Module: ApiAuth
- Extended by:
- Helpers
- Defined in:
- lib/api_auth/base.rb,
lib/api_auth/errors.rb,
lib/api_auth/headers.rb,
lib/api_auth/helpers.rb,
lib/api_auth/railtie.rb,
lib/api_auth/request_drivers/curb.rb,
lib/api_auth/request_drivers/rack.rb,
lib/api_auth/request_drivers/net_http.rb,
lib/api_auth/request_drivers/rest_client.rb,
lib/api_auth/request_drivers/action_dispatch.rb,
lib/api_auth/request_drivers/action_controller.rb
Overview
The gem will sign your requests on the client side and authenticate that signature on the server side. If your server resources are implemented as a Rails ActiveResource, it will integrate with that. It will even generate the secret keys necessary for your clients to sign their requests.
Defined Under Namespace
Modules: Helpers, RequestDrivers Classes: ApiAuthError, Headers, Rails, UnknownHTTPRequest
Class Method Summary collapse
-
.access_id(request) ⇒ Object
Returns the access id from the request’s authorization header.
-
.authentic?(request, secret_key) ⇒ Boolean
Determines if the request is authentic given the request and the client’s secret key.
-
.generate_secret_key ⇒ Object
Generates a Base64 encoded, randomized secret key.
-
.sign!(request, access_id, secret_key) ⇒ Object
Signs an HTTP request using the client’s access id and secret key.
Methods included from Helpers
Class Method Details
.access_id(request) ⇒ Object
Returns the access id from the request’s authorization header
40 41 42 43 44 45 46 47 |
# File 'lib/api_auth/base.rb', line 40 def access_id(request) headers = Headers.new(request) if match_data = parse_auth_header(headers.) return match_data[1] end nil end |
.authentic?(request, secret_key) ⇒ Boolean
Determines if the request is authentic given the request and the client’s secret key. Returns true if the request is authentic and false otherwise.
33 34 35 36 37 |
# File 'lib/api_auth/base.rb', line 33 def authentic?(request, secret_key) return false if secret_key.nil? return !md5_mismatch?(request) && signatures_match?(request, secret_key) && !request_too_old?(request) end |
.generate_secret_key ⇒ Object
Generates a Base64 encoded, randomized secret key
Store this key along with the access key that will be used for authenticating the client
53 54 55 56 |
# File 'lib/api_auth/base.rb', line 53 def generate_secret_key random_bytes = OpenSSL::Random.random_bytes(512) b64_encode(Digest::SHA2.new(512).digest(random_bytes)) end |
.sign!(request, access_id, secret_key) ⇒ Object
Signs an HTTP request using the client’s access id and secret key. Returns the HTTP request object with the modified headers.
request: The request can be a Net::HTTP, ActionController::Request, Curb (Curl::Easy) or a RestClient object.
access_id: The public unique identifier for the client
secret_key: assigned secret key that is known to both parties
24 25 26 27 28 29 |
# File 'lib/api_auth/base.rb', line 24 def sign!(request, access_id, secret_key) headers = Headers.new(request) headers.calculate_md5 headers.set_date headers.sign_header auth_header(request, access_id, secret_key) end |