Class: MIDB::API::Security

Inherits:

Object

• Object
• MIDB::API::Security

Defined in:

lib/midb/security_controller.rb

Overview

Note:

This will probably become a separate project soon.

Controller that handles API HMAC authentication.

Class Method Summary

• .check?(header, params, key) ⇒ Boolean

  Checks if an HMAC digest is properly authenticated.

• .is_auth?(header) ⇒ Boolean deprecated Deprecated.

  It’s no longer used but kept for historical reasons.

• .parse_auth(header) ⇒ String

  Parses an authentication header so to get the HMAC digest.

Class Method Details

.check?(header, params, key) ⇒ Boolean

Checks if an HMAC digest is properly authenticated.

Parameters:

• header (String) —

  A line of an HTTP header (see #parse_auth)

• params (String) —

  The data passed via the HTTP request.

• key (String) —

  The private API key.

Returns:

• (Boolean) —

  Whether the given digest matches the correct one or not.

# File 'lib/midb/security_controller.rb', line 37

def self.check?(header, params, key)
  hmac = HMAC::SHA1.new(key)
  hmac.update(params)
  return self.parse_auth(header) == CGI.escape(Base64.encode64("#{hmac.digest}"))
end

.is_auth?(header) ⇒ Boolean

Deprecated.

It’s no longer used but kept for historical reasons.

Checks if an HTTP header is the authorization one

Parameters:

• header (String) —

  A line of an HTTP header.

Returns:

• (Boolean) —

  Whether it’s an auth header or not.

# File 'lib/midb/security_controller.rb', line 17

def self.is_auth?(header)
   return header.split(":")[0].downcase == "authentication"
end

.parse_auth(header) ⇒ String

Parses an authentication header so to get the HMAC digest.

Parameters:

• header (String) —

  A line of an HTTP header (should have been checked to be an auth header)

Returns:

• (String) —

  The HMAC digest as a string.

# File 'lib/midb/security_controller.rb', line 26

def self.parse_auth(header)
  return header.split(" ")[1]
end