Add server signed response #163
Conversation
| if api_auth_options | ||
| response.headers['CONTENT-MD5'] ||= Digest::MD5.base64digest(json) | ||
| response.headers['Authorization'] ||= ApiAuth.sign!( | ||
| request, |
There was a problem hiding this comment.
We'd want to pass in the response object here right?
There was a problem hiding this comment.
I know that is strange, but we need to pass the request object because we need to access to the request.fullpath.
Secondly, we can use the already defined ActionDispatchRequest without any changed.
|
|
||
| ### Server signing response | ||
|
|
||
| The server can perform a validation of the response. |
There was a problem hiding this comment.
I think you're trying to say the server can sign the content of the response, right?
| end | ||
|
|
||
| module ClassMethods | ||
| def validation_with_api_auth(api_auth_options = nil) |
There was a problem hiding this comment.
Can we call this something like api_auth_sign_response
|
|
||
| # API AUTH addition headers | ||
| if api_auth_options | ||
| response.headers['CONTENT-MD5'] ||= Digest::MD5.base64digest(json) |
There was a problem hiding this comment.
Is this needed because the response object won't have a body for ApiAuth to inspect yet?
There was a problem hiding this comment.
In fact, the body is the json variable. I keep the same code as the classic JSON renderer. It's just a .to_json of the variable passed in the controller.
The source code is here : https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/renderers.rb#L156
I add a comment in the code for memory.
fwininger
force-pushed
the
signed_response
branch
from
8406260 to
047d805
Compare
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
fwininger
force-pushed
the
signed_response
branch
from
047d805 to
a963725
Compare
2 participants
@kjg @adamlwgriffiths I try to do a PR for #112, can you take a look ?
If the approch seems to be good I implement the unit tests.