notarize 1.0 → 1.1

data/README.md

@@ -21,45 +21,38 @@ Or install it with:
 
 ## As the client
 
-    include Notarize::Client
+Just instantiate a Notary object with your service config and call #send_request with the path and a parameter list.
 
-Implement a #config method that returns a hash with :host, :public_key, and :private_key values for the service you're using. Then just call #send_request with the path and a parameter list.
-
-    def config
-      { host: "http://www.example-service.com/", public_key: "yourname", private_key: "secret" }
-    end
-
-    ...
-
-    send_request("/example/path/42/", { foo: "Foo", bar: "Bar" })
+    notary = Notarize::Notary.new("http://www.example.com", "public_key", "private_key")    
+    notary.send_request("/example/path/42/", { foo: "Foo", bar: "Bar" })
 
 Optionally you can also pass in an alternate HTTP verb for non-GET requests. Accepted values are :get (the default), :post, :put, and :delete.
 
-    send_request("/example/path/42/", { foo: "Foo", bar: "Bar" }, :post)
+    response = notary.send_request("/example/path/42/", { foo: "Foo", bar: "Bar" }, :post)
 
 send_request returns a hash with two values. :body with the parsed json response, and :code with the HTTP status code.
 
 ## As the server
 
-Notarize provides a generate_signature helper method that takes a hash of the incoming params, and the private key of the client making the request. Result should match the value in the incoming 'signature' parameter. For example, in a before_filter:
+Notarize provides a matching_signature? class method that takes a hash of the incoming params, and the private key of the client making the request. The result is checked against params[:signature].
 
-    include Notarize::Helper
-    
     before_filter :authenticate_request!
     ...
 
     def authenticate_request!
       client = ApiClient.where(public_key: params[:public_key]).first # Or however your app works.
 
-      if generate_signature(params, client.private_key) == params[:signature]
+      if Notarize::Notary.matching_signature?(params, client.private_key)
         # It's ok!
       else
         # Get outta town!
       end
     end
 
-Notarize doesn't manage your list of authorized clients for you.
+This ApiClient object is just an example; Notarize doesn't manage your list of authorized clients for you.
 
 ## Parties Responsible
 
-Author: Aaron Klaassen (aaron@outerspacehero.com)
+Aaron Klaassen
+aaron@outerspacehero.com
+http://www.outerspacehero.com/

data/lib/notarize/version.rb

@@ -1,3 +1,3 @@
 module Notarize
-  VERSION = "1.0"
+  VERSION = "1.1"
 end

data/lib/notarize.rb

@@ -2,48 +2,50 @@ require "notarize/version"
 
 module Notarize
 
-  module Helper
-    protected
+  class Notary
 
-    def sorted_query_string(params, reject_sig = true)
-      params = params.reject { |k, v| k.to_s == 'signature' } if reject_sig
-
-      qs = params.keys.sort_by { |k,v| k.to_s }.collect do |key|
-        "#{key}=#{params[key]}"
-      end.join('&')
-    end
-
-    def generate_signature(params, salt)
-      Digest::SHA256.hexdigest(sorted_query_string(params) + salt)
-    end
-  end
-
-  module Client
-    include Notarize::Helper  
-
-    protected
-
-    def signed_url(path, params)
-      "#{config[:host]}#{path}?#{sorted_query_string(params)}&signature=#{generate_signature(params, config[:private_key])}"
+    def initialize(host, public_key, private_key)
+      @host = host
+      @public_key = public_key
+      @private_key = private_key
     end
 
     def send_request(path, params = {}, method = :get)
       raise ArgumentError.new("Invalid HTTP verb #{method}") if ![:get, :post, :put, :delete].include?(method)
 
       params ||= {}
-      params.merge!({ public_key: config[:public_key] })
+      params.merge!({ public_key: @public_key })
       response = HTTParty.send(method, signed_url(path, params))
 
       { body: JSON.parse(response.body), code: response.code }
     end
 
-    def config
-      raise NotImplementedError.new "Notarize#config not implemented."
-      # {
-      #   host:        "example.com"
-      #   public_key:  "username"
-      #   private_key: "secret"
-      # }
+    def signed_url(path, params)
+      sorted_params = Notarize::Notary.sorted_query_string(params)
+      sig = Notarize::Notary.generate_signature(params, @private_key)
+      "#{@host}#{path}?#{sorted_params}&signature=#{sig}"
     end
+
+    class << self
+      def generate_signature(params, salt)
+        Digest::SHA256.hexdigest(Notarize::Notary.sorted_query_string(params) + salt)
+      end
+
+      def sorted_query_string(params, reject_sig = true)
+        params = params.reject { |k, v| k.to_s == 'signature' } if reject_sig
+
+        qs = params.keys.sort_by { |k,v| k.to_s }.collect do |key|
+          "#{key}=#{params[key]}"
+        end.join('&')
+      end
+
+      # For the service-side
+      def matching_signature?(params, private_key)
+        generate_signature(params, private_key) == params[:signature]
+      end
+
+    end
+
   end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: notarize
 version: !ruby/object:Gem::Version
-  version: '1.0'
+  version: '1.1'
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-06 00:00:00.000000000 Z
+date: 2013-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -75,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: A simple library for generating signed http requests.