url_store 0.3.4 → 0.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/url_store/compact_encoder.rb +3 -2
- data/lib/url_store/version.rb +1 -1
- metadata +8 -24
- data/Gemfile +0 -7
- data/Gemfile.lock +0 -26
- data/Rakefile +0 -22
- data/Readme.md +0 -75
- data/spec/spec_helper.rb +0 -3
- data/spec/url_store/compact_encoder_spec.rb +0 -31
- data/spec/url_store_spec.rb +0 -66
- data/url_store.gemspec +0 -12
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: eeddf0027d0f677455da1ddccd4fc49fe68681e0
|
4
|
+
data.tar.gz: e2311627f5ae0002c1ff3b71ee7996a412d7bf53
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: dcd30847583d52e0b31fbef7933850511f806e6f72cffab71f5fd7add4e77c02edadea4d827ed2832920ef5a9350adf35c856eadca1cdbcf391b90bfd89f15d8
|
7
|
+
data.tar.gz: 49c9f1e1c45c10deef807600607224dd8097fa2a1531a3c8094d19bd5eb320aed202279c99a498d7bacddb34d65303066b01957e2111e3a1da33866ded09e478
|
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'base64'
|
2
2
|
require 'zlib'
|
3
|
+
require 'yaml'
|
3
4
|
|
4
5
|
class UrlStore
|
5
6
|
class CompactEncoder
|
@@ -30,7 +31,7 @@ class UrlStore
|
|
30
31
|
def serialize(data)
|
31
32
|
case @serializer.to_sym
|
32
33
|
when :yaml then data.to_yaml
|
33
|
-
when :marshal then Marshal.dump(data)
|
34
|
+
when :marshal then Marshal.dump(data)
|
34
35
|
end
|
35
36
|
end
|
36
37
|
|
@@ -56,7 +57,7 @@ class UrlStore
|
|
56
57
|
# stolen from ActiveSupport
|
57
58
|
def digest(data)
|
58
59
|
require 'openssl' unless defined?(OpenSSL)
|
59
|
-
OpenSSL::HMAC.hexdigest(OpenSSL::Digest
|
60
|
+
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new(@hasher.to_s), @secret, data)
|
60
61
|
end
|
61
62
|
end
|
62
63
|
end
|
data/lib/url_store/version.rb
CHANGED
metadata
CHANGED
@@ -1,15 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: url_store
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
5
|
-
prerelease:
|
4
|
+
version: 0.3.5
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Michael Grosser
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2014-01-10 00:00:00.000000000 Z
|
13
12
|
dependencies: []
|
14
13
|
description:
|
15
14
|
email: michael@grosser.it
|
@@ -17,49 +16,34 @@ executables: []
|
|
17
16
|
extensions: []
|
18
17
|
extra_rdoc_files: []
|
19
18
|
files:
|
20
|
-
- Gemfile
|
21
|
-
- Gemfile.lock
|
22
|
-
- Rakefile
|
23
|
-
- Readme.md
|
24
19
|
- lib/url_store.rb
|
25
20
|
- lib/url_store/compact_encoder.rb
|
26
21
|
- lib/url_store/generators/initializer.rb
|
27
22
|
- lib/url_store/generators/templates/initializer.erb
|
28
23
|
- lib/url_store/railtie.rb
|
29
24
|
- lib/url_store/version.rb
|
30
|
-
|
31
|
-
- spec/url_store/compact_encoder_spec.rb
|
32
|
-
- spec/url_store_spec.rb
|
33
|
-
- url_store.gemspec
|
34
|
-
homepage: http://github.com/grosser/url_store
|
25
|
+
homepage: https://github.com/grosser/url_store
|
35
26
|
licenses:
|
36
27
|
- MIT
|
28
|
+
metadata: {}
|
37
29
|
post_install_message:
|
38
30
|
rdoc_options: []
|
39
31
|
require_paths:
|
40
32
|
- lib
|
41
33
|
required_ruby_version: !ruby/object:Gem::Requirement
|
42
|
-
none: false
|
43
34
|
requirements:
|
44
|
-
- -
|
35
|
+
- - '>='
|
45
36
|
- !ruby/object:Gem::Version
|
46
37
|
version: '0'
|
47
|
-
segments:
|
48
|
-
- 0
|
49
|
-
hash: 903047678128005122
|
50
38
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
51
|
-
none: false
|
52
39
|
requirements:
|
53
|
-
- -
|
40
|
+
- - '>='
|
54
41
|
- !ruby/object:Gem::Version
|
55
42
|
version: '0'
|
56
|
-
segments:
|
57
|
-
- 0
|
58
|
-
hash: 903047678128005122
|
59
43
|
requirements: []
|
60
44
|
rubyforge_project:
|
61
|
-
rubygems_version:
|
45
|
+
rubygems_version: 2.0.14
|
62
46
|
signing_key:
|
63
|
-
specification_version:
|
47
|
+
specification_version: 4
|
64
48
|
summary: Data securely stored in urls.
