url_signer 0.2 → 0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 56366ad2bd9634d9a762f6e0759dba5738656f18
-  data.tar.gz: 9917576c556cfe739a5c4a90a3a126041f86a665
+  metadata.gz: a6cf7635deb5dc16a22e44a26652d737bea127f6
+  data.tar.gz: b386a8d8a59ef637b68b7430a0760c821a2aa018
 SHA512:
-  metadata.gz: d38f39b64abaf780b9d366c399b359487772083a0c5f02b6b93c108c6414c233d11f824cc2a6ef4c536a36cbaa092a4f1102715ca3e5ad6d355968420f4d4c9d
-  data.tar.gz: 7f0c6eb90f44434f807c363048f686fb0d5a12343898111f3fbf010dad6a5b62614b4a3972c2fcf853f38d5998f0a5c2b2815b2e7a0869730d7028c36bdd184c
+  metadata.gz: 53f896dae067179575e8b197f6f991436796097dc8c253ae16fcfb454b0e4d25070946661f9f15970658e8375438ec895c02bedd0fc0d355e30b350f35f6812c
+  data.tar.gz: fde1aa26138de8ef4951dc19d427181e7be4fa507002142b7566d4f59b720a3733c40af0a5124029e1e543ac97f2dcdfffed1302125aab3fab7acbbbfe24afb6

data/README.md

@@ -1,4 +1,4 @@
-# UrlSign
+# UrlSigner
 [![Build Status](https://travis-ci.org/ushu/url_signer.svg?branch=master)](https://travis-ci.org/ushu/url_signer)
 [![Code Climate](https://codeclimate.com/github/ushu/url_signer/badges/gpa.svg)](https://codeclimate.com/github/ushu/url_signer)
 
@@ -27,7 +27,8 @@ Or install it yourself as:
 To convert a URL into a signed url, pass it to `UrlSigner.sign`, passing it either a string of an instance of `URI`.
 
 ```ruby
->>> signed_url = UrlSigner.sign('http://google.fr?q=test', key='mykey')
+# generate a new URI instance with `signature` param populated
+signed_url = UrlSigner.sign('http://google.fr?q=test', key: 'mykey')
 ```
 
 the returned value `signed_url` is an instance of `URI`.
@@ -37,11 +38,11 @@ the returned value `signed_url` is an instance of `URI`.
 Given a signed URL, you can check its authenticity by calling `UrlSigner.valid?` on it:
 
 ```ruby
->>> UrlSigner.valid?(signed_url)
-true
+# verify url validity for a given URI instance
+UrlSigner.valid?(signed_url, key: 'mykey') # => true
 ```
 
-### helper methods
+### helper methods on URI
 
 The gem adds helper methods to <tt>String</tt> and <tt>URI</tt> classes:
 
@@ -52,11 +53,38 @@ signed_url = 'http://google.fr'.to_signed_uri(key: 'test')
 # or if we have a URI insance already
 url = URI.parse('http://google.fr')
 signed_url = url.signed(key: 'test')
+```
+
+## Rails integration
+
+When using `Rails`, a set of helpers are added to `ActionController::Base`:
+
+```ruby
+
+class MyController < ActionController::Base
+  def get_signed_url
+    @signed_url = sign_url(signed_url_my_controller_url)
+    # Template will link to @signed_url
+  end
 
