Sha256: 292fab56c6822cb55003bddd06059420a17091add9b3b0baa6efb19bab8cd513
Contents?: true
Size: 854 Bytes
Versions: 1
Compression:
Stored size: 854 Bytes
Contents
require "faye/authentication/version"
require 'faye/authentication/extension'
require 'faye/authentication/http_client'
require 'faye/authentication/engine'
module Faye
module Authentication
def self.sign(message, secret)
OpenSSL::HMAC.hexdigest('sha1', secret, "#{message['channel']}-#{message['clientId']}")
end
def self.valid?(message, secret)
signature = message.delete('signature')
return false unless signature
secure_compare(signature, sign(message, secret))
end
# constant-time comparison algorithm to prevent timing attacks
# Copied from ActiveSupport::MessageVerifier
def self.secure_compare(a, b)
return false unless a.bytesize == b.bytesize
l = a.unpack "C#{a.bytesize}"
res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| faye-authentication-0.1.0 | lib/faye/authentication.rb |