restful_api_authentication 0.1.0

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Change History / Release Notes
+
+## Version 0.1.0
+
+Initial release. See README.md for details.

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in restful_api_authentication.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 David Kiger
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,121 @@
+# RestfulApiAuthentication
+
+RestfulApiAuthentication is a gem which implements a standard api_key/secret authentication system for your Ruby on Rails RESTful web services.
+
+With most RESTful Web API's, it is important to know which app is using your resources and that only the apps you allow access those resources. This gem allows you to easily add this layer of authentication to any Rails RESTful resource you want, and it even includes protection against various forms of attack.
+
+## Requirements
+
+1. Rails 3.2.0+
+2. ActiveRecord database (sqlite, MySQL, etc.)
+
+## Dependencies
+
+1. Rails 3.2.0+
+2. UUID Gem 2.3.5+
+3. Chronic Gem 0.6.7+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'restful_api_authentication'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install restful_api_authentication
+
+Run Rails generator:
+
+    $ rails g restful_api_authentication:install
+
+Run the migration task:
+
+    $ rake db:migrate
+
+Update the configuration (if you like) by editing the `config/restful_api_authentication.yml` file.
+
+## Usage
+
+### How It Works From A Client's Perspective
+
+Before anyone can use a resource which is protected using this gem, that person/app must have a valid API key and secret. These are generated and stored as a RestClient model in your app. The easiest way to generate this is to use the Rails console:
+
+```ruby
+new_app = RestClient.create(:name => "My New App", :description => "This is my new application that will access my RESTful API.")
+new_app.api_key
+new_app.secret
+```
+
+In order to authenticate with your web service, the new application must include the following HTTP headers with each request:
+* x-timestamp
+* x-api-key
+* x-signature
+
+The x-timestamp should be the date and time the request is sent. It should be in UTC time and be formatted as "YYYY-MM-DD HH:MM:SS UTC". For example: `2012-03-31 15:37:32 UTC`
+
+The x-api-key should be the same as the API key generated above. It should look something like `0f0721f0-5cc9-012f-c884-68a86d3dfd0`.
+
+The x-signature is generated by concatenating the secret generated above, the API request URL, and the x-timestamp into a single string and then using the SHA256 hash algorithm to generate a hash of this string. The x-signature is this hash.
+
+Here is an example in Ruby code using the HTTParty gem:
+
+```ruby
+require 'httparty'
+require 'digest/sha2'
+
+class MyTestApi
+  include HTTParty
+
+  API_KEY = "e4a80df0-5cca-012f-c884-68a86d3dfd02"
+  SECRET = "473287f8298dba7163a897908958f7c0eae733e25d2e027992ea2edc9bed2fa8"
+  
+  def auth_headers(request_uri)
+    timestamp = Time.now.utc.strftime "%Y-%m-%d %H:%M:%S UTC"
+    signature_string = SECRET + request_uri + timestamp
+    digest = Digest::SHA256.new << signature_string
+    signature = digest.to_s
+    { "x-api-key" => API_KEY, "x-timestamp" => timestamp, "x-signature" => signature }
+  end
+  
+  def authenticate_test
+    request_uri = "https://api.mywebservice.com/help/authenticate"
+    self.class.post(request_uri, { :headers => auth_headers(request_uri) })
+  end
+
+end
+
+api = MyTestApi.new
+result = api.authenticate_test
+puts result.inspect
+```
+
+### Configuration
+
+In the `config/restful_api_authentication.yml` file you will find several things that you can change. The defaults are usually fine for most cases.
+
+### Requiring Authentication
+
+To require authentication for a specific resource (controller) of your RESTful web service, add this at the top of your controller just under where you open the controller class:
+
+```ruby
+include RestfulApiAuthentication
+respond_to :json, :xml
+before_filter :authenticated?
+```
+
+If you want to protect your entire web service, add those same lines to your ApplicationController class.
+
+If the headers are not provided or the application fails to authenticate, your web service will deliver a 401 Unauthorized response.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"

data/lib/generators/restful_api_authentication/install/install_generator.rb

@@ -0,0 +1,56 @@
+# encoding: utf-8
+
+# Copyright (c) 2012 David Kiger
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'rails/generators/migration'
+
+module RestfulApiAuthentication
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path('../templates', __FILE__)
+      desc "This generator installs a restful_api_authentication.yml file, creates a RestClient model, and generates migrations for the RestfulApiAuthentication gem."
+      
+      def self.next_migration_number(path)
+        unless @prev_migration_nr
+          @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+        else
+          @prev_migration_nr += 1
+        end
+        @prev_migration_nr.to_s
+      end
+      
+      def copy_migrations
+        migration_template "create_rest_client.rb", "db/migrate/create_rest_client.rb"
+      end
+      
+      def copy_the_config_file
+        copy_file "restful_api_authentication.yml", "config/restful_api_authentication.yml"
+      end
+      
+      def copy_the_rest_client_model
+        copy_file "rest_client.rb", "app/models/rest_client.rb"
+      end
+      
+    end
+  end
+end

data/lib/generators/restful_api_authentication/install/templates/create_rest_client.rb

