Digiweb

This gem aims at signing for cross-application request

Installation

Add this line to your application's Gemfile:

gem 'hsign'

And then execute:

$ bundle

Or install it yourself as:

$ gem install hsign

Usage

For Web application use, a good salt is the IP of the browser

Never pass the API SECRET in the request

In consumer (client side) controller

credentials = {'email' => '[email protected]', 'password' => '123456', 'client_id' => "sha1apikey", 'response_type' => 'code', 'redirect_uri' => settings[:redirect_uri]}

@hsign = HSign::Digest.new("api_secret", request.ip)
@hsign.sign credentials

In your view

<%= form_tag "http://otherserver.com/api/example" do %>
  <% @hsign.each_param do |field, value| %>
    <%= hidden_field_tag field, value %>
  <% end %>
  <%= submit_tag "Submit" %>
<% end %>

Verification (server side)

client = Idnet::Core:Client.find params[:client_id]
secret = client.secret
@hsign = HSign::Digest.new(secret, request.ip)
if @hsign.verify? request.params
   = Idnet::Core::Account.create email: params[:email], password: params[:password]
  .confirm!
end