projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
20472: Add a couple more cancellation tests
[arvados.git]
/
services
/
api
/
app
/
models
/
blob.rb
diff --git
a/services/api/app/models/blob.rb
b/services/api/app/models/blob.rb
index 7ae13ef2d0126d0b41b28a344e391ad55a7e6a41..9f9a20fe33fa3b05bb6afc688a419c5934ce72e8 100644
(file)
--- a/
services/api/app/models/blob.rb
+++ b/
services/api/app/models/blob.rb
@@
-1,3
+1,9
@@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require 'request_error'
+
class Blob
extend DbCurrentTime
class Blob
extend DbCurrentTime
@@
-21,15
+27,15
@@
class Blob
# locator_hash +A blob_signature @ timestamp
# where the timestamp is a Unix time expressed as a hexadecimal value,
# and the blob_signature is the signed locator_hash + API token + timestamp.
# locator_hash +A blob_signature @ timestamp
# where the timestamp is a Unix time expressed as a hexadecimal value,
# and the blob_signature is the signed locator_hash + API token + timestamp.
- #
- class InvalidSignatureError <
Standard
Error
+ #
+ class InvalidSignatureError <
Request
Error
end
# Blob.sign_locator: return a signed and timestamped blob locator.
#
# The 'opts' argument should include:
end
# Blob.sign_locator: return a signed and timestamped blob locator.
#
# The 'opts' argument should include:
- # [required] :
key - the Arvados server-side blobstore key
- # [
required] :api_token - user's API token
+ # [required] :
api_token - API token (signatures only work for this token)
+ # [
optional] :key - the Arvados server-side blobstore key
# [optional] :ttl - number of seconds before signature should expire
# [optional] :expire - unix timestamp when signature should expire
#
# [optional] :ttl - number of seconds before signature should expire
# [optional] :expire - unix timestamp when signature should expire
#
@@
-44,14
+50,17
@@
class Blob
end
timestamp = opts[:expire]
else
end
timestamp = opts[:expire]
else
- timestamp = db_current_time.to_i + (opts[:ttl] || 1209600)
+ timestamp = db_current_time.to_i +
+ (opts[:ttl] || Rails.configuration.Collections.BlobSigningTTL.to_i)
end
timestamp_hex = timestamp.to_s(16)
# => "53163cb4"
end
timestamp_hex = timestamp.to_s(16)
# => "53163cb4"
+ blob_signature_ttl = Rails.configuration.Collections.BlobSigningTTL.to_i.to_s(16)
# Generate a signature.
signature =
# Generate a signature.
signature =
- generate_signature opts[:key], blob_hash, opts[:api_token], timestamp_hex
+ generate_signature((opts[:key] or Rails.configuration.Collections.BlobSigningKey),
+ blob_hash, opts[:api_token], timestamp_hex, blob_signature_ttl)
blob_locator + '+A' + signature + '@' + timestamp_hex
end
blob_locator + '+A' + signature + '@' + timestamp_hex
end
@@
-61,9
+70,9
@@
class Blob
# Return value: true if the locator has a valid signature, false otherwise
# Arguments: signed_blob_locator, opts
#
# Return value: true if the locator has a valid signature, false otherwise
# Arguments: signed_blob_locator, opts
#
- def self.verify_signature
*args
+ def self.verify_signature
(*args)
begin
begin
- self.verify_signature!
*args
+ self.verify_signature!
(*args)
true
rescue Blob::InvalidSignatureError
false
true
rescue Blob::InvalidSignatureError
false
@@
-88,15
+97,17
@@
class Blob
if !timestamp
raise Blob::InvalidSignatureError.new 'No signature provided.'
end
if !timestamp
raise Blob::InvalidSignatureError.new 'No signature provided.'
end
-
if !timestamp.match
/^[\da-f]+$/
+
unless timestamp =~
/^[\da-f]+$/
raise Blob::InvalidSignatureError.new 'Timestamp is not a base16 number.'
end
if timestamp.to_i(16) < (opts[:now] or db_current_time.to_i)
raise Blob::InvalidSignatureError.new 'Signature expiry time has passed.'
end
raise Blob::InvalidSignatureError.new 'Timestamp is not a base16 number.'
end
if timestamp.to_i(16) < (opts[:now] or db_current_time.to_i)
raise Blob::InvalidSignatureError.new 'Signature expiry time has passed.'
end
+ blob_signature_ttl = Rails.configuration.Collections.BlobSigningTTL.to_i.to_s(16)
my_signature =
my_signature =
- generate_signature opts[:key], blob_hash, opts[:api_token], timestamp
+ generate_signature((opts[:key] or Rails.configuration.Collections.BlobSigningKey),
+ blob_hash, opts[:api_token], timestamp, blob_signature_ttl)
if my_signature != given_signature
raise Blob::InvalidSignatureError.new 'Signature is invalid.'
if my_signature != given_signature
raise Blob::InvalidSignatureError.new 'Signature is invalid.'
@@
-105,10
+116,11
@@
class Blob
true
end
true
end
- def self.generate_signature key, blob_hash, api_token, timestamp
+ def self.generate_signature key, blob_hash, api_token, timestamp
, blob_signature_ttl
OpenSSL::HMAC.hexdigest('sha1', key,
[blob_hash,
api_token,
OpenSSL::HMAC.hexdigest('sha1', key,
[blob_hash,
api_token,
- timestamp].join('@'))
+ timestamp,
+ blob_signature_ttl].join('@'))
end
end
end
end