verify_nexmo_signature 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 85782e700038062be7b7abc6921eda2e80d49863878462cebd8698d2aee1f78e
+  data.tar.gz: 43951fd6ed80e07de93e6890879fdef91733a827c280eb21e52b436587c3880f
+SHA512:
+  metadata.gz: 6f618760b48e640db6c44cb6903b58deb2a0324a11e5705026a775fc8abda6ae7e47e939443472eb6dcbeed673a593e5eeb8260370feeb55e5972b70387e426c
+  data.tar.gz: a9ee783c2feea3190e802c4fe1fac7591bd15d223b4e30fbf7d2a01d549d149adab212aac8eb2e094ada40585e3f9a8aa282b16498b5c157aff63995cee347ff

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Nexmo Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,56 @@
+# Verify Nexmo Signatures Rack Middleware
+Integrate this middleware into your application to verify [Nexmo signatures](https://developer.nexmo.com/concepts/guides/signing-messages).
+
+* [Dependencies](#requirements)
+* [Installation and Usage](#installation-and-usage)
+    * [As a standalone application](#as-a-standalone-application)
+    * [Mounted into a Rails application](#mounted-into-a-rails-application)
+* [Contributing](#contributing)
+* [License](#license)
+
+## Dependencies
+
+This middleware utilizes the following dependencies:
+
+* [JWT](https://github.com/jwt/ruby-jwt)
+* [Digest](https://github.com/ruby/digest)
+
+## Installation and Usage
+
+The verify signature middleware can be used standalone or integrated into a Ruby application. The middleware will return a `403` HTTP status code if the signature is not valid, and will continue the application if it is valid.
+
+### As a standalone application
+
+Install the gem on your system:
+
+``` shell
+$ gem install verify_nexmo_signature
+```
+
+Then require it from within your `config.ru` Rack configuration:
+
+``` ruby
+use VerifyNexmoSignature::Middleware
+```
+
+An example [config.ru](examples/config.ru.example) can be found in the examples folder. More information on getting up and running with Rack can be found at the [Rack GitHub repository](https://github.com/rack/rack/wiki/(tutorial)-rackup-howto#with-a-ru-config-file).
+
+### Mounted into a Rails Application
+
+Require it in your `Gemfile`:
+
+```ruby
+gem verify_nexmo_signature
+```
+
+And then add the middleware to your `config/application.rb` file to initialize it with your application:
+
+```ruby
+config.middleware.use VerifyNexmoSignature::Middleware
+```
+
+## Contributing
+We ❤️ contributions from everyone! [Bug reports](https://github.com/Nexmo/rack-verify-signature-middleware/issues), [bug fixes](https://github.com/Nexmo/rack-verify-signature-middleware/pulls) and feedback on the library is always appreciated. Look at the [Contributor Guidelines](https://github.com/Nexmo/rack-verify-signature-middleware/blob/master/CONTRIBUTING.md) for more information.
+
+## License
+This project is under the [MIT LICENSE](https://github.com/Nexmo/rack-verify-signature-middleware/blob/master/LICENSE).

data/lib/verify_nexmo_signature.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'nexmo'
+require 'rack'
+require_relative './verify_nexmo_signature/middleware'

data/lib/verify_nexmo_signature/middleware.rb

@@ -0,0 +1,38 @@
+# Verify Nexmo Signatures
+module VerifyNexmoSignature
+  class Middleware
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      req = ::Rack::Request.new(env)
+      if req.post?
+        params = req.params.dup 
+        verify = nexmo_client
+        if verify.check(params)
+          @app.call(env)
+        else
+          [403, {}, ['']]
+        end
+      else
+        @app.call(env)
+      end
+    end
+
+    private
+
+    def nexmo_client
+      if ENV['NEXMO_API_SIGNATURE']
+        verify = Nexmo::Signature.new(
+          ENV['NEXMO_API_SIGNATURE']
+        )
+      elsif defined?(Rails) && Rails.application.credentials.nexmo
+        verify = Nexmo::Signature.new(
+          Rails.application.credentials.nexmo[:api_signature]
+        )
+      end
+      verify
+    end
+  end
+end

data/lib/version.rb

@@ -0,0 +1,5 @@
+# :nocov:
+module VerifyNexmoSignature
+  VERSION = '0.1.0'
+end
+# :nocov:

metadata

@@ -0,0 +1,116 @@
+--- !ruby/object:Gem::Specification
+name: verify_nexmo_signature
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Nexmo
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-11-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nexmo
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.1
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.7
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.15
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.15
+description: Middleware to verify Nexmo signatures
+email:
+- devrel@nexmo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/verify_nexmo_signature.rb
+- lib/verify_nexmo_signature/middleware.rb
+- lib/version.rb
+homepage: https://github.com/Nexmo/rack-verify-signature-middleware
+licenses:
+- MIT
+metadata:
+  homepage: https://github.com/Nexmo/rack-verify-signature-middleware
+  source_code_uri: https://github.com/Nexmo/rack-verify-signature-middleware
+  bug_tracker_uri: https://github.com/Nexmo/rack-verify-signature-middleware/issues
+  changelog_uri: https://github.com/Nexmo/rack-verify-signature-middleware/blog/master/CHANGES.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6.2
+signing_key: 
+specification_version: 4
+summary: This is middleware to verify Nexmo signatures. To use it you'll need a Nexmo
+  account. Sign up for free at https://www.nexmo.com
+test_files: []