class Rack::UrlAuth::Signer
Attributes
secret[R]
Public Class Methods
new(secret)
click to toggle source
# File lib/rack/url_auth/signer.rb, line 9 def initialize(secret) @secret = secret end
Public Instance Methods
sign(message)
click to toggle source
# File lib/rack/url_auth/signer.rb, line 13 def sign(message) HMAC::SHA256.hexdigest(secret, message) end
sign_url(url, method)
click to toggle source
# File lib/rack/url_auth/signer.rb, line 23 def sign_url(url, method) purl, query = parse_and_extract_query(url) normalized = purl.normalize.to_s query['signature'] = sign(method.to_s.downcase + normalized) build_url(purl, query) end
verify(message, signature)
click to toggle source
# File lib/rack/url_auth/signer.rb, line 17 def verify(message, signature) actual = Digest::SHA1.hexdigest sign(message) expected = Digest::SHA1.hexdigest signature actual == expected end
verify_url(url, method)
click to toggle source
# File lib/rack/url_auth/signer.rb, line 31 def verify_url(url, method) purl, query = parse_and_extract_query(url) signature = query.delete('signature').to_s message = method.to_s.downcase + build_url(purl, query) verify(message, signature) end
Private Instance Methods
build_url(purl, query)
click to toggle source
# File lib/rack/url_auth/signer.rb, line 47 def build_url(purl, query) purl.query = Rack::Utils.build_query(query) purl.normalize.to_s end
parse_and_extract_query(url)
click to toggle source
# File lib/rack/url_auth/signer.rb, line 41 def parse_and_extract_query(url) purl = Addressable::URI.parse(url) query = purl.query_values || {} [purl, query] end