Created
August 10, 2015 21:19
-
-
Save kenmazaika/0aecd1617b1adec2f7c6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'digest' | |
| # INFO THAT THE SERVER KNOWS AND IS SHARED WITH THE CLIENT | |
| # Public and secret keys are defined on the server level and shared | |
| # only with the person who has the account. | |
| PUBLIC_KEY = "PUBLIK" | |
| SECRET_KEY = "SEKRET" | |
| CLIENTS = { | |
| PUBLIC_KEY => SECRET_KEY, | |
| # other clients could be in here as well | |
| } | |
| # HOW WEB REQUESTS ARE PROCESSED (generally in a controller) | |
| # Web Request Comes in to | |
| # www.myapp.com/?client=PUBLIK&t=1439240175&token=04f49831e1b524a1cbeca7ad73d97f2e1746b9ead6f6651b63a2317854357f6d | |
| # URL parses out two pieces from the request | |
| timestamp = params[:t] # 1439240175 | |
| client = params[:client] #"PUBLIK" | |
| secret_key = CLIENTS[client] | |
| token = Digest::SHA256.hexdigest("#{timestamp} #{secret_key}") | |
| # Determine how long ago the timestamp was generated | |
| minutes_ago = (Time.now - Time.at(params[:t])) / 60 | |
| # if the token didn't match or was too long ago, no dice | |
| if params[:token] != token || minutes_ago > 5 | |
| render :text => 'Not Allowed, Sucker!' | |
| end | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment