Middleware implementing draft 5 of the Signing HTTP Messages specification
You don't need this source code unless you want to modify the gem. If you just want to use the library in your application, you should run:
gem install rack-http-signaturesOr add gem to your Gemfile:
gem 'rack-http-signatures'If you want to build the gem from source:
gem build rack-http-signatures.gemspecAdd middleware to your application.rb:
config.middleware.use Rack::Http::Signatures::VerifySignature do |config|
config.public_rsa_sha256_key_from_keyid { |key_id| User.find_by(email: key_id).public_rsa256_key }
config.public_hmac_sha256_key_from_keyid { |key_id| User.find_by(email: key_id).hs256_key }
config.bad_request do |message|
message = 'custom bad request error'
[400,
{'Content-Type' => 'text/plain',
'Content-Length' => "#{message.size}",
},
[message]
]
end
config.unauthorized do |message|
message = 'custom unauthorized error'
[401,
{'Content-Type' => 'text/plain',
'Content-Length' => "#{message.size}",
},
[message]
]
end
endSample project: https://github.com/yorikim/rails_rack_http_signatures
Add middleware to your application class:
require 'sinatra'
require 'rack/http/signatures'
class SampleHttpSignaturesApp < Sinatra::Base
use Rack::Http::Signatures::VerifySignature do |config|
config.public_rsa_sha256_key_from_keyid { |key_id| File.read('fixtures/rsa256/public.pem') if key_id == 'Test' }
config.public_hmac_sha256_key_from_keyid { |key_id| File.read('fixtures/hs256/key.txt') if key_id == 'Test' }
config.bad_request do |message|
message = 'custom bad request error'
[400,
{'Content-Type' => 'text/plain',
'Content-Length' => "#{message.size}",
},
[message]
]
end
config.unauthorized do |message|
message = 'custom unauthorized error'
[401,
{'Content-Type' => 'text/plain',
'Content-Length' => "#{message.size}",
},
[message]
]
end
end
get '/' do
"Hello, world!"
end
endSample project: https://github.com/yorikim/sinatra_rack_http_signatures
Add middleware to your config.ru file:
require 'rack/http/signatures'
use Rack::Http::Signatures::VerifySignature do |config|
config.public_rsa_sha256_key_from_keyid do |key_id|
File.read('spec/support/fixtures/rsa256/public.pem') if key_id == 'Test'
end
config.public_hmac_sha256_key_from_keyid do |key_id|
File.read('spec/support/fixtures/hs256/key.txt') if key_id == 'Test'
end
config.bad_request do |message|
message = 'custom bad request error'
[400,
{'Content-Type' => 'text/plain',
'Content-Length' => "#{message.size}",
},
[message]
]
end
config.unauthorized do |message|
message = 'custom unauthorized error'
[401,
{'Content-Type' => 'text/plain',
'Content-Length' => "#{message.size}",
},
[message]
]
end
end
run lambda { |env|
[200,
{'Content-Type' => 'text/plain'},
['Hello, World!']
]
}Use OpenSSL library for creating signature.
openssl sha -sha256 -sign private.pem < data.txt | base64
echo -n 'date: Thu, 05 Jan 2014 21:31:40 GMT' | openssl sha256 -hmac 'some secret key' | sed 's/^.* //' | tr -d '\n' | base64
Define follow methods in config:
public_rsa_sha256_key_from_keyid
public_hmac_sha256_key_from_keyid
If you want customize error messages, you can redefine methods:
bad_request
unauthorized
- RSA SHA256
- HMAC SHA256
Note: ecdsa-sha256 IS NOT supported.
This library aims to support and is tested against the following Ruby implementations: