url_signature 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +5 -4
  4. data/lib/url_signature.rb +27 -10
  5. data/lib/url_signature/url.rb +2 -0
  6. data/lib/url_signature/version.rb +1 -1
  7. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 403aa1e79b5d5f67e7179061d8458f0121dd1a0541efb43af01854a109d7d8c5
4
- data.tar.gz: 7c1de86c5265f134981ea8872c7a7875c617510b338e12b2674e0bd11ecb8875
3
+ metadata.gz: 28eb510b8d3f69206776772eb78bca149e5118d4e0c05f7a33e60abee6a46e6f
4
+ data.tar.gz: 36c435b613159f5f97f3d10d71dd57b2b556e9da04ea001a0c86ea9e35b041ad
5
5
  SHA512:
6
- metadata.gz: 70d88e10de08b6653c911c47a85b298c0dba0de6a927ec9fc41af3c72fb9732d9e0e31bdcb35bcff86ffdb97b53b89795ff22e7471313d6533bfcd7ec7b6880e
7
- data.tar.gz: 1e80fbb63970e492e61332f030d30f9de64dc8d128f4232bfd230f8ac22d3748bcf15fc631e6e9ab0b11007dd71b658d6c93c7adcbd59a3f53a6fc17ac712ddd
6
+ metadata.gz: 57db4831d7a9c8100efe175825e6aa2fb367cb1a42c37bc851318b47cadfee22f2a797c357eb4aca46fa70f1b26b3849e200dedcc626785f33d9ee442a3b0e0e
7
+ data.tar.gz: de3b6114aced1d7f0ded1ec5d637b08f18f837348d8fa754a52c0c679ff71d09ec1ad688624bcdb6055df285cbca6baecd5d446d3fa6d4860769bd54b9cbac53
data/CHANGELOG.md CHANGED
@@ -11,6 +11,10 @@ Prefix your message with one of the following:
11
11
  - [Security] in case of vulnerabilities.
12
12
  -->
13
13
 
14
+ ## v0.0.2 - 2020-11-04
15
+
16
+ - [Changed] Replace HMAC algorithm with a proc that can be customized.
17
+
14
18
  ## v0.0.1 - 2020-11-04
15
19
 
16
20
  - Initial release.
data/README.md CHANGED
@@ -36,8 +36,9 @@ arguments are:
36
36
  - `params`: Any additional params you want to add as query strings.
37
37
  - `expires`: Any integer representing an epoch time. Urls won't be verified
38
38
  after this date. By default, urls don't expire.
39
- - `algorithm`: The hashing algorithm that will be used. By default, SHA256 will
40
- be used.
39
+ - `hmac_proc`: `Proc` that will generate the signature. By default, it generates
40
+ a `base64url(sha512_hmac(data))` signature (with no padding). The proc will be
41
+ called with two parameters: `key` and `data`.
41
42
  - `signature_param`: The signature's param name. By default it's `signature`.
42
43
  - `expires_param`: The expires' param name. By default it's `expires`.
43
44
 
@@ -45,7 +46,7 @@ arguments are:
45
46
  key = "secret"
46
47
 
47
48
  signed_url = SignedURL.call("https://nandovieira.com", key: key)
48
- #=> "https://nandovieira.com/?signature=87fdf44a5109c54edff2e0258b354e32ba5baf3dd21ec5af82f08b82ce362fbf"
49
+ #=> "https://nandovieira.com/?signature=87fdf44a5109c54edff2e0258b354e32ba5b..."
49
50
  ```
50
51
 
51
52
  You can use the method `SignedURL.verified?(url, **kwargs)` to verify if a
@@ -79,7 +80,7 @@ signed_url = SignedURL.call(
79
80
  key: secret,
80
81
  expires: Time.now.to_i + 120
81
82
  )
82
- #=> "https://nandovieira.com/?expires=1604477596&signature=7ac5eaee20d316c6cd3f81db14cde98c3c669d423a32d2c546730cbb0dcbc6f2"
83
+ #=> "https://nandovieira.com/?expires=1604477596&signature=7ac5eaee20d316..."
83
84
  ```
84
85
 
85
86
  ## Maintainer
data/lib/url_signature.rb CHANGED
@@ -3,6 +3,7 @@
3
3
  require "uri"
4
4
  require "cgi"
5
5
  require "openssl"
6
+ require "base64"
6
7
 
7
8
  module URLSignature
8
9
  require "url_signature/version"
@@ -12,6 +13,13 @@ module URLSignature
12
13
  ExpiredURL = Class.new(StandardError)
13
14
  InvalidSignature = Class.new(StandardError)
14
15
 
