RubyGems - rack-facebook-signed-request - Versions diffs - 0.1.0 → 0.2.0 - Mend

rack-facebook-signed-request 0.1.0 → 0.2.0

Files changed (8) hide show

data/Gemfile +3 -8
data/README +27 -13
data/Rakefile +1 -57
data/VERSION +1 -1
data/lib/rack/facebook/signed_request.rb +93 -19
metadata +44 -46
data/pkg/rack-facebook-signed-request-0.1.0.gem +0 -0
data/rack-facebook-signed-request.gemspec +0 -83

data/Gemfile CHANGED

@@ -1,9 +1,4 @@
-source :rubygems
+source "http://rubygems.org"
-gem 'yajl-ruby'
-gem 'rack'
-group :development do
-  gem 'jeweler'
-  gem 'rcov'
-end
+# Specify your gem's dependencies in ..gemspec
+gemspec

data/README CHANGED

@@ -1,23 +1,37 @@
 = rack-facebook-signed-request
-Simple rack middleware which parses and verifies the signed_request canvas parameter.
+Rack middleware which parses and verifies the signed_request canvas parameter and FB JS cookie.
 See:
 http://developers.facebook.com/docs/authentication/canvas
-== Contributing to rack-facebook-signed-request
-* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
-* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
-* Fork the project
-* Start a feature/bugfix branch
-* Commit and push until you are happy with your contribution
-* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
-* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+Required Options:
-== Copyright
+You must specify the following options to enable the middleware:
-Copyright (c) 2010 . See LICENSE.txt for
-further details.
+- app_id
+- secret
+Additional Custom Options:
+You can also activate the following options:
+- inject_facebook (default false): This will automatically inject the asynchronous FB JS SDK include into the response body.
+Assuming you've enabled the Facebook script injection, you can customize these options:
+- cookie (default true): Configure the FB JS SDK with cookie support
+- status (default true)
+- lang (default 'en_US')
+- xfbml (default true)
+Note that this will also add the FB XML namespace attribute into the root html element of the response.
+RESTful behavior:
+The Rack middleware will also convert any POST requests containing the signed_request parameter to GET.

data/Rakefile CHANGED

@@ -1,57 +1 @@
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "rack-facebook-signed-request"
-  gem.homepage = "http://github.com/gamesthatgive/rack-facebook-signed-request"
-  gem.license = "MIT"
-  gem.summary = %Q{Simple Rack middle for parsing and validation Facebook signed_request param.}
-  gem.description = %Q{See http://developers.facebook.com/docs/authentication/canvas}
-  gem.email = "goss@gamesthatgive.net"
-  gem.authors = ["Kristofer Goss"]
-  gem.add_runtime_dependency 'rack'
-  gem.add_runtime_dependency 'yajl-ruby'
-  gem.add_development_dependency 'shoulda', '>= 0'
-  gem.add_development_dependency 'bundler', '~> 1.0.0'
-  gem.add_development_dependency 'jeweler', '~> 1.5.1'
-  gem.add_development_dependency 'rcov', '>= 0'
-end
-Jeweler::RubygemsDotOrgTasks.new
-require 'rake/testtask'
-Rake::TestTask.new(:test) do |test|
-  test.libs << 'lib' << 'test'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
-end
-require 'rcov/rcovtask'
-Rcov::RcovTask.new do |test|
-  test.libs << 'test'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
-end
-task :default => :test
-require 'rake/rdoctask'
-Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "rack-facebook-signed-request #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
+require 'bundler/gem_tasks'

