x-signature 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +10 -0
- data/.rspec +2 -0
- data/.travis.yml +10 -0
- data/Appraisals +3 -0
- data/Gemfile +4 -0
- data/README.md +51 -0
- data/Rakefile +13 -0
- data/bin/console +14 -0
- data/bin/setup +7 -0
- data/gemfiles/rails_4.2.3.gemfile +7 -0
- data/lib/x-signature.rb +22 -0
- data/lib/x-signature/base64_signature_validator.rb +14 -0
- data/lib/x-signature/hex_signature_validator.rb +12 -0
- data/lib/x-signature/nonce_validator.rb +11 -0
- data/lib/x-signature/rails_request_validator.rb +25 -0
- data/lib/x-signature/redis_nonce_validator.rb +31 -0
- data/lib/x-signature/request_validator.rb +28 -0
- data/lib/x-signature/signature_multi_validator.rb +14 -0
- data/lib/x-signature/signature_validator.rb +12 -0
- data/lib/x-signature/version.rb +3 -0
- data/x-signature.gemspec +29 -0
- metadata +149 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 6f1d3f9f8bffd4aee0038f5151d573e1c7ba7e81
|
4
|
+
data.tar.gz: a4d0d93ddf55eb587a9f3bbc6ed93ddd8ed32a6a
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: cffca84f57a29654d303046bbd17bc380a236a1b6e7373d7e40be49a95d42abd43c17c214bddf0dbb32ded47a4c4a5ba76b7d0b557e47f18b6d64f7f4a52fb57
|
7
|
+
data.tar.gz: 113f54fee2427a91cb33ed554d2512d2ce1314a7b95717bab18a41ca9405c8e9adb3435ec1dd4c1a9cd3b403d3e4b9898e246d32fe857e8569bb77ba8945b01a
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Appraisals
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,51 @@
|
|
1
|
+
# XSignature
|
2
|
+
|
3
|
+
This gem allows to cryptographically sign and verify API requests.
|
4
|
+
|
5
|
+
[](https://travis-ci.org/MyceliumGear/x-signature)
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'x-signature'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install x-signature
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
### Rails
|
26
|
+
|
27
|
+
In the controller:
|
28
|
+
|
29
|
+
```ruby
|
30
|
+
user = User.find(env['HTTP_X_CLIENT'])
|
31
|
+
if XSignature::RailsRequestValidator.new.valid?(request: request, secret: user.api_secret)
|
32
|
+
# proceed
|
33
|
+
else
|
34
|
+
# 401 error
|
35
|
+
end
|
36
|
+
```
|
37
|
+
|
38
|
+
## Development
|
39
|
+
|
40
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
41
|
+
|
42
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
43
|
+
|
44
|
+
## Contributing
|
45
|
+
|
46
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/MyceliumGear/x-signature.
|
47
|
+
|
48
|
+
## License
|
49
|
+
|
50
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
51
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler/setup'
|
3
|
+
require 'bundler/gem_tasks'
|
4
|
+
require 'rspec/core/rake_task'
|
5
|
+
require 'appraisal'
|
6
|
+
|
7
|
+
RSpec::Core::RakeTask.new(:spec)
|
8
|
+
|
9
|
+
if !ENV['APPRAISAL_INITIALIZED'] && !ENV['TRAVIS']
|
10
|
+
task :default => :appraisal
|
11
|
+
else
|
12
|
+
task :default => :spec
|
13
|
+
end
|
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "x-signature"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
data/bin/setup
ADDED
data/lib/x-signature.rb
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'x-signature/version'
|
2
|
+
|
3
|
+
module XSignature
|
4
|
+
|
5
|
+
Data = Struct.new(:secret, :signature, :client, :nonce, :method, :request_uri, :body)
|
6
|
+
|
7
|
+
XSignatureError = Class.new(StandardError)
|
8
|
+
InvalidNonce = Class.new(XSignatureError)
|
9
|
+
InvalidSignature = Class.new(XSignatureError)
|
10
|
+
|
11
|
+
autoload :RequestValidator, File.expand_path('../x-signature/request_validator', __FILE__)
|
12
|
+
autoload :RailsRequestValidator, File.expand_path('../x-signature/rails_request_validator', __FILE__)
|
13
|
+
|
14
|
+
autoload :NonceValidator, File.expand_path('../x-signature/nonce_validator', __FILE__)
|
15
|
+
autoload :RedisNonceValidator, File.expand_path('../x-signature/redis_nonce_validator', __FILE__)
|
16
|
+
|
17
|
+
autoload :SignatureValidator, File.expand_path('../x-signature/signature_validator', __FILE__)
|
18
|
+
autoload :SignatureMultiValidator, File.expand_path('../x-signature/signature_multi_validator', __FILE__)
|
19
|
+