16
+ HMAC_PROC = lambda do |key, data|
17
+ Base64.urlsafe_encode64(
18
+ OpenSSL::HMAC.digest("SHA256", key, data.to_s),
19
+ padding: false
20
+ )
21
+ end
22
+
15
23
  # Create a new signed url.
16
24
  def self.call(
17
25
  url,
@@ -20,12 +28,12 @@ module URLSignature
20
28
  expires: 0,
21
29
  signature_param: "signature",
22
30
  expires_param: "expires",
23
- algorithm: "SHA256"
31
+ hmac_proc: HMAC_PROC
24
32
  )
25
33
  expires = expires.to_i
26
34
  params[expires_param] = expires if expires.positive?
27
35
  url = build_url(url, params)
28
- signature = OpenSSL::HMAC.hexdigest(algorithm, key, url.to_s)
36
+ signature = hmac_proc.call(key, url)
29
37
  url.add_query(signature_param, signature)
30
38
  url.to_s
31
39
  end
@@ -33,14 +41,14 @@ module URLSignature
33
41
  def self.verified?(
34
42
  url,
35
43
  key:,
36
- algorithm: "SHA256",
37
44
  expires_param: "expires",
38
- signature_param: "signature"
45
+ signature_param: "signature",
46
+ hmac_proc: HMAC_PROC
39
47
  )
40
48
  verify!(
41
49
  url,
42
50
  key: key,
43
- algorithm: algorithm,
51
+ hmac_proc: hmac_proc,
44
52
  expires_param: expires_param,
45
53
  signature_param: signature_param
46
54
  )
@@ -48,21 +56,30 @@ module URLSignature
48
56
  false
49
57
  end
50
58
 
51
- def self.verify!(
59
+ def self.verify!( # rubocop:disable Metrics/MethodLength
52
60
  url,
53
61
  key:,
54
- algorithm: "SHA256",
62
+ hmac_proc: HMAC_PROC,
55
63
  expires_param: "expires",
56
64
  signature_param: "signature"
57
65
  )
58
66
  url = build_url(url)
59
- actual_signature, * = url.remove_query(signature_param)
60
- expected_signature = OpenSSL::HMAC.hexdigest(algorithm, key, url.to_s)
67
+ actual_url = url.to_s
68
+
69
+ url.remove_query(signature_param)
70
+
71
+ expected_url = call(
72
+ url.to_s,
73
+ key: key,
74
+ expires_param: expires_param,
75
+ hmac_proc: hmac_proc,
76
+ signature_param: signature_param
77
+ )
61
78
 
62
79
  expires = url.params[expires_param]&.first.to_i
63
80
 
64
81
  raise ExpiredURL if expires.positive? && expires < Time.now.to_i
65
- raise InvalidSignature unless actual_signature == expected_signature
82
+ raise InvalidSignature unless actual_url == expected_url
66
83
 
67
84
  true
68
85
  end
data/lib/url_signature/url.rb CHANGED
@@ -40,6 +40,8 @@ module URLSignature
40
40
  return if params.empty?
41
41
 
42
42
  query = params.each_with_object([]) do |(param, value), buffer|
43
+ param = param.to_s
44
+
43
45
  if param.include?("[")
44
46
  value.each {|v| buffer << "#{encode(param)}=#{encode(v)}" }
45
47
  else
data/lib/url_signature/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module URLSignature
4
- VERSION = "0.0.1"
4
+ VERSION = "0.0.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: url_signature
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nando Vieira
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-11-04 00:00:00.000000000 Z
11
+ date: 2020-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest
@@ -143,10 +143,10 @@ licenses:
143
143
  metadata:
144
144
  homepage_uri: https://github.com/fnando/url_signature
145
145
  bug_tracker_uri: https://github.com/fnando/url_signature/issues
146
- source_code_uri: https://github.com/fnando/url_signature/tree/v0.0.1
147
- changelog_uri: https://github.com/fnando/url_signature/tree/v0.0.1/CHANGELOG.md
148
- documentation_uri: https://github.com/fnando/url_signature/tree/v0.0.1/README.md
149
- license_uri: https://github.com/fnando/url_signature/tree/v0.0.1/LICENSE.md
146
+ source_code_uri: https://github.com/fnando/url_signature/tree/v0.0.2
147
+ changelog_uri: https://github.com/fnando/url_signature/tree/v0.0.2/CHANGELOG.md
148
+ documentation_uri: https://github.com/fnando/url_signature/tree/v0.0.2/README.md
149
+ license_uri: https://github.com/fnando/url_signature/tree/v0.0.2/LICENSE.md
150
150
  post_install_message:
151
151
  rdoc_options: []
152
152
  require_paths: