url_signature 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +5 -4
  4. data/lib/url_signature.rb +27 -10
  5. data/lib/url_signature/url.rb +2 -0
  6. data/lib/url_signature/version.rb +1 -1
  7. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 403aa1e79b5d5f67e7179061d8458f0121dd1a0541efb43af01854a109d7d8c5
4
- data.tar.gz: 7c1de86c5265f134981ea8872c7a7875c617510b338e12b2674e0bd11ecb8875
3
+ metadata.gz: 28eb510b8d3f69206776772eb78bca149e5118d4e0c05f7a33e60abee6a46e6f
4
+ data.tar.gz: 36c435b613159f5f97f3d10d71dd57b2b556e9da04ea001a0c86ea9e35b041ad
5
5
  SHA512:
6
- metadata.gz: 70d88e10de08b6653c911c47a85b298c0dba0de6a927ec9fc41af3c72fb9732d9e0e31bdcb35bcff86ffdb97b53b89795ff22e7471313d6533bfcd7ec7b6880e
7
- data.tar.gz: 1e80fbb63970e492e61332f030d30f9de64dc8d128f4232bfd230f8ac22d3748bcf15fc631e6e9ab0b11007dd71b658d6c93c7adcbd59a3f53a6fc17ac712ddd
6
+ metadata.gz: 57db4831d7a9c8100efe175825e6aa2fb367cb1a42c37bc851318b47cadfee22f2a797c357eb4aca46fa70f1b26b3849e200dedcc626785f33d9ee442a3b0e0e
7
+ data.tar.gz: de3b6114aced1d7f0ded1ec5d637b08f18f837348d8fa754a52c0c679ff71d09ec1ad688624bcdb6055df285cbca6baecd5d446d3fa6d4860769bd54b9cbac53
data/CHANGELOG.md CHANGED
@@ -11,6 +11,10 @@ Prefix your message with one of the following:
11
11
  - [Security] in case of vulnerabilities.
12
12
  -->
13
13
 
14
+ ## v0.0.2 - 2020-11-04
15
+
16
+ - [Changed] Replace HMAC algorithm with a proc that can be customized.
17
+
14
18
  ## v0.0.1 - 2020-11-04
15
19
 
16
20
  - Initial release.
data/README.md CHANGED
@@ -36,8 +36,9 @@ arguments are:
36
36
  - `params`: Any additional params you want to add as query strings.
37
37
  - `expires`: Any integer representing an epoch time. Urls won't be verified
38
38
  after this date. By default, urls don't expire.
39
- - `algorithm`: The hashing algorithm that will be used. By default, SHA256 will
40
- be used.
39
+ - `hmac_proc`: `Proc` that will generate the signature. By default, it generates
40
+ a `base64url(sha512_hmac(data))` signature (with no padding). The proc will be
41
+ called with two parameters: `key` and `data`.
41
42
  - `signature_param`: The signature's param name. By default it's `signature`.
42
43
  - `expires_param`: The expires' param name. By default it's `expires`.
43
44
 
@@ -45,7 +46,7 @@ arguments are:
45
46
  key = "secret"
46
47
 
47
48
  signed_url = SignedURL.call("https://nandovieira.com", key: key)
48
- #=> "https://nandovieira.com/?signature=87fdf44a5109c54edff2e0258b354e32ba5baf3dd21ec5af82f08b82ce362fbf"
49
+ #=> "https://nandovieira.com/?signature=87fdf44a5109c54edff2e0258b354e32ba5b..."
49
50
  ```
50
51
 
51
52
  You can use the method `SignedURL.verified?(url, **kwargs)` to verify if a
@@ -79,7 +80,7 @@ signed_url = SignedURL.call(
79
80
  key: secret,
80
81
  expires: Time.now.to_i + 120
81
82
  )
82
- #=> "https://nandovieira.com/?expires=1604477596&signature=7ac5eaee20d316c6cd3f81db14cde98c3c669d423a32d2c546730cbb0dcbc6f2"
83
+ #=> "https://nandovieira.com/?expires=1604477596&signature=7ac5eaee20d316..."
83
84
  ```
84
85
 
85
86
  ## Maintainer
data/lib/url_signature.rb CHANGED
@@ -3,6 +3,7 @@
3
3
  require "uri"
4
4
  require "cgi"
5
5
  require "openssl"
6
+ require "base64"
6
7
 
7
8
  module URLSignature
8
9
  require "url_signature/version"
@@ -12,6 +13,13 @@ module URLSignature
12
13
  ExpiredURL = Class.new(StandardError)
13
14
  InvalidSignature = Class.new(StandardError)
14
15
 
