request_signing-rack 0.1.0.pre1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/request_signing/rack.rb +90 -0
- metadata +74 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 990891400b8e0e83e423d658dc26026259a4fe7c
|
|
4
|
+
data.tar.gz: 200fd6b4d5f2361fdcd6bd8461fa15ce609a307e
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: ac88f6d1a7d976524e17977da1ee15fe6be800a1cbcb1d61fd1e58b848aa1e6a5fe1d1c0f94c6794ec8ea9365c53d337f1daf2e3824183a0eec4944a51635cf1
|
|
7
|
+
data.tar.gz: 71b8c0efbda1713f60dd16ae1184921b8ab436d4b8b1424d8cec81e0e1989aacd5a317e11eba27b659f1fe632a1a990a83f8a7197af0c857bdaf11ce4d877b9d
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
require "rack/request"
|
|
2
|
+
require "request_signing"
|
|
3
|
+
|
|
4
|
+
module RequestSigning
|
|
5
|
+
module Adapters
|
|
6
|
+
|
|
7
|
+
# Registers `:rack` adapter for user with {RequestSigning::Verifier}
|
|
8
|
+
#
|
|
9
|
+
# @example
|
|
10
|
+
# v = RequestSigning::Verifier.new(adapter: :rack, key_store: key_store)
|
|
11
|
+
class Rack
|
|
12
|
+
def call(rack_request_env)
|
|
13
|
+
rack_request = ::Rack::Request.new(rack_request_env)
|
|
14
|
+
headers =
|
|
15
|
+
rack_request.each_header.select do |h, _|
|
|
16
|
+
h.start_with?("HTTP_") || %w[CONTENT_TYPE CONTENT_LENGTH].include?(h)
|
|
17
|
+
end.map do |h, v|
|
|
18
|
+
[h.gsub(/\AHTTP_/, "").gsub(/_/, "-").downcase, Array(v)]
|
|
19
|
+
end.to_h
|
|
20
|
+
|
|
21
|
+
GenericHTTPRequest.new(
|
|
22
|
+
rack_request.request_method.downcase,
|
|
23
|
+
rack_request.fullpath,
|
|
24
|
+
headers
|
|
25
|
+
)
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
register_adapter :rack, ->() { Adapters::Rack.new }
|
|
30
|
+
|
|
31
|
+
module Rack
|
|
32
|
+
|
|
33
|
+
##
|
|
34
|
+
# Provides rack middleware for request signature verification
|
|
35
|
+
#
|
|
36
|
+
# @example common use case
|
|
37
|
+
# key_store = RequestSigning::KeyStores::Static.new(
|
|
38
|
+
# "app_1.v1" => ENV["APP_1_PUBKEY"],
|
|
39
|
+
# "app_2.v1" => ENV["APP_2_PUBKEY"],
|
|
40
|
+
# )
|
|
41
|
+
# use RequestSigning::Rack::Middleware, key_store: key_store
|
|
42
|
+
#
|
|
43
|
+
# @example custom error handling
|
|
44
|
+
# key_store = RequestSigning::KeyStores::Static.new(
|
|
45
|
+
# "app_1.v1" => ENV["APP_1_PUBKEY"],
|
|
46
|
+
# "app_2.v1" => ENV["APP_2_PUBKEY"],
|
|
47
|
+
# )
|
|
48
|
+
# logger = Logger.new(STDOUT)
|
|
49
|
+
#
|
|
50
|
+
# use RequestSigning::Rack::Middleware, key_store: key_store do |error, env, app|
|
|
51
|
+
# case error
|
|
52
|
+
# when RequestSigning::KeyNotFound, RequestSigning::MissingSignatureHeader
|
|
53
|
+
# # Useful during transition period while some clients still don't sign requests
|
|
54
|
+
# logger.debug("skipping signature verification: #{error}")
|
|
55
|
+
# app.call(env)
|
|
56
|
+
# else
|
|
57
|
+
# logger.error(error)
|
|
58
|
+
# [401, { "Content-Type" => "application/json" }, [%q({"error": "signature verification error"})]]
|
|
59
|
+
# end
|
|
60
|
+
# end
|
|
61
|
+
##
|
|
62
|
+
class Middleware
|
|
63
|
+
##
|
|
64
|
+
# @overload initialize(app, key_store:)
|
|
65
|
+
# @param app [#call] underlying rack app
|
|
66
|
+
# @param key_store [#fetch, #key?] verification key repository
|
|
67
|
+
# @raise [RequestSigning::Error] request signature verification error
|
|
68
|
+
#
|
|
69
|
+
# @overload initialize(app, key_store:)
|
|
70
|
+
# @param app [#call] underlying rack app
|
|
71
|
+
# @param key_store [#fetch, #key?] verification key repository
|
|
72
|
+
# @yieldparam err [RequestSigning::Error] signature verification error object
|
|
73
|
+
# @yieldparam env [Rack::Request::Env] rack request
|
|
74
|
+
# @yieldparam app [#call] the underlying rack app
|
|
75
|
+
##
|
|
76
|
+
def initialize(app, key_store:, &block)
|
|
77
|
+
@app = app
|
|
78
|
+
@verifier = RequestSigning::Verifier.new(adapter: :rack, key_store: key_store)
|
|
79
|
+
@block = block || proc { |err, _, _| raise err if err }
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
def call(env)
|
|
83
|
+
@verifier.verify!(env)
|
|
84
|
+
@app.call(env)
|
|
85
|
+
rescue RequestSigning::Error => e
|
|
86
|
+
@block.call(e, env, @app)
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: request_signing-rack
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0.pre1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Vlad Yarotsky
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2017-10-27 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: request_signing
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - '='
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 0.1.0.pre1
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - '='
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 0.1.0.pre1
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: rack
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '2.0'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '2.0'
|
|
41
|
+
description: Rack middleware for request signature verification based on request_signing
|
|
42
|
+
email:
|
|
43
|
+
- vlad@remind101.com
|
|
44
|
+
executables: []
|
|
45
|
+
extensions: []
|
|
46
|
+
extra_rdoc_files: []
|
|
47
|
+
files:
|
|
48
|
+
- lib/request_signing/rack.rb
|
|
49
|
+
homepage: https://github.com/remind101/request_signing
|
|
50
|
+
licenses:
|
|
51
|
+
- MIT
|
|
52
|
+
metadata:
|
|
53
|
+
yard.run: yri
|
|
54
|
+
post_install_message:
|
|
55
|
+
rdoc_options: []
|
|
56
|
+
require_paths:
|
|
57
|
+
- lib
|
|
58
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
59
|
+
requirements:
|
|
60
|
+
- - ">="
|
|
61
|
+
- !ruby/object:Gem::Version
|
|
62
|
+
version: '0'
|
|
63
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - ">"
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: 1.3.1
|
|
68
|
+
requirements: []
|
|
69
|
+
rubyforge_project:
|
|
70
|
+
rubygems_version: 2.6.8
|
|
71
|
+
signing_key:
|
|
72
|
+
specification_version: 4
|
|
73
|
+
summary: Rack middleware for request signature verification
|
|
74
|
+
test_files: []
|