Class: UriSigner::UriSignature

Inherits:

Object

• Object
• UriSigner::UriSignature

Defined in:

lib/uri_signer/uri_signature.rb

Overview

This is the object that will be used to verify properly signed API URI requests The #secret is stored in the persistence layer for comparison. There is an API Key and a shared secret. All requests will be signed with the shared secret. The URI will also include a _signature param, where the client will sign the request and store it in the URI.

The signing algorithm looks like this:

Examples:

secret = "my_secret"
string_to_sign = "http://api.example.com/url/to_sign.json"

hmac = HMAC::SHA256.new(secret)

hmac.digest
# => "??B\230????șo\271$'\256A?d?\223L\244\225\231\exR\270U"

hmac << string_to_sign

hmac.digest
# => "?m?j\2761\031\235\206\260?A?\f\263\216\221\fBH?fC\215Ļ\204\233\202@/e"

encoded = Base64.encode64(hmac.digest).chomp
# => "8W3xar4xGZ2GsOJBmAyzjpEMQkg/ZkONxLuEm4JAL2U="

escaped = Rack::Utils.escape(encoded)
# => "8W3xar4xGZ2GsOJBmAyzjpEMQkg%2FZkONxLuEm4JAL2U%3D"

# The final signed string is "8W3xar4xGZ2GsOJBmAyzjpEMQkg%2FZkONxLuEm4JAL2U%3D"

Instance Method Summary

• #initialize(signature_string, secret) ⇒ void constructor

  Create a new UriSignature instance.

• #signature ⇒ String (also: #to_s)

  Return the signature_string after being signed with the secret.

• #signature_string ⇒ String

  Return the signature string that was provided in the constructor.

Constructor Details

#initialize(signature_string, secret) ⇒ void

Create a new UriSignature instance

Parameters:

• signature_string (String) —

  the string that needs to be signed

• secret (String) —

  the secret to use for the signature

Raises:

• (UriSigner::Errors::MissingSignatureStringError)

# File 'lib/uri_signer/uri_signature.rb', line 39

def initialize(signature_string, secret)
  @signature_string = signature_string
  @secret           = secret

  raise UriSigner::Errors::MissingSignatureStringError.new("Please provide a string to sign") unless signature_string?
  raise UriSigner::Errors::MissingSecretError.new("Please provide a secret to sign the string") unless secret?
end

Instance Method Details

#signature ⇒ String Also known as: to_s

Return the signature_string after being signed with the secret

Returns:

• (String)

# File 'lib/uri_signer/uri_signature.rb', line 57

def signature
  @signature ||= sign!
end

#signature_string ⇒ String

Return the signature string that was provided in the constructor

Returns:

• (String)

# File 'lib/uri_signer/uri_signature.rb', line 50

def signature_string
  @signature_string
end