module Roda::RodaPlugins::HmacPaths::RequestMethods
def hmac_path(opts=OPTS, &block)
block matches and is yielded to, and the result of the block is returned. Otherwise, the
rest of the path considering the flags in the second segment and the given options, the
Looks at the first segment of the remaining path, and if it contains a valid HMAC for the
def hmac_path(opts=OPTS, &block) orig_path = remaining_path mpath = matched_path on String do |submitted_hmac| rpath = remaining_path if submitted_hmac.bytesize == 64 on String do |flags| if flags.bytesize >= 1 if flags.include?('n') ^ !scope.hmac_path_namespace(opts).nil? # Namespace required and not provided, or provided and not required. # Bail early to avoid unnecessary HMAC calculation. @remaining_path = orig_path return end if flags.include?('m') rpath = "#{env['REQUEST_METHOD'].to_s.upcase}:#{rpath}" end if flags.include?('p') rpath = "#{rpath}?#{env["QUERY_STRING"]}" end if hmac_path_valid?(mpath, rpath, submitted_hmac, opts) if flags.include?('t') on Integer do |int| if int >= Time.now.to_i always(&block) else # Return from method without matching @remaining_path = orig_path return end end else always(&block) end end end # Return from method without matching @remaining_path = orig_path return end end # Return from method without matching @remaining_path = orig_path return end end
def hmac_path_valid?(root, path, hmac, opts=OPTS)
def hmac_path_valid?(root, path, hmac, opts=OPTS) if Rack::Utils.secure_compare(scope.hmac_path_hmac(root, path, opts), hmac) true elsif old_secret = roda_class.opts[:hmac_paths_old_secret] opts = opts.dup opts[:secret] = old_secret Rack::Utils.secure_compare(scope.hmac_path_hmac(root, path, opts), hmac) else false end end