rack-facebook-method-fix 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/{LICENSE.txt → LICENSE} +0 -0
- data/README.rdoc +18 -4
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/lib/rack/facebook/method-fix.rb +37 -3
- data/lib/rack-facebook-method-fix.rb +1 -0
- data/rack-facebook-method-fix.gemspec +5 -5
- metadata +7 -7
data/{LICENSE.txt → LICENSE}
RENAMED
|
File without changes
|
data/README.rdoc
CHANGED
|
@@ -1,8 +1,22 @@
|
|
|
1
|
-
=
|
|
1
|
+
= What?
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
In early 2011 Facebook started to send all iframe application requests as POST. Because of this most REST based applications broke. This Rack::Facebook::MethodFix middleware looks for incoming POST requests. If the request contains _signed_request_ parameter it converts request to GET as originally intended. Optionally if you give Facebook application _secret_id_ in middleware settings it will also validate the contents of _signed_request_ parameter.
|
|
4
|
+
|
|
5
|
+
= Install
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+
gem install rack-facebook-method-fix
|
|
8
|
+
|
|
9
|
+
= Usage
|
|
10
|
+
|
|
11
|
+
require "rack-facebook-method-fix"
|
|
12
|
+
use Rack::Facebook::MethodFix
|
|
13
|
+
|
|
14
|
+
or
|
|
15
|
+
|
|
16
|
+
require "rack-facebook-method-fix"
|
|
17
|
+
use Rack::Facebook::MethodFix, :secret_id => "c561df165eacdd6e32672c9eaee10318"
|
|
18
|
+
|
|
19
|
+
== Contributing to Rack::Facebook::MethodFix
|
|
6
20
|
|
|
7
21
|
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
|
|
8
22
|
* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
|
|
@@ -14,6 +28,6 @@ Description goes here.
|
|
|
14
28
|
|
|
15
29
|
== Copyright
|
|
16
30
|
|
|
17
|
-
Copyright (c) 2011 Mika Tuupola. See LICENSE
|
|
31
|
+
Copyright (c) 2011 Mika Tuupola. See LICENSE for
|
|
18
32
|
further details.
|
|
19
33
|
|
data/Rakefile
CHANGED
|
@@ -16,7 +16,7 @@ Jeweler::Tasks.new do |gem|
|
|
|
16
16
|
gem.homepage = "http://github.com/tuupola/rack-facebook-method-fix"
|
|
17
17
|
gem.license = "MIT"
|
|
18
18
|
gem.summary = %Q{Fix RESTfull Facebook applications}
|
|
19
|
-
gem.description = %Q{In early 2011 Facebook started to send all application requests as POST. This
|
|
19
|
+
gem.description = %Q{In early 2011 Facebook started to send all application requests as POST. This Rack middleware converts POST requests back to GET when applicable.}
|
|
20
20
|
gem.email = "tuupola@appelsiini.net"
|
|
21
21
|
gem.authors = ["Mika Tuupola"]
|
|
22
22
|
# Include your dependencies below. Runtime dependencies are required when using your gem,
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.3.0
|
|
@@ -2,17 +2,51 @@ module Rack
|
|
|
2
2
|
module Facebook
|
|
3
3
|
class MethodFix
|
|
4
4
|
|
|
5
|
-
def initialize(app)
|
|
5
|
+
def initialize(app, settings={})
|
|
6
6
|
@app = app
|
|
7
|
+
@settings = settings
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
def call(env)
|
|
10
11
|
if env["REQUEST_METHOD"] == "POST"
|
|
11
|
-
|
|
12
|
-
|
|
12
|
+
request = Request.new(env)
|
|
13
|
+
if @settings[:secret_id] && request.params["signed_request"]
|
|
14
|
+
env["REQUEST_METHOD"] = "GET" if signed_request_valid?(@settings[:secret_id], request)
|
|
15
|
+
else
|
|
16
|
+
env["REQUEST_METHOD"] = "GET" if request.params["signed_request"]
|
|
17
|
+
end
|
|
13
18
|
end
|
|
14
19
|
@app.call(env)
|
|
15
20
|
end
|
|
21
|
+
|
|
22
|
+
# Code adapted from https://github.com/nsanta/fbgraph
|
|
23
|
+
def signed_request_valid?(secret_id, request)
|
|
24
|
+
encoded_signature, payload = request.params["signed_request"].split(".", 2)
|
|
25
|
+
signature = ""
|
|
26
|
+
valid = true
|
|
27
|
+
|
|
28
|
+
url_decode_64(encoded_signature).each_byte do |byte|
|
|
29
|
+
signature << "%02x" % byte
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
data = JSON.parse(url_decode_64(payload))
|
|
33
|
+
if data["algorithm"].to_s.upcase != "HMAC-SHA256"
|
|
34
|
+
valid = false
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
expected_signature = OpenSSL::HMAC.hexdigest("sha256", secret_id, payload)
|
|
38
|
+
if expected_signature != signature
|
|
39
|
+
valid = false
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
valid
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def url_decode_64(string)
|
|
46
|
+
encoded_string = string.gsub("-", "+").gsub("_", "/")
|
|
47
|
+
encoded_string += "=" while !(encoded_string.size % 4).zero?
