notarize 1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/LICENSE +22 -0
  2. data/README.md +65 -0
  3. data/lib/notarize/version.rb +3 -0
  4. data/lib/notarize.rb +49 -0
  5. metadata +82 -0
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Aaron Klaassen
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,65 @@
1
+ ## Notarize
2
+
3
+ For basic json web services that don't want just anyone to have access. Generates signature hashes for http requests.
4
+
5
+ ## Installation
6
+
7
+ Add this to your Gemfile:
8
+
9
+ gem 'notarize'
10
+
11
+ And run:
12
+
13
+ $ bundle
14
+
15
+ Or install it with:
16
+
17
+ $ gem install notarize
18
+
19
+
20
+ ## Usage
21
+
22
+ ## As the client
23
+
24
+ include Notarize::Client
25
+
26
+ Implement a #config method that returns a hash with :host, :public_key, and :private_key values for the service you're using. Then just call #send_request with the path and a parameter list.
27
+
28
+ def config
29
+ { host: "http://www.example-service.com/", public_key: "yourname", private_key: "secret" }
30
+ end
31
+
32
+ ...
33
+
34
+ send_request("/example/path/42/", { foo: "Foo", bar: "Bar" })
35
+
36
+ Optionally you can also pass in an alternate HTTP verb for non-GET requests. Accepted values are :get (the default), :post, :put, and :delete.
37
+
38
+ send_request("/example/path/42/", { foo: "Foo", bar: "Bar" }, :post)
39
+
40
+ send_request returns a hash with two values. :body with the parsed json response, and :code with the HTTP status code.
41
+
42
+ ## As the server
43
+
44
+ Notarize provides a generate_signature helper method that takes a hash of the incoming params, and the private key of the client making the request. Result should match the value in the incoming 'signature' parameter. For example, in a before_filter:
45
+
46
+ include Notarize::Helper
47
+
48
+ before_filter :authenticate_request!
49
+ ...
50
+
51
+ def authenticate_request!
52
+ client = ApiClient.where(public_key: params[:public_key]).first # Or however your app works.
53
+
54
+ if generate_signature(params, client.private_key) == params[:signature]
55
+ # It's ok!
56
+ else
57
+ # Get outta town!
58
+ end
59
+ end
60
+
61
+ Notarize doesn't manage your list of authorized clients for you.
62
+
63
+ ## Parties Responsible
64
+
65
+ Author: Aaron Klaassen (aaron@outerspacehero.com)
@@ -0,0 +1,3 @@
1
+ module Notarize
2
+ VERSION = "1.0"
3
+ end
data/lib/notarize.rb ADDED
@@ -0,0 +1,49 @@
1
+ require "notarize/version"
2
+
3
+ module Notarize
4
+
5
+ module Helper
6
+ protected
7
+
8
+ def sorted_query_string(params, reject_sig = true)
9
+ params = params.reject { |k, v| k.to_s == 'signature' } if reject_sig
10
+
11
+ qs = params.keys.sort_by { |k,v| k.to_s }.collect do |key|
12
+ "#{key}=#{params[key]}"
13
+ end.join('&')
14
+ end
15
+
16
+ def generate_signature(params, salt)
17
+ Digest::SHA256.hexdigest(sorted_query_string(params) + salt)
18
+ end
19
+ end
20
+
21
+ module Client
22
+ include Notarize::Helper
23
+
24
+ protected
25
+
26
+ def signed_url(path, params)
27
+ "#{config[:host]}#{path}?#{sorted_query_string(params)}&signature=#{generate_signature(params, config[:private_key])}"
28
+ end
29
+
30
+ def send_request(path, params = {}, method = :get)
31
+ raise ArgumentError.new("Invalid HTTP verb #{method}") if ![:get, :post, :put, :delete].include?(method)
32
+
33
+ params ||= {}
34
+ params.merge!({ public_key: config[:public_key] })
35
+ response = HTTParty.send(method, signed_url(path, params))
36
+
37
+ { body: JSON.parse(response.body), code: response.code }
38
+ end
39
+
40
+ def config
41
+ raise NotImplementedError.new "Notarize#config not implemented."
42
+ # {
43
+ # host: "example.com"
44
+ # public_key: "username"
45
+ # private_key: "secret"
46
+ # }
47
+ end
48
+ end
49
+ end
metadata ADDED
@@ -0,0 +1,82 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: notarize
3
+ version: !ruby/object:Gem::Version
4
+ version: '1.0'
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Aaron Klaassen
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-04-06 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: httparty
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
30
+ - !ruby/object:Gem::Dependency
31
+ name: rspec
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :development
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ description: For basic web services that don't want just anyone to have access. Generates
47
+ signature hashes for http requests.
48
+ email:
49
+ - aaron@outerspacehero.com
50
+ executables: []
51
+ extensions: []
52
+ extra_rdoc_files: []
53
+ files:
54
+ - lib/notarize/version.rb
55
+ - lib/notarize.rb
56
+ - LICENSE
57
+ - README.md
58
+ homepage: http://www.github.com/aaronklaassen/notarize/
59
+ licenses: []
60
+ post_install_message:
61
+ rdoc_options: []
62
+ require_paths:
63
+ - lib
64
+ required_ruby_version: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ! '>='
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ required_rubygems_version: !ruby/object:Gem::Requirement
71
+ none: false
72
+ requirements:
73
+ - - ! '>='
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ requirements: []
77
+ rubyforge_project:
78
+ rubygems_version: 1.8.23
79
+ signing_key:
80
+ specification_version: 3
81
+ summary: A simple library for generating signed http requests.
82
+ test_files: []