sha256_seal 0.1.1 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.md +21 -0
- data/README.md +128 -0
- data/lib/sha256_seal.rb +41 -0
- metadata +96 -39
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 315fdea0ce5a82dd8d67b01d083282acee522f691cc3f0aa9b1325efb3ee0866
|
4
|
+
data.tar.gz: a261366546c346d3e24e3ac1eae6d2d54ef7f01ed54a1fa157d2977c2e60bf92
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ab1a96fb6978c03e74d0648bcc4c9c79c272ad8ee91ae11794f179c401ce61e0a9414436f22b3195e929fc4580f7dbff5324dc02eecb7b6e6da9270fb850a6f5
|
7
|
+
data.tar.gz: 7a8cdedec7048247f4600cbaa9d84f3060223f45632eb0bd07111fbc19458a37212ea94df3cc7f973d26d6a3e4764e7425e542a4a55a7ba898f0dfe02dd58c05
|
data/LICENSE.md
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2017-2021 Cyril Kato
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,128 @@
|
|
1
|
+
# Sha256 Seal 🔏
|
2
|
+
|
3
|
+
A tiny library to sign documents, and check their integrity.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
gem "sha256_seal"
|
11
|
+
```
|
12
|
+
|
13
|
+
And then execute:
|
14
|
+
|
15
|
+
$ bundle
|
16
|
+
|
17
|
+
Or install it yourself as:
|
18
|
+
|
19
|
+
$ gem install sha256_seal
|
20
|
+
|
21
|
+
## Usage
|
22
|
+
|
23
|
+
Sign values and verify signatures of values.
|
24
|
+
|
25
|
+
## Example
|
26
|
+
|
27
|
+
In the context of a Web application, CSRF tokens could be embedded in URLs.
|
28
|
+
|
29
|
+
```ruby
|
30
|
+
SECRET = "secret".freeze
|
31
|
+
|
32
|
+
document_string = "/.__SIGNATURE_HERE__/accounts/42?editable=false"
|
33
|
+
signature_field = "__SIGNATURE_HERE__"
|
34
|
+
|
35
|
+
builder = Sha256Seal::Builder.new(document_string, SECRET, signature_field)
|
36
|
+
builder.signed_value? # => false
|
37
|
+
builder.signed_value # => "/.a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db/accounts/42?editable=false"
|
38
|
+
|
39
|
+
document_string = "/.a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db/accounts/42?editable=false"
|
40
|
+
signature_field = "a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db"
|
41
|
+
|
42
|
+
builder = Sha256Seal::Builder.new(document_string, SECRET, signature_field)
|
43
|
+
builder.signed_value? # => true
|
44
|
+
builder.signed_value # => "/.a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db/accounts/42?editable=false"
|
45
|
+
|
46
|
+
document_string = "/.a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db/accounts/42?editable=true"
|
47
|
+
signature_field = "a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db"
|
48
|
+
|
49
|
+
builder = Sha256Seal::Builder.new(document_string, SECRET, signature_field)
|
50
|
+
builder.signed_value? # => false
|
51
|
+
builder.signed_value # => "/.babd3a90b6bc2a4c0c7536a0c4804e5430a5a6df27d223c0f0102edb231de590/accounts/42?editable=true"
|
52
|
+
```
|
53
|
+
|
54
|
+
### Rails integration example
|
55
|
+
|
56
|
+
Environment variable:
|
57
|
+
|
58
|
+
```txt
|
59
|
+
CSRF_SECRET_KEY=secret
|
60
|
+
```
|
61
|
+
|
62
|
+
Route:
|
63
|
+
|
64
|
+
```ruby
|
65
|
+
# config/routes.rb
|
66
|
+
Rails.application.routes.draw do
|
67
|
+
scope module: :verified_requests, path: ".:csrf", as: "verified_request" do
|
68
|
+
get "/accounts/:id", to: "accounts#show", as: "account"
|
69
|
+
end
|
70
|
+
end
|
71
|
+
```
|
72
|
+
|
73
|
+
Controller:
|
74
|
+
|
75
|
+
```ruby
|
76
|
+
# app/controllers/verified_requests/base_controller.rb
|
77
|
+
module VerifiedRequests
|
78
|
+
class BaseController < ApplicationController
|
79
|
+
# @see https://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#method-i-verified_request-3F
|
80
|
+
def verified_request?
