Project

url_signer

0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
Simple solution (2 methods) to sign URLs and verify the generated URLs. Use HAMC/SHA1 for signing by default but can be configured.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.6
~> 10.0
~> 3.1
 Project Readme

UrlSigner

Gem Version Build Status Code Climate

Quickly generate and verify signed urls.

Installation

Add this line to your application's Gemfile:

gem 'url_signer'

And then execute:

$ bundle

Or install it yourself as:

$ gem install url_signer

Usage

Note: There are rdoc-formatted comments on the most useful methods, so running rdoc in the shell will give you insights on the available options. Rubygems also generate a HTML version of it here.

URL signing

To convert a URL into a signed url, pass it to UrlSigner.sign, passing it either a string of an instance of URI.

# generate a new URI instance with `signature` param populated
signed_url = UrlSigner.sign('http://google.fr?q=test', key: 'mykey')

the returned value signed_url is an instance of URI.

URL verification

Given a signed URL, you can check its authenticity by calling UrlSigner.valid? on it:

# verify url validity for a given URI instance
UrlSigner.valid?(signed_url, key: 'mykey') # => true

Helper methods on URI

The gem adds the signed helper method to URI, that returns a new signed version of the url:

url = URI.parse('http://google.fr')
signed_url = url.signed(key: 'test')

Rails integration

When using Rails, a set of helpers are added to ActionController::Base:

class MyController < ActionController::Base
  # Will trigger the check on the request url
  before_action :verify_signature!, only: secure_action

  def get_signed_url
    @signed_url = sign_url(my_controller_secure_action_url)
    # Template will link to @signed_url
  end

  def secure_action
    # This method is only accessible with a signed url
  end
end

Note that the sign_url helper can also be used as a view helper:

<%= link_to 'Super secure action', sign_url(my_controller_secure_action_url) %>

The key and hash method used in sign_url and verify_signature! are provided through Rails.configuration.url_signer, which default to:

# defaults values:
Rails.configuration.url_signer.key = ENV['URL_SIGNING_KEY']
Rails.configuration.url_signer.hash_method = Digest::SHA1

Note that provided env URL_SIGNING_KEY environment variable is usually enough to get a working URL signing environment.

TODO

  • Add an option to choose the param name: it is currently set to signature
  • Allow to customize the signing process by selecting with parts of the URL to include (for eg. allow to sign only considering path and not domain etc.)
  • Write tests for the Rails integration
  • Improve docs

Contributing

  1. Fork it ( https://github.com/ushu/url_signer/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request