s3_sig_gen 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ad0e1959ce6143a46a32e0b342c73f959d415df0
+  data.tar.gz: cdd125035c1f648bda4c0598755f707724e7360d
+SHA512:
+  metadata.gz: 18779f361c4dca704852497b623d99a30f833c778b19ea0525c281794e9175fe12168df71cc1b93b06d7911669488aa251b6557ac5c69845ba3d88e29b137be6
+  data.tar.gz: a31a70ca14aa63648b3919b5d3475435c14a43a9db29928f863794618911bb73e9a4ee9408387e8583f5f0345d9b2c594163684900a79acd49ebeade6ddf7307

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.rubocop.yml

@@ -0,0 +1,13 @@
+AllCops:
+  TargetRubyVersion: 2.3
+  Exclude:
+    - "**/*.gemspec"
+
+Metrics/LineLength:
+  Max: 145
+
+Style/FrozenStringLiteralComment:
+  EnforcedStyle: never
+
+Style/IndentationConsistency:
+  EnforcedStyle: rails

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in s3_sig_gen.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Michael Diakonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,66 @@
+# S3SigGen
+
+Authenticate requests for browser based direct uploads to AWS S3.
+
+[Direct upload to AWS S3](http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-authentication-HTTPPOST.html)
+
+## Installation
+
+```ruby
+gem 's3_sig_gen', :git => 'git@github.com:diakonovm/s3_sig_gen.git'
+```
+
+## Usage
+
+```ruby
+s3_sig_gen = S3SigGen::Generator.new do |g|
+  g.aws_access_key_id = ENV["AWS_ACCESS_KEY_ID"]
+  g.aws_secret_access_key = ENV["AWS_SECRET_ACCESS_KEY"]
+  g.region = "us-east-1"
+  g.bucket = "sample-bucket"
+  g.key = "sample_key"
+  g.acl = "public-read"
+end
+@signature = s3_sig_gen.signature
+```
+or
+
+```ruby
+options = {
+  aws_access_key_id: ENV["AWS_ACCESS_KEY_ID"],
+  aws_secret_access_key: ENV["AWS_SECRET_ACCESS_KEY"],
+  region: 'us-east-1',
+  bucket: 'sample-bucket',
+  key: 'sample_key',
+  acl: 'public-read'
+}
+s3_sig_gen = S3SigGen::Generator.new(options)
+@signature = s3_sig_gen.signature
+```
+
+``` html
+<!-- views/photos/new.html.erb -->
+
+<form action="https://asdf.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
+  <input type="hidden" name="key" value="<%= @signature["key"] %>" />
+  <input type="hidden" name="acl" value="<%= @signature["acl"] %>" />
+  <!-- <input type="hidden" name="x-amz-server-side-encryption" value="AES256" />  -->
+  <input type="hidden" name="success_action_status" value="<%= @signature["success_action_status"] %>" />
+  <input type="hidden" name="X-Amz-Credential" value="<%= @signature["x-amz-credential"] %>" />
+  <input type="hidden" name="X-Amz-Algorithm" value="<%= @signature["x-amz-algorithm"] %>" />
+  <input type="hidden" name="X-Amz-Date" value="<%= @signature["x-amz-date"] %>" />
+  <input type="hidden" name="Policy" value="<%= @signature["policy"] %>" />
+  <input type="hidden" name="X-Amz-Signature" value="<%= @signature["x-amz-signature"] %>" />
+  File:
+  <input type="file" name="file" /> <br />
+  <input type="submit" name="submit" value="upload"/>
+</form>
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/diakonovm/s3_sig_gen.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 's3_sig_gen'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require 'pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/s3_sig_gen.rb

@@ -0,0 +1,2 @@
+require 's3_sig_gen/version'
+require 's3_sig_gen/generator'