|
|
48
|
+
Base64.decode64(encoded_string)
|
|
49
|
+
end
|
|
16
50
|
|
|
17
51
|
end
|
|
18
52
|
end
|
|
@@ -5,22 +5,22 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{rack-facebook-method-fix}
|
|
8
|
-
s.version = "0.
|
|
8
|
+
s.version = "0.3.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Mika Tuupola"]
|
|
12
|
-
s.date = %q{2011-
|
|
13
|
-
s.description = %q{In early 2011 Facebook started to send all application requests as POST. This
|
|
12
|
+
s.date = %q{2011-04-13}
|
|
13
|
+
s.description = %q{In early 2011 Facebook started to send all application requests as POST. This Rack middleware converts POST requests back to GET when applicable.}
|
|
14
14
|
s.email = %q{tuupola@appelsiini.net}
|
|
15
15
|
s.extra_rdoc_files = [
|
|
16
|
-
"LICENSE
|
|
16
|
+
"LICENSE",
|
|
17
17
|
"README.rdoc"
|
|
18
18
|
]
|
|
19
19
|
s.files = [
|
|
20
20
|
".document",
|
|
21
21
|
"Gemfile",
|
|
22
22
|
"Gemfile.lock",
|
|
23
|
-
"LICENSE
|
|
23
|
+
"LICENSE",
|
|
24
24
|
"README.rdoc",
|
|
25
25
|
"Rakefile",
|
|
26
26
|
"VERSION",
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-facebook-method-fix
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 19
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
8
|
+
- 3
|
|
9
9
|
- 0
|
|
10
|
-
version: 0.
|
|
10
|
+
version: 0.3.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Mika Tuupola
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-
|
|
18
|
+
date: 2011-04-13 00:00:00 +03:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|
|
@@ -78,20 +78,20 @@ dependencies:
|
|
|
78
78
|
name: rcov
|
|
79
79
|
prerelease: false
|
|
80
80
|
version_requirements: *id004
|
|
81
|
-
description: In early 2011 Facebook started to send all application requests as POST. This
|
|
81
|
+
description: In early 2011 Facebook started to send all application requests as POST. This Rack middleware converts POST requests back to GET when applicable.
|
|
82
82
|
email: tuupola@appelsiini.net
|
|
83
83
|
executables: []
|
|
84
84
|
|
|
85
85
|
extensions: []
|
|
86
86
|
|
|
87
87
|
extra_rdoc_files:
|
|
88
|
-
- LICENSE
|
|
88
|
+
- LICENSE
|
|
89
89
|
- README.rdoc
|
|
90
90
|
files:
|
|
91
91
|
- .document
|
|
92
92
|
- Gemfile
|
|
93
93
|
- Gemfile.lock
|
|
94
|
-
- LICENSE
|
|
94
|
+
- LICENSE
|
|
95
95
|
- README.rdoc
|
|
96
96
|
- Rakefile
|
|
97
97
|
- VERSION
|