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.1.0
1	+ 0.2.0

data/lib/rack/facebook/signed_request.rb CHANGED

@@ -15,35 +15,63 @@ module Rack
         @options = options
       end
-      def secret
-        @options.fetch(:secret)
-      end
       def call(env)
-        request = Rack::Request.new(env)
+        @env = env
+        @request = Rack::Request.new(env)
-        signed_request = request.params.delete('signed_request')
-        unless signed_request
-          return Rack::Response.new(["Missing signed_request param"], 400).finish
+        # RESTify the default POST request from Facebook
+        if request.POST['signed_request']
+          env['HTTP_METHOD'] = 'GET'
         end
-        signature, signed_params = signed_request.split('.')
+        app_id, secret = [@options.fetch(:app_id), @options.fetch(:secret)]
+        facebook_params = resolve_from_signed_request!(secret) || resolve_from_cookie!(app_id, secret)
+        request.params['facebook_params'] = facebook_params if facebook_params
+        env['rack.request.query_hash'] = request.params
-        unless signed_request_is_valid?(secret, signature, signed_params)
-          return Rack::Response.new(["Invalid signature"], 400).finish
+        unless @options[:inject_facebook]
+          @app.call(env)
+        else
+          inject_facebook_script
         end
+      end
-        signed_params = Yajl::Parser.new.parse(base64_url_decode(signed_params))
+      private
-        # add JSON params to request
-        signed_params.each do |k,v|
-          request.params[k] = v
-        end
+        attr_reader :request
-        @app.call(env)
-      end
+        def resolve_from_cookie!(app_id, secret)
+          # extract contents
+          cookie = request.cookies["fbs_#{app_id}"]
+          return nil unless cookie
-      private
+          hash = {}
+          data = cookie.gsub(/"/,"")
+          data.split('&').each do |str|
+            parts = str.split('=')
+            hash[parts.first] = parts.last
+          end
+          unless signed_cookie_is_valid?(secret, hash)
+            return Rack::Response.new(["Invalid cookie signature"], 400).finish
+          end
+          # map cookie params to signed request equivalents
+          {
+            'oauth_token' => hash.fetch('access_token'),
+            'expires' => hash.fetch('expires'),
+            'user_id' => hash.fetch('uid')
+          }
+        end
+        def resolve_from_signed_request!(secret)
+          return nil unless request.params['signed_request']
+          signed_request = request.params['signed_request']
+          signature, signed_params = signed_request.split('.')
+          unless signed_request_is_valid?(secret, signature, signed_params)
+            return Rack::Response.new(["Invalid signed request"], 400).finish
+          end
+          Yajl::Parser.new.parse(base64_url_decode(signed_params))
+        end
         def signed_request_is_valid?(secret, signature, params)
           signature = base64_url_decode(signature)
@@ -51,10 +79,56 @@ module Rack
           return signature == expected_signature
         end
+        def signed_cookie_is_valid?(secret, hash)
+          sorted_keys = hash.keys.reject {|k| k== 'sig'}.sort
+          test_string = ""
+          sorted_keys.each do |key|
+            test_string += "#{key}=#{hash[key]}"
+          end
+          test_string += secret
+          Digest::MD5.hexdigest(test_string) == hash['sig']
+        end
         def base64_url_decode(str)
           str = str + "=" * (6 - str.size % 6) unless str.size % 6 == 0
           return Base64.decode64(str.tr("-_", "+/"))
         end
+        # borrowed from Michael Bleigh's Rack Facebook_Connect for rewriting of the response body
+        def inject_facebook_script #:nodoc:
+          status, headers, responses = @app.call(@env)
+          responses = Array(responses) unless responses.respond_to?(:each)
+          if headers["Content-Type"] =~ %r{(text/html)|(application/xhtml+xml)}
+            resp = []
+            responses.each do |r|
+              r.sub! /(<html[^\/>]*)>/i, '\1 xmlns:fb="http://www.facebook.com/2008/fbml">'
+              r.sub! /<\/body>/i, <<-HTML
+                <div id="fb-root"></div>
+                <script>
+                  window.fbAsyncInit = function() {
+                    FB.init({
+                      appId  : '#{@options.fetch(:app_id)}',
+                      status : #{@options[:status] || true}, // check login status
+                      cookie : #{@options[:cookie] || true}, // enable cookies to allow the server to access the session
+                      #{"channelUrl : '#{@options[:channel_url]}', // add channelURL to avoid IE redirect problems" if @options[:channel_url]}
+                      xfbml  : #{@options[:xfbml] || true}  // parse XFBML
+                    });
+                  };
+                  (function() {
+                    var e = document.createElement('script'); e.async = true;
+                    e.src = document.location.protocol + '//connect.facebook.net/#{@options[:lang] || 'en_US'}/all.js';
+                    document.getElementById('fb-root').appendChild(e);
+                  }());
+                </script>
+                </body>
+              HTML
+              resp << r
+            end
+          end
+          Rack::Response.new(resp || responses, status, headers).finish
+        end
     end
   end
 end

