rack-simple_auth 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -7
- data/MANIFEST +23 -0
- data/README.md +26 -6
- data/Rakefile +1 -1
- data/lib/rack/simple_auth/hmac.rb +31 -7
- data/lib/rack/simple_auth/version.rb +1 -1
- data/rack-simple_auth.gemspec +2 -4
- data/{tasks → task}/default.rake +1 -0
- data/{tasks → task}/floodtest.rake +0 -0
- data/task/manifest.rake +8 -0
- data/{tasks → task}/test.rake +4 -0
- data/{tasks → task}/travis.rake +0 -0
- data/test/config.ru +3 -3
- data/test/test_helper.rb +6 -0
- metadata +86 -67
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
|
-
---
|
2
|
-
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
5
|
-
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 1ddc2a8a4e31a86469b6294b78c31ce0a9b938cc
|
4
|
+
data.tar.gz: 081aed6f5c4d847f20297bd15a32a70a143f8f52
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: df03c3b8b38e2648e130dbb14e3c82bfc848077151a8600615e2fd071a6d302533baa864f9455f3c72b4bc0d59e3f5aa0db6650700877cdc080a38d3a2a44853
|
7
|
+
data.tar.gz: df55389faa3883774789585ed0041ebfd5b87b8092504363640e910b7da72def4dc0ded4218ac03e1d01c73f6f532c039b9a2d79a9b9e3d34db2e1609dd4204e
|
data/MANIFEST
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
.gitignore
|
2
|
+
.rubocop.yml
|
3
|
+
.travis.yml
|
4
|
+
.yardopts
|
5
|
+
Gemfile
|
6
|
+
LICENSE.txt
|
7
|
+
MANIFEST
|
8
|
+
README.md
|
9
|
+
Rakefile
|
10
|
+
lib/rack/simple_auth.rb
|
11
|
+
lib/rack/simple_auth/hmac.rb
|
12
|
+
lib/rack/simple_auth/version.rb
|
13
|
+
rack-simple_auth.gemspec
|
14
|
+
task/default.rake
|
15
|
+
task/floodtest.rake
|
16
|
+
task/manifest.rake
|
17
|
+
task/test.rake
|
18
|
+
task/travis.rake
|
19
|
+
test/config.ru
|
20
|
+
test/config_fail.ru
|
21
|
+
test/rack/simple_auth/hmac_fail_test.rb
|
22
|
+
test/rack/simple_auth/hmac_test.rb
|
23
|
+
test/test_helper.rb
|
data/README.md
CHANGED
@@ -29,6 +29,12 @@ Or install it yourself as:
|
|
29
29
|
|
30
30
|
### HMAC Authorization
|
31
31
|
|
32
|
+
HMAC should be used for communication between website backend and api server/controller/whatever..
|
33
|
+
For usage between Server <-> Client a sniffer could easily extract the signature/public key and
|
34
|
+
the encrypted message which is for now the same for the same request (see TODO implement timestamp).
|
35
|
+
|
36
|
+
With these 2 informations a "secure" backend could be easily seen public...
|
37
|
+
|
32
38
|
Uses Authorization HTTP Header, example:
|
33
39
|
```Authorization: MessageHash:Signature```
|
34
40
|
|
@@ -47,13 +53,14 @@ config = {
|
|
47
53
|
}
|
48
54
|
|
49
55
|
map '/' do
|
50
|
-
use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config
|
56
|
+
use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config, '/path/to/log/file'
|
51
57
|
run MyApplication
|
52
58
|
end
|
53
59
|
```
|
54
60
|
|
55
61
|
Note: Private Key and Signature should be served by a file which is not checked into git version control.
|
56
62
|
|
63
|
+
|
57
64
|
#### Config Hash
|
58
65
|
|
59
66
|
Via the config hash you are able to define the 'data' for each request method.<br />
|
@@ -71,8 +78,26 @@ The Message what will be HMAC encrypted is:
|
|
71
78
|
message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
|
72
79
|
```
|
73
80
|
|
81
|
+
#### Logging
|
82
|
+
|
83
|
+
With the 4th parameter for Rack::SimpleAuth::HMAC you can define a destination where the internal #log method should write to.
