rawscsi 1.3.1 → 1.4.1

data/README.md

@@ -81,6 +81,20 @@ Rawscsi.register 'Book' do |config|
 end
 ```
 
+You can also specify AWS user credentials if you want to access the private serach domain.
+(note: search domain and AWS credentials specified below are fictional and serve only as an example) 
+
+```ruby
+Rawscsi.register 'SuperSecretDiaryEntry' do |config|
+  config.domain_name = 'super-secret-diary-entries'
+  config.domain_id = '12be09027f865cba2d57719'
+  config.region = 'us-east-1'
+  config.api_version = '2013-01-01' # rawscsi only supports api version 2013-01-01
+  config.access_key_id = '7386b16f9bee30d6e5a98786'
+  config.secret_key = 'af86958e6919a03713408fd9'
+end
+```
+
 ### Uploading indices
 ```ruby
 song_indexer = Rawscsi::Index.new('Song', :active_record => true)
@@ -309,6 +323,18 @@ search_songs.search(q: {and: [{artist: "Beatles"}]},
                     limit: 5)
 ```
 
+## Request signing
+
+[Signature V4 guide from Amazon](http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html)
+
+Request signature is created by `Rawscsi::RequestSignature` class with simple public api with only a few methods:
+
++ `#initialize` - accepts the hash with the data of request to sign. 
+Required keys are `:secret_key`, `:access_key_id`, `:region_name`, `:endpoint`, `:method`, `:host`. 
+Optional keys are `:debug`, `:payload`, `:service_name`, `:headers`, `:query`.
+
++ `#build` - calculates and returns the hash with `:signature` key containing the headers to include in request.
+If `:debug` is passed on object creation, it also provides the debug data in `:debug` key, including of results of intermidiate steps.
 
 ## Contributing
 

data/lib/rawscsi/index.rb

@@ -52,6 +52,21 @@ module Rawscsi
         req.url "#{config.api_version}/documents/batch"
         req.headers["Content-type"] = "application/json"
         req.body = payload.to_json
+        if config.secret_key && config.access_key_id
+          signature = RequestSignature.new({
+            secret_key: config.secret_key,
+            access_key_id: config.access_key_id,
+            region_name: config.region,
+            endpoint: "/#{req.path}",
+            method: req.method.to_s.upcase,
+            headers: req.headers,
+            host: connection.url_prefix.hostname,
+            payload: req.body,
+          }).build
+          signature[:headers].each do |name, value|
+            req.headers[name] = value
+          end
+        end
       end
       resp.body
     end

data/lib/rawscsi/index_helpers/connection.rb

@@ -7,7 +7,7 @@ module Rawscsi
       attr_reader :url
       
       def initialize(config)
-        @url= "http://doc-#{config.domain_name}-#{config.domain_id}.#{config.region}.cloudsearch.amazonaws.com"
+        @url = config.index_domain || "http://doc-#{config.domain_name}-#{config.domain_id}.#{config.region}.cloudsearch.amazonaws.com"
       end
 
       def build

data/lib/rawscsi/request_signature.rb

@@ -0,0 +1,165 @@
+module Rawscsi
+  class RequestSignature
+    def initialize(options)
+      required_attributes_missing = []
+      require_attribute = lambda do |name|
+        return options[name] if options.has_key?(name) 
+        required_attributes_missing << name
+        nil 
+      end
+      
+      self.secret_key = require_attribute[:secret_key]
+      self.access_key_id = require_attribute[:access_key_id]
+      self.region_name = require_attribute[:region_name]
+      self.endpoint = require_attribute[:endpoint]
+      self.method = require_attribute[:method]
+      self.host = require_attribute[:host]
+
+      unless required_attributes_missing.size == 0
+        raise "#{required_attributes_missing.join(',')} attributes required for a request signature"
+      end
+
+      self.debug_mode = options[:debug] || false  
+      self.payload = options[:payload] || ''
+      self.service_name = options[:service_name] || 'cloudsearch'
+      self.headers = extract_headers(options)
+      self.query = options[:query] || ''
+    end
+
+    def build
+      result_headers = default_headers.dup
+      result_headers['Authorization'] = "#{algo} Credential=#{access_key_id}/#{credential}, SignedHeaders=#{canonical_headers_names_string}, Signature=#{signature}"
+
+      result = { 
+        headers: result_headers, 
+      }
+
+      if debug_mode
+        result[:debug] = debug_data
+      end
+
+      result
+    end
+
+    private
+
+    def extract_headers(options)
+      return default_headers unless opt_headers = options[:headers] 
+      opt_headers.to_h.merge(default_headers)
+    end
+
+    def debug_data
+      {
+        canonical_request: canonical_request,
+        payload_digest: payload_digest,
+        canonical_request_digest: canonical_request_digest,
+        string_to_sign: string_to_sign,
