Mongrel Crypted Download Plugin
+email: 
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+files: 
+- COPYING
+- LICENSE
+- README
+- Rakefile
+- lib/mongrel_crypted_download
+- lib/mongrel_crypted_download/init.rb
+- tools/rakehelp.rb
+- resources/defaults.yaml
+has_rdoc: true
+homepage: 
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 0.9.5
+signing_key: 
+specification_version: 2
+summary: Mongrel Crypted Download Plugin
+test_files: []
+