|
81
|
+
secret = ENV.fetch("CSRF_SECRET_KEY")
|
82
|
+
document_string = request.original_url.force_encoding("utf-8")
|
83
|
+
signature_field = request.path_parameters.fetch(:csrf)
|
84
|
+
|
85
|
+
builder = Sha256Seal::Builder.new(document_string, secret, signature_field)
|
86
|
+
builder.signed_value? || Rails.env.test?
|
87
|
+
end
|
88
|
+
|
89
|
+
def signed_url(route_method, **options)
|
90
|
+
url_route_method = "#{route_method}_url".to_sym
|
91
|
+
incorrect_csrf = "__CSRF_SECRET_KEY__"
|
92
|
+
url_route_string = public_send(url_route_method, csrf: incorrect_csrf, **options)
|
93
|
+
|
94
|
+
replace_incorrect_csrf_by_correct_csrf(url_route_string, incorrect_csrf: incorrect_csrf)
|
95
|
+
end
|
96
|
+
helper_method :signed_url
|
97
|
+
|
98
|
+
def replace_incorrect_csrf_by_correct_csrf(value, incorrect_csrf:)
|
99
|
+
secret = ENV.fetch("CSRF_SECRET_KEY")
|
100
|
+
field = incorrect_csrf
|
101
|
+
builder = Sha256Seal::Builder.new(value, secret, field)
|
102
|
+
value = builder.signed_value
|
103
|
+
field = builder.send(:signature)
|
104
|
+
builder = Sha256Seal::Builder.new(value, secret, field)
|
105
|
+
|
106
|
+
builder.signed_value
|
107
|
+
end
|
108
|
+
end
|
109
|
+
end
|
110
|
+
```
|
111
|
+
|
112
|
+
View:
|
113
|
+
|
114
|
+
```erb
|
115
|
+
# app/views/verified_requests/accounts/show.html.erb
|
116
|
+
|
117
|
+
<%
|
118
|
+
signed_url(:verified_request_account, id: 'bob', admin: true) # => "http://0.0.0.0:5000/.405d7c8f14389c9ae7f1d97ff66699093bf2d89d13b4f4280a35d62f9e616259/accounts/bob?admin=true"
|
119
|
+
%>
|
120
|
+
```
|
121
|
+
|
122
|
+
## Versioning
|
123
|
+
|
124
|
+
__Sha256Seal__ uses [Semantic Versioning 2.0.0](https://semver.org/)
|
125
|
+
|
126
|
+
## License
|
127
|
+
|
128
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/lib/sha256_seal.rb
ADDED
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "digest/sha2"
|
4
|
+
|
5
|
+
# Namespace for the Sha256Seal library.
|
6
|
+
module Sha256Seal
|
7
|
+
# Main class for the Sha256Seal library.
|
8
|
+
class Builder
|
9
|
+
attr_reader :value, :secret, :field
|
10
|
+
|
11
|
+
def initialize(value, secret, field)
|
12
|
+
@value = value.to_s
|
13
|
+
@secret = secret.to_s
|
14
|
+
@field = field.to_s
|
15
|
+
|
16
|
+
i = @value.scan(@field).length
|
17
|
+
|
18
|
+
return if i.equal?(1)
|
19
|
+
|
20
|
+
raise ::ArgumentError, "#{i} #{@field.inspect} occurrences instead of 1."
|
21
|
+
end
|
22
|
+
|
23
|
+
def signed_value
|
24
|
+
value.gsub(field, signature)
|
25
|
+
end
|
26
|
+
|
27
|
+
def signed_value?