|
84
|
+
|
85
|
+
The Logging will only be triggered when a path is defined (leave 4th param for disable logging) and a request is not authorized!
|
86
|
+
|
87
|
+
It contains following information:
|
88
|
+
|
89
|
+
- HTTP_AUTHORIZATION Header
|
90
|
+
- Config for the specific Request Method (GET => path etc ...)
|
91
|
+
- The Encrypted Message which was expected
|
92
|
+
- The Signature which was expected
|
74
93
|
|
94
|
+
## TODO
|
75
95
|
|
96
|
+
Add Timestamp to encryption..
|
97
|
+
|
98
|
+
For now a sniffer could track a successfull request to the server and extract the HTTP_AUTHORIZATION HEADER for this request.
|
99
|
+
|
100
|
+
He got the encrypted message for the specific request && signature -> No security anymore...
|
76
101
|
|
77
102
|
## Contributing
|
78
103
|
|
@@ -82,8 +107,3 @@ message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
|
|
82
107
|
4. Push to the branch (`git push origin my-new-feature`)
|
83
108
|
5. Create new Pull Request
|
84
109
|
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
data/Rakefile
CHANGED
@@ -7,11 +7,12 @@ module Rack
|
|
7
7
|
# @param [Rack Application] app [next middleware or rack app which gets called]
|
8
8
|
# @param [String] signature [Public Signature]
|
9
9
|
# @param [String] secret [Secret used for Message Encryption]
|
10
|
-
def initialize(app, signature, secret, config)
|
10
|
+
def initialize(app, signature, secret, config, logpath = nil)
|
11
11
|
@app = app
|
12
12
|
@signature = signature
|
13
13
|
@secret = secret
|
14
14
|
@config = config
|
15
|
+
@logpath = logpath
|
15
16
|
end
|
16
17
|
|
17
18
|
# call Method for Rack Middleware/Application
|
@@ -30,20 +31,23 @@ module Rack
|
|
30
31
|
# @param [Rack::Request] request [current Request]
|
31
32
|
# @return [boolean] ValidationStatus [If authorized returns true, else false]
|
32
33
|
def valid?(request)
|
33
|
-
|
34
|
+
if request.env['HTTP_AUTHORIZATION'].nil?
|
35
|
+
log(request)
|
36
|
+
|
37
|
+
return false
|
38
|
+
end
|
34
39
|
|
35
40
|
auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
|
36
41
|
message_hash = auth_array[0]
|
37
42
|
signature = auth_array[1]
|
38
43
|
|
39
|
-
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
|
40
|
-
# puts request.request_method
|
41
|
-
# puts "Hash to Check: #{hash}"
|
42
|
-
# puts "Message Hash: #{message_hash}"
|
44
|
+
@hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
|
43
45
|
|
44
|
-
if signature == @signature && hash == message_hash
|
46
|
+
if signature == @signature && @hash == message_hash
|
45
47
|
true
|
46
48
|
else
|
49
|
+
log(request)
|
50
|
+
|
47
51
|
false
|
48
52
|
end
|
49
53
|
end
|
@@ -77,6 +81,26 @@ module Rack
|
|
77
81
|
fail "Not a valid option #{config[request.request_method]} - Use either params or path"
|
78
82
|
end
|
79
83
|
end
|
84
|
+
|
85
|
+
# Log to @logpath if request is unathorized
|
86
|
+
# @param [Rack::Request] request [current Request]
|
87
|
+
def log(request)
|
88
|
+
if @logpath
|
89
|
+
path = request.path
|
90
|
+
method = request.request_method
|
91
|
+
|
92
|
+
log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
|
93
|
+
log << "Auth Message Config: #{@config[request.request_method]}\n"
|
94
|
+
log << "Auth Encrypted Message: #{@hash}\n"
|
95
|
+
log << "Auth Signature: #{@signature}\n"
|
96
|
+
|
97
|
+
open("#{@logpath}/#{ENV['RACK_ENV']}_error.log", 'a') do |f|
|
98
|
+
f << "#{log}\n"
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
private :log, :request_data, :message, :valid?