data/lib/s3_sig_gen/generator.rb

@@ -0,0 +1,82 @@
+require 'base64'
+require 'json'
+require 'openssl'
+require 'open-uri'
+require 'time'
+
+module S3SigGen
+  class Generator
+    attr_accessor :aws_access_key_id, :aws_secret_access_key, :region, :bucket, :key, :acl, :server_side_encryption
+
+    def initialize options = {}
+      @aws_access_key_id = options[:aws_access_key_id]
+      @aws_secret_access_key = options[:aws_secret_access_key]
+      @region = options[:region] || 'us-east-1'
+      @bucket = options[:bucket]
+      @key = options[:key]
+      @acl = options[:acl] || 'public-read'
+      @server_side_encryption = options[:server_side_encryption] || false
+
+      yield self if block_given?
+    end
+
+    def signature
+      build_signature
+    end
+
+    private
+
+      def build_signature
+        unencoded_policy = {}
+        unencoded_policy['expiration'] = expiration
+        unencoded_policy['conditions'] = []
+        unencoded_policy['conditions'] << { 'acl': @acl }
+        unencoded_policy['conditions'] << { 'bucket': @bucket }
+        unencoded_policy['conditions'] << { 'key': @key }
+        unencoded_policy['conditions'] << { 'success_action_status': '200' }
+        unencoded_policy['conditions'] << { 'x-amz-algorithm': 'AWS4-HMAC-SHA256' }
+        unencoded_policy['conditions'] << { 'x-amz-credential':  x_amz_credential }
+        unencoded_policy['conditions'] << { 'x-amz-date':  x_amz_date }
+        unencoded_policy['conditions'] << { 'x-amz-server-side-encryption': 'AES256' } if @server_side_encryption
+
+        base64_encoded_policy = base64_encode unencoded_policy.to_json
+        signed_policy = sign_policy base64_encoded_policy
+
+        signature = {}
+        signature['acl'] = unencoded_policy['conditions'][0][:acl]
+        signature['key'] = unencoded_policy['conditions'][2][:key]
+        signature['success_action_status'] = unencoded_policy['conditions'][3][:success_action_status]
+        signature['policy'] = base64_encoded_policy.to_s
+        signature['x-amz-algorithm'] = unencoded_policy['conditions'][4]['x-amz-algorithm'.to_sym]
+        signature['x-amz-credential'] = unencoded_policy['conditions'][5]['x-amz-credential'.to_sym]
+        signature['x-amz-date'] = unencoded_policy['conditions'][6]['x-amz-date'.to_sym]
+        signature['x-amz-server-side-encryption'] = unencoded_policy['conditions'][7]['x-amz-server-side-encryption'.to_sym] if @server_side_encryption
+        signature['x-amz-signature'] = signed_policy
+        signature
+      end
+
+      def expiration
+        (Time.now + (5 * 60 * 1000)).utc.iso8601.to_s
+      end
+
+      def x_amz_credential
+        "#{@aws_access_key_id}/#{Date.today.to_s.delete('-')}/#{@region}/s3/aws4_request"
+      end
+
+      def x_amz_date
+        "#{Date.today.to_s.delete('-')}T000000Z"
+      end
+
+      def base64_encode string
+        Base64.strict_encode64 string
+      end
+
+      def sign_policy policy
+        signing_key = OpenSSL::HMAC.digest('sha256', "AWS4#{@aws_secret_access_key}", Date.today.to_s.delete('-'))
+        signing_key = OpenSSL::HMAC.digest('sha256', signing_key, @region)
+        signing_key = OpenSSL::HMAC.digest('sha256', signing_key, 's3')
+        signing_key = OpenSSL::HMAC.digest('sha256', signing_key, 'aws4_request')
+        OpenSSL::HMAC.hexdigest('sha256', signing_key, policy)
+      end
+  end
+end

data/lib/s3_sig_gen/version.rb

@@ -0,0 +1,3 @@
+module S3SigGen
+  VERSION = '0.2.0'.freeze
+end

data/s3_sig_gen.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 's3_sig_gen/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "s3_sig_gen"
+  spec.version       = S3SigGen::VERSION
+  spec.authors       = ["Michael Diakonov"]
+  spec.email         = ["diakonov.m@gmail.com"]
+  spec.homepage      = ""
+  spec.summary       = %q{AWS Version 4 signatures for authenticated HTTP POST uploads to AWS S3}
+  spec.description   = %q{}
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.15"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rubocop", '~> 0.47.0', '< 0.49'
+
+end

metadata

@@ -0,0 +1,119 @@
+--- !ruby/object:Gem::Specification
+name: s3_sig_gen
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Michael Diakonov
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-09-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.47.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.47.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+description: ''
+email:
+- diakonov.m@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/s3_sig_gen.rb
+- lib/s3_sig_gen/generator.rb
+- lib/s3_sig_gen/version.rb
+- s3_sig_gen.gemspec
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: AWS Version 4 signatures for authenticated HTTP POST uploads to AWS S3
+test_files: []