class Shrine::UrlSigner

  1. lib/shrine/plugins/derivation_endpoint.rb
Superclass: Object

Methods

Public Class

  1. new

Public Instance

  1. generate_signature
  2. secret_key
  3. sign_url
  4. verify_signature
  5. verify_url

Attributes

Public Class methods

new(secret_key)
[show source]
    # File lib/shrine/plugins/derivation_endpoint.rb
709 def initialize(secret_key)
710   @secret_key = secret_key
711 end

Public Instance methods

generate_signature(string)

Uses HMAC-SHA-256 algorithm to generate a signature from the given string using the secret key.

[show source]
    # File lib/shrine/plugins/derivation_endpoint.rb
750 def generate_signature(string)
751   OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret_key, string)
752 end
sign_url(url)

Returns a URL with the signature query parameter

[show source]
    # File lib/shrine/plugins/derivation_endpoint.rb
714 def sign_url(url)
715   path, query = url.split("?")
716 
717   params = Rack::Utils.parse_query(query.to_s)
718   params.merge!("signature" => generate_signature(url))
719 
720   query = Rack::Utils.build_query(params)
721 
722   "#{path}?#{query}"
723 end
verify_signature(string, signature)
[show source]
    # File lib/shrine/plugins/derivation_endpoint.rb
740 def verify_signature(string, signature)
741   if signature.nil?
742     fail InvalidSignature, "missing \"signature\" param"
743   elsif !Rack::Utils.secure_compare(signature, generate_signature(string))
744     fail InvalidSignature, "provided signature does not match the calculated signature"
745   end
746 end
verify_url(url)

Calculcates the signature from the URL and checks whether it matches the value in the signature query parameter. Raises InvalidSignature if the signature parameter is missing or its value doesn’t match the calculated signature.

[show source]
    # File lib/shrine/plugins/derivation_endpoint.rb
729 def verify_url(url)
730   path, query = url.split("?")
731 
732   params    = Rack::Utils.parse_query(query.to_s)
733   signature = params.delete("signature")
734 
735   query = Rack::Utils.build_query(params)
736 
737   verify_signature("#{path}?#{query}", signature)
738 end