hmac.rb in rack-simple_auth-0.0.5

- old
+ new

@@ -10,10 +10,11 @@
       def initialize(app, signature, secret, config, logpath = nil)
         @app = app
         @signature = signature
         @secret = secret
         @config = config
+        @tolerance = config['tolerance'] || 0 # 0 if tolerance not set in config hash
         @logpath = logpath
       end
 
       # call Method for Rack Middleware/Application
       # @param [Hash] env [Rack Env Hash which contains headers etc..]
@@ -39,36 +40,50 @@
 
         auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
         message_hash = auth_array[0]
         signature = auth_array[1]
 
-        @hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
+        @hash_array = build_allowed_messages(request)
 
-        if signature == @signature && @hash == message_hash
+        if signature == @signature && @hash_array.include?(message_hash)
           true
         else
           log(request)
 
           false
         end
       end
 
+      # Builds Array of allowed message hashs
+      # @param [Rack::Request] request [current Request]
+      # @return [Array] hash_array [allowed message hashes as array]
+      def build_allowed_messages(request)
+        hash_array = []
+
+        (-(@tolerance)..@tolerance).each do |i|
+          hash_array << OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request, i))
+        end
+
+        hash_array
+      end
+
       # Get Message for current Request
       # @param [Rack::Request] request [current Request]
       # @return [Hash] message [message which will be encrypted]
-      def message(request)
+      def message(request, delay = 0)
+        date = Time.now.to_i + delay
         case request.request_method
         when 'GET'
-          return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
         when 'POST'
-          return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
         when 'DELETE'
-          return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
         when 'PUT'
-          return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
         when 'PATCH'
-          return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
         end
       end
 
       # Get Request Data specified by Config
       # @param [Rack::Request] request [current Request]
@@ -89,11 +104,16 @@
           path = request.path
           method = request.request_method
 
           log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
           log << "Auth Message Config: #{@config[request.request_method]}\n"
-          log << "Auth Encrypted Message: #{@hash}\n"
-          log << "Auth Signature: #{@signature}\n"
+          log << "Allowed Encrypted Messages:\n"
+
+          @hash_array.each do |hash|
+            log << "#{hash}\n"
+          end
+
+          log << "Auth Signature: #{@signature}"
 
           open("#{@logpath}/#{ENV['RACK_ENV']}_error.log", 'a') do |f|
             f << "#{log}\n"
           end
         end