Project

signed_request

0.0
No commit activity in last 3 years
No release in over 3 years
signed_requestdbalatero/signed_requestHomepageDocumentationSource CodeBug TrackerWiki
A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
16,022
Stars
5
Forks
1
Watchers
3
 Releases
Current version
1.0.4
Total releases
4
First release
2009-06-22
Latest release
2010-07-12
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
1
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Average date of last 50 commits
2010-02-22
Reverse Dependencies
0

 Dependencies
 Project Readme

signed_request

A simple gem for signing/verifying an HTTP request that has gone over the wire.

The sender and receiver must share the same secret key between them.

This gem should be used in conjunction with SSL certificates to defend against replay attacks.

Any key can be used to sign the request -- choosing a secure key is the choice of the user of this library.

Signing a request

require 'signed_request'

def send_over_the_wire
  key = 'mykey'  # insecure, use something else :)
  params = { 'param1' => 'foo',
             'param2' => 'bar' }
  signature = SignedRequest.sign(params, key)

  params['signature'] = signature

  # post it to the receiver.
  req = Net::HTTP::Get.new('/secret/url')
  req.form_data = params
  http = Net::HTTP.new('mydomain.com', 443)
  http.use_ssl = true
  response = http.start do |session|
    session.request(req)
  end

  # do something w/ response
end

Verifying a signed request

require 'signed_request'

class SecretController < ApplicationController
  def verify_request
    key = 'mykey'

    if SignedRequest.validate(params, key)
      # we are good
    else
      abort "get the hell out of here!"
    end
  end
end

Copyright

Copyright (c) 2009-2012, David Balatero, Rob Hanlon.