url_signature 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +5 -4
- data/lib/url_signature.rb +27 -10
- data/lib/url_signature/url.rb +2 -0
- data/lib/url_signature/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 28eb510b8d3f69206776772eb78bca149e5118d4e0c05f7a33e60abee6a46e6f
|
4
|
+
data.tar.gz: 36c435b613159f5f97f3d10d71dd57b2b556e9da04ea001a0c86ea9e35b041ad
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 57db4831d7a9c8100efe175825e6aa2fb367cb1a42c37bc851318b47cadfee22f2a797c357eb4aca46fa70f1b26b3849e200dedcc626785f33d9ee442a3b0e0e
|
7
|
+
data.tar.gz: de3b6114aced1d7f0ded1ec5d637b08f18f837348d8fa754a52c0c679ff71d09ec1ad688624bcdb6055df285cbca6baecd5d446d3fa6d4860769bd54b9cbac53
|
data/CHANGELOG.md
CHANGED
@@ -11,6 +11,10 @@ Prefix your message with one of the following:
|
|
11
11
|
- [Security] in case of vulnerabilities.
|
12
12
|
-->
|
13
13
|
|
14
|
+
## v0.0.2 - 2020-11-04
|
15
|
+
|
16
|
+
- [Changed] Replace HMAC algorithm with a proc that can be customized.
|
17
|
+
|
14
18
|
## v0.0.1 - 2020-11-04
|
15
19
|
|
16
20
|
- Initial release.
|
data/README.md
CHANGED
@@ -36,8 +36,9 @@ arguments are:
|
|
36
36
|
- `params`: Any additional params you want to add as query strings.
|
37
37
|
- `expires`: Any integer representing an epoch time. Urls won't be verified
|
38
38
|
after this date. By default, urls don't expire.
|
39
|
-
- `
|
40
|
-
|
39
|
+
- `hmac_proc`: `Proc` that will generate the signature. By default, it generates
|
40
|
+
a `base64url(sha512_hmac(data))` signature (with no padding). The proc will be
|
41
|
+
called with two parameters: `key` and `data`.
|
41
42
|
- `signature_param`: The signature's param name. By default it's `signature`.
|
42
43
|
- `expires_param`: The expires' param name. By default it's `expires`.
|
43
44
|
|
@@ -45,7 +46,7 @@ arguments are:
|
|
45
46
|
key = "secret"
|
46
47
|
|
47
48
|
signed_url = SignedURL.call("https://nandovieira.com", key: key)
|
48
|
-
#=> "https://nandovieira.com/?signature=
|
49
|
+
#=> "https://nandovieira.com/?signature=87fdf44a5109c54edff2e0258b354e32ba5b..."
|
49
50
|
```
|
50
51
|
|
51
52
|
You can use the method `SignedURL.verified?(url, **kwargs)` to verify if a
|
@@ -79,7 +80,7 @@ signed_url = SignedURL.call(
|
|
79
80
|
key: secret,
|
80
81
|
expires: Time.now.to_i + 120
|
81
82
|
)
|
82
|
-
#=> "https://nandovieira.com/?expires=1604477596&signature=
|
83
|
+
#=> "https://nandovieira.com/?expires=1604477596&signature=7ac5eaee20d316..."
|
83
84
|
```
|
84
85
|
|
85
86
|
## Maintainer
|
data/lib/url_signature.rb
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
require "uri"
|
4
4
|
require "cgi"
|
5
5
|
require "openssl"
|
6
|
+
require "base64"
|
6
7
|
|
7
8
|
module URLSignature
|
8
9
|
require "url_signature/version"
|
@@ -12,6 +13,13 @@ module URLSignature
|
|
12
13
|
ExpiredURL = Class.new(StandardError)
|
13
14
|
InvalidSignature = Class.new(StandardError)
|
14
15
|
|
16
|
+
HMAC_PROC = lambda do |key, data|
|
17
|
+
Base64.urlsafe_encode64(
|
18
|
+
OpenSSL::HMAC.digest("SHA256", key, data.to_s),
|
19
|
+
padding: false
|
20
|
+
)
|
21
|
+
end
|
22
|
+
|
15
23
|
# Create a new signed url.
|
16
24
|
def self.call(
|
17
25
|
url,
|
@@ -20,12 +28,12 @@ module URLSignature
|
|
20
28
|
expires: 0,
|
21
29
|
signature_param: "signature",
|
22
30
|
expires_param: "expires",
|
23
|
-
|
31
|
+
hmac_proc: HMAC_PROC
|
24
32
|
)
|
25
33
|
expires = expires.to_i
|
26
34
|
params[expires_param] = expires if expires.positive?
