From 5e61877b86122a983d583a1fd19059ab831f9fa2 Mon Sep 17 00:00:00 2001 From: Mathieu Legault Date: Tue, 9 Jan 2024 10:12:42 -0500 Subject: [PATCH 1/3] Fix the documentation for the sign parameter Even thought the documentation says that you should include the leading "/" in practice you need to exclude it --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7ddab3c..4f2428d 100644 --- a/README.md +++ b/README.md @@ -70,17 +70,17 @@ Then a request path like: will fail because the `sign` parameter is not present. -**The HMAC-SHA256 hash is created by taking the URL path (including the leading /), the request parameters (alphabetically-sorted and concatenated with & into a string). The hash is then base64url-encoded.** +**The HMAC-SHA256 hash is created by taking the URL path (excluding the leading /), the request parameters (alphabetically-sorted and concatenated with & into a string). The hash is then base64url-encoded.** ```elixir -Base.url_encode64(:crypto.mac(:hmac, :sha256, "1234", "/resize" <> "quality=60&url=https://s3.ca-central-1.amazonaws.com/my_image.jpg&width=300")) -# => "O8Xo9xrP0fM67PIWMIRL2hjkD_c5HzzBtRLfpo43ENY=" +Base.url_encode64(:crypto.mac(:hmac, :sha256, "1234", "resize" <> "quality=60&url=https://s3.ca-central-1.amazonaws.com/my_image.jpg&width=300")) +# => "ku5SCH56vrsqEr-_VRDOFJHqa6AXslh3fpAelPAPoeI=" ``` Now this request will succeed! ```sh -/imageproxy/resize?url=https://s3.ca-central-1.amazonaws.com/my_image.jpg&width=300&quality=60&sign=O8Xo9xrP0fM67PIWMIRL2hjkD_c5HzzBtRLfpo43ENY= +/imageproxy/resize?url=https://s3.ca-central-1.amazonaws.com/my_image.jpg&width=300&quality=60&sign=ku5SCH56vrsqEr-_VRDOFJHqa6AXslh3fpAelPAPoeI= ``` ## License From e7facbf8f7f0f8a1bc8ebb7329bd11b2f6c13313 Mon Sep 17 00:00:00 2001 From: Mathieu Legault Date: Wed, 17 Jan 2024 15:38:16 -0500 Subject: [PATCH 2/3] add missing test --- .../middlewares/signature_key.ex | 2 ++ .../plug_image_processing_test.exs | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/lib/plug_image_processing/middlewares/signature_key.ex b/lib/plug_image_processing/middlewares/signature_key.ex index 50fe139..a0af760 100644 --- a/lib/plug_image_processing/middlewares/signature_key.ex +++ b/lib/plug_image_processing/middlewares/signature_key.ex @@ -14,6 +14,8 @@ defmodule PlugImageProcessing.Middlewares.SignatureKey do |> Map.drop(["sign"]) |> URI.encode_query() + IO.inspect(url_path <> url_query) + Base.url_encode64(:crypto.mac(:hmac, :sha256, config.url_signature_key, url_path <> url_query)) end diff --git a/test/plug_image_processing/plug_image_processing_test.exs b/test/plug_image_processing/plug_image_processing_test.exs index 449be8d..8bdcb3f 100644 --- a/test/plug_image_processing/plug_image_processing_test.exs +++ b/test/plug_image_processing/plug_image_processing_test.exs @@ -15,5 +15,19 @@ defmodule PlugImageProcessingTest do assert url === "http://example.com/imageproxy/resize?url=http%3A%2F%2Fbucket.com%2Ftest.jpg&width=10" end + + test "valid with signature", %{config: config} do + url_signature_key = "12345" + config = Keyword.put(config, :url_signature_key, url_signature_key) + + url = PlugImageProcessing.generate_url("http://example.com", config, :resize, %{url: "http://bucket.com/test.jpg", width: 10}) + + assert url === + "http://example.com/imageproxy/resize?url=http%3A%2F%2Fbucket.com%2Ftest.jpg&width=10&sign=#{generate_signature_from_url(url_signature_key, "resizeurl=http%3A%2F%2Fbucket.com%2Ftest.jpg&width=10")}" + end + end + + defp generate_signature_from_url(url_signature_key, url) do + Base.url_encode64(:crypto.mac(:hmac, :sha256, url_signature_key, url)) end end From aef139baeec93f3f1e9579305c60ea47bd6908bb Mon Sep 17 00:00:00 2001 From: Mathieu Legault Date: Wed, 17 Jan 2024 15:39:48 -0500 Subject: [PATCH 3/3] inspect --- lib/plug_image_processing/middlewares/signature_key.ex | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/plug_image_processing/middlewares/signature_key.ex b/lib/plug_image_processing/middlewares/signature_key.ex index a0af760..50fe139 100644 --- a/lib/plug_image_processing/middlewares/signature_key.ex +++ b/lib/plug_image_processing/middlewares/signature_key.ex @@ -14,8 +14,6 @@ defmodule PlugImageProcessing.Middlewares.SignatureKey do |> Map.drop(["sign"]) |> URI.encode_query() - IO.inspect(url_path <> url_query) - Base.url_encode64(:crypto.mac(:hmac, :sha256, config.url_signature_key, url_path <> url_query)) end