|
65
49
|
test_files: []
|
data/Gemfile
DELETED
data/Gemfile.lock
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
url_store (0.3.4)
|
5
|
-
|
6
|
-
GEM
|
7
|
-
remote: http://rubygems.org/
|
8
|
-
specs:
|
9
|
-
diff-lcs (1.1.2)
|
10
|
-
rake (0.8.7)
|
11
|
-
rspec (2.5.0)
|
12
|
-
rspec-core (~> 2.5.0)
|
13
|
-
rspec-expectations (~> 2.5.0)
|
14
|
-
rspec-mocks (~> 2.5.0)
|
15
|
-
rspec-core (2.5.1)
|
16
|
-
rspec-expectations (2.5.0)
|
17
|
-
diff-lcs (~> 1.1.2)
|
18
|
-
rspec-mocks (2.5.0)
|
19
|
-
|
20
|
-
PLATFORMS
|
21
|
-
ruby
|
22
|
-
|
23
|
-
DEPENDENCIES
|
24
|
-
rake
|
25
|
-
rspec (~> 2)
|
26
|
-
url_store!
|
data/Rakefile
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
require 'bundler/gem_tasks'
|
2
|
-
|
3
|
-
task :default do
|
4
|
-
sh "rspec spec/"
|
5
|
-
end
|
6
|
-
|
7
|
-
# extracted from https://github.com/grosser/project_template
|
8
|
-
rule /^version:bump:.*/ do |t|
|
9
|
-
sh "git status | grep 'nothing to commit'" # ensure we are not dirty
|
10
|
-
index = ['major', 'minor','patch'].index(t.name.split(':').last)
|
11
|
-
file = 'lib/url_store/version.rb'
|
12
|
-
|
13
|
-
version_file = File.read(file)
|
14
|
-
old_version, *version_parts = version_file.match(/(\d+)\.(\d+)\.(\d+)/).to_a
|
15
|
-
version_parts[index] = version_parts[index].to_i + 1
|
16
|
-
version_parts[2] = 0 if index < 2 # remove patch for minor
|
17
|
-
version_parts[1] = 0 if index < 1 # remove minor for major
|
18
|
-
new_version = version_parts * '.'
|
19
|
-
File.open(file,'w'){|f| f.write(version_file.sub(old_version, new_version)) }
|
20
|
-
|
21
|
-
sh "bundle && git add #{file} Gemfile.lock && git commit -m 'bump version to #{new_version}'"
|
22
|
-
end
|
data/Readme.md
DELETED
@@ -1,75 +0,0 @@
|
|
1
|
-
Data securely stored in urls.
|
2
|
-
|
3
|
-
- url-save output
|
4
|
-
- short codes through GZip
|
5
|
-
- serializing through __:marshal__ :yaml
|
6
|
-
- hashing through DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA __SHA1__ SHA224 SHA256 SHA384 SHA512
|
7
|
-
|
8
|
-
Great for:
|
9
|
-
|
10
|
-
- password reset links
|
11
|
-
- email unsubscribe links
|
12
|
-
- click tracking
|
13
|
-
- access control
|
14
|
-
- ...