|
27
35
|
url = build_url(url, params)
|
28
|
-
signature =
|
36
|
+
signature = hmac_proc.call(key, url)
|
29
37
|
url.add_query(signature_param, signature)
|
30
38
|
url.to_s
|
31
39
|
end
|
@@ -33,14 +41,14 @@ module URLSignature
|
|
33
41
|
def self.verified?(
|
34
42
|
url,
|
35
43
|
key:,
|
36
|
-
algorithm: "SHA256",
|
37
44
|
expires_param: "expires",
|
38
|
-
signature_param: "signature"
|
45
|
+
signature_param: "signature",
|
46
|
+
hmac_proc: HMAC_PROC
|
39
47
|
)
|
40
48
|
verify!(
|
41
49
|
url,
|
42
50
|
key: key,
|
43
|
-
|
51
|
+
hmac_proc: hmac_proc,
|
44
52
|
expires_param: expires_param,
|
45
53
|
signature_param: signature_param
|
46
54
|
)
|
@@ -48,21 +56,30 @@ module URLSignature
|
|
48
56
|
false
|
49
57
|
end
|
50
58
|
|
51
|
-
def self.verify!(
|
59
|
+
def self.verify!( # rubocop:disable Metrics/MethodLength
|
52
60
|
url,
|
53
61
|
key:,
|
54
|
-
|
62
|
+
hmac_proc: HMAC_PROC,
|
55
63
|
expires_param: "expires",
|
56
64
|
signature_param: "signature"
|
57
65
|
)
|
58
66
|
url = build_url(url)
|
59
|
-
|
60
|
-
|
67
|
+
actual_url = url.to_s
|
68
|
+
|
69
|
+
url.remove_query(signature_param)
|
70
|
+
|
71
|
+
expected_url = call(
|
72
|
+
url.to_s,
|
73
|
+
key: key,
|
74
|
+
expires_param: expires_param,
|
75
|
+
hmac_proc: hmac_proc,
|
76
|
+
signature_param: signature_param
|
77
|
+
)
|
61
78
|
|
62
79
|
expires = url.params[expires_param]&.first.to_i
|
63
80
|
|
64
81
|
raise ExpiredURL if expires.positive? && expires < Time.now.to_i
|
65
|
-
raise InvalidSignature unless
|
82
|
+
raise InvalidSignature unless actual_url == expected_url
|
66
83
|
|
67
84
|
true
|
68
85
|
end
|
data/lib/url_signature/url.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: url_signature
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nando Vieira
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: minitest
|
@@ -143,10 +143,10 @@ licenses:
|
|
143
143
|
metadata:
|
144
144
|
homepage_uri: https://github.com/fnando/url_signature
|
145
145
|
bug_tracker_uri: https://github.com/fnando/url_signature/issues
|
146
|
-
source_code_uri: https://github.com/fnando/url_signature/tree/v0.0.
|
147
|
-
changelog_uri: https://github.com/fnando/url_signature/tree/v0.0.
|
148
|
-
documentation_uri: https://github.com/fnando/url_signature/tree/v0.0.
|
149
|
-
license_uri: https://github.com/fnando/url_signature/tree/v0.0.
|
146
|
+
source_code_uri: https://github.com/fnando/url_signature/tree/v0.0.2
|
147
|
+
changelog_uri: https://github.com/fnando/url_signature/tree/v0.0.2/CHANGELOG.md
|
148
|
+
documentation_uri: https://github.com/fnando/url_signature/tree/v0.0.2/README.md
|
149
|
+
license_uri: https://github.com/fnando/url_signature/tree/v0.0.2/LICENSE.md
|
150
150
|
post_install_message:
|
151
151
|
rdoc_options: []
|
152
152
|
require_paths:
|