queue_it 1.1.2 → 1.1.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +17 -0
- data/lib/queue_it.rb +1 -1
- data/lib/queue_it/api/client.rb +2 -2
- data/lib/queue_it/api/event.rb +7 -7
- data/lib/queue_it/extract_queue_number.rb +45 -0
- data/lib/queue_it/queueable.rb +16 -10
- data/lib/queue_it/url_builder.rb +2 -2
- data/lib/queue_it/version.rb +1 -1
- data/queue_it.gemspec +2 -2
- data/spec/queue_it/api/event_spec.rb +4 -4
- data/spec/queue_it/extract_queue_number_spec.rb +62 -0
- metadata +22 -9
- data/lib/queue_it/known_user_checker.rb +0 -60
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: c485ac9dd1277900f3ed127d294b5d54afcb27d3d79f80cd7fe54c668079c28f
|
4
|
+
data.tar.gz: 407a76048056f086591bd4fcd3088acb94f94be010f50937b0a645248258d497
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 26ccccd935d7770cddfc276e3944be5664362969187b1967db1b9a239bedbd7f69e0f44bb021a8d4c40a826262b7545908ff3606eca47b5347184044e433af4b
|
7
|
+
data.tar.gz: 54df44820c6b12d1a9469f4187f8204dee202f898cf47ef60935aee262ad09fba40cb58937d65f27d6ffe92108adb6ea8371c0d2e5ce05249ee98b852df496d6
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,20 @@
|
|
1
|
+
### 1.1.6 - 2017-03-15
|
2
|
+
|
3
|
+
* Now by default, during creation event, we support using redirect urls
|
4
|
+
* Added possibility to pass redirect url for queue it
|
5
|
+
|
6
|
+
### 1.1.5 - 2016-06-02
|
7
|
+
|
8
|
+
* Remove warning about circular argument reference - api_key in Ruby 2.3.1
|
9
|
+
|
10
|
+
### 1.1.4 - 2016-04-06
|
11
|
+
|
12
|
+
* Solve gem publishing issue - no changes comparing to 1.1.3
|
13
|
+
|
14
|
+
### 1.1.3 - 2016-04-06
|
15
|
+
|
16
|
+
* do not rely on ActionDispatch::Resuest::Session API that was removed in Rails 4.2
|
17
|
+
|
1
18
|
### 1.1.2 - 2015-05-19
|
2
19
|
|
3
20
|
* More time zone mappings.
|
data/lib/queue_it.rb
CHANGED
data/lib/queue_it/api/client.rb
CHANGED
@@ -8,9 +8,9 @@ module QueueIt
|
|
8
8
|
module Api
|
9
9
|
class Client
|
10
10
|
JSON_FORMAT = "application/json".freeze
|
11
|
-
ENDPOINT_URL = URI("https://api2.queue-it.net/
|
11
|
+
ENDPOINT_URL = URI("https://api2.queue-it.net/2_0/event").freeze
|
12
12
|
|
13
|
-
def initialize(api_key:
|
13
|
+
def initialize(api_key: nil, debug: false)
|
14
14
|
self.api_key = api_key
|
15
15
|
self.debug = debug
|
16
16
|
end
|
data/lib/queue_it/api/event.rb
CHANGED
@@ -48,23 +48,23 @@ module QueueIt
|
|
48
48
|
MICROSOFT_TIME_ZONE_INDEX_VALUES = {
|
49
49
|
"Europe/Helsinki" => "FLE Standard Time",
|
50
50
|
"Helsinki" => "FLE Standard Time",
|
51
|
-
|
51
|
+
|
52
52
|
"Europe/London" => "GMT Standard Time",
|
53
53
|
"London" => "GMT Standard Time",
|
54
54
|
"Edinburgh" => "GMT Standard Time",
|
55
|
-
|
55
|
+
|
56
56
|
"Europe/Dublin" => "GMT Standard Time",
|
57
57
|
"Dublin" => "GMT Standard Time",
|
58
|
-
|
58
|
+
|
59
59
|
"Europe/Copenhagen" => "Romance Standard Time",
|
60
60
|
"Copenhagen" => "Romance Standard Time",
|
61
|
-
|
61
|
+
|
62
62
|
"Europe/Paris" => "Romance Standard Time",
|
63
63
|
"Paris" => "Romance Standard Time",
|
64
|
-
|
64
|
+
|
65
65
|
"Europe/Stockholm" => "W. Europe Standard Time",
|
66
66
|
"Stockholm" => "W. Europe Standard Time",
|
67
|
-
|
67
|
+
|
68
68
|
"Europe/Rome" => "W. Europe Standard Time",
|
69
69
|
"Rome" => "W. Europe Standard Time",
|
70
70
|
}.freeze
|
@@ -113,7 +113,7 @@ module QueueIt
|
|
113
113
|
"AfterEventRedirectPage" => "",
|
114
114
|
"UseSSL" => "Auto",
|
115
115
|
"JavaScriptSupportEnabled" => "False",
|
116
|
-
"TargetUrlSupportEnabled" => "
|
116