autoload :Base64SignatureValidator, File.expand_path('../x-signature/base64_signature_validator', __FILE__)
|
20
|
+
autoload :HexSignatureValidator, File.expand_path('../x-signature/hex_signature_validator', __FILE__)
|
21
|
+
|
22
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
module XSignature
|
5
|
+
class Base64SignatureValidator < SignatureValidator
|
6
|
+
|
7
|
+
def self.signature(secret:, nonce:, body:, method:, request_uri:)
|
8
|
+
sha512 = OpenSSL::Digest::SHA512.new
|
9
|
+
request = "#{method.to_s.upcase}#{request_uri}#{sha512.digest("#{nonce}#{body}")}"
|
10
|
+
signature = OpenSSL::HMAC.digest(sha512, secret.to_s, request)
|
11
|
+
Base64.strict_encode64(signature)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
|
3
|
+
module XSignature
|
4
|
+
class HexSignatureValidator < SignatureValidator
|
5
|
+
|
6
|
+
def self.signature(secret:, nonce:, body:, method:, request_uri:)
|
7
|
+
sha512 = OpenSSL::Digest::SHA512.new
|
8
|
+
request = "#{method.to_s.upcase}#{request_uri}#{sha512.hexdigest("#{nonce}#{body}")}"
|
9
|
+
OpenSSL::HMAC.hexdigest(sha512, secret.to_s, request)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
module XSignature
|
2
|
+
class NonceValidator
|
3
|
+
|
4
|
+
# Some state should be maintained in order to protect API from replay attack
|
5
|
+
# https://en.wikipedia.org/wiki/Cryptographic_nonce
|
6
|
+
# @param [XSignature::Data] data
|
7
|
+
def valid?(data)
|
8
|
+
fail NotImplementedError
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'uri'
|
2
|
+
|
3
|
+
module XSignature
|
4
|
+
class RailsRequestValidator < RequestValidator
|
5
|
+
|
6
|
+
def validate(secret:, request:)
|
7
|
+
env = request.env
|
8
|
+
body = request.body
|
9
|
+
if body.kind_of?(StringIO)
|
10
|
+
body = body.string
|
11
|
+
end
|
12
|
+
request_uri = (URI(env['REQUEST_URI']).request_uri rescue env['REQUEST_URI'])
|
13
|
+
params = {
|
14
|
+
secret: secret,
|
15
|
+
signature: env['HTTP_X_SIGNATURE'],
|
16
|
+
client: env['HTTP_X_CLIENT'],
|
17
|
+
nonce: env['HTTP_X_NONCE'],
|
18
|
+
method: request.method,
|
19
|
+
request_uri: request_uri,
|
20
|
+
body: body,
|
21
|
+
}
|
22
|
+
super params
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require 'redis'
|
2
|
+
|
3
|
+
module XSignature
|
4
|
+
class RedisNonceValidator < NonceValidator
|
5
|
+
|
6
|
+
attr_accessor :redis_connection, :keys_prefix
|
7
|
+
|
8
|
+
def initialize(redis_connection: nil, keys_prefix: 'XSignature:LastNonce:')
|
9
|
+
@redis_connection = redis_connection || Redis.current
|
10
|
+
@keys_prefix = keys_prefix
|
11
|
+
end
|
12
|
+
|
13
|
+
def valid?(data)
|
14
|
+
key = "#{keys_prefix}#{data.client}"
|
15
|
+
loop do
|
16
|
+
redis_connection.watch key do
|
17
|
+
last_nonce = redis_connection.get(key).to_i
|
18
|
+
if last_nonce < data.nonce
|
19
|
+
result = redis_connection.multi do |multi|
|
20
|
+
multi.set key, data.nonce
|
21
|
+
end
|
22
|
+
return true if result[0] == 'OK'
|
23
|
+
else
|
24
|
+
redis_connection.unwatch
|
25
|
+
return false
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module XSignature
|
2
|
+
class RequestValidator
|
3
|
+
|
4
|
+
attr_accessor :signature_validator, :nonce_validator
|
5
|
+
|
6
|
+
def initialize(signature_validator: nil, nonce_validator: nil)
|
7
|
+
@signature_validator = signature_validator || SignatureMultiValidator.new(HexSignatureValidator.new, Base64SignatureValidator.new)
|
8
|
+
@nonce_validator = nonce_validator || RedisNonceValidator.new
|
9
|
+
end
|
10
|
+
|
11
|
+
# :secret, :signature, :client, :nonce, :method, :request_uri, :body
|
12
|
+
def validate(**args)
|
13
|
+
data = Data.new
|
14
|
+
args.each do |k, v|
|
15
|
+
data[k] = v
|
16
|
+
end
|
17
|
+
fail InvalidNonce unless @nonce_validator.valid?(data)
|
18
|
+
fail InvalidSignature unless @signature_validator.valid?(data)
|
19
|
+
true
|
20
|
+
end
|
21
|
+
|
22
|
+
def valid?(**args)
|
23
|
+
validate(**args)
|
24
|
+
rescue XSignatureError
|
25
|
+
false
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
module XSignature
|
2
|
+
class SignatureMultiValidator
|
3
|
+
|
4
|
+
attr_accessor :validators
|
5
|
+
|
6
|
+
def initialize(*validators)
|
7
|
+
@validators = validators.flatten
|
8
|
+
end
|
9
|
+
|
10
|
+
def valid?(data)
|
11
|
+
validators.any? { |validator| validator.valid?(data) }
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
module XSignature
|
2
|
+
class SignatureValidator
|
3
|
+
|
4
|
+
# @param [XSignature::Data] data
|
5
|
+
def valid?(data)
|
6
|
+
params = self.class.method(:signature).parameters.map(&:last).each_with_object({}) do |param, hash|
|
7
|
+
hash[param] = data[param]
|
8
|
+
end
|
9
|
+
data.signature == self.class.signature(**params)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/x-signature.gemspec
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'x-signature/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "x-signature"
|
8
|
+
spec.version = XSignature::VERSION
|
9
|
+
spec.authors = ["AlexanderPavlenko"]
|
10
|
+
spec.email = ["alerticus@gmail.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{API requests signing and signature validation}
|
13
|
+
spec.description = %q{Allows to create and validate cryptographic signatures on API requests}
|
14
|
+
spec.homepage = "https://github.com/MyceliumGear/x-signature"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
18
|
+
spec.bindir = "exe"
|
19
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
20
|
+
spec.require_paths = ["lib"]
|
21
|
+
|
22
|
+
spec.add_development_dependency "bundler", "~> 1.10"
|
23
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
24
|
+
spec.add_development_dependency "rspec-rails"
|
25
|
+
spec.add_development_dependency 'simplecov'
|
26
|
+
spec.add_development_dependency 'appraisal', ">= 2.1"
|
27
|
+
|
28
|
+
spec.add_dependency 'redis'
|
29
|
+
end
|
metadata
ADDED
@@ -0,0 +1,149 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: x-signature
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- AlexanderPavlenko
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-10-26 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.10'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.10'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec-rails
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: simplecov
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: appraisal
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '2.1'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '2.1'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: redis
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
description: Allows to create and validate cryptographic signatures on API requests
|
98
|
+
email:
|
99
|
+
- alerticus@gmail.com
|
100
|
+
executables: []
|
101
|
+
extensions: []
|
102
|
+
extra_rdoc_files: []
|
103
|
+
files:
|
104
|
+
- ".gitignore"
|
105
|
+
- ".rspec"
|
106
|
+
- ".travis.yml"
|
107
|
+
- Appraisals
|
108
|
+
- Gemfile
|
109
|
+
- README.md
|
110
|
+
- Rakefile
|
111
|
+
- bin/console
|
112
|
+
- bin/setup
|
113
|
+
- gemfiles/rails_4.2.3.gemfile
|
114
|
+
- lib/x-signature.rb
|
115
|
+
- lib/x-signature/base64_signature_validator.rb
|
116
|
+
- lib/x-signature/hex_signature_validator.rb
|
117
|
+
- lib/x-signature/nonce_validator.rb
|
118
|
+
- lib/x-signature/rails_request_validator.rb
|
119
|
+
- lib/x-signature/redis_nonce_validator.rb
|
120
|
+
- lib/x-signature/request_validator.rb
|
121
|
+
- lib/x-signature/signature_multi_validator.rb
|
122
|
+
- lib/x-signature/signature_validator.rb
|
123
|
+
- lib/x-signature/version.rb
|
124
|
+
- x-signature.gemspec
|
125
|
+
homepage: https://github.com/MyceliumGear/x-signature
|
126
|
+
licenses:
|
127
|
+
- MIT
|
128
|
+
metadata: {}
|
129
|
+
post_install_message:
|
130
|
+
rdoc_options: []
|
131
|
+
require_paths:
|
132
|
+
- lib
|
133
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
134
|
+
requirements:
|
135
|
+
- - ">="
|
136
|
+
- !ruby/object:Gem::Version
|
137
|
+
version: '0'
|
138
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
139
|
+
requirements:
|
140
|
+
- - ">="
|
141
|
+
- !ruby/object:Gem::Version
|
142
|
+
version: '0'
|
143
|
+
requirements: []
|
144
|
+
rubyforge_project:
|
145
|
+
rubygems_version: 2.4.8
|
146
|
+
signing_key:
|
147
|
+
specification_version: 4
|
148
|
+
summary: API requests signing and signature validation
|
149
|
+
test_files: []
|