metadata CHANGED

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rack-facebook-signed-request
 version: !ruby/object:Gem::Version
-  hash: 27
+  hash: 23
   prerelease: false
   segments:
   - 0
-  - 1
+  - 2
   - 0
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Kristofer Goss
@@ -19,10 +19,9 @@ date: 2010-11-18 00:00:00 -05:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
-  type: :runtime
-  prerelease: false
   name: yajl-ruby
-  version_requirements: &id001 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ">="
@@ -31,12 +30,12 @@ dependencies:
         segments:
         - 0
         version: "0"
-  requirement: *id001
-- !ruby/object:Gem::Dependency
   type: :runtime
-  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency
   name: rack
-  version_requirements: &id002 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ">="
@@ -45,12 +44,12 @@ dependencies:
         segments:
         - 0
         version: "0"
-  requirement: *id002
+  type: :runtime
+  version_requirements: *id002
 - !ruby/object:Gem::Dependency
-  type: :development
-  prerelease: false
   name: jeweler
-  version_requirements: &id003 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ">="
@@ -59,12 +58,12 @@ dependencies:
         segments:
         - 0
         version: "0"
-  requirement: *id003
-- !ruby/object:Gem::Dependency
   type: :development
-  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
   name: rcov
-  version_requirements: &id004 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ">="
@@ -73,12 +72,12 @@ dependencies:
         segments:
         - 0
         version: "0"
-  requirement: *id004
+  type: :development
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency
-  type: :runtime
-  prerelease: false
   name: rack
-  version_requirements: &id005 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ">="
@@ -87,12 +86,12 @@ dependencies:
         segments:
         - 0
         version: "0"
-  requirement: *id005
-- !ruby/object:Gem::Dependency
   type: :runtime
-  prerelease: false
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency
   name: yajl-ruby
-  version_requirements: &id006 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ">="
@@ -101,12 +100,12 @@ dependencies:
         segments:
         - 0
         version: "0"
-  requirement: *id006
+  type: :runtime
+  version_requirements: *id006
 - !ruby/object:Gem::Dependency
-  type: :development
-  prerelease: false
   name: shoulda
-  version_requirements: &id007 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ">="
@@ -115,12 +114,12 @@ dependencies:
         segments:
         - 0
         version: "0"
-  requirement: *id007
-- !ruby/object:Gem::Dependency
   type: :development
-  prerelease: false
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency
   name: bundler
-  version_requirements: &id008 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id008 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -131,12 +130,12 @@ dependencies:
         - 0
         - 0
         version: 1.0.0
-  requirement: *id008
-- !ruby/object:Gem::Dependency
   type: :development
-  prerelease: false
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency
   name: jeweler
-  version_requirements: &id009 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id009 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -147,12 +146,12 @@ dependencies:
         - 5
         - 1
         version: 1.5.1
-  requirement: *id009
-- !ruby/object:Gem::Dependency
   type: :development
-  prerelease: false
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency
   name: rcov
-  version_requirements: &id010 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id010 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ">="
@@ -161,9 +160,10 @@ dependencies:
         segments:
         - 0
         version: "0"
-  requirement: *id010
+  type: :development
+  version_requirements: *id010
 description: See http://developers.facebook.com/docs/authentication/canvas
-email: goss@gamesthatgive.net
+email: kris@vitrue.com
 executables: []
 extensions: []
@@ -180,8 +180,6 @@ files:
 - VERSION
 - lib/rack-facebook-signed-request.rb
 - lib/rack/facebook/signed_request.rb
-- pkg/rack-facebook-signed-request-0.1.0.gem
-- rack-facebook-signed-request.gemspec
 - test/helper.rb
 - test/test_rack-facebook-signed-request.rb
 has_rdoc: true

data/pkg/rack-facebook-signed-request-0.1.0.gem DELETED

Binary file

data/rack-facebook-signed-request.gemspec DELETED

@@ -1,83 +0,0 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
-Gem::Specification.new do |s|
-  s.name = %q{rack-facebook-signed-request}
-  s.version = "0.1.0"
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Kristofer Goss"]
-  s.date = %q{2010-11-18}
-  s.description = %q{See http://developers.facebook.com/docs/authentication/canvas}
-  s.email = %q{goss@gamesthatgive.net}
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README"
-  ]
-  s.files = [
-    "Gemfile",
-    "Gemfile.lock",
-    "LICENSE.txt",
-    "README",
-    "Rakefile",
-    "VERSION",
-    "lib/rack-facebook-signed-request.rb",
-    "lib/rack/facebook/signed_request.rb",
-    "pkg/rack-facebook-signed-request-0.1.0.gem",
-    "rack-facebook-signed-request.gemspec",
-    "test/helper.rb",
-    "test/test_rack-facebook-signed-request.rb"
-  ]
-  s.homepage = %q{http://github.com/gamesthatgive/rack-facebook-signed-request}
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.7}
-  s.summary = %q{Simple Rack middle for parsing and validation Facebook signed_request param.}
-  s.test_files = [
-    "test/helper.rb",
-    "test/test_rack-facebook-signed-request.rb"
-  ]
-  if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 3
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<yajl-ruby>, [">= 0"])
-      s.add_runtime_dependency(%q<rack>, [">= 0"])
-      s.add_development_dependency(%q<jeweler>, [">= 0"])
-      s.add_development_dependency(%q<rcov>, [">= 0"])
-      s.add_runtime_dependency(%q<rack>, [">= 0"])
-      s.add_runtime_dependency(%q<yajl-ruby>, [">= 0"])
-      s.add_development_dependency(%q<shoulda>, [">= 0"])
-      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
-      s.add_development_dependency(%q<jeweler>, ["~> 1.5.1"])
-      s.add_development_dependency(%q<rcov>, [">= 0"])
-    else
-      s.add_dependency(%q<yajl-ruby>, [">= 0"])
-      s.add_dependency(%q<rack>, [">= 0"])
-      s.add_dependency(%q<jeweler>, [">= 0"])
-      s.add_dependency(%q<rcov>, [">= 0"])
-      s.add_dependency(%q<rack>, [">= 0"])
-      s.add_dependency(%q<yajl-ruby>, [">= 0"])
-      s.add_dependency(%q<shoulda>, [">= 0"])
-      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
-      s.add_dependency(%q<jeweler>, ["~> 1.5.1"])
-      s.add_dependency(%q<rcov>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<yajl-ruby>, [">= 0"])
-    s.add_dependency(%q<rack>, [">= 0"])
-    s.add_dependency(%q<jeweler>, [">= 0"])
-    s.add_dependency(%q<rcov>, [">= 0"])
-    s.add_dependency(%q<rack>, [">= 0"])
-    s.add_dependency(%q<yajl-ruby>, [">= 0"])
-    s.add_dependency(%q<shoulda>, [">= 0"])
-    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
-    s.add_dependency(%q<jeweler>, ["~> 1.5.1"])
-    s.add_dependency(%q<rcov>, [">= 0"])
-  end
-end