Module: ApiAuth
- Extended by:
- Helpers
- Defined in:
- lib/api_auth/base.rb,
lib/api_auth/errors.rb,
lib/api_auth/headers.rb,
lib/api_auth/helpers.rb,
lib/api_auth/railtie.rb,
lib/api_auth/request_drivers/curb.rb,
lib/api_auth/request_drivers/http.rb,
lib/api_auth/request_drivers/rack.rb,
lib/api_auth/request_drivers/httpi.rb,
lib/api_auth/request_drivers/faraday.rb,
lib/api_auth/request_drivers/net_http.rb,
lib/api_auth/request_drivers/rest_client.rb,
lib/api_auth/request_drivers/grape_request.rb,
lib/api_auth/request_drivers/action_dispatch.rb,
lib/api_auth/request_drivers/action_controller.rb
Overview
The gem will sign your requests on the client side and authenticate that signature on the server side. If your server resources are implemented as a Rails ActiveResource, it will integrate with that. It will even generate the secret keys necessary for your clients to sign their requests.
Defined Under Namespace
Modules: Helpers, RequestDrivers Classes: ApiAuthError, Headers, InvalidRequestDigest, Rails, UnknownHTTPRequest
Class Method Summary collapse
-
.access_id(request) ⇒ Object
Returns the access id from the request’s authorization header.
-
.authentic?(request, secret_key, options = {}) ⇒ Boolean
Determines if the request is authentic given the request and the client’s secret key.
-
.generate_secret_key ⇒ Object
Generates a Base64 encoded, randomized secret key.
-
.sign!(request, access_id, secret_key, options = {}) ⇒ Object
Signs an HTTP request using the client’s access id and secret key.
Methods included from Helpers
b64_encode, capitalize_keys, sha256_base64digest
Class Method Details
.access_id(request) ⇒ Object
Returns the access id from the request’s authorization header
54 55 56 57 58 59 60 61 |
# File 'lib/api_auth/base.rb', line 54 def access_id(request) headers = Headers.new(request) if match_data = parse_auth_header(headers.) return match_data[2] end nil end |
.authentic?(request, secret_key, options = {}) ⇒ Boolean
Determines if the request is authentic given the request and the client’s secret key. Returns true if the request is authentic and false otherwise.
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/api_auth/base.rb', line 32 def authentic?(request, secret_key, = {}) return false if secret_key.nil? = { override_http_method: nil }.merge() headers = Headers.new(request) # 900 seconds is 15 minutes clock_skew = .fetch(:clock_skew, 900) if headers.content_hash_mismatch? false elsif !signatures_match?(headers, secret_key, ) false elsif !request_within_time_window?(headers, clock_skew) false else true end end |
.generate_secret_key ⇒ Object
Generates a Base64 encoded, randomized secret key
Store this key along with the access key that will be used for authenticating the client
67 68 69 70 |
# File 'lib/api_auth/base.rb', line 67 def generate_secret_key random_bytes = OpenSSL::Random.random_bytes(512) b64_encode(Digest::SHA2.new(512).digest(random_bytes)) end |
.sign!(request, access_id, secret_key, options = {}) ⇒ Object
Signs an HTTP request using the client’s access id and secret key. Returns the HTTP request object with the modified headers.
request: The request can be a Net::HTTP, ActionDispatch::Request, Curb (Curl::Easy), RestClient object or Faraday::Request.
access_id: The public unique identifier for the client
secret_key: assigned secret key that is known to both parties
22 23 24 25 26 27 28 |
# File 'lib/api_auth/base.rb', line 22 def sign!(request, access_id, secret_key, = {}) = { override_http_method: nil, digest: 'sha1' }.merge() headers = Headers.new(request) headers.calculate_hash headers.set_date headers.sign_header auth_header(headers, access_id, secret_key, ) end |