|
28
|
+
signature.eql?(field)
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def signature
|
34
|
+
::Digest::SHA256.hexdigest(salt_value)
|
35
|
+
end
|
36
|
+
|
37
|
+
def salt_value
|
38
|
+
value.gsub(field, secret)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
metadata
CHANGED
@@ -1,111 +1,169 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sha256_seal
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Cyril Kato
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-05-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
19
|
+
version: '0'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: fix
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 1.0.0.beta4
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 1.0.0.beta4
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
42
|
name: rake
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
|
-
- - "
|
45
|
+
- - ">="
|
32
46
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
47
|
+
version: '0'
|
34
48
|
type: :development
|
35
49
|
prerelease: false
|
36
50
|
version_requirements: !ruby/object:Gem::Requirement
|
37
51
|
requirements:
|
38
|
-
- - "
|
52
|
+
- - ">="
|
39
53
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
54
|
+
version: '0'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
56
|
+
name: rubocop-md
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
44
58
|
requirements:
|
45
|
-
- - "
|
59
|
+
- - ">="
|
46
60
|
- !ruby/object:Gem::Version
|
47
|
-
version: '0
|
61
|
+
version: '0'
|
48
62
|
type: :development
|
49
63
|
prerelease: false
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
51
65
|
requirements:
|
52
|
-
- - "
|
66
|
+
- - ">="
|
53
67
|
- !ruby/object:Gem::Version
|
54
|
-
version: '0
|
68
|
+
version: '0'
|
55
69
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
70
|
+
name: rubocop-performance
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
58
72
|
requirements:
|
59
|
-
- - "
|
73
|
+
- - ">="
|
60
74
|
- !ruby/object:Gem::Version
|
61
|
-
version: '0
|
75
|
+
version: '0'
|
62
76
|
type: :development
|
63
77
|
prerelease: false
|
64
78
|
version_requirements: !ruby/object:Gem::Requirement
|
65
79
|
requirements:
|
66
|
-
- - "
|
80
|
+
- - ">="
|
67
81
|
- !ruby/object:Gem::Version
|
68
|
-
version: '0
|
82
|
+
version: '0'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
|
-
name: rubocop
|
84
|
+
name: rubocop-rake
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
72
86
|
requirements:
|
73
|
-
- - "
|
87
|
+
- - ">="
|
74
88
|
- !ruby/object:Gem::Version
|
75
|
-
version: '0
|
89
|
+
version: '0'
|
76
90
|
type: :development
|
77
91
|
prerelease: false
|
78
92
|
version_requirements: !ruby/object:Gem::Requirement
|
79
93
|
requirements:
|
80
|
-
- - "
|
94
|
+
- - ">="
|
81
95
|
- !ruby/object:Gem::Version
|
82
|
-
version: '0
|
96
|
+
version: '0'
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
|
-
name:
|
98
|
+
name: rubocop-rspec
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - ">="
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rubocop-thread_safety
|
85
113
|
requirement: !ruby/object:Gem::Requirement
|
86
114
|
requirements:
|
87
|
-
- - "
|
115
|
+
- - ">="
|
88
116
|
- !ruby/object:Gem::Version
|
89
|
-
version: '0
|
117
|
+
version: '0'
|
90
118
|
type: :development
|
91
119
|
prerelease: false
|
92
120
|
version_requirements: !ruby/object:Gem::Requirement
|
93
121
|
requirements:
|
94
|
-
- - "
|
122
|
+
- - ">="
|
95
123
|
- !ruby/object:Gem::Version
|
96
|
-
version: '0
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: simplecov
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: yard
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - ">="
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '0'
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - ">="
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '0'
|
97
153
|
description: Seal device with SHA-256 hash function, for Ruby.
|
98
|
-
email:
|
99
|
-
- contact@cyril.email
|
154
|
+
email: contact@cyril.email
|
100
155
|
executables: []
|
101
156
|
extensions: []
|
102
157
|
extra_rdoc_files: []
|
103
|
-
files:
|
158
|
+
files:
|
159
|
+
- LICENSE.md
|
160
|
+
- README.md
|
161
|
+
- lib/sha256_seal.rb
|
104
162
|
homepage: https://github.com/cyril/sha256_seal.rb
|
105
163
|
licenses:
|
106
164
|
- MIT
|
107
165
|
metadata: {}
|
108
|
-
post_install_message:
|
166
|
+
post_install_message:
|
109
167
|
rdoc_options: []
|
110
168
|
require_paths:
|
111
169
|
- lib
|
@@ -113,16 +171,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
113
171
|
requirements:
|
114
172
|
- - ">="
|
115
173
|
- !ruby/object:Gem::Version
|
116
|
-
version: '0'
|
174
|
+
version: '3.0'
|
117
175
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
118
176
|
requirements:
|
119
177
|
- - ">="
|
120
178
|
- !ruby/object:Gem::Version
|
121
179
|
version: '0'
|
122
180
|
requirements: []
|
123
|
-
|
124
|
-
|
125
|
-
signing_key:
|
181
|
+
rubygems_version: 3.2.15
|
182
|
+
signing_key:
|
126
183
|
specification_version: 4
|
127
184
|
summary: Seal device with SHA-256 hash function.
|
128
185
|
test_files: []
|