Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Rearranged repo for gem, added gemspec and README

  • Loading branch information...
commit cfcdeaf10783714986265cda197441975c7cb6e4 1 parent 8d91259
@nbibler authored
View
1  .gitignore
@@ -0,0 +1 @@
+*.gem
View
81 README.rdoc
@@ -0,0 +1,81 @@
+== Rack::ResponseSignature
+
+Rack::ResponseSignature is a Rack middleware which can drop into any
+Rack-compliant application an add transparent response signing. Response
+signing is done to verify to clients that the response is coming from a
+trusted source. The signature is currently based on RSA Public/Private key
+pair signing.
+
+Primarily, this is useful when verified-SSL is not an option. This may occur
+when you are working on a shared host or other environment which utilizes
+wildcard certificates (like Heroku). In this case, while the SSL certificate
+may be verified with the Certificate Authority, it doesn't not ensure the
+identity of the serving party.
+
+With this implementation:
+
+* RSA keys of any strength may be used,
+* SSL certificates are optional,
+* Response signing is transparent,
+* Response verification is simple
+
+=== Installation
+
+From the gem:
+
+ $ sudo gem install rack-response-signature
+
+From source:
+
+ $ git clone http://github.com/nbibler/rack_response_signature.git
+ $ rake package && sudo rake install
+
+=== Basic Usage
+
+==== Rack
+
+Rack::ResponseSignature is implemented as a piece of Rack middleware and can
+be used with any Rack-based application. If your application includes a
+rackup file (`config.ru`, for example) or uses Rack::Builder to construct the
+application stack, then require and use, like so:
+
+ require 'rack/response_signature'
+
+ use Rack::ResponseSignature, "my-private-ssh-key-for-signing"
+
+ run app
+
+The SSH key may also be read from a file with `File.read('private.key')`, as
+well.
+
+==== Rails
+
+To use this middleware with Rails, add this to your `config/environment.rb`,
+to `config/environments/production.rb`, or to an initializer:
+
+ config.middleware.use Rack::ResponseSignature, "my-private-ssh-key..."
+
+You should now see `Rack::ResponseSignature` listed in the middleware stack:
+
+ $ rake middleware
+
+=== License
+
+Copyright (c) 2010 Nathaniel Bibler <http://www.nathanielbibler.com/>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
View
2  rack/response_signature.rb → lib/rack/response_signature.rb
@@ -89,6 +89,8 @@ module Rack
#
class ResponseSignature
+ VERSION = '0.1.0'
+
def initialize(app, private_key, options = {})
options[:digest] ||= OpenSSL::Digest::SHA256
@app = app
View
18 rack-response-signature.gemspec
@@ -0,0 +1,18 @@
+lib = File.expand_path('../lib/', __FILE__)
+$:.unshift lib unless $:.include?(lib)
+
+require 'rack/response_signature'
+
+Gem::Specification.new do |s|
+ s.name = 'rack-response-signature'
+ s.version = Rack::ResponseSignature::VERSION
+ s.platform = Gem::Platform::RUBY
+ s.authors = ['Nathaniel Bibler']
+ s.email = 'gem@nathanielbibler.com'
+ s.homepage = 'http://github.com/nbibler/rack_response_signature'
+ s.summary = 'Rack middleware to add transparent response signing'
+ s.description = 'Rack::ResponseSignature uses RSA key pairs to transparently sign the outgoing responses from any Rack-compliant application.'
+
+ s.files = Dir.glob("lib/**/*") + %w(README.rdoc)
+ s.require_path = 'lib'
+end
Please sign in to comment.
Something went wrong with that request. Please try again.