nexmo_rack 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: af7837e8eb97283dd4b51c9d837a35756567ef6ae98ca0c1468598cc3e12a967
+  data.tar.gz: 51c6f8f57108cbb6904bc99802f16995a6760b3619a60e9d43348eed1cb553ea
+SHA512:
+  metadata.gz: 90bc63db59d70e2cdd7496a584a14f0e1774565c0449e95e0fa5e46f108dfc52c6426c8bb87fbfbf38256d1788262230fecaf9cb0f355846c47e0f90ef1496d3
+  data.tar.gz: e091ffaa0f43123753cc709932a5831b5d24b4926b52de0ac6799293e27abe9176bf1e743163b81a49ce5ccc3a09aab95e0fae6eba49c2c1e0a8ced3dcbc5264

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Nexmo Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,79 @@
+# Nexmo Rack Middleware
+
+This repo contains Rack middleware that can be used to help integrate Nexmo in to your Rack-based application. It currently contains the following middleware:
+
+* Verify [Nexmo signatures](https://developer.nexmo.com/concepts/guides/signing-messages).
+* Plus more to be added
+
+* [Installation and Usage](#installation-and-usage)
+    * [As a standalone application](#as-a-standalone-application)
+    * [Mounted into a Rails application](#mounted-into-a-rails-application)
+* [Contributing](#contributing)
+* [License](#license)
+
+## Installation and Usage
+
+The verify signature middleware can be used standalone or integrated into a Ruby application. The middleware will return a `403` HTTP status code if the signature is not valid, and will continue the application if it is valid.
+
+### Configuration
+
+You'll need to provide a Nexmo signature secret and signature method using either `ENV` variables or the Rails credentials system.
+
+`.env` example:
+
+```
+NEXMO_SIGNATURE_SECRET = 'your_secret_key'
+NEXMO_SIGNATURE_METHOD = 'md5hash'
+```
+
+Alternatively, you can specify them in the Rails credentials system
+
+```
+EDITOR="code --wait" rails credentials:edit
+```
+
+You can replace the EDITOR variable with your preferred editor. Once the credentials file is open, you are able to add the Nexmo credentials with the following namespacing:
+
+```yaml
+nexmo:
+    signature_secret: your_secret_key
+    signature_method: md5hash
+```
+
+Finally, this middleware will ignore any requests that do not contain a `sig` key. To enforce all requests to be validated, set `NEXMO_SIGNATURE_REQUIRED` to `true` in the environment.
+
+### As a standalone application
+
+Install the gem on your system:
+
+``` shell
+$ gem install nexmo_rack
+```
+
+Then require it from within your `config.ru` Rack configuration:
+
+``` ruby
+use Nexmo::Rack::VerifySignature
+```
+
+An example [config.ru](examples/config.ru.example) can be found in the examples folder. More information on getting up and running with Rack can be found at the [Rack GitHub repository](https://github.com/rack/rack/wiki/(tutorial)-rackup-howto#with-a-ru-config-file).
+
+### Mounted into a Rails Application
+
+Require it in your `Gemfile`:
+
+```ruby
+gem nexmo_rack
+```
+
+And then add the middleware to your `config/application.rb` file to initialize it with your application:
+
+```ruby
+config.middleware.use Nexmo::Rack::VerifySignature
+```
+
+## Contributing
+We ❤️ contributions from everyone! [Bug reports](https://github.com/Nexmo/nexmo_rack/issues), [bug fixes](https://github.com/Nexmo/nexmo_rack/pulls) and feedback on the library is always appreciated. Look at the [Contributor Guidelines](https://github.com/Nexmo/nexmo_rack/blob/master/CONTRIBUTING.md) for more information.
+
+## License
+This project is under the [MIT LICENSE](https://github.com/Nexmo/nexmo_rack/blob/master/LICENSE).

data/lib/nexmo_rack.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'nexmo'
+require 'rack'
+require_relative './nexmo_rack/verify_signature'

data/lib/nexmo_rack/verify_signature.rb

@@ -0,0 +1,57 @@
+# Verify Nexmo Signatures
+module Nexmo
+  module Rack
+    class VerifySignature
+      def initialize(app)
+        @app = app
+        @nexmo = Nexmo::Client.new(
+          signature_secret: signature_secret,
+          signature_method: signature_method
+        )
+      end
+
+      def call(env)
+        req = ::Rack::Request.new(env)
+
+        # Duplicate the request params in case nexmo_client.check() modifies them
+        params = req.params.dup
+
+        # If there is no `sig` field, ignore this middleware unless we explicitly
+        # require it to be present
+        unless ENV['NEXMO_SIGNATURE_REQUIRED']
+          return @app.call(env) unless req.params['sig']
+        end
+
+        # Otherwise calculate the signature and check that it matches
+        if req.params['sig'] && @nexmo.signature.check(params)
+          @app.call(env)
+        else
+          [403, {}, ['']]
+        end
+      end
+
+      private
+
+      def signature_secret
+        if ENV['NEXMO_SIGNATURE_SECRET']
+          ENV['NEXMO_SIGNATURE_SECRET']
+        elsif defined?(Rails) && Rails.application.credentials.nexmo
+          Rails.application.credentials.nexmo[:signature_secret]
+        else
+          raise "No signature credentials found for Nexmo::Rack::VerifySignature"
+        end
+      end
+
+      def signature_method
+        if ENV['NEXMO_SIGNATURE_METHOD']
+          ENV['NEXMO_SIGNATURE_METHOD']
+        elsif defined?(Rails) && Rails.application.credentials.nexmo
+          Rails.application.credentials.nexmo[:signature_method]
+        else
+          raise "No signature method found for Nexmo::Rack::VerifySignature"
+        end
+      end
+
+    end
+  end
+end

data/lib/version.rb

@@ -0,0 +1,7 @@
+# :nocov:
+module Nexmo
+  module Rack
+    VERSION = '0.2.0'
+  end
+end
+# :nocov:

metadata

@@ -0,0 +1,130 @@
+--- !ruby/object:Gem::Specification
+name: nexmo_rack
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Nexmo
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-11-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nexmo
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.7
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.15
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.15
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+description: Nexmo related middleware to make it easier to work with Nexmo's webhooks
+email:
+- devrel@nexmo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/nexmo_rack.rb
+- lib/nexmo_rack/verify_signature.rb
+- lib/version.rb
+homepage: https://github.com/Nexmo/nexmo_rack
+licenses:
+- MIT
+metadata:
+  homepage: https://github.com/Nexmo/nexmo_rack
+  source_code_uri: https://github.com/Nexmo/nexmo_rack
+  bug_tracker_uri: https://github.com/Nexmo/nexmo_rack/issues
+  changelog_uri: https://github.com/Nexmo/nexmo_rack/blob/master/CHANGES.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6.2
+signing_key: 
+specification_version: 4
+summary: Nexmo related middleware to make it easier to work with Nexmo's webhooks.
+  To use it you'll need a Nexmo account. Sign up for free at https://www.nexmo.com
+test_files: []