16
+ HMAC_PROC = lambda do |key, data|
17
+ Base64.urlsafe_encode64(
18
+ OpenSSL::HMAC.digest("SHA256", key, data.to_s),
19
+ padding: false
20
+ )
21
+ end
22
+
15
23
  # Create a new signed url.
16
24
  def self.call(
17
25
  url,
@@ -20,12 +28,12 @@ module URLSignature
20
28
  expires: 0,
21
29
  signature_param: "signature",
22
30
  expires_param: "expires",
23
- algorithm: "SHA256"
31
+ hmac_proc: HMAC_PROC
24
32
  )
25
33
  expires = expires.to_i
26
34
  params[expires_param] = expires if expires.positive?
27
35
  url = build_url(url, params)
28
- signature = OpenSSL::HMAC.hexdigest(algorithm, key, url.to_s)
36
+ signature = hmac_proc.call(key, url)
29
37
  url.add_query(signature_param, signature)
30
38
  url.to_s
31
39
  end
@@ -33,14 +41,14 @@ module URLSignature
33
41
  def self.verified?(
34
42
  url,
35
43
  key:,
36
- algorithm: "SHA256",
37
44
  expires_param: "expires",
38
- signature_param: "signature"
45
+ signature_param: "signature",
46
+ hmac_proc: HMAC_PROC
39
47
  )
40
48
  verify!(
41
49
  url,
42
50
  key: key,
43
- algorithm: algorithm,
51
+ hmac_proc: hmac_proc,
44
52
  expires_param: expires_param,
45
53
  signature_param: signature_param
46
54
  )
@@ -48,21 +56,30 @@ module URLSignature
48
56
  false
49
57
  end
50
58
 
51
- def self.verify!(
59
+ def self.verify!( # rubocop:disable Metrics/MethodLength
52
60
  url,
53
61
  key:,
54
- algorithm: "SHA256",
62
+ hmac_proc: HMAC_PROC,
55
63
  expires_param: "expires",
56
64
  signature_param: "signature"
57
65
  )
58
66
  url = build_url(url)
59
- actual_signature, * = url.remove_query(signature_param)
60
- expected_signature = OpenSSL::HMAC.hexdigest(algorithm, key, url.to_s)
67
+ actual_url = url.to_s
68
+
69
+ url.remove_query(signature_param)
70
+
71
+ expected_url = call(
72
+ url.to_s,
73
+ key: key,
74
+ expires_param: expires_param,
75
+ hmac_proc: hmac_proc,
76
+ signature_param: signature_param
77
+ )
61
78
 
62
79
  expires = url.params[expires_param]&.first.to_i
63
80
 
64
81
  raise ExpiredURL if expires.positive? && expires < Time.now.to_i
65
- raise InvalidSignature unless actual_signature == expected_signature
82
+ raise InvalidSignature unless actual_url == expected_url
66
83
 
67
84
  true
68
85
  end
data/lib/url_signature/url.rb CHANGED
@@ -40,6 +40,8 @@ module URLSignature
40
40
  return if params.empty?
41
41
 
42
42
  query = params.each_with_object([]) do |(param, value), buffer|
43
+ param = param.to_s
44
+
43
45
  if param.include?("[")
44
46
  value.each {|v| buffer << "#{encode(param)}=#{encode(v)}" }
45
47
  else
data/lib/url_signature/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module URLSignature
4
- VERSION = "0.0.1"
4
+ VERSION = "0.0.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: url_signature
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nando Vieira
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-11-04 00:00:00.000000000 Z
11
+ date: 2020-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest
@@ -143,10 +143,10 @@ licenses:
143
143
  metadata:
144
144
  homepage_uri: https://github.com/fnando/url_signature
145
145
  bug_tracker_uri: https://github.com/fnando/url_signature/issues
146
- source_code_uri: https://github.com/fnando/url_signature/tree/v0.0.1
147
- changelog_uri: https://github.com/fnando/url_signature/tree/v0.0.1/CHANGELOG.md
148
- documentation_uri: https://github.com/fnando/url_signature/tree/v0.0.1/README.md
149
- license_uri: https://github.com/fnando/url_signature/tree/v0.0.1/LICENSE.md
146
+ source_code_uri: https://github.com/fnando/url_signature/tree/v0.0.2
147
+ changelog_uri: https://github.com/fnando/url_signature/tree/v0.0.2/CHANGELOG.md
148
+ documentation_uri: https://github.com/fnando/url_signature/tree/v0.0.2/README.md
149
+ license_uri: https://github.com/fnando/url_signature/tree/v0.0.2/LICENSE.md
150
150
  post_install_message:
151
151
  rdoc_options: []
152
152
  require_paths: