Module: Authy

Defined in:

lib/authi.rb

Overview

Api Authentication Module

Class Method Summary

• .build_query(processed_data, deep_lookup_table) ⇒ Object

  Utility method to build quary from deep lookup table and parameters.

• .fully_qualified_keys(object, fully_qualified_keys = [], val = '', prefix = nil, map = {}) ⇒ Object

  Method to create signed order and signed parameter deep lookup map.

• .generate_secret_key ⇒ Object

  Generate a pre-shared key for client.

• .generate_signed_header(data, service_name = ENV['service_name']) ⇒ Object

  Create a signed hash using input parameter.

• .validate_api(params, header) ⇒ Object

  Validate API.

Class Method Details

.build_query(processed_data, deep_lookup_table) ⇒ Object

Utility method to build quary from deep lookup table and parameters

# File 'lib/authi.rb', line 50

def self.build_query(processed_data, deep_lookup_table) # :nodoc:
  query = []
  processed_data.split(',').each { |data| query << data + '=' + deep_lookup_table[data].to_s }
  query.join('&')
end

.fully_qualified_keys(object, fully_qualified_keys = [], val = '', prefix = nil, map = {}) ⇒ Object

Method to create signed order and signed parameter deep lookup map

# File 'lib/authi.rb', line 29

def self.fully_qualified_keys(object, fully_qualified_keys = [], val = '', prefix = nil, map = {}) # :nodoc:
  if object.is_a? Hash
    object.each do |key, value|
      key_ = prefix.nil? ? key : prefix + '[' + key + ']'
      Authy.fully_qualified_keys(val, fully_qualified_keys,
                                   value, key_, map)
    end
  elsif object.is_a? Array
    object.each_with_index do |item, index|
      key_ = prefix + '[' + index.to_s + ']'
      Authy.fully_qualified_keys(item, fully_qualified_keys,
                                   item, key_, map)
    end
  else
    map[prefix] = val.to_s
    fully_qualified_keys << prefix
  end
  [fully_qualified_keys.join(','), map]
end

.generate_secret_key ⇒ Object

Generate a pre-shared key for client

Example:

>> Authy.generate_secret_key
=> "63SnNesbvA9IuwXlkpF9KA=="

# File 'lib/authi.rb', line 76

def self.generate_secret_key
  SecureRandom.base64
end

.generate_signed_header(data, service_name = ENV['service_name']) ⇒ Object

Create a signed hash using input parameter

Example:

>> Authy.generate_signed_header({ 'key' => value })
=> {:"X-OWNING-SERVICE"=>"l", :"X-SIGNING-ORDER"=>"", :"X-SIGNATURE"=>""}

Arguments:

data: (map)

# File 'lib/authi.rb', line 14

def self.generate_signed_header(data, service_name = ENV['service_name'])
  processed_data, deep_lookup_table = Authy.fully_qualified_keys(data)
  signing_order = processed_data + ',' + 'owning_service,signing_order'
  request_data = Authy.build_query(processed_data, deep_lookup_table)
  unsigned_data = request_data + \
                  '&owning_service=' + service_name + '&signing_order=' + \
                  signing_order
  digest = OpenSSL::Digest.new('sha1')
  hmac = OpenSSL::HMAC.digest(digest, ENV['shared_key'], unsigned_data)
  signed_str = Base64.strict_encode64(hmac)
  { 'X-OWNING-SERVICE': ENV['service_name'], 'X-SIGNING-ORDER': signing_order,
    'X-SIGNATURE': signed_str }
end

.validate_api(params, header) ⇒ Object

Validate API

Example:

>> Authy.validate_api(params, request.headers)
=> true/false

Arguments:

params: (map)
header

# File 'lib/authi.rb', line 65

def self.validate_api(params, header)
  owning_service = header['Authorization'][:'X-OWNING-SERVICE']
  expected_header = Authy.generate_signed_header(params, owning_service)
  expected_header[:'X-SIGNATURE'] == header['Authorization'][:'X-SIGNATURE']
end