|
+
"TargetUrlSupportEnabled" => "True",
|
117
117
|
"SafetyNetMode" => "Disabled",
|
118
118
|
"KnowUserSecurity" => "MD5Hash",
|
119
119
|
"KnowUserSecretKey" => know_user_secret_key,
|
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'digest/md5'
|
2
|
+
|
3
|
+
module QueueIt
|
4
|
+
class ExtractQueueNumber
|
5
|
+
def call(secret_key:, request_url:, request_params:)
|
6
|
+
encrypted_place_in_queue = request_params['p']
|
7
|
+
expected_hash = request_params['h']
|
8
|
+
|
9
|
+
raise QueueIt::MissingArgsGiven.new if queue_it_params_missing?(request_params)
|
10
|
+
|
11
|
+
if verify_md5_hash?(request_url, expected_hash, secret_key)
|
12
|
+
return decrypted_place_in_queue(encrypted_place_in_queue)
|
13
|
+
else
|
14
|
+
raise QueueIt::NotAuthorized.new
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def queue_it_params_missing?(params)
|
21
|
+
queue_id = params['q'] # A QuID, the user’s queue ID
|
22
|
+
encrypted_place_in_queue = params['p'] # A text, an encrypted version of the user’s queue number
|
23
|
+
expected_hash = params['h'] # An integer calculated hash
|
24
|
+
timestamp = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
|
25
|
+
|
26
|
+
[queue_id, encrypted_place_in_queue, timestamp, expected_hash].any?(&:nil?)
|
27
|
+
end
|
28
|
+
|
29
|
+
# uses one char of each string at a given starting point
|
30
|
+
# given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
|
31
|
+
def decrypted_place_in_queue(encrypted_place_in_queue)
|
32
|
+
return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
|
33
|
+
encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
|
34
|
+
encrypted_place_in_queue[ 9..9 ]
|
35
|
+
end
|
36
|
+
|
37
|
+
# TODO add timestamp check
|
38
|
+
def verify_md5_hash?(url, expected_hash, secret_key)
|
39
|
+
url_no_hash = "#{url[ 0..-33 ]}#{secret_key}"
|
40
|
+
actual_hash = Digest::MD5.hexdigest(url_no_hash)
|
41
|
+
|
42
|
+
return (expected_hash == actual_hash)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
data/lib/queue_it/queueable.rb
CHANGED
@@ -1,14 +1,17 @@
|
|
1
|
+
require 'queue_it/url_builder'
|
2
|
+
|
1
3
|
module QueueIt
|
2
4
|
module Queueable
|
3
5
|
extend ActiveSupport::Concern
|
4
6
|
|
5
7
|
included do
|
6
|
-
def protect_with_queue!(known_user_secret_key, event_id, customer_id)
|
8
|
+
def protect_with_queue!(known_user_secret_key, event_id, customer_id, redirect_url: nil)
|
7
9
|
create_or_verify_queue_it_session(known_user_secret_key,
|
8
10
|
event_id,
|
9
11
|
customer_id,
|
10
|
-
request.
|
11
|
-
params
|
12
|
+
request.original_url,
|
13
|
+
params,
|
14
|
+
redirect_url)
|
12
15
|
end
|
13
16
|
|
14
17
|
def queue_it_queue_id(event_id)
|
@@ -17,7 +20,9 @@ module QueueIt
|
|
17
20
|
|
18
21
|
def destroy_all_queue_it_sessions
|
19
22
|
session_variable_prefix = queue_it_session_variable("")
|
20
|
-
session.
|
23
|
+
session.keys.select{ |session_key| session_key.start_with?(session_variable_prefix) }.each do |key|
|
24
|
+
session.delete(key)
|
25
|
+
end
|
21
26
|
end
|
22
27
|
|
23
28
|
def destroy_queue_it_session(event_id)
|
@@ -30,13 +35,16 @@ module QueueIt
|
|
30
35
|
|
31
36
|
private
|
32
37
|
|
33
|
-
def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params)
|
38
|
+
def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params, current_tickets_url)
|
34
39
|
# If there exists a session, we return. This needs to be refactored when we start to look at the timestamp parameter
|
35
40
|
return if session[queue_it_session_variable(event_id)].present?
|
36
41
|
|
37
42
|
begin
|
38
|
-
|
39
|
-
|
43
|
+
queue_number = QueueIt::ExtractQueueNumber.new.(
|
44
|
+
secret_key: secret_key,
|
45
|
+
request_url: request_url,
|
46
|
+
request_params: params)
|
47
|
+
session[queue_it_session_variable(event_id)] = queue_number
|
40
48
|
|
41
49
|
# If the request URL contains queue_it params we remove them and redirect
|
42
50
|
# this is done to mask the params we use to create and verify the queue_it session
|
@@ -44,7 +52,7 @@ module QueueIt
|
|
44
52
|
redirect_to QueueIt::UrlBuilder.clean_url(request_url) and return
|
45
53
|
end
|
46
54
|
rescue QueueIt::MissingArgsGiven
|
47
|
-
queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id)
|
55
|
+
queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id, current_tickets_url)
|
48
56
|
destroy_all_queue_it_sessions
|
49
57
|
render("queue_it/enter_queue", layout: false, locals: { queue_it_url: queue_url }) and return
|
50
58
|
rescue QueueIt::NotAuthorized
|
@@ -53,8 +61,6 @@ module QueueIt
|
|
53
61
|
render("queue_it/cheating_queue", layout: false, locals: { queue_it_url: queue_cancel_url }) and return
|
54
62
|
end
|
55
63
|
end
|
56
|
-
|
57
64
|
end
|
58
|
-
|
59
65
|
end
|
60
66
|
end
|
data/lib/queue_it/url_builder.rb
CHANGED
@@ -2,8 +2,8 @@ require 'addressable/uri'
|
|
2
2
|
|
3
3
|
module QueueIt
|
4
4
|
class UrlBuilder
|
5
|
-
def self.build_queue_url(customer_id, event_id)
|
6
|
-
"http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}"
|
5
|
+
def self.build_queue_url(customer_id, event_id, redirect_url)
|
6
|
+
"http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}&t=#{CGI.escape(redirect_url)}"
|
7
7
|
end
|
8
8
|
|
9
9
|
def self.build_cancel_url(customer_id, event_id, queue_id = nil)
|
data/lib/queue_it/version.rb
CHANGED
data/queue_it.gemspec
CHANGED
@@ -19,8 +19,8 @@ Gem::Specification.new do |spec|
|
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
21
|
spec.add_runtime_dependency "addressable", "~> 2.3"
|
22
|
-
spec.add_runtime_dependency "faraday", "
|
23
|
-
spec.add_runtime_dependency "faraday_middleware", "
|
22
|
+
spec.add_runtime_dependency "faraday", "<= 2.0", ">= 0.9"
|
23
|
+
spec.add_runtime_dependency "faraday_middleware", "<= 2.0", ">= 0.9"
|
24
24
|
|
25
25
|
spec.add_development_dependency "bundler", "~> 1.3"
|
26
26
|
spec.add_development_dependency "rspec", "~> 3.2"
|
@@ -113,7 +113,7 @@ module QueueIt
|
|
113
113
|
|
114
114
|
body = JSON.generate(valid_create_body)
|
115
115
|
|
116
|
-
stub = stub_request(:put, "https://api2.queue-it.net/
|
116
|
+
stub = stub_request(:put, "https://api2.queue-it.net/2_0/event/fancyevent")
|
117
117
|
.with(body: body, headers: headers)
|
118
118
|
|
119
119
|
event_adapter.create_or_update(event_id: event_id,
|
@@ -148,7 +148,7 @@ module QueueIt
|
|
148
148
|
"AfterEventRedirectPage" => "",
|
149
149
|
"UseSSL" => "Auto",
|
150
150
|
"JavaScriptSupportEnabled" => "False",
|
151
|
-
"TargetUrlSupportEnabled" => "
|
151
|
+
"TargetUrlSupportEnabled" => "True",
|
152
152
|
"SafetyNetMode" => "Disabled",
|
153
153
|
"KnowUserSecurity" => "MD5Hash",
|
154
154
|
"KnowUserSecretKey" => know_user_secret_key,
|
@@ -171,7 +171,7 @@ module QueueIt
|
|
171
171
|
specify "Proper speed value is set" do
|
172
172
|
body = { "MaxRedirectsPerMinute" => "15" }
|
173
173
|
|
174
|
-
stub = stub_request(:put, "https://api2.queue-it.net/
|
174
|
+
stub = stub_request(:put, "https://api2.queue-it.net/2_0/event/fancyevent/queue/speed")
|
175
175
|
.with(body: body, headers: headers)
|
176
176
|
|
177
177
|
event_adapter.set_speed(event_id: event_id, max_redirects_per_minute: max_redirects_per_minute)
|
@@ -182,7 +182,7 @@ module QueueIt
|
|
182
182
|
specify "Speed must be greater than 5 so we send at least 5" do
|
183
183
|
expected_body = { "MaxRedirectsPerMinute" => "5" }
|
184
184
|
|
185
|
-
stub = stub_request(:put, "https://api2.queue-it.net/
|
185
|
+
stub = stub_request(:put, "https://api2.queue-it.net/2_0/event/fancyevent/queue/speed")
|
186
186
|
.with(body: expected_body, headers: headers)
|
187
187
|
|
188
188
|
event_adapter.set_speed(event_id: event_id, max_redirects_per_minute: 1)
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'queue_it'
|
2
|
+
|
3
|
+
module QueueIt
|
4
|
+
RSpec.describe ExtractQueueNumber do
|
5
|
+
let(:secret_key) { "1c9950a7-f716-432e-b5fa-b148d00480db" }
|
6
|
+
let(:service) { ExtractQueueNumber.new }
|
7
|
+
|
8
|
+
specify "happy path" do
|
9
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
10
|
+
|
11
|
+
result = service.(
|
12
|
+
secret_key: secret_key,
|
13
|
+
request_url: url,
|
14
|
+
request_params: parse_params(url))
|
15
|
+
expect(result).not_to be_empty
|
16
|
+
end
|
17
|
+
|
18
|
+
specify do
|
19
|
+
url = "https://example.com/some/path"
|
20
|
+
|
21
|
+
expect do
|
22
|
+
service.(secret_key: secret_key, request_url: url, request_params: {})
|
23
|
+
end.to raise_error(MissingArgsGiven)
|
24
|
+
end
|
25
|
+
|
26
|
+
specify "queue id param is required" do
|
27
|
+
url = "https://example.com/some/path?p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
28
|
+
|
29
|
+
expect do
|
30
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
31
|
+
end.to raise_error(MissingArgsGiven)
|
32
|
+
end
|
33
|
+
|
34
|
+
specify "timestamp param is required" do
|
35
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
36
|
+
|
37
|
+
expect do
|
38
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
39
|
+
end.to raise_error(MissingArgsGiven)
|
40
|
+
end
|
41
|
+
|
42
|
+
specify "encrypted place in queue param is required" do
|
43
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
44
|
+
|
45
|
+
expect do
|
46
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
47
|
+
end.to raise_error(MissingArgsGiven)
|
48
|
+
end
|
49
|
+
|
50
|
+
specify "hash is required" do
|
51
|
+
url = "https://example.com/some/path?q=2647345b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue"
|
52
|
+
|
53
|
+
expect do
|
54
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
55
|
+
end.to raise_error(MissingArgsGiven)
|
56
|
+
end
|
57
|
+
|
58
|
+
def parse_params(url)
|
59
|
+
CGI.parse(URI.parse(url).query).each_with_object({}) {|(k,v),o| o[k] = v.first }
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: queue_it
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Billetto
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-09-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: addressable
|
@@ -28,30 +28,42 @@ dependencies:
|
|
28
28
|
name: faraday
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '0.9'
|
34
|
+
- - "<="
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: '2.0'
|
34
37
|
type: :runtime
|
35
38
|
prerelease: false
|
36
39
|
version_requirements: !ruby/object:Gem::Requirement
|
37
40
|
requirements:
|
38
|
-
- - "
|
41
|
+
- - ">="
|
39
42
|
- !ruby/object:Gem::Version
|
40
43
|
version: '0.9'
|
44
|
+
- - "<="
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '2.0'
|
41
47
|
- !ruby/object:Gem::Dependency
|
42
48
|
name: faraday_middleware
|
43
49
|
requirement: !ruby/object:Gem::Requirement
|
44
50
|
requirements:
|
45
|
-
- - "
|
51
|
+
- - ">="
|
46
52
|
- !ruby/object:Gem::Version
|
47
53
|
version: '0.9'
|
54
|
+
- - "<="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '2.0'
|
48
57
|
type: :runtime
|
49
58
|
prerelease: false
|
50
59
|
version_requirements: !ruby/object:Gem::Requirement
|
51
60
|
requirements:
|
52
|
-
- - "
|
61
|
+
- - ">="
|
53
62
|
- !ruby/object:Gem::Version
