Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Ruby
branch: master
Failed to load latest commit information.
lib Bump version to 0.0.3
test Removing:
.gitignore
Gemfile
LICENSE.txt
README.md
Rakefile Digiweb (named by Aurelien Violette) first import
hsign.gemspec

README.md

HSign

This gem aims at signing for cross-application request

Installation

Add this line to your application's Gemfile:

gem 'hsign'

And then execute:

$ bundle

Or install it yourself as:

$ gem install hsign

Usage

For Web application use, a good salt is the IP of the browser

Never pass the API SECRET in the request

In consumer (client side) controller

credentials = {'email' => 'user@example.com', 'password' => '123456', 'client_id' => "sha1apikey", 'response_type' => 'code', 'redirect_uri' => settings[:redirect_uri]}

@hsign = HSign::Digest.new("api_secret", request.ip)
@hsign.sign credentials

In your view

<%= form_tag "http://otherserver.com/api/example" do %>
  <% @hsign.each_param do |field, value| %>
    <%= hidden_field_tag field, value %>
  <% end %>
  <%= submit_tag "Submit" %>
<% end %>

Verification (server side)

client = Idnet::Core:Client.find params[:client_id]
secret = client.secret
@hsign = HSign::Digest.new(secret, request.ip)
if @hsign.verify? request.params
  account = Idnet::Core::Account.create email: params[:email], password: params[:password]
  account.confirm!
end
Something went wrong with that request. Please try again.