class Apache::SecureDownload

Constants

VERSION

Public Class Methods

new(secret, options = {}) click to toggle source

Creates a new RubyAccessHandler instance for the Apache web server. The argument secret is the shared secret string that the application uses to create valid URLs (tokens).

   # File lib/apache/secure_download.rb
42 def initialize(secret, options = {})
43   @secret, @deny, @allow = secret, *options.values_at(:deny, :allow)
44 
45   raise ArgumentError, 'secret is missing'      unless @secret.is_a?(String)
46   raise ArgumentError, ':deny is not a regexp'  unless @deny.nil?  || @deny.is_a?(Regexp)
47   raise ArgumentError, ':allow is not a regexp' unless @allow.nil? || @allow.is_a?(Regexp)
48 end

Public Instance Methods

check_access(request) click to toggle source

Checks whether the current request satisfies the following requirements:

  1. The expiration time lies in the future (i.e., not expired)

  2. The token is valid for the requested URL and the given timestamp

If either condition doesn’t hold true, access to the requested resource is denied!

   # File lib/apache/secure_download.rb
57 def check_access(request)
58   timestamp, token = Util.split(request.param(Util::TOKEN_KEY) || '')
59 
60   # Remove timestamp and token from query args
61   request.args &&= Util.real_query(request.args)
62 
63   return FORBIDDEN if @deny  && request.uri =~ @deny
64   return OK        if @allow && request.uri =~ @allow
65 
66   return FORBIDDEN if timestamp < Time.now.to_i ||
67     token != Util.token(@secret, request.unparsed_uri, timestamp)
68   return OK
69 end