-# finally to check for signature authenticity
-signed_url.signature_valid?(key: 'test')
+  before_action :verify_signature!
+  def signed_url
+    # This method is only accessible with a signed url
+  end
+end
+
+```
+
+The key and hash method used in `sign_url` and `verify_signature!` are provided through `Rails.configuration.url_signer`, which default to:
+
+```ruby
+# defaults values:
+Rails.configuration.url_signer.key = ENV['URL_SIGNING_KEY']
+Rails.configuration.url_signer.hash_method = Digest::SHA1
 ```
 
+Note that provided env `URL_SIGNING_KEY` environment variable is usually enough to get a working URL signing environment.
+
 ## Contributing
 
 1. Fork it ( https://github.com/[my-github-username]/url_sign/fork )

data/lib/url_signer.rb

@@ -1,3 +1,4 @@
+# Sign and verify URLs
 module UrlSigner
   autoload :Base, 'url_signer/base'
   autoload :Signer, 'url_signer/signer'
@@ -44,6 +45,6 @@ module UrlSigner
 end
 
 # Insert helpers in URI
-require 'url_signer/extensions/uri'
-# Insert helpers in String
-require 'url_signer/extensions/string'
+require 'url_signer/uri'
+# Insert helpers in Rails controllers
+require 'url_signer/rails' if defined?(Rails)

data/lib/url_signer/base.rb

@@ -4,7 +4,8 @@ require 'digest/hmac'
 require 'digest/sha1'
 
 module UrlSigner
-  class Base < Struct.new(:url, :key, :hash_method)
+
+  class Base < Struct.new(:url, :key, :hash_method) # :nodoc:
 
     def initialize(url, key: nil, hash_method: nil)
       # load and check url

data/lib/url_signer/rails.rb

@@ -0,0 +1,99 @@
+require 'url_signer'
+require 'ostruct'
+require 'rails/railtie'
+
+module UrlSigner
+
+  module Rails
+    module ControllerHelpers
+      extend ActiveSupport::Concern
+
+      included do
+        helper_method :sign_url
+      end
+
+      # Sign a +url+.
+      #
+      #   @signed_url = sign_url(some_route_helper_url)
+      #
+      # Can also be used as a view helper:
+      #
+      #   <%= link_to 'Some secret', sign_url(some_secret_action_url) %>
+      #
+      # For +options+, see UrlSigner#sign.
+      def sign_url(url, options={})
+        options = url_signer_options(options)
+        UrlSigner.sign(url,  options).to_s
+      end
+
+      # Verify a +url+.
+      #
+      #   class MyController < ActionController::Base
+      #     def my_action
+      #
+      #       # verify the validity of the current called url
+      #       current_url_valid = signature_valid?
+      #
+      #       # or with another url
+      #       orher_url_valid = signature_valid?(orher_url)
+      #
+      #     end
+      #   end
+      #
+      # For +options+, see UrlSigner#valid?.
+      def signature_valid?(url=nil, options={})
+        url ||= request.url
+        options = url_signer_options(options)
+        UrlSigner.valid?(url, options)
+      end
+
+      # Verify the current url and call #signature_invalid! on failure.
+      # This method is intended to be used in a before action.
+      #
+      #   class MyController < ActionController::Base
+      #     before_action :verify_signature!
+      #
+      #     def secure_action
+      #       # can only be accessed from a signed url
+      #     end
+      #   end
+      def verify_signature!
+        signature_invalid! unless signature_valid?
+      end
+
+      # Called when an action is called with an invalid signature attached.
+      # Will be overridden to enhance behaviour:
+      #
+      #   class MyController < ActionController::Base
+      #     before_action :verify_signature!
+      #
+      #     # ...
+      #
+      #     def signature_invalid!
+      #       redirect_to root_path, notice: 'you URL is not valid anymore'
+      #     end
+      #   end
+      def signature_invalid!
+        head :forbidden
+      end
+
+      private
+
+      def url_signer_options(options={}) # :nodoc:
+        defaults = ::Rails.configuration.url_signer.defaults
+        defaults.to_h.merge(options)
+      end
+    end
+
+    class Railtie < ::Rails::Railtie # :nodoc:
+      config.url_signer = ActiveSupport::OrderedOptions.new
+
+      # setup sensible defaults
+      config.url_signer.key = ENV['URL_SIGNING_KEY']
+      config.url_signer.hash_method = Digest::SHA1
+    end
+
+  end
+end
+
+ActionController::Base.send(:include, UrlSigner::Rails::ControllerHelpers)

data/lib/url_signer/signer.rb

@@ -1,7 +1,7 @@
 require 'url_signer/base'
 
 module UrlSigner
-  class Signer < Base
+  class Signer < Base # :nodoc:
 
     def sign
       raise "this URL is already signed !" if signed?

data/lib/url_signer/{extensions/uri.rb → uri.rb}

@@ -8,6 +8,8 @@ module URI
     #
     #   url = URI.parse('http://google.fr')
     #   signed_url = url.signed
+    #
+    # for +options+ see UrlSigner#sign.
     def signed(*options)
       UrlSigner.sign(self, *options)
     end
@@ -16,6 +18,8 @@ module URI
     #
     #   signed_url = URI.parse('http://google.fr').signed
     #   signed_url.signature_valid? # => true
+    #
+    # for +options+ see UrlSigner#verify.
     def signature_valid?(*options)
       UrlSigner.valid?(self, *options)
     end

data/lib/url_signer/verifier.rb

@@ -1,7 +1,7 @@
 require 'url_signer/base'
 
 module UrlSigner
-  class Verifier < Base
+  class Verifier < Base # :nodoc:
 
     def valid?
       return false unless signed?

data/lib/url_signer/version.rb

@@ -1,3 +1,3 @@
 module UrlSigner
-  VERSION = "0.2"
+  VERSION = "0.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: url_signer
 version: !ruby/object:Gem::Version
-  version: '0.2'
+  version: '0.3'
 platform: ruby
 authors:
 - Aurélien Noce
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-30 00:00:00.000000000 Z
+date: 2015-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -68,15 +68,14 @@ files:
 - Rakefile
 - lib/url_signer.rb
 - lib/url_signer/base.rb
-- lib/url_signer/extensions/string.rb
-- lib/url_signer/extensions/uri.rb
+- lib/url_signer/rails.rb
 - lib/url_signer/signer.rb
+- lib/url_signer/uri.rb
 - lib/url_signer/verifier.rb
 - lib/url_signer/version.rb
 - spec/base_spec.rb
 - spec/signer_spec.rb
 - spec/spec_helper.rb
-- spec/string_spec.rb
 - spec/uri_spec.rb
 - spec/url_signer_spec.rb
 - spec/verifier_spec.rb
@@ -109,7 +108,6 @@ test_files:
 - spec/base_spec.rb
 - spec/signer_spec.rb
 - spec/spec_helper.rb
-- spec/string_spec.rb
 - spec/uri_spec.rb
 - spec/url_signer_spec.rb
 - spec/verifier_spec.rb

data/lib/url_signer/extensions/string.rb

@@ -1,13 +0,0 @@
-require 'uri'
-require 'url_signer'
-
-class String
-
-  # Return a signed <tt>URI</tt> form the current <tt>String</tt>.
-  #
-  #   'http://google.fr'.to_signed_uri # => <URI::HTTP...>
-  def to_signed_uri(*options)
-      UrlSigner.sign(self, *options)
-  end
-
-end

data/spec/string_spec.rb

@@ -1,14 +0,0 @@
-require 'spec_helper'
-
-describe "String extension" do
-  let(:url_string) { 'http://google.fr' }
-  let(:url) { URI.parse(url_string) }
-  let(:signed_url) { UrlSigner.sign(url, key: 'toto') }
-
-  describe "#to_signed_uri" do
-    it "returns a signed version of the URI" do
-      expect(url_string.to_signed_uri(key: 'toto')).to eq(signed_url)
-    end
-  end
-
-end # URI extension