|
54
63
|
version: '0.9'
|
64
|
+
- - "<="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: '2.0'
|
55
67
|
- !ruby/object:Gem::Dependency
|
56
68
|
name: bundler
|
57
69
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,7 +126,7 @@ files:
|
|
114
126
|
- lib/queue_it/api/client.rb
|
115
127
|
- lib/queue_it/api/error.rb
|
116
128
|
- lib/queue_it/api/event.rb
|
117
|
-
- lib/queue_it/
|
129
|
+
- lib/queue_it/extract_queue_number.rb
|
118
130
|
- lib/queue_it/queueable.rb
|
119
131
|
- lib/queue_it/railtie.rb
|
120
132
|
- lib/queue_it/url_builder.rb
|
@@ -122,6 +134,7 @@ files:
|
|
122
134
|
- queue_it.gemspec
|
123
135
|
- spec/queue_it/api/client_spec.rb
|
124
136
|
- spec/queue_it/api/event_spec.rb
|
137
|
+
- spec/queue_it/extract_queue_number_spec.rb
|
125
138
|
homepage: https://github.com/gfish/queue_it
|
126
139
|
licenses:
|
127
140
|
- GNU/GPLv3
|
@@ -141,11 +154,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
154
|
- !ruby/object:Gem::Version
|
142
155
|
version: '0'
|
143
156
|
requirements: []
|
144
|
-
|
145
|
-
rubygems_version: 2.4.5
|
157
|
+
rubygems_version: 3.0.3
|
146
158
|
signing_key:
|
147
159
|
specification_version: 4
|
148
160
|
summary: Gem to handle the implementation of http://queue-it.net
|
149
161
|
test_files:
|
150
162
|
- spec/queue_it/api/client_spec.rb
|
151
163
|
- spec/queue_it/api/event_spec.rb
|
164
|
+
- spec/queue_it/extract_queue_number_spec.rb
|
@@ -1,60 +0,0 @@
|
|
1
|
-
require 'digest/md5'
|
2
|
-
require "queue_it/url_builder"
|
3
|
-
|
4
|
-
module QueueIt
|
5
|
-
class KnownUserChecker
|
6
|
-
|
7
|
-
attr_accessor :shared_event_key, :event_id, :customer_id
|
8
|
-
|
9
|
-
def initialize(shared_event_key, event_id, customer_id)
|
10
|
-
self.shared_event_key = shared_event_key
|
11
|
-
self.event_id = event_id
|
12
|
-
self.customer_id = customer_id
|
13
|
-
end
|
14
|
-
|
15
|
-
# This is bound to Rails!
|
16
|
-
def create_or_verify_queue_it_session!(url, params)
|
17
|
-
queue_id = params['q' ] # A QuID, the user’s queue ID
|
18
|
-
encrypted_place_in_queue = params['p' ] # A text, an encrypted version of the user’s queue number
|
19
|
-
expected_hash = params['h' ] # An integer calculated hash
|
20
|
-
timestamp = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
|
21
|
-
|
22
|
-
verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
23
|
-
end
|
24
|
-
|
25
|
-
def verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
26
|
-
if verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
27
|
-
decrypted_place_in_queue(encrypted_place_in_queue)
|
28
|
-
else
|
29
|
-
raise QueueIt::NotAuthorized.new
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
private
|
34
|
-
|
35
|
-
# uses one char of each string at a given starting point
|
36
|
-
# given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
|
37
|
-
def decrypted_place_in_queue(encrypted_place_in_queue)
|
38
|
-
return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
|
39
|
-
encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
|
40
|
-
encrypted_place_in_queue[ 9..9 ]
|
41
|
-
end
|
42
|
-
|
43
|
-
# TODO add timestamp check
|
44
|
-
def verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
45
|
-
raise QueueIt::MissingArgsGiven.new if [ url, queue_id, encrypted_place_in_queue, timestamp, expected_hash ].any?( &:nil? )
|
46
|
-
|
47
|
-
url_no_hash = "#{ url[ 0..-33 ] }#{ shared_event_key }" # Remove hash value and add SharedEventKey
|
48
|
-
actual_hash = Digest::MD5.hexdigest( utf8_encode( url_no_hash ) )
|
49
|
-
|
50
|
-
return false unless expected_hash == actual_hash
|
51
|
-
true
|
52
|
-
end
|
53
|
-
|
54
|
-
def utf8_encode(s)
|
55
|
-
s.encode('UTF-8', 'UTF-8')
|
56
|
-
s
|
57
|
-
end
|
58
|
-
|
59
|
-
end
|
60
|
-
end
|