module Roda::RodaPlugins::HmacPaths::InstanceMethods

  1. lib/roda/plugins/hmac_paths.rb

Methods

Public Instance

  1. hmac_path
  2. hmac_path_hmac
  3. hmac_path_namespace

Public Instance methods

hmac_path(path, opts=OPTS)

Return a path with an HMAC. Designed to be used with r.hmac_path, to make sure users can only request paths that they have been provided by the application (directly or indirectly). This can prevent users of a site from enumerating valid paths. The given path should be a string starting with /. Options:

:method

Limits the returned path to only be valid for the given request method.

:namespace

Make the HMAC value depend on the given namespace. If this is not provided, the default namespace is used. To explicitly not use a namespace when there is a default namespace, pass a nil value.

:params

Includes parameters in the query string of the returned path, and limits the returned path to only be valid for that exact query string.

:root

Should be an empty string or string starting with /. This will be the already matched path of the routing tree using r.hmac_path. Defaults to the empty string, which will returns paths valid for r.hmac_path at the top level of the routing tree.

:seconds

Make the given path valid for the given integer number of seconds.

:until

Make the given path valid until the given Time.

[show source] 
    # File lib/roda/plugins/hmac_paths.rb
252 def hmac_path(path, opts=OPTS)
253   unless path.is_a?(String) && path.getbyte(0) == 47
254     raise RodaError, "path must be a string starting with /"
255   end
256 
257   root = opts[:root] || ''
258   unless root.is_a?(String) && ((root_byte = root.getbyte(0)) == 47 || root_byte == nil)
259     raise RodaError, "root must be empty string or string starting with /"
260   end
261 
262   if valid_until = opts[:until]
263     valid_until = valid_until.to_i
264   elsif seconds = opts[:seconds]
265     valid_until = Time.now.to_i + seconds
266   end
267 
268   flags = String.new
269   path = path.dup
270 
271   if method = opts[:method]
272     flags << 'm'
273   end
274 
275   if params = opts[:params]
276     flags << 'p'
277     path << '?' << Rack::Utils.build_query(params)
278   end
279 
280   if hmac_path_namespace(opts)
281     flags << 'n'
282   end
283 
284   if valid_until
285     flags << 't'
286     path = "/#{valid_until}#{path}"
287   end
288 
289   flags << '0' if flags.empty?
290   
291   hmac_path = if method
292     "#{method.to_s.upcase}:/#{flags}#{path}"
293   else
294     "/#{flags}#{path}"
295   end
296 
297   "#{root}/#{hmac_path_hmac(root, hmac_path, opts)}/#{flags}#{path}"
298 end
hmac_path_hmac(root, path, opts=OPTS)

The HMAC to use in hmac_path, for the given root, path, and options.

[show source] 
    # File lib/roda/plugins/hmac_paths.rb
301 def hmac_path_hmac(root, path, opts=OPTS)
302   OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, hmac_path_hmac_secret(root, opts), path)
303 end
hmac_path_namespace(opts=OPTS)

The namespace to use for the hmac path. If a :namespace option is not provided, and a :namespace_session_key option was provided, this will use the value of the related session key, if present.

[show source] 
    # File lib/roda/plugins/hmac_paths.rb
308 def hmac_path_namespace(opts=OPTS)
309   opts.fetch(:namespace){hmac_path_default_namespace}
310 end