Class: Rack::SimpleAuth::HMAC

Inherits:

Object

• Object
• Rack::SimpleAuth::HMAC

Defined in:

lib/rack/simple_auth/hmac.rb

Overview

HMAC Middleware uses HMAC Authorization for Securing an REST API

Instance Method Summary

• #call(env) ⇒ Object

  call Method for Rack Middleware/Application.

• #initialize(app, signature, secret, config, logpath = nil) ⇒ HMAC constructor

  Constructor for Rack Middleware (passing the rack stack).

• #log(request) ⇒ Object private

  Log to @logpath if request is unathorized.

• #message(request) ⇒ Hash private

  Get Message for current Request.

• #request_data(request, config) ⇒ String|Hash private

  Get Request Data specified by Config.

• #valid?(request) ⇒ boolean private

  checks for valid HMAC Request.

Constructor Details

#initialize(app, signature, secret, config, logpath = nil) ⇒ HMAC

Constructor for Rack Middleware (passing the rack stack)

Parameters:

• app (Rack Application) —

  next middleware or rack app which gets called

• signature (String) —

  Public Signature

• secret (String) —

  Secret used for Message Encryption

# File 'lib/rack/simple_auth/hmac.rb', line 10

def initialize(app, signature, secret, config, logpath = nil)
  @app = app
  @signature = signature
  @secret = secret
  @config = config
  @logpath = logpath
end

Instance Method Details

#call(env) ⇒ Object

call Method for Rack Middleware/Application

Parameters:

• env (Hash) —

  Rack Env Hash which contains headers etc..

# File 'lib/rack/simple_auth/hmac.rb', line 20

def call(env)
  request = Rack::Request.new(env)
  if valid?(request)
    @app.call(env)
  else
    response = Rack::Response.new('Unauthorized', 401, 'Content-Type' => 'text/html')
    response.finish
  end
end

#log(request) ⇒ Object (private)

Log to @logpath if request is unathorized

Parameters:

• request (Rack::Request) —

  current Request

# File 'lib/rack/simple_auth/hmac.rb', line 87

def log(request)
  if @logpath
    path = request.path
    method = request.request_method

    log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
    log << "Auth Message Config: #{@config[request.request_method]}\n"
    log << "Auth Encrypted Message: #{@hash}\n"
    log << "Auth Signature: #{@signature}\n"

    open("#{@logpath}/#{ENV['RACK_ENV']}_error.log", 'a') do |f|
      f << "#{log}\n"
    end
  end
end

#message(request) ⇒ Hash (private)

Get Message for current Request

Parameters:

• request (Rack::Request) —

  current Request

Returns:

• (Hash) —

  message [message which will be encrypted]

# File 'lib/rack/simple_auth/hmac.rb', line 58

def message(request)
  case request.request_method
  when 'GET'
    return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
  when 'POST'
    return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
  when 'DELETE'
    return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
  when 'PUT'
    return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
  when 'PATCH'
    return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
  end
end

#request_data(request, config) ⇒ String|Hash (private)

Get Request Data specified by Config

Parameters:

• request (Rack::Request) —

  current Request

• config (Hash) —

  Config Hash containing what type of info is data for each request

Returns:

• (String|Hash) —

  data [Data for each request]

# File 'lib/rack/simple_auth/hmac.rb', line 77

def request_data(request, config)
  if config[request.request_method] == 'path' || config[request.request_method] == 'params'
    request.send(config[request.request_method].to_sym)
  else
    fail "Not a valid option #{config[request.request_method]} - Use either params or path"
  end
end

#valid?(request) ⇒ boolean (private)

checks for valid HMAC Request

Parameters:

• request (Rack::Request) —

  current Request

Returns:

• (boolean) —

  ValidationStatus [If authorized returns true, else false]

# File 'lib/rack/simple_auth/hmac.rb', line 33

def valid?(request)
  if request.env['HTTP_AUTHORIZATION'].nil?
    log(request)

    return false
  end

  auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
  message_hash = auth_array[0]
  signature = auth_array[1]

  @hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))

  if signature == @signature && @hash == message_hash
    true
  else
    log(request)

    false
  end
end