mloughran/signature
GitHub: mloughran/signature
为Ruby应用提供基于密钥对的HMAC签名认证机制,防止API请求被伪造或重放攻击。
Stars: 138 | Forks: 23
# signature
[](http://travis-ci.org/mloughran/signature)
## 示例
客户端示例
```
params = {:some => 'parameters'}
token = Signature::Token.new('my_key', 'my_secret')
request = Signature::Request.new('POST', '/api/thing', params)
auth_hash = request.sign(token)
query_params = params.merge(auth_hash)
HTTParty.post('http://myservice/api/thing', {
:body => query_params
})
```
`query_params` 如下所示:
```
{
:some => "parameters",
:auth_timestamp => 1273231888,
:auth_signature => "28b6bb0f242f71064916fad6ae463fe91f5adc302222dfc02c348ae1941eaf80",
:auth_version => "1.0",
:auth_key => "my_key"
}
```
服务端示例 (sinatra)
```
error Signature::AuthenticationError do |controller|
error = controller.env["sinatra.error"]
halt 401, "401 UNAUTHORIZED: #{error.message}\n"
end
post '/api/thing' do
request = Signature::Request.new('POST', env["REQUEST_PATH"], params)
# This will raise a Signature::AuthenticationError if request does not authenticate
token = request.authenticate do |key|
Signature::Token.new(key, lookup_secret(key))
end
# Do whatever you need to do
end
```
## 开发
```
bundle
bundle exec rspec spec/*_spec.rb
```
请查看 travis 状态以获取已测试的 ruby 列表
## 版权
版权所有 (c) 2010 Martyn Loughran。详情请见 LICENSE。
标签:API安全, HMAC, HTTP请求, JSON输出, Linux取证, Ruby, Sinatra, Syscall, Web开发, 中间件, 开源库, 搜索引擎爬虫, 知识库, 签名认证, 防重放攻击