x-signature 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 6f1d3f9f8bffd4aee0038f5151d573e1c7ba7e81
4
+ data.tar.gz: a4d0d93ddf55eb587a9f3bbc6ed93ddd8ed32a6a
5
+ SHA512:
6
+ metadata.gz: cffca84f57a29654d303046bbd17bc380a236a1b6e7373d7e40be49a95d42abd43c17c214bddf0dbb32ded47a4c4a5ba76b7d0b557e47f18b6d64f7f4a52fb57
7
+ data.tar.gz: 113f54fee2427a91cb33ed554d2512d2ce1314a7b95717bab18a41ca9405c8e9adb3435ec1dd4c1a9cd3b403d3e4b9898e246d32fe857e8569bb77ba8945b01a
data/.gitignore ADDED
@@ -0,0 +1,10 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ /gemfiles/*.lock
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,10 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.2
4
+ gemfile:
5
+ - gemfiles/rails_4.2.3.gemfile
6
+ services:
7
+ - redis-server
8
+ before_install: gem install bundler -v 1.10.6
9
+ install: bin/setup
10
+ script: rake
data/Appraisals ADDED
@@ -0,0 +1,3 @@
1
+ appraise 'rails-4.2.3' do
2
+ gem 'rails', '4.2.3'
3
+ end
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in x-signature.gemspec
4
+ gemspec
data/README.md ADDED
@@ -0,0 +1,51 @@
1
+ # XSignature
2
+
3
+ This gem allows to cryptographically sign and verify API requests.
4
+
5
+ [![Build Status](https://travis-ci.org/MyceliumGear/x-signature.svg)](https://travis-ci.org/MyceliumGear/x-signature)
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'x-signature'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install x-signature
22
+
23
+ ## Usage
24
+
25
+ ### Rails
26
+
27
+ In the controller:
28
+
29
+ ```ruby
30
+ user = User.find(env['HTTP_X_CLIENT'])
31
+ if XSignature::RailsRequestValidator.new.valid?(request: request, secret: user.api_secret)
32
+ # proceed
33
+ else
34
+ # 401 error
35
+ end
36
+ ```
37
+
38
+ ## Development
39
+
40
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
41
+
42
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
43
+
44
+ ## Contributing
45
+
46
+ Bug reports and pull requests are welcome on GitHub at https://github.com/MyceliumGear/x-signature.
47
+
48
+ ## License
49
+
50
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
51
+
data/Rakefile ADDED
@@ -0,0 +1,13 @@
1
+ require 'rubygems'
2
+ require 'bundler/setup'
3
+ require 'bundler/gem_tasks'
4
+ require 'rspec/core/rake_task'
5
+ require 'appraisal'
6
+
7
+ RSpec::Core::RakeTask.new(:spec)
8
+
9
+ if !ENV['APPRAISAL_INITIALIZED'] && !ENV['TRAVIS']
10
+ task :default => :appraisal
11
+ else
12
+ task :default => :spec
13
+ end
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "x-signature"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,7 @@
1
+ #!/bin/bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+
5
+ bundle install
6
+
7
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,7 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "rails", "4.2.3"
6
+
7
+ gemspec :path => "../"
@@ -0,0 +1,22 @@
1
+ require 'x-signature/version'
2
+
3
+ module XSignature
4
+
5
+ Data = Struct.new(:secret, :signature, :client, :nonce, :method, :request_uri, :body)
6
+
7
+ XSignatureError = Class.new(StandardError)
8
+ InvalidNonce = Class.new(XSignatureError)
9
+ InvalidSignature = Class.new(XSignatureError)
10
+
11
+ autoload :RequestValidator, File.expand_path('../x-signature/request_validator', __FILE__)
12
+ autoload :RailsRequestValidator, File.expand_path('../x-signature/rails_request_validator', __FILE__)
13
+
14
+ autoload :NonceValidator, File.expand_path('../x-signature/nonce_validator', __FILE__)
15
+ autoload :RedisNonceValidator, File.expand_path('../x-signature/redis_nonce_validator', __FILE__)
16
+
17
+ autoload :SignatureValidator, File.expand_path('../x-signature/signature_validator', __FILE__)
18
+ autoload :SignatureMultiValidator, File.expand_path('../x-signature/signature_multi_validator', __FILE__)
19
+ autoload :Base64SignatureValidator, File.expand_path('../x-signature/base64_signature_validator', __FILE__)