+        signature: signature,
+        signed_headers: canonical_headers_names_string,
+        payload: payload,
+      }
+    end
+
+    attr_accessor :secret_key,
+      :access_key_id, 
+      :headers,
+      :payload,
+      :region_name, 
+      :service_name,
+      :method,
+      :endpoint,
+      :query,
+      :host,
+      :debug_mode
+
+    def signature 
+      OpenSSL::HMAC.hexdigest('sha256', signature_key, string_to_sign)
+    end
+    
+    def algo
+      'AWS4-HMAC-SHA256'
+    end
+
+    def default_headers
+      {
+        'X-Amz-Date' => amz_datetime,
+        'Host' => host,
+      }
+    end
+
+    def signature_key
+      k_date    = OpenSSL::HMAC.digest('sha256', "AWS4" + secret_key, date)
+      k_region  = OpenSSL::HMAC.digest('sha256', k_date, region_name)
+      k_service = OpenSSL::HMAC.digest('sha256', k_region, service_name)
+      k_signing = OpenSSL::HMAC.digest('sha256', k_service, "aws4_request")
+
+      k_signing
+    end
+
+    def datetime
+      @datetime ||= Time.now.utc
+    end
+
+    def amz_datetime
+      datetime.strftime('%Y%m%dT%H%M%SZ')
+    end
+
+    def date
+      datetime.strftime('%Y%m%d')
+    end
+
+    def credential
+      "#{date}/#{region_name}/cloudsearch/aws4_request"
+    end
+
+    def string_to_sign
+      [
+        algo,
+        amz_datetime,
+        credential,
+        canonical_request_digest,
+      ].join("\n")
+    end
+
+    def canonical_query_string
+      # @NOTE gsubs are here because AWS expects us to escape everything but #encode_www_form encodes space as "+"
+      @canonical_query_string = URI.encode_www_form(CGI::parse(query).to_a.sort { |a, b| a.first <=> b.first }).gsub('+', '%20').gsub('*', '%2A')
+    end
+
+    def canonical_headers_names_string
+      canonical_headers.map(&:first).join(';')
+    end
+
+    def canonical_headers
+      @canonical_headers ||= headers.to_a.group_by(&:first).map do |name, values|
+        canonical_values = values.map(&:last).map do |value|
+          value.to_s.first == '"' ? value : value.squeeze(' ')
+        end
+        [ name.to_s.downcase, canonical_values.join(',') ]
+      end.sort { |a, b| a.first <=> b.first }
+    end
+
+    def canonical_headers_string
+      canonical_headers.map { |header| header.join(':') }.join("\n") + "\n"
+    end
+
+    def payload_digest
+      @payload_digest ||= OpenSSL::Digest::SHA256.hexdigest(payload) 
+    end
+
+    def canonical_request
+      @canonical_request ||= [ 
+        method,
+        endpoint,
+        canonical_query_string,
+        canonical_headers_string,
+        canonical_headers_names_string,
+        payload_digest,
+      ].join("\n")
+    end
+
+    def canonical_request_digest
+      @canonical_request_digest ||= OpenSSL::Digest::SHA256.hexdigest(canonical_request)
+    end
+  end
+end

data/lib/rawscsi/search.rb

@@ -24,24 +24,49 @@ module Rawscsi
     end
 
     private
+    def url_schema
+      config.use_https ? 'https' : 'http'
+    end
+
+    def canonical_url
+      "/#{config.api_version}/search"
+    end
+
+    def search_domain
+      config.search_domain || "search-#{config.domain_name}-#{config.domain_id}.#{config.region}.cloudsearch.amazonaws.com"
+    end
+
     def url(query)
       [
-        "http://search-",
-        "#{config.domain_name}-",
-        "#{config.domain_id}.",
-        "#{config.region}.",
-        "cloudsearch.amazonaws.com/",
-        "#{config.api_version}/",
-        "search?",
+        "#{url_schema}",
+        "://",
+        "#{search_domain}",
+        "#{canonical_url}",
+        '?',
         query
       ].join
     end
 
     def send_request_to_aws(query)
       url_query = url(query)
-      HTTParty.get(url_query)
+      
+      signature = if config.access_key_id && config.secret_key
+                  Rawscsi::RequestSignature.new({
+                    secret_key: config.secret_key,
+                    access_key_id: config.access_key_id,
+                    region_name: config.region,
+                    endpoint: canonical_url,
+                    query: query,
+                    method: 'GET',
+                    host: search_domain,
+                  }).build
+                else
+                  {}
+                end
+      HTTParty.get(url_query, headers: signature[:headers])
     end
 
+
     def results_container(response)
       if is_active_record
         Rawscsi::SearchHelpers::ResultsActiveRecord.new(response, model)

data/lib/rawscsi/version.rb

@@ -1,3 +1,3 @@
 module Rawscsi
-  VERSION = "1.3.1"
+  VERSION = "1.4.1"
 end

data/lib/rawscsi.rb

@@ -1,10 +1,11 @@
 $:.unshift(File.expand_path("../", __FILE__))
 
 module Rawscsi
-  autoload :VERSION,       'rawscsi/version'
-  autoload :Base,          'rawscsi/base'
-  autoload :Search,        'rawscsi/search'
-  autoload :Index,         'rawscsi/index'
+  autoload :VERSION,            'rawscsi/version'
+  autoload :Base,               'rawscsi/base'
+  autoload :RequestSignature,   'rawscsi/request_signature'
+  autoload :Search,             'rawscsi/search'
+  autoload :Index,              'rawscsi/index'
 
   module Query
     autoload :Simple,      "rawscsi/query/simple"
@@ -37,7 +38,12 @@ module Rawscsi
       :region,
       :api_version,
       :attributes,
-      :batch_size
+      :batch_size,
+      :use_https,
+      :access_key_id,
+      :secret_key,
+      :search_domain,
+      :index_domain
   end
   
   def self.register(model)

data/spec/lib/rawscsi/request_signature_spec.rb

@@ -0,0 +1,42 @@
+$root = File.expand_path('../../../../', __FILE__)
+require "#{$root}/spec/spec_helper"
+
+describe Rawscsi::RequestSignature do
+  it "initializes config attrs correctly" do
+    options = {
+      secret_key: "test_secret_key",
+      access_key_id: "test_access_key_id",
+      region_name: "test_region_name",
+      endpoint: "test_endpoint",
+      method: "test_method",
+      host: "test_host"
+    }
+    
+    rs = Rawscsi::RequestSignature.new(options)
+    expect(rs.send(:secret_key)).to eq("test_secret_key")
+    expect(rs.send(:access_key_id)).to eq("test_access_key_id")
+    expect(rs.send(:region_name)).to eq("test_region_name")
+    expect(rs.send(:endpoint)).to eq("test_endpoint")
+    expect(rs.send(:method)).to eq("test_method")
+    expect(rs.send(:host)).to eq("test_host")
+  end
+
+  it "#date and amz_datetime work" do
+    options = {
+      secret_key: "test_secret_key",
+      access_key_id: "test_access_key_id",
+      region_name: "test_region_name",
+      endpoint: "test_endpoint",
+      method: "test_method",
+      host: "test_host"
+    }
+    
+    rs = Rawscsi::RequestSignature.new(options)
+    date = rs.send(:date)
+    amz_date = rs.send(:amz_datetime)
+
+    expect(/\d{8}/).to match(date)
+    expect(/\d{8}T\d{6}/).to match(amz_date)
+  end
+end
+

metadata

@@ -1,18 +1,20 @@
 --- !ruby/object:Gem::Specification
 name: rawscsi
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.4.1
+  prerelease: 
 platform: ruby
 authors:
 - Steven Li
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-28 00:00:00.000000000 Z
+date: 2015-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -20,6 +22,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -27,20 +30,23 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -48,6 +54,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -55,62 +62,71 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: fakeweb
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>'
+    - - ! '>'
       - !ruby/object:Gem::Version
         version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>'
+    - - ! '>'
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -118,6 +134,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -125,6 +142,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -132,6 +150,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -139,15 +158,17 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Ruby Amazon Web Services Cloud Search Interface
@@ -172,6 +193,7 @@ files:
 - lib/rawscsi/query/compound.rb
 - lib/rawscsi/query/simple.rb
 - lib/rawscsi/query/stringifier.rb
+- lib/rawscsi/request_signature.rb
 - lib/rawscsi/search.rb
 - lib/rawscsi/search_helpers/results_active_record.rb
 - lib/rawscsi/search_helpers/results_hash.rb
@@ -199,6 +221,7 @@ files:
 - spec/lib/rawscsi/index_spec.rb
 - spec/lib/rawscsi/query/compound_spec.rb
 - spec/lib/rawscsi/query/simple_spec.rb
+- spec/lib/rawscsi/request_signature_spec.rb
 - spec/lib/rawscsi/search_spec.rb
 - spec/lib/rawscsi/version_spec.rb
 - spec/rawscsi_spec.rb
@@ -206,26 +229,27 @@ files:
 homepage: https://github.com/stevenjl/rawscsi
 licenses:
 - MIT
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 1.8.23
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Adds service objects to upload and search active record models with AWS Cloud
   Search
 test_files:
@@ -248,6 +272,7 @@ test_files:
 - spec/lib/rawscsi/index_spec.rb
 - spec/lib/rawscsi/query/compound_spec.rb
 - spec/lib/rawscsi/query/simple_spec.rb
+- spec/lib/rawscsi/request_signature_spec.rb
 - spec/lib/rawscsi/search_spec.rb
 - spec/lib/rawscsi/version_spec.rb
 - spec/rawscsi_spec.rb

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 923dce596e8cab8223bc36556fd4e2d0d6103069
-  data.tar.gz: 0a1286047450f52f111b6e271747f37aff77ae5a
-SHA512:
-  metadata.gz: 69cf3c92334604907b0102f5d83fd3b28ce0894f8b055fac24c07e725ff4bda614c2b764dba9746a5020d0ac7a28c1df365d234d43881a7f5f2135c119b49e02
-  data.tar.gz: 8d1495fe10ffbc00b656272da73716deb5bd72a2e21dd978ff6f0c02c7799af1349998f8fe93d43fda76996aa7f2bac1d32930a5abd9cd30e556fb977347e00e