module SimpleApiAuth::Helpers::Auth

Public Instance Methods

allowed_methods() click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 18
def allowed_methods
  options[:allowed_methods] || SimpleApiAuth.config.allowed_methods
end
check_data(request) click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 26
def check_data(request)
  required_headers.each do |k, _|
    return log_and_fail(missing_header_message(k)) unless request.headers.key?(k)
  end
  allowed_verb = allowed_methods.include?(request.http_verb)
  return log_and_fail("verb #{request.http_verb} not allowed") unless allowed_verb
  true
end
extract_signature(headers) click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 4
def extract_signature(headers)
  header_key = SimpleApiAuth.config.header_keys[:authorization]
  match = /Signature: (.+)/.match(headers[header_key])
  match && match[1]
end
log_and_fail(message) click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 49
def log_and_fail(message)
  SimpleApiAuth.log(Logger::DEBUG, message)
  false
end
missing_header_message(header_name) click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 35
def missing_header_message(header_name)
  available_headers = request.headers.keys.join(', ')
  "missing header #{header_name}. available headers are: #{available_headers}"
end
options() click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 22
def options
  @options || {}
end
request_timeout() click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 14
def request_timeout
  (options[:request_timeout] || SimpleApiAuth.config.request_timeout) * 60
end
required_headers() click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 10
def required_headers
  options[:required_headers] || SimpleApiAuth.config.required_headers
end
secure_equals?(m1, m2, key) click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 54
def secure_equals?(m1, m2, key)
  sha1_hmac(key, m1) == sha1_hmac(key, m2)
end
sha1_hmac(key, message) click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 58
def sha1_hmac(key, message)
  SimpleApiAuth::Hasher::SHA1.new.hmac(key, message)
end
valid_time?(request) click to toggle source
# File lib/simple-api-auth/helpers/auth_helpers.rb, line 40
def valid_time?(request)
  request_time = request.time
  return log_and_fail('request time not found') if request_time.nil?
  difference = Time.now - request_time
  return log_and_fail('negative time') if difference < 0
  return log_and_fail('request too old') if difference > request_timeout
  true
end