20
+ autoload :HexSignatureValidator, File.expand_path('../x-signature/hex_signature_validator', __FILE__)
21
+
22
+ end
@@ -0,0 +1,14 @@
1
+ require 'openssl'
2
+ require 'base64'
3
+
4
+ module XSignature
5
+ class Base64SignatureValidator < SignatureValidator
6
+
7
+ def self.signature(secret:, nonce:, body:, method:, request_uri:)
8
+ sha512 = OpenSSL::Digest::SHA512.new
9
+ request = "#{method.to_s.upcase}#{request_uri}#{sha512.digest("#{nonce}#{body}")}"
10
+ signature = OpenSSL::HMAC.digest(sha512, secret.to_s, request)
11
+ Base64.strict_encode64(signature)
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,12 @@
1
+ require 'openssl'
2
+
3
+ module XSignature
4
+ class HexSignatureValidator < SignatureValidator
5
+
6
+ def self.signature(secret:, nonce:, body:, method:, request_uri:)
7
+ sha512 = OpenSSL::Digest::SHA512.new
8
+ request = "#{method.to_s.upcase}#{request_uri}#{sha512.hexdigest("#{nonce}#{body}")}"
9
+ OpenSSL::HMAC.hexdigest(sha512, secret.to_s, request)
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,11 @@
1
+ module XSignature
2
+ class NonceValidator
3
+
4
+ # Some state should be maintained in order to protect API from replay attack
5
+ # https://en.wikipedia.org/wiki/Cryptographic_nonce
6
+ # @param [XSignature::Data] data
7
+ def valid?(data)
8
+ fail NotImplementedError
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,25 @@
1
+ require 'uri'
2
+
3
+ module XSignature
4
+ class RailsRequestValidator < RequestValidator
5
+
6
+ def validate(secret:, request:)
7
+ env = request.env
8
+ body = request.body
9
+ if body.kind_of?(StringIO)
10
+ body = body.string
11
+ end
12
+ request_uri = (URI(env['REQUEST_URI']).request_uri rescue env['REQUEST_URI'])
13
+ params = {
14
+ secret: secret,
15
+ signature: env['HTTP_X_SIGNATURE'],
16
+ client: env['HTTP_X_CLIENT'],
17
+ nonce: env['HTTP_X_NONCE'],
18
+ method: request.method,
19
+ request_uri: request_uri,
20
+ body: body,
21
+ }
22
+ super params
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,31 @@
1
+ require 'redis'
2
+
3
+ module XSignature
4
+ class RedisNonceValidator < NonceValidator
5
+
6
+ attr_accessor :redis_connection, :keys_prefix
7
+
8
+ def initialize(redis_connection: nil, keys_prefix: 'XSignature:LastNonce:')
9
+ @redis_connection = redis_connection || Redis.current
10
+ @keys_prefix = keys_prefix
11
+ end
12
+
13
+ def valid?(data)
14
+ key = "#{keys_prefix}#{data.client}"
15
+ loop do
16
+ redis_connection.watch key do
17
+ last_nonce = redis_connection.get(key).to_i
18
+ if last_nonce < data.nonce
19
+ result = redis_connection.multi do |multi|
20
+ multi.set key, data.nonce
21
+ end
22
+ return true if result[0] == 'OK'
23
+ else
24
+ redis_connection.unwatch
25
+ return false
26
+ end
27
+ end
28
+ end
29
+ end
30
+ end
31
+ end
@@ -0,0 +1,28 @@
1
+ module XSignature
2
+ class RequestValidator
3
+
4
+ attr_accessor :signature_validator, :nonce_validator
5
+
6
+ def initialize(signature_validator: nil, nonce_validator: nil)
7
+ @signature_validator = signature_validator || SignatureMultiValidator.new(HexSignatureValidator.new, Base64SignatureValidator.new)
8
+ @nonce_validator = nonce_validator || RedisNonceValidator.new
9
+ end
10
+
11
+ # :secret, :signature, :client, :nonce, :method, :request_uri, :body
12
+ def validate(**args)
13
+ data = Data.new
14
+ args.each do |k, v|
15
+ data[k] = v
16
+ end
17
+ fail InvalidNonce unless @nonce_validator.valid?(data)
18
+ fail InvalidSignature unless @signature_validator.valid?(data)
19
+ true
20
+ end
21
+
22
+ def valid?(**args)
23
+ validate(**args)
24
+ rescue XSignatureError
25
+ false
26
+ end
27
+ end
28
+ end
@@ -0,0 +1,14 @@
1
+ module XSignature
2
+ class SignatureMultiValidator
3
+
4
+ attr_accessor :validators
5
+
6
+ def initialize(*validators)
7
+ @validators = validators.flatten
8
+ end
9
+
10
+ def valid?(data)
11