|
15
|
-
|
16
|
-
Install
|
17
|
-
=======
|
18
|
-
|
19
|
-
When using Rails 3, include it in your Gemfile:
|
20
|
-
|
21
|
-
gem 'url_store'
|
22
|
-
|
23
|
-
When using Rails 2 or no rails at all:
|
24
|
-
|
25
|
-
sudo gem install url_store
|
26
|
-
|
27
|
-
Or as Rails plugin:
|
28
|
-
|
29
|
-
rails plugin install git://github.com/grosser/url_store.git
|
30
|
-
|
31
|
-
Usage
|
32
|
-
=====
|
33
|
-
|
34
|
-
When on Rails, create config/initializers/url_store.rb using generator. A random secret will be generated for you:
|
35
|
-
|
36
|
-
rails generate url_store:initializer
|
37
|
-
|
38
|
-
Or configure it by hand (e.g in environment.rb):
|
39
|
-
|
40
|
-
UrlStore.defaults = {:secret => 'adadasd2adsdasd4ads4eas4dea4dsea4sd'}
|
41
|
-
|
42
|
-
In Rails views:
|
43
|
-
|
44
|
-
<%= link_to 'paid', :controller =>:payments, :action=>:paid, :data=>UrlStore.encode(:id=>1, :status=>'paid') %>
|
45
|
-
|
46
|
-
In controllers:
|
47
|
-
|
48
|
-
if data = UrlStore.decode(params[:data])
|
49
|
-
Payment.find(data[:id]).update_attribute(:status, data[:status])
|
50
|
-
else
|
51
|
-
raise 'FRAUD!'
|
52
|
-
end
|
53
|
-
|
54
|
-
### Defaults
|
55
|
-
|
56
|
-
UrlStore.defaults = {:secret => 'something random'} # ALWAYS use your own secret
|
57
|
-
UrlStore.defaults = {... , :hasher => 'MD5'} # default: 'SHA1'
|
58
|
-
UrlStore.defaults = {... , :serializer => :yaml} # default: :marshal
|
59
|
-
|
60
|
-
### Tips
|
61
|
-
|
62
|
-
- If you need multiple UrlStores, just use ` UrlStore.new(:secret => 'sadasd', ...) `
|
63
|
-
- As long as you stay under 2k chars there should be no problems. [max url lengths per browser/server](http://www.boutell.com/newfaq/misc/urllength.html)
|
64
|
-
- Data is not (yet) encrypted, users could read(but not change) the encoded data
|
65
|
-
- Replay attacks are possible <-> add a timestamp to check the freshness of the encoded data
|
66
|
-
|
67
|
-
Authors
|
68
|
-
=======
|
69
|
-
|
70
|
-
### [Contributors](http://github.com/grosser/url_store/contributors)
|
71
|
-
- [Priit Haamer](http://prii.it)
|
72
|
-
|
73
|
-
[Michael Grosser](http://grosser.it)<br/>
|
74
|
-
michael@grosser.it<br/>
|
75
|
-
Hereby placed under public domain, do what you want, just do not hold anyone accountable...
|
data/spec/spec_helper.rb
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
require "spec_helper"
|
2
|
-
|
3
|
-
describe UrlStore::CompactEncoder do
|
4
|
-
before do
|
5
|
-
@encoder = UrlStore::CompactEncoder.new(:secret => 'asdasdsa')
|
6
|
-
@data = {:x => 1, 'asdadadadas' => 'asdasdadawvxcxcxcvjs', 'dasdasdadsadad' => 'asdasdwxczvvcjjkdfjkdf'}
|
7
|
-
end
|
8
|
-
|
9
|
-
it "generates same code for same data" do
|
10
|
-
@encoder.encode(@data).should == @encoder.encode(@data)
|
11
|
-
end
|
12
|
-
|
13
|
-
it "can decode / encode" do
|
14
|
-
@encoder.decode(@encoder.encode(@data)).should == @data
|
15
|
-
end
|
16
|
-
|
17
|
-
it "generates shorter codes than pure base64" do
|
18
|
-
hash_length = 40
|
19
|
-
@encoder.encode(@data).size.should < (Base64.encode64(Marshal.dump(@data)).size + hash_length)
|
20
|
-
end
|
21
|
-
|
22
|
-
it "can encode/decode with yaml" do
|
23
|
-
@encoder = UrlStore::CompactEncoder.new(:secret => 'asdasdsa', :serializer => :yaml)
