From 3355df21c165f92b7cd0e4a585453c5b1c534b74 Mon Sep 17 00:00:00 2001 From: Joseph Chen Date: Thu, 1 Jul 2010 16:32:59 -0700 Subject: [PATCH] Change the code that sets the secret to load the value from a config/modporter.yml file. Add example modporter.yml file. --- config/modporter.yml | 11 +++++++++++ lib/mod_porter.rb | 13 ++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 config/modporter.yml diff --git a/config/modporter.yml b/config/modporter.yml new file mode 100644 index 0000000..10a09f5 --- /dev/null +++ b/config/modporter.yml @@ -0,0 +1,11 @@ +common: &common + secret: secret + +development: + <<: *common + +staging: + <<: *common + +production: + <<: *common \ No newline at end of file diff --git a/lib/mod_porter.rb b/lib/mod_porter.rb index 86d5fcd..db947d6 100644 --- a/lib/mod_porter.rb +++ b/lib/mod_porter.rb @@ -1,4 +1,6 @@ require 'strscan' +require 'yaml' +require 'active_support' module ModPorter class InvalidSignature < StandardError @@ -37,6 +39,11 @@ def self.included(base) base.before_filter :normalize_mod_porters base.extend ModPorter::ClassMethods end + + def load_config + modporter_conf = YAML.load_file(File.join(RAILS_ROOT, 'config', 'modporter.yml')) + @modporter_conf = modporter_conf[RAILS_ENV].symbolize_keys + end def normalize_mod_porters x_uploads_header = request.headers["X-Uploads"] || request.headers["HTTP_X_UPLOADS"] @@ -88,7 +95,11 @@ def normalize_mod_porters end def check_signature!(options) - expected_digest = Digest::SHA1.digest("#{options[:path]}#{self.class.mod_porter_secret}") + + # Load the secret from config/modporter.yml file + load_config + + expected_digest = Digest::SHA1.digest("#{options[:path]}#{@modporter_conf[:secret]}") base64_encoded_digest = ActiveSupport::Base64.encode64(expected_digest).chomp if options[:signature] != base64_encoded_digest