rack-twilio-validator 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+.rvmrc

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/README.md

@@ -0,0 +1,49 @@
+Rack::TwilioValidator
+=====================
+
+Rack middleware for authorizing the signature on Twilio requests.
+Read more about Twilio security at [Twilio Security](http://www.twilio.com/docs/security)
+
+Why
+---
+
+You should verify the signature in requests to your Twilio controllers for
+any app.  Tutorials often miss this, and it's redundant to have
+to add it to the application layer for every app you build.  Hence,
+middleware!
+
+Installation
+------------
+
+install it via rubygems:
+
+```
+gem install rack-twilio-validator
+```
+
+or put it in your Gemfile:
+
+```ruby
+# Gemfile
+
+gem 'rack-twilio-validator', :require => 'rack/twilio-validator'
+```
+
+Usage
+-----
+
+In a Sinatra application, it would be something like:
+
+```ruby
+# app.rb
+
+use Rack::TwilioValidator :auth_token => "your_auth_token", :protected_path => "/twilio_switchboard/"
+```
+
+The `auth_token` is required config, whereas `protected_path` is optional but
+recommended if your application talks to both end users and Twilio.
+
+#### Copyright
+
+Copyright (c) (2012) Brendon Murphy. See license.txt for details.
+

data/Rakefile

@@ -0,0 +1,5 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)

data/lib/rack/twilio-validator.rb

@@ -0,0 +1,44 @@
+require "twilio-ruby"
+
+module Rack
+  class TwilioValidator
+    def initialize(app, options = {})
+      @app = app
+      @options = options
+      @auth_token = options.fetch(:auth_token)
+      @app
+    end
+
+    def call(env)
+      self.dup._call(env)
+    end
+
+    def _call(env)
+      @request = Rack::Request.new(env)
+
+      if unprotected_path? || request_validator.validate(@request.url, @request.params, env['HTTP_X_TWILIO_SIGNATURE'])
+        @app.call(env)
+      else
+        response = ::Twilio::TwiML::Response.new do |r|
+          r.Say("Unable to authenticate request. Please try again.")
+        end
+        [401, { "Content-Type" => "application/xml" }, [response.text]]
+      end
+    end
+
+    private
+
+    def protected_path?
+      protected_path = @options.fetch(:protected_path, "/")
+      @request.path =~ %r/^#{protected_path}/
+    end
+
+    def unprotected_path?
+      ! protected_path?
+    end
+
+    def request_validator
+      @validator ||= ::Twilio::Util::RequestValidator.new(@auth_token)
+    end
+  end
+end

data/lib/rack/twilio-validator/version.rb

@@ -0,0 +1,5 @@
+module Rack
+  class TwilioValidator
+    VERSION = "0.0.1"
+  end
+end

data/license.txt

@@ -0,0 +1,23 @@
+licensed under MIT License:
+
+Copyright (c) 2012 Brendon Murphy
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/rack-twilio-validator.gemspec

@@ -0,0 +1,29 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib/", __FILE__)
+require "rack/twilio-validator/version"
+
+Gem::Specification.new do |s|
+  s.name        = "rack-twilio-validator"
+  s.version     = Rack::TwilioValidator::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Brendon Murphy"]
+  s.email       = ["xternal1+github@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{Rack Middleware for validating twilio request signatures}
+  s.description = s.summary
+  s.licenses    = ["MIT"]
+
+  s.rubyforge_project = "rack-twilio-validator"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {spec}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency 'rack'
+  s.add_dependency 'twilio-ruby'
+
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'rack-test'
+  s.add_development_dependency 'rake'
+end

data/spec/spec_helper.rb

@@ -0,0 +1,8 @@
+require File.expand_path("../../lib/rack/twilio-validator", __FILE__)
+require "rack/test"
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+  config.include Rack::Test::Methods
+end
+

data/spec/twilio_validator_spec.rb

@@ -0,0 +1,62 @@
+require 'spec_helper'
+
+describe Rack::TwilioValidator do
+  let(:auth_token) { "5cc8534fb3f86ff7e52d884562bcca18" }
+  let(:params) { { :foo => "fizz", :bar => "buzz" } }
+  let(:valid_signature) { "4C3R3E2C2TwiOkEwqznWMH1k3O8=" }
+  let(:uri) { "/twilio/endpoint"}
+
+  let(:app) {
+    Rack::Builder.new do
+      use Rack::TwilioValidator, :auth_token => "5cc8534fb3f86ff7e52d884562bcca18"
+      run lambda { |env| [200, {'Content-Type' => "text/plain"}, ["OK"]] }
+    end
+  }
+
+  context "given a valid signature" do
+    it "is ok" do
+      post(uri, params, "HTTP_X_TWILIO_SIGNATURE" => valid_signature)
+      last_response.should be_ok
+    end
+  end
+
+  context "given an invalid signature" do
+    before do
+      post(uri, params, "HTTP_X_TWILIO_SIGNATURE" => "bad_signature")
+    end
+
+    it "is unauthorized" do
+      last_response.status.should == 401
+    end
+
+    it "receives a TwiML error in the response body" do
+      last_response.body.should include("<Response><Say>Unable to authenticate request. Please try again.</Say></Response>")
+    end
+  end
+
+  context "given no signature" do
+    it "is unauthorized" do
+      post(uri, params, "HTTP_X_TWILIO_SIGNATURE" => nil)
+      last_response.status.should == 401
+    end
+  end
+
+  context "with an optional supplied protected path" do
+    let(:app) {
+      Rack::Builder.new do
+        use Rack::TwilioValidator, :auth_token => "5cc8534fb3f86ff7e52d884562bcca18", :protected_path => "/twilio"
+        run lambda { |env| [200, {'Content-Type' => "text/plain"}, ["OK"]] }
+      end
+    }
+
+    it "checks actions under the protected path" do
+      post("/twilio/endpoint", params, "HTTP_X_TWILIO_SIGNATURE" => "bad_signature")
+      last_response.status.should == 401
+    end
+
+    it "skips actions outside the protected path" do
+      post("/other/endpoint", params, "HTTP_X_TWILIO_SIGNATURE" => "bad_signature")
+      last_response.should be_ok
+    end
+  end
+end

metadata

@@ -0,0 +1,119 @@
+--- !ruby/object:Gem::Specification
+name: rack-twilio-validator
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Brendon Murphy
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-07-14 00:00:00.000000000 -07:00
+default_executable: 
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: &2160793140 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *2160793140
+- !ruby/object:Gem::Dependency
+  name: twilio-ruby
+  requirement: &2160792120 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *2160792120
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &2160791120 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *2160791120
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: &2160790140 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *2160790140
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &2160789440 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *2160789440
+description: Rack Middleware for validating twilio request signatures
+email:
+- xternal1+github@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- lib/rack/twilio-validator.rb
+- lib/rack/twilio-validator/version.rb
+- license.txt
+- rack-twilio-validator.gemspec
+- spec/spec_helper.rb
+- spec/twilio_validator_spec.rb
+has_rdoc: true
+homepage: ''
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -490469738546845503
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -490469738546845503
+requirements: []
+rubyforge_project: rack-twilio-validator
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Rack Middleware for validating twilio request signatures
+test_files: []