class Shrine::UrlSigner
Attributes
secret_key[R]
Public Class Methods
new(secret_key)
click to toggle source
# File lib/shrine/plugins/derivation_endpoint.rb, line 712 def initialize(secret_key) @secret_key = secret_key end
Public Instance Methods
generate_signature(string)
click to toggle source
Uses HMAC-SHA-256 algorithm to generate a signature from the given string using the secret key.
# File lib/shrine/plugins/derivation_endpoint.rb, line 753 def generate_signature(string) OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret_key, string) end
sign_url(url)
click to toggle source
Returns a URL with the ‘signature` query parameter
# File lib/shrine/plugins/derivation_endpoint.rb, line 717 def sign_url(url) path, query = url.split("?") params = Rack::Utils.parse_query(query.to_s) params.merge!("signature" => generate_signature(url)) query = Rack::Utils.build_query(params) "#{path}?#{query}" end
verify_signature(string, signature)
click to toggle source
# File lib/shrine/plugins/derivation_endpoint.rb, line 743 def verify_signature(string, signature) if signature.nil? fail InvalidSignature, "missing \"signature\" param" elsif !Rack::Utils.secure_compare(signature, generate_signature(string)) fail InvalidSignature, "provided signature does not match the calculated signature" end end
verify_url(url)
click to toggle source
Calculcates the signature from the URL and checks whether it matches the value in the ‘signature` query parameter. Raises `InvalidSignature` if the `signature` parameter is missing or its value doesn’t match the calculated signature.
# File lib/shrine/plugins/derivation_endpoint.rb, line 732 def verify_url(url) path, query = url.split("?") params = Rack::Utils.parse_query(query.to_s) signature = params.delete("signature") query = Rack::Utils.build_query(params) verify_signature("#{path}?#{query}", signature) end