Class: ApiSigv2::Validator

Inherits:

Object

• Object
• ApiSigv2::Validator

Defined in:

lib/api_sigv2/validator.rb

Overview

Validate a request

request = {
  http_method: 'PUT',
  url: 'https://domain.com',
  headers: {
    'Authorization' => 'API-HMAC-SHA256 Credential=access_key/20191227/api_request...',
    'Host' => 'example.com,
    'X-Content-Sha256' => '...',
    'X-Datetime' => '2019-12-27T09:13:14.873+0000'
  },
  body: 'body'
}
validator = ApiSigv2::Validator.new(request, uri_escape_path: true)
validator.access_key # get key from request headers
validator.valid?('secret_key')

Instance Attribute Summary

• #request ⇒ Object readonly

  Returns the value of attribute request.

Instance Method Summary

• #access_key ⇒ Object
• #initialize(request, options = {}) ⇒ Validator constructor

  A new instance of Validator.

• #signed_headers ⇒ Object
• #valid?(secret_key) ⇒ Boolean

  Validate a signature.

• #valid_authorization? ⇒ Boolean
• #valid_credential? ⇒ Boolean
• #valid_signature?(secret_key) ⇒ Boolean
• #valid_timestamp? ⇒ Boolean

Constructor Details

#initialize(request, options = {}) ⇒ Validator

Returns a new instance of Validator.

# File 'lib/api_sigv2/validator.rb', line 24

def initialize(request, options = {})
  @request = request
  @options = options
end

Instance Attribute Details

#request ⇒ Object (readonly)

Returns the value of attribute request.

# File 'lib/api_sigv2/validator.rb', line 22

def request
  @request
end

Instance Method Details

#access_key ⇒ Object

# File 'lib/api_sigv2/validator.rb', line 29

def access_key
  return unless valid_credential?

  @access_key ||= auth_header.credential.split('/')[0]
end

#signed_headers ⇒ Object

# File 'lib/api_sigv2/validator.rb', line 35

def signed_headers
  @signed_headers ||= headers.slice(*auth_header.signed_headers)
end

#valid?(secret_key) ⇒ Boolean

Validate a signature. Returns boolean

validator.valid?('secret_key_here')

Parameters:

• secret (String) —

  key

Returns:

• (Boolean)

# File 'lib/api_sigv2/validator.rb', line 45

def valid?(secret_key)
  valid_authorization? && valid_timestamp? && valid_signature?(secret_key)
end

#valid_authorization? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/api_sigv2/validator.rb', line 49

def valid_authorization?
  valid_credential? && !auth_header.signature.nil?
end

#valid_credential? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/api_sigv2/validator.rb', line 53

def valid_credential?
  !auth_header.credential.nil?
end

#valid_signature?(secret_key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/api_sigv2/validator.rb', line 61

def valid_signature?(secret_key)
  return false unless secret_key

  signer = Signer.new(access_key, secret_key, @options)
  data = signer.sign_request(request)

  Utils.secure_compare(
    auth_header.signature,
    data.signature
  )
end

#valid_timestamp? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/api_sigv2/validator.rb', line 57

def valid_timestamp?
  timestamp && ttl_range.cover?(timestamp.to_time)
end