+ validators.any? { |validator| validator.valid?(data) }
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,12 @@
1
+ module XSignature
2
+ class SignatureValidator
3
+
4
+ # @param [XSignature::Data] data
5
+ def valid?(data)
6
+ params = self.class.method(:signature).parameters.map(&:last).each_with_object({}) do |param, hash|
7
+ hash[param] = data[param]
8
+ end
9
+ data.signature == self.class.signature(**params)
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,3 @@
1
+ module XSignature
2
+ VERSION = '0.1.0'
3
+ end
@@ -0,0 +1,29 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'x-signature/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "x-signature"
8
+ spec.version = XSignature::VERSION
9
+ spec.authors = ["AlexanderPavlenko"]
10
+ spec.email = ["alerticus@gmail.com"]
11
+
12
+ spec.summary = %q{API requests signing and signature validation}
13
+ spec.description = %q{Allows to create and validate cryptographic signatures on API requests}
14
+ spec.homepage = "https://github.com/MyceliumGear/x-signature"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
+ spec.bindir = "exe"
19
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
+ spec.require_paths = ["lib"]
21
+
22
+ spec.add_development_dependency "bundler", "~> 1.10"
23
+ spec.add_development_dependency "rake", "~> 10.0"
24
+ spec.add_development_dependency "rspec-rails"
25
+ spec.add_development_dependency 'simplecov'
26
+ spec.add_development_dependency 'appraisal', ">= 2.1"
27
+
28
+ spec.add_dependency 'redis'
29
+ end
metadata ADDED
@@ -0,0 +1,149 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: x-signature
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - AlexanderPavlenko
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2015-10-26 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.10'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.10'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec-rails
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: simplecov
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: appraisal
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '2.1'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '2.1'
83
+ - !ruby/object:Gem::Dependency
84
+ name: redis
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ description: Allows to create and validate cryptographic signatures on API requests
98
+ email:
99
+ - alerticus@gmail.com
100
+ executables: []
101
+ extensions: []
102
+ extra_rdoc_files: []
103
+ files:
104
+ - ".gitignore"
105
+ - ".rspec"
106
+ - ".travis.yml"
107
+ - Appraisals
108
+ - Gemfile
109
+ - README.md
110
+ - Rakefile
111
+ - bin/console
112
+ - bin/setup
113
+ - gemfiles/rails_4.2.3.gemfile
114
+ - lib/x-signature.rb
115
+ - lib/x-signature/base64_signature_validator.rb
116
+ - lib/x-signature/hex_signature_validator.rb
117
+ - lib/x-signature/nonce_validator.rb
118
+ - lib/x-signature/rails_request_validator.rb
119
+ - lib/x-signature/redis_nonce_validator.rb
120
+ - lib/x-signature/request_validator.rb
121
+ - lib/x-signature/signature_multi_validator.rb
122
+ - lib/x-signature/signature_validator.rb
123
+ - lib/x-signature/version.rb
124
+ - x-signature.gemspec
125
+ homepage: https://github.com/MyceliumGear/x-signature
126
+ licenses:
127
+ - MIT
128
+ metadata: {}
129
+ post_install_message:
130
+ rdoc_options: []
131
+ require_paths:
132
+ - lib
133
+ required_ruby_version: !ruby/object:Gem::Requirement
134
+ requirements:
135
+ - - ">="
136
+ - !ruby/object:Gem::Version
137
+ version: '0'
138
+ required_rubygems_version: !ruby/object:Gem::Requirement
139
+ requirements:
140
+ - - ">="
141
+ - !ruby/object:Gem::Version
142
+ version: '0'
143
+ requirements: []
144
+ rubyforge_project:
145
+ rubygems_version: 2.4.8
146
+ signing_key:
147
+ specification_version: 4
148
+ summary: API requests signing and signature validation
149
+ test_files: []