|
24
|
-
@encoder.decode(@encoder.encode(@data)).should == @data
|
25
|
-
end
|
26
|
-
|
27
|
-
it "can hash with other hasher" do
|
28
|
-
@encoder = UrlStore::CompactEncoder.new(:secret => 'asdasdsa', :hasher => 'MD5')
|
29
|
-
@encoder.decode(@encoder.encode(@data)).should == @data
|
30
|
-
end
|
31
|
-
end
|
data/spec/url_store_spec.rb
DELETED
@@ -1,66 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
require "spec_helper"
|
3
|
-
require "cgi"
|
4
|
-
|
5
|
-
describe UrlStore do
|
6
|
-
before do
|
7
|
-
@secret = 'not the standart sssecrettt1231231áßðáïíœï©óáßïáöððííïö'
|
8
|
-
UrlStore.defaults = {:secret => @secret}
|
9
|
-
@data = {:x => 11212, :y => 'asdasda sdasdasdASDJKSAJDLSKDLKDS', 'asdasd' => 12312312, 12.12 => 123123212312123, :asdasdasd => '2134 adasdasóáößðóöáåöäóðᜩöóöfóöåäfóöéåfó'}
|
10
|
-
end
|
11
|
-
|
12
|
-
it "generates same code for same data" do
|
13
|
-
UrlStore.encode(@data).should == UrlStore.encode(@data)
|
14
|
-
end
|
15
|
-
|
16
|
-
it "can decode / encode" do
|
17
|
-
UrlStore.decode(UrlStore.encode(@data)).should == @data
|
18
|
-
end
|
19
|
-
|
20
|
-
it "cannot decode altered data" do
|
21
|
-
encoded = UrlStore.encode(@data)
|
22
|
-
UrlStore.decode(encoded+'x').should == nil
|
23
|
-
end
|
24
|
-
|
25
|
-
it "uses a lot of different chars" do
|
26
|
-
UrlStore.encode(@data).split('').uniq.size.should >= 61
|
27
|
-
end
|
28
|
-
|
29
|
-
it "uses url-save characters" do
|
30
|
-
encoded = UrlStore.encode(@data)
|
31
|
-
CGI.escape(encoded).gsub('%3B',';').gsub('%7C','|').should == encoded
|
32
|
-
end
|
33
|
-
|
34
|
-
it "cannot decode with wrong secret" do
|
35
|
-
encoded = UrlStore.encode(@data)
|
36
|
-
UrlStore.defaults = {:secret => 'xxx'}
|
37
|
-
UrlStore.decode(encoded).should == nil
|
38
|
-
end
|
39
|
-
|
40
|
-
it "warns when default secret is used" do
|
41
|
-
UrlStore.defaults = {:secret => UrlStore::SECRET}
|
42
|
-
$stderr.should_receive(:write).at_least(1)
|
43
|
-
UrlStore.encode(1)
|
44
|
-
end
|
45
|
-
|
46
|
-
it "can compress" do
|
47
|
-
x = 'a'*100
|
48
|
-
UrlStore.encode(x).size.should <= x.size
|
49
|
-
end
|
50
|
-
|
51
|
-
it "can serialize using a different method" do
|
52
|
-
old = UrlStore.encode(@data)
|
53
|
-
UrlStore.defaults = {:serializer => :yaml, :secret => @secret}
|
54
|
-
UrlStore.encode(@data).size.should_not == old.size
|
55
|
-
end
|
56
|
-
|
57
|
-
it "can serialize using different hasher" do
|
58
|
-
old = UrlStore.encode(@data)
|
59
|
-
UrlStore.defaults = {:hasher => 'MD5', :secret => @secret}
|
60
|
-
UrlStore.encode(@data).size.should_not == old.size
|
61
|
-
end
|
62
|
-
|
63
|
-
it "has a VERSION" do
|
64
|
-
UrlStore::VERSION.should =~ /^\d+\.\d+\.\d+$/
|
65
|
-
end
|
66
|
-
end
|
data/url_store.gemspec
DELETED
@@ -1,12 +0,0 @@
|
|
1
|
-
$LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
|
2
|
-
name = "url_store"
|
3
|
-
require "#{name}/version"
|
4
|
-
|
5
|
-
Gem::Specification.new name, UrlStore::VERSION do |s|
|
6
|
-
s.summary = "Data securely stored in urls."
|
7
|
-
s.authors = ["Michael Grosser"]
|
8
|
-
s.email = "michael@grosser.it"
|
9
|
-
s.homepage = "http://github.com/grosser/#{name}"
|
10
|
-
s.files = `git ls-files`.split("\n")
|
11
|
-
s.license = "MIT"
|
12
|
-
end
|