require 'openssl' module Plasticine class Authentication def initialize(request_url, params={}) @request_url = request_url @params = params end def expired? @params[:timestamp] and Time.parse(@params[:timestamp]) + 12.hours < Time.now end def valid_token? @params[:token] == tokenize end def tokenize OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, token_key, filtered_url) end private def compacted_params @params.map{ |k,v| "#{k}#{v}" if not reserved_params.include?(k.to_s) }.join end def filtered_url url = @request_url.split('?').first.rpartition('/').first + compacted_params url.chars.sort.join.gsub('/', '') end def reserved_params ['action', 'class', 'controller', 'format', 'from', 'nature', 'step', 'to', 'token', 'tools', 'update_every', 'version'] end def token_key Rails.application.config.secret_key_base end end end