@@ -0,0 +1,12 @@
+class CreateRestClient < ActiveRecord::Migration
+  def change
+    create_table :rest_clients do |t|
+      t.string :name
+      t.text :description
+      t.string :api_key
+      t.string :secret
+      t.boolean :is_master
+      t.timestamps
+    end
+  end
+end

data/lib/generators/restful_api_authentication/install/templates/rest_client.rb

@@ -0,0 +1,36 @@
+class RestClient < ActiveRecord::Base
+  
+  validates :name, :presence => true
+  validates :description, :presence => true
+  validates :api_key, :presence => true, :uniqueness => true
+  validates :secret, :presence => true
+  
+  # white list fields for mass assignment
+  attr_accessible :name, :description
+
+  # set default values on save
+  before_validation :set_defaults
+
+  # generates a new API key
+  def gen_api_key
+    u = UUID.new
+    self.api_key = u.generate
+  end
+  
+  # generates a new secret
+  def gen_secret
+    u = UUID.new
+    d = Digest::SHA256.new << u.generate
+    self.secret = d.to_s
+  end
+  
+  private
+  
+    def set_defaults
+      self.gen_api_key if self.api_key.nil? || self.api_key == ""
+      self.gen_secret if self.secret.nil? || self.secret == ""
+      self.is_master = false if self.is_master.nil?
+      return true
+    end
+
+end

data/lib/generators/restful_api_authentication/install/templates/restful_api_authentication.yml

@@ -0,0 +1,18 @@
+defaults: &DEFAULTS
+  request_window: 10 # request window in minutes - between 5 and 10 is usually best; must be at least 2
+  header_names:      # names of HTTP headers that must be sent on all requests requiring authentication
+    timestamp: "x-timestamp"
+    signature: "x-signature"
+    api_key: "x-api-key"
+
+test:
+  <<: *DEFAULTS
+  
+cucumber:
+  <<: *DEFAULTS
+  
+development:
+  <<: *DEFAULTS
+  
+production:
+  <<: *DEFAULTS

data/lib/restful_api_authentication.rb

@@ -0,0 +1,56 @@
+# encoding: utf-8
+
+# Copyright (c) 2012 David Kiger
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'digest'
+require 'chronic'
+require 'rails'
+require File.expand_path('../restful_api_authentication/version.rb', __FILE__)
+require File.expand_path('../restful_api_authentication/checker.rb', __FILE__)
+require File.expand_path('../restful_api_authentication/railtie.rb', __FILE__)
+
+module RestfulApiAuthentication
+
+  # before filter to ensure the request has valid client authentication headers
+  # returns a 401 not authorized if the authentication headers are missing or invalid
+  def authenticated?
+    checker = RestfulApiAuthentication::Checker.new(request.headers, request.fullpath)
+    if checker.authorized?
+      return true
+    else
+      respond_with(["not authorized"], :status => 401, :location => nil)
+    end
+  end
+
+  # before filter to ensure the request has valid client authentication headers
+  # client must have is_master flag set to true to pass authentication
+  # returns a 401 not authorized if the authentication headers are missing or invalid
+  def authenticated_master?
+    checker = RestfulApiAuthentication::Checker.new(request.headers, request.fullpath, :require_master => true)
+    if checker.authorized?
+      return true
+    else
+      respond_with(["not authorized"], :status => 401, :location => nil)
+    end
+  end
+
+end

data/lib/restful_api_authentication/checker.rb

@@ -0,0 +1,83 @@
+# encoding: utf-8
+
+# Copyright (c) 2012 David Kiger
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RestfulApiAuthentication
+  class Checker
+    cattr_accessor :header_timestamp, :header_signature, :header_api_key, :time_window
+    attr_accessor :http_headers, :request_uri
+    
+    def initialize(http_headers, request_uri)
+      @http_headers = http_headers
+      @request_uri = request_uri
+    end
+
+    # Checks if the current request passes authorization
+    def authorized?(options = {})
+      raise "Configuration values not found. Please run rails g restful_api_authentication:install to generate a config file." if @@header_timestamp.nil? || @@header_signature.nil? || @@header_api_key.nil? || @@time_window.nil?
+      return_val = false
+      if headers_have_values? && in_time_window?
+        if (options[:require_master] == true)
+          return_val = true if test_hash == @http_headers[@@header_signature] && is_master?
+        else
+          return_val = true if test_hash == @http_headers[@@header_signature]
+        end
+      end
+      return_val
+    end
+
+    private
+
+      # determines if a RestClient has master privileges or not
+      def is_master?
+        client = RestClient.where(:api_key => @http_headers[@@header_api_key]).first
+        client.is_master
+      end
+
+      # determines if given timestamp is within a specific window of minutes
+      def in_time_window?
+        @@time_window = 4 if @@time_window < 4
+        minutes = (@@time_window / 2).floor
+        ts = Chronic.parse @http_headers[@@header_timestamp]
+        before = Time.now.utc - 60*minutes
+        after = Time.now.utc + 60*minutes
+        ts > before && ts < after
+      end
+
+      # checks that incoming parameters have the keys we expect
+      def headers_have_values?
+        !@http_headers[@@header_api_key].nil? && !@http_headers[@@header_signature].nil? && !@http_headers[@@header_timestamp].nil?
+      end
+
+      # generates the string that is hashed to produce the signature
+      def str_to_hash
+        client = RestClient.where(:api_key => @http_headers[@@header_api_key]).first
+        client.nil? ? "" : client.secret + @request_uri.gsub( /\?.*/, "" ) + @http_headers[@@header_timestamp]
+      end
+
+      # generates the hash that is compared to the incoming signature
+      def test_hash
+        (Digest::SHA256.new << str_to_hash).to_s
+      end    
+    
+  end
+end

