notarize 1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/LICENSE +22 -0
  2. data/README.md +65 -0
  3. data/lib/notarize/version.rb +3 -0
  4. data/lib/notarize.rb +49 -0
  5. metadata +82 -0
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Aaron Klaassen
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,65 @@
1
+ ## Notarize
2
+
3
+ For basic json web services that don't want just anyone to have access. Generates signature hashes for http requests.
4
+
5
+ ## Installation
6
+
7
+ Add this to your Gemfile:
8
+
9
+ gem 'notarize'
10
+
11
+ And run:
12
+
13
+ $ bundle
14
+
15
+ Or install it with:
16
+
17
+ $ gem install notarize
18
+
19
+
20
+ ## Usage
21
+
22
+ ## As the client
23
+
24
+ include Notarize::Client
25
+
26
+ Implement a #config method that returns a hash with :host, :public_key, and :private_key values for the service you're using. Then just call #send_request with the path and a parameter list.
27
+
28
+ def config
29
+ { host: "http://www.example-service.com/", public_key: "yourname", private_key: "secret" }
30
+ end
31
+
32
+ ...
33
+
34
+ send_request("/example/path/42/", { foo: "Foo", bar: "Bar" })
35
+
36
+ Optionally you can also pass in an alternate HTTP verb for non-GET requests. Accepted values are :get (the default), :post, :put, and :delete.
37
+
38
+ send_request("/example/path/42/", { foo: "Foo", bar: "Bar" }, :post)
39
+
40
+ send_request returns a hash with two values. :body with the parsed json response, and :code with the HTTP status code.
41
+
42
+ ## As the server
43
+
44
+ Notarize provides a generate_signature helper method that takes a hash of the incoming params, and the private key of the client making the request. Result should match the value in the incoming 'signature' parameter. For example, in a before_filter:
45
+
46
+ include Notarize::Helper
47
+
48
+ before_filter :authenticate_request!
49
+ ...
50
+
51
+ def authenticate_request!
52
+ client = ApiClient.where(public_key: params[:public_key]).first # Or however your app works.
53
+
54
+ if generate_signature(params, client.private_key) == params[:signature]
55
+ # It's ok!
56
+ else
57
+ # Get outta town!
58
+ end
59
+ end
60
+
61
+ Notarize doesn't manage your list of authorized clients for you.
62
+
63
+ ## Parties Responsible
64
+
65
+ Author: Aaron Klaassen (aaron@outerspacehero.com)
@@ -0,0 +1,3 @@
1
+ module Notarize
2
+ VERSION = "1.0"
3
+ end
data/lib/notarize.rb ADDED
@@ -0,0 +1,49 @@
1
+ require "notarize/version"
2
+
3
+ module Notarize
4
+
5
+ module Helper
6
+ protected
7
+
8
+ def sorted_query_string(params, reject_sig = true)
9
+ params = params.reject { |k, v| k.to_s == 'signature' } if reject_sig
10
+
11
+ qs = params.keys.sort_by { |k,v| k.to_s }.collect do |key|
12
+ "#{key}=#{params[key]}"
13
+ end.join('&')
14
+ end
15
+
16
+ def generate_signature(params, salt)
17
+ Digest::SHA256.hexdigest(sorted_query_string(params) + salt)
18
+ end
19
+ end
20
+
21
+ module Client
22
+ include Notarize::Helper
23
+
24
+ protected
25
+
26
+ def signed_url(path, params)
27
+ "#{config[:host]}#{path}?#{sorted_query_string(params)}&signature=#{generate_signature(params, config[:private_key])}"
28
+ end
29
+
30
+ def send_request(path, params = {}, method = :get)
31
+ raise ArgumentError.new("Invalid HTTP verb #{method}") if ![:get, :post, :put, :delete].include?(method)
32
+
33
+ params ||= {}
34
+ params.merge!({ public_key: config[:public_key] })
35
+ response = HTTParty.send(method, signed_url(path, params))
36
+
37
+ { body: JSON.parse(response.body), code: response.code }
38
+ end
39
+
40
+ def config
41
+ raise NotImplementedError.new "Notarize#config not implemented."
42
+ # {
43
+ # host: "example.com"
44
+ # public_key: "username"
45
+ # private_key: "secret"
46
+ # }
47
+ end
48
+ end
49
+ end
metadata ADDED
@@ -0,0 +1,82 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: notarize
3
+ version: !ruby/object:Gem::Version
4
+ version: '1.0'
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Aaron Klaassen
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-04-06 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: httparty
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
30
+ - !ruby/object:Gem::Dependency
31
+ name: rspec
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :development
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ description: For basic web services that don't want just anyone to have access. Generates
47
+ signature hashes for http requests.
48
+ email:
49
+ - aaron@outerspacehero.com
50
+ executables: []
51
+ extensions: []
52
+ extra_rdoc_files: []
53
+ files:
54
+ - lib/notarize/version.rb
55
+ - lib/notarize.rb
56
+ - LICENSE
57
+ - README.md
58
+ homepage: http://www.github.com/aaronklaassen/notarize/
59
+ licenses: []
60
+ post_install_message:
61
+ rdoc_options: []
62
+ require_paths:
63
+ - lib
64
+ required_ruby_version: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ! '>='
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ required_rubygems_version: !ruby/object:Gem::Requirement
71
+ none: false
72
+ requirements:
73
+ - - ! '>='
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ requirements: []
77
+ rubyforge_project:
78
+ rubygems_version: 1.8.23
79
+ signing_key:
80
+ specification_version: 3
81
+ summary: A simple library for generating signed http requests.
82
+ test_files: []