Module: ApiAuth

Extended by:

Helpers

Defined in:

lib/api_auth/base.rb,
lib/api_auth/errors.rb,
lib/api_auth/headers.rb,
lib/api_auth/helpers.rb,
lib/api_auth/railtie.rb,
lib/api_auth/request_drivers/curb.rb,
lib/api_auth/request_drivers/http.rb,
lib/api_auth/request_drivers/rack.rb,
lib/api_auth/request_drivers/httpi.rb,
lib/api_auth/request_drivers/faraday.rb,
lib/api_auth/request_drivers/net_http.rb,
lib/api_auth/request_drivers/rest_client.rb,
lib/api_auth/request_drivers/action_dispatch.rb,
lib/api_auth/request_drivers/action_controller.rb

Overview

The gem will sign your requests on the client side and authenticate that signature on the server side. If your server resources are implemented as a Rails ActiveResource, it will integrate with that. It will even generate the secret keys necessary for your clients to sign their requests.

Defined Under Namespace

Modules: Helpers, RequestDrivers Classes: ApiAuthError, Headers, InvalidRequestDigest, Rails, UnknownHTTPRequest

Class Method Summary

• .access_id(request) ⇒ Object

  Returns the access id from the request’s authorization header.

• .authentic?(request, secret_key, options = {}) ⇒ Boolean

  Determines if the request is authentic given the request and the client’s secret key.

• .generate_secret_key ⇒ Object

  Generates a Base64 encoded, randomized secret key.

• .sign!(request, access_id, secret_key, options = {}) ⇒ Object

  Signs an HTTP request using the client’s access id and secret key.

Methods included from Helpers

b64_encode, capitalize_keys, md5_base64digest

Class Method Details

.access_id(request) ⇒ Object

Returns the access id from the request’s authorization header

# File 'lib/api_auth/base.rb', line 54

def access_id(request)
  headers = Headers.new(request)
  if match_data = parse_auth_header(headers.authorization_header)
    return match_data[2]
  end

  nil
end

.authentic?(request, secret_key, options = {}) ⇒ Boolean

Determines if the request is authentic given the request and the client’s secret key. Returns true if the request is authentic and false otherwise.

# File 'lib/api_auth/base.rb', line 32

def authentic?(request, secret_key, options = {})
  return false if secret_key.nil?

  options = { override_http_method: nil }.merge(options)

  headers = Headers.new(request)

  # 900 seconds is 15 minutes
  clock_skew = options.fetch(:clock_skew, 900)

  if headers.md5_mismatch?
    false
  elsif !signatures_match?(headers, secret_key, options)
    false
  elsif !request_within_time_window?(headers, clock_skew)
    false
  else
    true
  end
end

.generate_secret_key ⇒ Object

Generates a Base64 encoded, randomized secret key

Store this key along with the access key that will be used for authenticating the client

# File 'lib/api_auth/base.rb', line 67

def generate_secret_key
  random_bytes = OpenSSL::Random.random_bytes(512)
  b64_encode(Digest::SHA2.new(512).digest(random_bytes))
end

.sign!(request, access_id, secret_key, options = {}) ⇒ Object

Signs an HTTP request using the client’s access id and secret key. Returns the HTTP request object with the modified headers.

request: The request can be a Net::HTTP, ActionDispatch::Request, Curb (Curl::Easy), RestClient object or Faraday::Request.

access_id: The public unique identifier for the client

secret_key: assigned secret key that is known to both parties

# File 'lib/api_auth/base.rb', line 22

def sign!(request, access_id, secret_key, options = {})
  options = { override_http_method: nil, digest: 'sha1' }.merge(options)
  headers = Headers.new(request)
  headers.calculate_md5
  headers.set_date
  headers.sign_header auth_header(headers, access_id, secret_key, options)
end