class Blob
+ extend DbCurrentTime
+
+ def initialize locator
+ @locator = locator
+ end
+
+ def empty?
+ !!@locator.match(/^d41d8cd98f00b204e9800998ecf8427e(\+.*)?$/)
+ end
# In order to get a Blob from Keep, you have to prove either
# [a] you have recently written it to Keep yourself, or
# Blob.sign_locator: return a signed and timestamped blob locator.
#
# The 'opts' argument should include:
- # [required] :key - the Arvados server-side blobstore key
- # [required] :api_token - user's API token
+ # [required] :api_token - API token (signatures only work for this token)
+ # [optional] :key - the Arvados server-side blobstore key
# [optional] :ttl - number of seconds before signature should expire
# [optional] :expire - unix timestamp when signature should expire
#
end
timestamp = opts[:expire]
else
- timestamp = Time.now.to_i + (opts[:ttl] || 600)
+ timestamp = db_current_time.to_i +
+ (opts[:ttl] || Rails.configuration.blob_signature_ttl)
end
timestamp_hex = timestamp.to_s(16)
# => "53163cb4"
+ blob_signature_ttl = Rails.configuration.blob_signature_ttl.to_s(16)
# Generate a signature.
signature =
- generate_signature opts[:key], blob_hash, opts[:api_token], timestamp_hex
+ generate_signature((opts[:key] or Rails.configuration.blob_signing_key),
+ blob_hash, opts[:api_token], timestamp_hex, blob_signature_ttl)
blob_locator + '+A' + signature + '@' + timestamp_hex
end
if !timestamp
raise Blob::InvalidSignatureError.new 'No signature provided.'
end
- if !timestamp.match /^[\da-f]+$/
+ unless timestamp =~ /^[\da-f]+$/
raise Blob::InvalidSignatureError.new 'Timestamp is not a base16 number.'
end
- if timestamp.to_i(16) < Time.now.to_i
+ if timestamp.to_i(16) < (opts[:now] or db_current_time.to_i)
raise Blob::InvalidSignatureError.new 'Signature expiry time has passed.'
end
+ blob_signature_ttl = Rails.configuration.blob_signature_ttl.to_s(16)
my_signature =
- generate_signature opts[:key], blob_hash, opts[:api_token], timestamp
+ generate_signature((opts[:key] or Rails.configuration.blob_signing_key),
+ blob_hash, opts[:api_token], timestamp, blob_signature_ttl)
if my_signature != given_signature
raise Blob::InvalidSignatureError.new 'Signature is invalid.'
true
end
- def self.generate_signature key, blob_hash, api_token, timestamp
+ def self.generate_signature key, blob_hash, api_token, timestamp, blob_signature_ttl
OpenSSL::HMAC.hexdigest('sha1', key,
[blob_hash,
api_token,
- timestamp].join('@'))
+ timestamp,
+ blob_signature_ttl].join('@'))
end
end