web_package-rails

Release 0.1.0

Provides integration of Signed HTTP Exchange format into Rails 3+, allowing a browser to trust that a HTTP request-response pair was generated by the origin it claims.

Homepage Rubygems Ruby Documentation Download

License
MIT
Install
gem install web_package-rails -v 0.1.0

Documentation

Web packaging for Rails

This gem is a glue to stick underlying web_package mechanism into Rails 3+ apps. It provides a way to extend existing routes in Rails application with .sxg formats. That is, for each known path /articles/foo the library handles /articles/foo.sxg path out of the box.

Required environment variables

For an http exchange to be signed a certificate with a special "CanSignHttpExchanges" extension must be provided. For testing purposes you may use just a self-signed one. Please refer to web_package docs to create such.

Also, an endpoint must be set up serving the certificate in application/cert-chain+cbor format. You can use gen-certurl tool from here to convert PEM certificate into this format.

Having done the above-said we are ready to assign env vars required to use the gem:

export SXG_CERT_URL='https://my.cdn.com/cert.cbor' \
       SXG_CERT_PATH='/local/path/to/cert.pem' \
       SXG_PRIV_PATH='/local/path/to/priv.key'

Please note, that the variables are fetched during class initialization. And failing to provide valid paths will result in an exception.

Install

First, please ensure the above environment variables are set up all right.

Next, add the gem into your Gemfile:

gem 'web_package-rails'

And run bundle install command.

That's it. Once added, the gem will hook into your Rails initialization process to prepend middleware stack with WebPackage::Middleware.

What is inside

The gem is just a rack middleware comprising a lightweight scanner of request paths for the presence of .sxg extension. If found, the path is cleared of it, and modified request url is then passed further down the middleware stack to be handled as if no extension was ever given.

In case .sxg extension is not detected - the requests are simply proxied intact.

Contributing

Fork it, create your feature branch from develop, make changes and create new Pull Request. Please do not forget tests.

License

Web package for Rails is released under the MIT License.

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
1
Forks
0
Watchers
1
Contributors
1
Repository size
2.93 KB
SourceRank
6

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.0

Maintainers

gafrom

Contributors

Oleg Afanasyev


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2019-05-13 18:47:47 UTC

Login to resync this project