lib/rack/simple_auth/hmac.rb in rack-simple_auth-0.0.7 vs lib/rack/simple_auth/hmac.rb in rack-simple_auth-0.0.8

@@ -5,17 +5,18 @@
     class HMAC
       # Constructor for Rack Middleware (passing the rack stack)
       # @param [Rack Application] app [next middleware or rack app which gets called]
       # @param [String] signature [Public Signature]
       # @param [String] secret [Secret used for Message Encryption]
-      def initialize(app, signature, secret, config, logpath = nil)
+      def initialize(app, config)
         @app = app
-        @signature = signature
-        @secret = secret
-        @config = config
+        @signature = config['signature'] || ''
+        @secret = config['secret'] || ''
         @tolerance = config['tolerance'] || 0 # 0 if tolerance not set in config hash
-        @logpath = logpath
+        @logpath = config['logpath']
+
+        @config = config
       end
 
       # call Method for Rack Middleware/Application
       # @param [Hash] env [Rack Env Hash which contains headers etc..]
       def call(env)
@@ -30,26 +31,26 @@
 
       # checks for valid HMAC Request
       # @param [Rack::Request] request [current Request]
       # @return [boolean] ValidationStatus [If authorized returns true, else false]
       def valid?(request)
-        @hash_array = build_allowed_messages(request)
+        hash_array = build_allowed_messages(request)
 
         if request.env['HTTP_AUTHORIZATION'].nil?
-          log(request)
+          log(request, hash_array)
 
           return false
         end
 
         auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
         message_hash = auth_array[0]
         signature = auth_array[1]
 
-        if signature == @signature && @hash_array.include?(message_hash)
+        if signature == @signature && hash_array.include?(message_hash)
           true
         else
-          log(request)
+          log(request, hash_array)
 
           false
         end
       end
 
@@ -98,20 +99,20 @@
         end
       end
 
       # Log to @logpath if request is unathorized
       # @param [Rack::Request] request [current Request]
-      def log(request)
+      def log(request, hash_array)
         if @logpath
           path = request.path
           method = request.request_method
 
           log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
           log << "Auth Message Config: #{@config[request.request_method]}\n"
 
-          if @hash_array
+          if hash_array
             log << "Allowed Encrypted Messages:\n"
-            @hash_array.each do |hash|
+            hash_array.each do |hash|
               log << "#{hash}\n"
             end
           end
 
           log << "Auth Signature: #{@signature}"