Skip to content

Separates url building and signing #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
58bits merged 2 commits into from
Apr 29, 2015
Merged

Separates url building and signing #5

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d6c350f
Separates url building and signing
leonelgalan Apr 21, 2015
fedcc31
Renames build_url back to sign
leonelgalan Apr 28, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 23 additions & 13 deletions lib/cloudfront-signer.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,45 +157,55 @@ def self.sign_path_safe(subject, policy_options ={})
self.sign(subject, {:remove_spaces => false, :html_escape => true}, policy_options)
end


# Public: Sign a subject url or stream resource name with optional configuration and
# Public: Builds a signed url or stream resource name with optional configuration and
# policy options
#
# Returns a String
def self.sign(subject, configuration_options = {}, policy_options = {})

raise "Configure using AWS::CF::Signer.configure before signing." unless self.is_configured?

# If the url or stream path already has a query string parameter - append to that.
separator = subject =~ /\?/ ? '&' : '?'

if configuration_options[:remove_spaces]
subject.gsub!(/\s/, "%20")
end

result = subject + separator + self.signed_params(subject, policy_options).collect{ |k,v| "#{k}=#{v}" }.join('&')

if configuration_options[:html_escape]
return html_encode(result)
else
return result
end
end

# Public: Sign a subject url or stream resource name with optional policy options.
# It returns raw params to be used in urls or cookies
#
# Returns a Hash
def self.signed_params(subject, policy_options = {})
result = {}

if policy_options[:policy_file]
policy = IO.read(policy_options[:policy_file])
result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
result['Policy'] = encode_policy(policy)
else
policy_options[:expires] = epoch_time(policy_options[:expires] || Time.now + default_expires)

if policy_options.keys.size <= 1
# Canned Policy - shorter URL
expires_at = policy_options[:expires]
policy = %({"Statement":[{"Resource":"#{subject}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires_at}}}}]})
result = "#{subject}#{separator}Expires=#{expires_at}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
result['Expires'] = expires_at
else
# Custom Policy
resource = policy_options[:resource] || subject
policy = generate_custom_policy(resource, policy_options)
result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
result['Policy'] = encode_policy(policy)
end
end

if configuration_options[:html_escape]
return html_encode(result)
else
return result
end
result.merge 'Signature' => create_signature(policy),
'Key-Pair-Id' => @key_pair_id
end

# Private helper methods
Expand Down