feature/chore: make middlewares included in gem and make readme better

bolmaster2 · Apr 23, 2018 · 76e6bfd · 76e6bfd
1 parent 317aed7
commit 76e6bfd
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 40 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    http-signature (0.0.2)
+    http_signature (0.0.3)
 
 GEM
   remote: https://rubygems.org/
@@ -14,9 +14,9 @@ PLATFORMS
 
 DEPENDENCIES
   bundler
-  http-signature!
+  http_signature!
   minitest
   rake
 
 BUNDLED WITH
-   1.16.0
+   1.16.1
diff --git a/README.md b/README.md
@@ -124,52 +124,53 @@ rake test TEST=test/http_signature_test.rb TESTOPTS="--name=/appends\ the\ query
 ### Faraday middleware on outgoing requests
 Example of using it on an outgoing request.
 ```ruby
-# TODO: Move this into gem
-class AddRequestSignature < Faraday::Middleware
-  def call(env)
-    if env[:body]
-      env[:request_headers].merge!('Digest' => HTTPSignature.create_digest(env[:body]))
-    end
-
-    # Choose which headers to sign
-    headers_filter = %w{ Host Date Digest }
-    headers_to_sign = env[:request_headers].select { |k, v| headers_filter.include?(k.to_s) }
-
-    signature = HTTPSignature.create(
-      url: env[:url],
-      method: env[:method],
-      headers: headers_to_sign,
-      key: ENV.fetch('REQUEST_SIGNATURE_KEY'),
-      key_id: ENV.fetch('REQUEST_SIGNATURE_KEY_ID'),
-      algorithm: 'hmac-sha256',
-      body: env[:body] ? env[:body] : ''
-    )
-
-    env[:request_headers].merge!('Signature' => signature)
-
-    @app.call(env)
-  end
-end
+# Two env variables are needed to be set
+ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f' # This should be long and random
+ENV['REQUEST_SIGNATURE_KEY_ID'] = 'my-key-id' # this is for the recipient to know which key to decrypt with
+
+require 'http_signature/faraday'
 
 # Tell faraday to use the middleware. Read more about it here: https://github.com/lostisland/faraday#advanced-middleware-usage
 Faraday.new('http://example.com') do |faraday|
-  faraday.use(AddRequestSignature)
+  faraday.use(HTTPSignature::Faraday)
   faraday.adapter(Faraday.default_adapter)
 end
 
+# Now this request will contain the `Signature` header
 response = conn.get('/')
 ```
 
-### Rack middleware
+### Rack middleware for incoming requests
 I've written a quite sloppy but totally usable rack middleware that validates every incoming request.
-[See it here](examples/rack_middleware.rb). Soon I'll add it to the gem.
+
+#### General rack application
+Sinatra for example
+```ruby
+ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
+
+require 'http_signature/rack'
+
+use HTTPSignature::Rack
+run MyApp
+```
+
+#### Rails
+Checkout [this documentation](http://guides.rubyonrails.org/rails_on_rack.html). But in short, add this inside the config block:
+```ruby
+config.middleware.use HTTPSignature::Rack
+```
+
+and don't forget to set the key env somewhere:
+```ruby
+ENV['REQUEST_SIGNATURE_KEY'] = 'bd24cee668dde6954be53101fb37c53054c555881a9ab36c2f1ae13c2950605f'
+```
 
 ## License
 This project is licensed under the terms of the [MIT license](https://opensource.org/licenses/MIT).
 
 ## Todo
-- Structure and add middlewares into gem
 - Add more example of use with different http libraries
+- Refactor `.valid?` to support all algorithms
 - Implement algorithms:
   - ecdsa-sha256
 - When creating the signing string, follow the spec exactly:

diff --git a/http_signature.gemspec b/http_signature.gemspec
@@ -3,12 +3,12 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = 'http_signature'
-  spec.version       = '0.0.2'
+  spec.version       = '0.0.3'
   spec.authors       = ['Joel Larsson']
   spec.email         = ['bolmaster2@gmail.com']
 
   spec.summary       = 'Create and validate HTTP request signature'
-  spec.description   = 'Create and validate HTTP request signature according to this draft: https://tools.ietf.org/html/draft-cavage-http-signatures-08'
+  spec.description   = 'Create and validate HTTP request signature according to draft: https://tools.ietf.org/html/draft-cavage-http-signatures-09'
   spec.homepage      = 'https://github.com/bolmaster2/http-signature'
   spec.license       = 'MIT'
 

diff --git a/examples/faraday_middleware.rb → lib/http_signature/faraday.rb b/examples/faraday_middleware.rb → lib/http_signature/faraday.rb
@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
 require 'http_signature'
+require 'faraday'
 
-class AddRequestSignature < Faraday::Middleware
+class HTTPSignature::Faraday < Faraday::Middleware
   def call(env)
     if env[:body]
       env[:request_headers].merge!('Digest' => HTTPSignature.create_digest(env[:body]))
@@ -12,12 +13,10 @@ def call(env)
     filtered_headers = %w{ Host Date Digest }
     headers_to_sign = env[:request_headers].select { |k, v| filtered_headers.include?(k.to_s) }
 
-    headers.select { |header| headers_to_sign.includes(header) }.to_h
-
     signature = HTTPSignature.create(
       url: env[:url],
       method: env[:method],
-      headers: headers,
+      headers: headers_to_sign,
       key: ENV.fetch('REQUEST_SIGNATURE_KEY'),
       key_id: ENV.fetch('REQUEST_SIGNATURE_KEY_ID'),
       algorithm: 'hmac-sha256',

diff --git a/examples/rack_middleware.rb → lib/http_signature/rack.rb b/examples/rack_middleware.rb → lib/http_signature/rack.rb
@@ -3,7 +3,7 @@
 require 'http_signature'
 
 # Rack middleware using http-signature gem to validate signature on every incoming request
-class ValidateRequestSignature
+class HTTPSignature::Rack
   KEY = ENV.fetch('REQUEST_SIGNATURE_KEY')
 
   def initialize(app)