|
80
104
|
end
|
81
105
|
end
|
82
106
|
end
|
data/rack-simple_auth.gemspec
CHANGED
@@ -9,13 +9,11 @@ Gem::Specification.new do |spec|
|
|
9
9
|
spec.authors = ["Benny1992"]
|
10
10
|
spec.email = ["klotz.benjamin@yahoo.de"]
|
11
11
|
spec.summary = %q{SimpleAuth HMAC authentication}
|
12
|
-
spec.description =
|
12
|
+
spec.description = spec.summary
|
13
13
|
spec.homepage = "http://www.bennyklotz.at"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
16
|
-
spec.files
|
17
|
-
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
-
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
16
|
+
spec.files = File.read(File.expand_path('../MANIFEST', __FILE__)).split("\n")
|
19
17
|
spec.require_paths = ["lib"]
|
20
18
|
|
21
19
|
spec.add_runtime_dependency "rack"
|
data/{tasks → task}/default.rake
RENAMED
File without changes
|
data/task/manifest.rake
ADDED
data/{tasks → task}/test.rake
RENAMED
data/{tasks → task}/travis.rake
RENAMED
File without changes
|
data/test/config.ru
CHANGED
@@ -6,8 +6,8 @@ config = {
|
|
6
6
|
'POST' => 'params',
|
7
7
|
'DELETE' => 'path',
|
8
8
|
'PUT' => 'path',
|
9
|
-
'PATCH' => 'path'
|
9
|
+
'PATCH' => 'path',
|
10
10
|
}
|
11
11
|
|
12
|
-
use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config
|
13
|
-
run Rack::Lobster.new
|
12
|
+
use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config, "#{File.expand_path('..', __FILE__)}/logs"
|
13
|
+
run Rack::Lobster.new
|
data/test/test_helper.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
ENV['RACK_ENV']='test'
|
2
|
+
|
1
3
|
require 'simplecov'
|
2
4
|
require 'coveralls'
|
3
5
|
|
@@ -39,3 +41,7 @@ end
|
|
39
41
|
|
40
42
|
Rack::SimpleAuth.testapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config.ru").first
|
41
43
|
Rack::SimpleAuth.failapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail.ru").first
|
44
|
+
|
45
|
+
@logpath = "#{File.expand_path("..", __FILE__)}/logs"
|
46
|
+
system("mkdir #{@logpath}")
|
47
|
+
|
metadata
CHANGED
@@ -1,118 +1,137 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-simple_auth
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
|
-
authors:
|
6
|
+
authors:
|
7
7
|
- Benny1992
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
- !ruby/object:Gem::Dependency
|
11
|
+
date: 2014-03-14 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
15
14
|
name: rack
|
16
|
-
requirement:
|
17
|
-
requirements:
|
18
|
-
-
|
19
|
-
-
|
20
|
-
|
21
|
-
version: "0"
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
22
20
|
type: :runtime
|
23
21
|
prerelease: false
|
24
|
-
version_requirements:
|
25
|
-
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
26
28
|
name: bundler
|
27
|
-
requirement:
|
28
|
-
requirements:
|
29
|
-
- - ~>
|
30
|
-
- !ruby/object:Gem::Version
|
31
|
-
version:
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.5'
|
32
34
|
type: :development
|
33
35
|
prerelease: false
|
34
|
-
version_requirements:
|
35
|
-
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.5'
|
41
|
+
- !ruby/object:Gem::Dependency
|
36
42
|
name: rake
|
37
|
-
requirement:
|
38
|
-
requirements:
|
39
|
-
-
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
40
48
|
type: :development
|
41
49
|
prerelease: false
|
42
|
-
version_requirements:
|
43
|
-
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
44
56
|
name: coveralls
|
45
|
-
requirement:
|
46
|
-
requirements:
|
47
|
-
-
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
48
62
|
type: :development
|
49
63
|
prerelease: false
|
50
|
-
version_requirements:
|
51
|
-
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
52
70
|
name: rack-test
|
53
|
-
requirement:
|
54
|
-
requirements:
|
55
|
-
-
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
56
76
|
type: :development
|
57
77
|
prerelease: false
|
58
|
-
version_requirements:
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
59
83
|
description: SimpleAuth HMAC authentication
|
60
|
-
email:
|
84
|
+
email:
|
61
85
|
- klotz.benjamin@yahoo.de
|
62
86
|
executables: []
|
63
|
-
|
64
87
|
extensions: []
|
65
|
-
|
66
88
|
extra_rdoc_files: []
|
67
|
-
|
68
|
-
|
69
|
-
- .
|
70
|
-
- .
|
71
|
-
- .
|
72
|
-
- .yardopts
|
89
|
+
files:
|
90
|
+
- ".gitignore"
|
91
|
+
- ".rubocop.yml"
|
92
|
+
- ".travis.yml"
|
93
|
+
- ".yardopts"
|
73
94
|
- Gemfile
|
74
95
|
- LICENSE.txt
|
96
|
+
- MANIFEST
|
75
97
|
- README.md
|
76
98
|
- Rakefile
|
77
99
|
- lib/rack/simple_auth.rb
|
78
100
|
- lib/rack/simple_auth/hmac.rb
|
79
101
|
- lib/rack/simple_auth/version.rb
|
80
102
|
- rack-simple_auth.gemspec
|
81
|
-
-
|
82
|
-
-
|
83
|
-
-
|
84
|
-
-
|
103
|
+
- task/default.rake
|
104
|
+
- task/floodtest.rake
|
105
|
+
- task/manifest.rake
|
106
|
+
- task/test.rake
|
107
|
+
- task/travis.rake
|
85
108
|
- test/config.ru
|
86
109
|
- test/config_fail.ru
|
87
110
|
- test/rack/simple_auth/hmac_fail_test.rb
|
88
111
|
- test/rack/simple_auth/hmac_test.rb
|
89
112
|
- test/test_helper.rb
|
90
113
|
homepage: http://www.bennyklotz.at
|
91
|
-
licenses:
|
114
|
+
licenses:
|
92
115
|
- MIT
|
93
116
|
metadata: {}
|
94
|
-
|
95
117
|
post_install_message:
|
96
118
|
rdoc_options: []
|
97
|
-
|
98
|
-
require_paths:
|
119
|
+
require_paths:
|
99
120
|
- lib
|
100
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
101
|
-
requirements:
|
102
|
-
-
|
103
|
-
|
104
|
-
|
105
|
-
|
121
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
122
|
+
requirements:
|
123
|
+
- - ">="
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: '0'
|
126
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
127
|
+
requirements:
|
128
|
+
- - ">="
|
129
|
+
- !ruby/object:Gem::Version
|
130
|
+
version: '0'
|
106
131
|
requirements: []
|
107
|
-
|
108
132
|
rubyforge_project:
|
109
133
|
rubygems_version: 2.2.2
|
110
134
|
signing_key:
|
111
135
|
specification_version: 4
|
112
136
|
summary: SimpleAuth HMAC authentication
|
113
|
-
test_files:
|
114
|
-
- test/config.ru
|
115
|
-
- test/config_fail.ru
|
116
|
-
- test/rack/simple_auth/hmac_fail_test.rb
|
117
|
-
- test/rack/simple_auth/hmac_test.rb
|
118
|
-
- test/test_helper.rb
|
137
|
+
test_files: []
|