tonglian-ruby-sdk 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d110ad2c605228b2bcad375d09bdb1054e03f252880adff36ac6f573f3ed01df
-  data.tar.gz: c116187cd8e449a0965694d7154acf6c0f22ea232f133f3590101255f3c96c26
+  metadata.gz: 7f4d54ded35c1a345b7c1523f59e561e70d08d6bad618e2c83a14d33ab532065
+  data.tar.gz: d37d2482450c7a156674fe5ec2b71e5b69eb415ee949aaea55392068113357c1
 SHA512:
-  metadata.gz: 017d35a06757cc2375cea897f41a3a8da499e77ae770e71b605e505b2b290d91558686305bd0119d930927d8614bd06e999e33b1c0c120bef9aef599281a37b5
-  data.tar.gz: 17eb8000f9961dfb76dfe89199831a3364b4befed84973e2250c0145e2e9df15015dece33c01f6937ac79bf128849f0a050df90d4c84da29925721c6d9133e38
+  metadata.gz: 8d3afc6f5ad630dae3dfca5346a196493c7ef3ed217a862dc2946e766515434e8bef43bc22d4b21339d57f9df122f2e939f50af5ca4167e2ee0fbabe5f584557
+  data.tar.gz: f82d4d303edf28781dfa7f86bc0df7ead862f6dcb14dda96bfa00e775128f8088346ff8be1aa14a364e0c84dbded75be3eaf6ac60ea4acd91c9bd9673db803c7

data/lib/tonglian-ruby-sdk.rb

@@ -33,7 +33,6 @@ module TonglianRubySdk
       data['sign']       = @signer.sign(data)
 
       url = URI(@api_end_point)
-
       http = Net::HTTP.new(url.host, url.port)
       http.use_ssl = true if @api_end_point.downcase.starts_with?('https') # Enable SSL for HTTPS
 
@@ -42,9 +41,9 @@ module TonglianRubySdk
       request.body = URI.encode_www_form(data)
       response = http.request(request)
 
-      # Handle response
-      puts response.code
-      puts response.body
+      object = JSON.parse(response.body)
+      @signer.verify?(object) || raise('Invalid response signature!')
+      { 'code' => response.code, 'data' => object }
     end
 
     private
@@ -65,18 +64,20 @@ module TonglianRubySdk
     end
 
     def sign(params)
-      str = make_sign_message(params)
+      message = make_sign_message(params)
       rsa = OpenSSL::PKey::RSA.new private_key
-      Base64.strict_encode64(rsa.sign('sha1', str.force_encoding('UTF-8')))
+      Base64.strict_encode64(rsa.sign(OpenSSL::Digest.new('SHA256'), message))
     end
 
     def verify?(params, signature = nil)
       signature = params['sign'] if signature.nil? || signature.to_s.empty?
-      str = make_sign_message(params)
+      params.delete('sign')
+      message = make_verify_message(params)
+
       public_file = File.open(@public_path)
       public_key = OpenSSL::X509::Certificate.new(public_file).public_key.export
       rsa = OpenSSL::PKey::RSA.new(public_key)
-      rsa.verify('sha1', Base64.decode64(signature), str)
+      rsa.verify(OpenSSL::Digest.new('SHA256'), Base64.decode64(signature), message)
     end
 
     private
@@ -100,11 +101,35 @@ module TonglianRubySdk
       params.keys.sort.map do |k|
         next if %w[sign signType].include? k
         next if params[k].nil? || params[k].to_s.empty?
-        #sorted_params.push("#{k}=#{CGI.escape(params[k])}")
+
         sorted_params.push("#{k}=#{params[k]}")
       end
 
-      Base64.strict_encode64(Digest::MD5.hexdigest(sorted_params.join('&')))
+      flattened_params = sorted_params.join('&')
+      md5_digest = Digest::MD5.digest(flattened_params)
+      Base64.strict_encode64(md5_digest)
+    end
+
+    def make_verify_message(params)
+      params = sort_object(params)
+      flattened_params = params.to_json
+      Base64.strict_encode64(Digest::MD5.digest(flattened_params))
+    end
+
+    # In Ruby 3, a hash preserves the order the keys are inserted
+    # So we can make a 'sorted' hash and generate a sorted json later
+    def sort_object(obj)
+      result = nil
+      if obj.is_a? Hash
+        result = {}
+        obj.keys.sort.each { |k| result[k] = sort_object(obj[k]) }
+      elsif obj.is_a? Array
+        result = []
+        obj.sort.each { |k| result.push(k) }
+      else
+        result = obj
+      end
+      result
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tonglian-ruby-sdk
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Yi Zhang