Module: ApiAuth

Extended by:

Helpers

Defined in:

lib/api_auth/base.rb,
lib/api_auth/errors.rb,
lib/api_auth/headers.rb,
lib/api_auth/helpers.rb,
lib/api_auth/railtie.rb,
lib/api_auth/request_drivers.rb,
lib/api_auth/request_drivers/curb.rb,
lib/api_auth/request_drivers/rack.rb,
lib/api_auth/request_drivers/httpi.rb,
lib/api_auth/request_drivers/net_http.rb,
lib/api_auth/request_drivers/rest_client.rb,
lib/api_auth/request_drivers/bixby_request.rb,
lib/api_auth/request_drivers/action_dispatch.rb,
lib/api_auth/request_drivers/action_controller.rb

Overview

The gem will sign your requests on the client side and authenticate that signature on the server side. If your server resources are implemented as a Rails ActiveResource, it will integrate with that. It will even generate the secret keys necessary for your clients to sign their requests.

Defined Under Namespace

Modules: Helpers, RequestDrivers Classes: ApiAuthError, Headers, Rails, RequestTooOld, UnknownHTTPRequest

Class Method Summary

• .access_id(request) ⇒ Object

  Returns the access id from the request’s authorization header.

• .authentic?(request, secret_key) ⇒ Boolean

  Determines if the request is authentic given the request and the client’s secret key.

• .generate_secret_key ⇒ Object

  Generates a Base64 encoded, randomized secret key.

• .sign!(request, access_id, secret_key) ⇒ Object

  Signs an HTTP request using the client’s access id and secret key.

Methods included from Helpers

b64_encode, capitalize_keys, md5_base64digest, time_as_httpdate, time_as_httpdate

Class Method Details

.access_id(request) ⇒ Object

Returns the access id from the request’s authorization header

# File 'lib/api_auth/base.rb', line 41

def access_id(request)
  headers = Headers.new(request)
  if match_data = parse_auth_header(headers.authorization_header)
    return match_data[1]
  end

  nil
end

.authentic?(request, secret_key) ⇒ Boolean

Determines if the request is authentic given the request and the client’s secret key. Returns true if the request is authentic and false otherwise.

Returns:

• (Boolean)

# File 'lib/api_auth/base.rb', line 34

def authentic?(request, secret_key)
  return false if secret_key.nil?

  return !md5_mismatch?(request) && signatures_match?(request, secret_key) && !request_too_old?(request)
end

.generate_secret_key ⇒ Object

Generates a Base64 encoded, randomized secret key

Store this key along with the access key that will be used for authenticating the client

# File 'lib/api_auth/base.rb', line 54

def generate_secret_key
  random_bytes = OpenSSL::Random.random_bytes(512)
  b64_encode(Digest::SHA2.new(512).digest(random_bytes))
end

.sign!(request, access_id, secret_key) ⇒ Object

Signs an HTTP request using the client’s access id and secret key. Returns the HTTP request object with the modified headers.

request: The request can be a Net::HTTP, ActionDispatch::Request, Curb (Curl::Easy) or a RestClient object.

access_id: The public unique identifier for the client

secret_key: assigned secret key that is known to both parties

# File 'lib/api_auth/base.rb', line 25

def sign!(request, access_id, secret_key)
  headers = Headers.new(request)
  headers.calculate_md5
  headers.set_date
  headers.sign_header auth_header(request, access_id, secret_key)
end