data/lib/restful_api_authentication/railtie.rb

@@ -0,0 +1,41 @@
+# encoding: utf-8
+
+# Copyright (c) 2012 David Kiger
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RestfulApiAuthentication
+  class Railtie < Rails::Railtie
+    initializer "restful_api_authentication_railtie.config_initializer" do
+      if File.exists? Rails.root.join('config', 'restful_api_authentication.yml')
+        config_data = YAML::load_file(Rails.root.join('config', 'restful_api_authentication.yml'))[Rails.env]
+        RestfulApiAuthentication::Checker.time_window      = config_data['request_window']
+        RestfulApiAuthentication::Checker.header_timestamp = config_data['header_names']['timestamp']
+        RestfulApiAuthentication::Checker.header_signature = config_data['header_names']['signature']
+        RestfulApiAuthentication::Checker.header_api_key   = config_data['header_names']['api_key']
+      else
+        RestfulApiAuthentication::Checker.time_window      = nil
+        RestfulApiAuthentication::Checker.header_timestamp = nil
+        RestfulApiAuthentication::Checker.header_signature = nil
+        RestfulApiAuthentication::Checker.header_api_key   = nil
+      end
+    end
+  end
+end

data/lib/restful_api_authentication/version.rb

@@ -0,0 +1,26 @@
+# encoding: utf-8
+
+# Copyright (c) 2012 David Kiger
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RestfulApiAuthentication
+  VERSION = "0.1.0"
+end

data/restful_api_authentication.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/restful_api_authentication/version.rb', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.required_rubygems_version = Gem::Requirement.new(">= 0") if gem.respond_to? :required_rubygems_version=
+  gem.authors       = ["Dave Kiger"]
+  gem.email         = ["davejkiger@gmail.com"]
+  gem.description   = %q{A gem which implements a standard api_key / secret authentication system for your Ruby on Rails RESTful web services.}
+  gem.summary       = %q{With most RESTful Web API's, it is important to know which app is using your resources and that only the apps you allow access those resources. This gem allows you to easily add this layer of authentication to any Rails RESTful resource you want, and it even includes protection against various forms of attack.}
+  gem.homepage      = "https://github.com/davejkiger/restful_api_authentication"
+
+  #gem.files         = `git ls-files`.split($\)
+  gem.files         = Dir.glob("{bin,lib}/**/*") + %w(CHANGELOG.md Gemfile LICENSE Rakefile README.md restful_api_authentication.gemspec)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "restful_api_authentication"
+  gem.require_paths = ["lib"]
+  gem.version       = RestfulApiAuthentication::VERSION
+
+  gem.add_runtime_dependency(%q<rails>, [">= 3.2.0"])
+  gem.add_runtime_dependency(%q<uuid>, [">= 2.3.5"])
+  gem.add_runtime_dependency(%q<chronic>, [">= 0.6.7"])
+end

metadata

@@ -0,0 +1,96 @@
+--- !ruby/object:Gem::Specification
+name: restful_api_authentication
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Dave Kiger
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: &70290931746180 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: *70290931746180
+- !ruby/object:Gem::Dependency
+  name: uuid
+  requirement: &70290931745340 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.3.5
+  type: :runtime
+  prerelease: false
+  version_requirements: *70290931745340
+- !ruby/object:Gem::Dependency
+  name: chronic
+  requirement: &70290931744600 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.6.7
+  type: :runtime
+  prerelease: false
+  version_requirements: *70290931744600
+description: A gem which implements a standard api_key / secret authentication system
+  for your Ruby on Rails RESTful web services.
+email:
+- davejkiger@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/generators/restful_api_authentication/install/install_generator.rb
+- lib/generators/restful_api_authentication/install/templates/create_rest_client.rb
+- lib/generators/restful_api_authentication/install/templates/rest_client.rb
+- lib/generators/restful_api_authentication/install/templates/restful_api_authentication.yml
+- lib/restful_api_authentication/checker.rb
+- lib/restful_api_authentication/railtie.rb
+- lib/restful_api_authentication/version.rb
+- lib/restful_api_authentication.rb
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- Rakefile
+- README.md
+- restful_api_authentication.gemspec
+homepage: https://github.com/davejkiger/restful_api_authentication
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.17
+signing_key: 
+specification_version: 3
+summary: With most RESTful Web API's, it is important to know which app is using your
+  resources and that only the apps you allow access those resources. This gem allows
+  you to easily add this layer of authentication to any Rails RESTful resource you
+  want, and it even includes protection against various forms of attack.
+test_files: []