verify_nexmo_signature 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE.txt +21 -0
  3. data/README.md +56 -0
  4. data/lib/verify_nexmo_signature.rb +5 -0
  5. data/lib/verify_nexmo_signature/middleware.rb +38 -0
  6. data/lib/version.rb +5 -0
  7. metadata +116 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 85782e700038062be7b7abc6921eda2e80d49863878462cebd8698d2aee1f78e
4
+ data.tar.gz: 43951fd6ed80e07de93e6890879fdef91733a827c280eb21e52b436587c3880f
5
+ SHA512:
6
+ metadata.gz: 6f618760b48e640db6c44cb6903b58deb2a0324a11e5705026a775fc8abda6ae7e47e939443472eb6dcbeed673a593e5eeb8260370feeb55e5972b70387e426c
7
+ data.tar.gz: a9ee783c2feea3190e802c4fe1fac7591bd15d223b4e30fbf7d2a01d549d149adab212aac8eb2e094ada40585e3f9a8aa282b16498b5c157aff63995cee347ff
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2019 Nexmo Inc
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,56 @@
1
+ # Verify Nexmo Signatures Rack Middleware
2
+ Integrate this middleware into your application to verify [Nexmo signatures](https://developer.nexmo.com/concepts/guides/signing-messages).
3
+
4
+ * [Dependencies](#requirements)
5
+ * [Installation and Usage](#installation-and-usage)
6
+ * [As a standalone application](#as-a-standalone-application)
7
+ * [Mounted into a Rails application](#mounted-into-a-rails-application)
8
+ * [Contributing](#contributing)
9
+ * [License](#license)
10
+
11
+ ## Dependencies
12
+
13
+ This middleware utilizes the following dependencies:
14
+
15
+ * [JWT](https://github.com/jwt/ruby-jwt)
16
+ * [Digest](https://github.com/ruby/digest)
17
+
18
+ ## Installation and Usage
19
+
20
+ The verify signature middleware can be used standalone or integrated into a Ruby application. The middleware will return a `403` HTTP status code if the signature is not valid, and will continue the application if it is valid.
21
+
22
+ ### As a standalone application
23
+
24
+ Install the gem on your system:
25
+
26
+ ``` shell
27
+ $ gem install verify_nexmo_signature
28
+ ```
29
+
30
+ Then require it from within your `config.ru` Rack configuration:
31
+
32
+ ``` ruby
33
+ use VerifyNexmoSignature::Middleware
34
+ ```
35
+
36
+ An example [config.ru](examples/config.ru.example) can be found in the examples folder. More information on getting up and running with Rack can be found at the [Rack GitHub repository](https://github.com/rack/rack/wiki/(tutorial)-rackup-howto#with-a-ru-config-file).
37
+
38
+ ### Mounted into a Rails Application
39
+
40
+ Require it in your `Gemfile`:
41
+
42
+ ```ruby
43
+ gem verify_nexmo_signature
44
+ ```
45
+
46
+ And then add the middleware to your `config/application.rb` file to initialize it with your application:
47
+
48
+ ```ruby
49
+ config.middleware.use VerifyNexmoSignature::Middleware
50
+ ```
51
+
52
+ ## Contributing
53
+ We ❤️ contributions from everyone! [Bug reports](https://github.com/Nexmo/rack-verify-signature-middleware/issues), [bug fixes](https://github.com/Nexmo/rack-verify-signature-middleware/pulls) and feedback on the library is always appreciated. Look at the [Contributor Guidelines](https://github.com/Nexmo/rack-verify-signature-middleware/blob/master/CONTRIBUTING.md) for more information.
54
+
55
+ ## License
56
+ This project is under the [MIT LICENSE](https://github.com/Nexmo/rack-verify-signature-middleware/blob/master/LICENSE).
data/lib/verify_nexmo_signature.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'nexmo'
4
+ require 'rack'
5
+ require_relative './verify_nexmo_signature/middleware'
data/lib/verify_nexmo_signature/middleware.rb ADDED
@@ -0,0 +1,38 @@
1
+ # Verify Nexmo Signatures
2
+ module VerifyNexmoSignature
3
+ class Middleware
4
+ def initialize(app)
5
+ @app = app
6
+ end
7
+
8
+ def call(env)
9
+ req = ::Rack::Request.new(env)
10
+ if req.post?
11
+ params = req.params.dup
12
+ verify = nexmo_client
13
+ if verify.check(params)
14
+ @app.call(env)
15
+ else
16
+ [403, {}, ['']]
17
+ end
18
+ else
19
+ @app.call(env)
20
+ end
21
+ end
22
+
23
+ private
24
+
25
+ def nexmo_client
26
+ if ENV['NEXMO_API_SIGNATURE']
27
+ verify = Nexmo::Signature.new(
28
+ ENV['NEXMO_API_SIGNATURE']
29
+ )
30
+ elsif defined?(Rails) && Rails.application.credentials.nexmo
31
+ verify = Nexmo::Signature.new(
32
+ Rails.application.credentials.nexmo[:api_signature]
33
+ )
34
+ end
35
+ verify
36
+ end
37
+ end
38
+ end
data/lib/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # :nocov:
2
+ module VerifyNexmoSignature
3
+ VERSION = '0.1.0'
4
+ end
5
+ # :nocov:
metadata ADDED
@@ -0,0 +1,116 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: verify_nexmo_signature
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Nexmo
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-11-18 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: nexmo
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 6.0.1
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 6.0.1
27
+ - !ruby/object:Gem::Dependency
28
+ name: rack
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '2.0'
34
+ - - ">="
35
+ - !ruby/object:Gem::Version
36
+ version: 2.0.7
37
+ type: :runtime
38
+ prerelease: false
39
+ version_requirements: !ruby/object:Gem::Requirement
40
+ requirements:
41
+ - - "~>"
42
+ - !ruby/object:Gem::Version
43
+ version: '2.0'
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: 2.0.7
47
+ - !ruby/object:Gem::Dependency
48
+ name: simplecov
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - "~>"
52
+ - !ruby/object:Gem::Version
53
+ version: '0.16'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - "~>"
59
+ - !ruby/object:Gem::Version
60
+ version: '0.16'
61
+ - !ruby/object:Gem::Dependency
62
+ name: coveralls
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: 0.8.15
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: 0.8.15
75
+ description: Middleware to verify Nexmo signatures
76
+ email:
77
+ - devrel@nexmo.com
78
+ executables: []
79
+ extensions: []
80
+ extra_rdoc_files: []
81
+ files:
82
+ - LICENSE.txt
83
+ - README.md
84
+ - lib/verify_nexmo_signature.rb
85
+ - lib/verify_nexmo_signature/middleware.rb
86
+ - lib/version.rb
87
+ homepage: https://github.com/Nexmo/rack-verify-signature-middleware
88
+ licenses:
89
+ - MIT
90
+ metadata:
91
+ homepage: https://github.com/Nexmo/rack-verify-signature-middleware
92
+ source_code_uri: https://github.com/Nexmo/rack-verify-signature-middleware
93
+ bug_tracker_uri: https://github.com/Nexmo/rack-verify-signature-middleware/issues
94
+ changelog_uri: https://github.com/Nexmo/rack-verify-signature-middleware/blog/master/CHANGES.md
95
+ post_install_message:
96
+ rdoc_options: []
97
+ require_paths:
98
+ - lib
99
+ required_ruby_version: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ required_rubygems_version: !ruby/object:Gem::Requirement
105
+ requirements:
106
+ - - ">="
107
+ - !ruby/object:Gem::Version
108
+ version: '0'
109
+ requirements: []
110
+ rubyforge_project:
111
+ rubygems_version: 2.7.6.2
112
+ signing_key:
113
+ specification_version: 4
114
+ summary: This is middleware to verify Nexmo signatures. To use it you'll need a Nexmo
115
+ account. Sign up for free at https://www.nexmo.com
116
+ test_files: []