Skip to content
forked from gewo/hmac_auth

HMAC based message signing and verification

License

Notifications You must be signed in to change notification settings

fladson/hmac_auth

Repository files navigation

HMACAuth

Build Status Code Coverage

    __  ____  ______   _________         __  __
   / / / /  |/  /   | / ____/   | __  __/ /_/ /_
  / /_/ / /|_/ / /| |/ /   / /| |/ / / / __/ __ \
 / __  / /  / / ___ / /___/ ___ / /_/ / /_/ / / /
/_/ /_/_/  /_/_/  |_\____/_/  |_\__,_/\__/_/ /_/

Ruby gem providing HMAC based message signing and verification. Without fancy Rails integration.

Installation

gem 'hmac_auth'       # Gemfile
gem install hmac_auth # manual

Usage

# Configuration
HMACAuth.secret      = 't0p_s3cr3!!eins1'
HMACAuth.reject_keys = %w(action controller format)
HMACAuth.valid_for   = 15.minutes

to_be_signed = {
  b: 2,
  a: { d: 4, c: 3 }
}

signed = HMACAuth::Signature.sign to_be_signed
# => Hash including 'timestamp' and 'signature'

HMACAuth::Signature.verify(signed)                        # => true
HMACAuth::Signature.verify(signed.merge(evil: 'yes'))     # => false
HMACAuth::Signature.verify(signed, secret: 'good guess?') # => false

sleep 20.minutes
HMACAuth::Signature.verify(signed)                        # => false

# That's it. Nothing more, nothing less.

Contributing

This is very much appreciated :-)

About

HMAC based message signing and verification

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%