Testing filepicker.io security using Ruby - ruby

I'm trying to build a test that will allow me to exercise FilePicker.io security. The code is run as:
ruby test.rb [file handle]
and the result is the query string that I can append to a FilePicker URL. I'm pretty sure my policy is getting read properly, but my signature isn't. Can someone tell me what I'm doing wrong? Here's the code:
require 'rubygems'
require 'base64'
require 'cgi'
require 'openssl'
require 'json'
handle = ARGV[0]
expiry = Time::now.to_i + 3600
policy = {:handle=>handle, :expiry=>expiry, :call=>["pick","read", "stat"]}.to_json
puts policy
puts "\n"
secret = 'SECRET'
encoded_policy = CGI.escape(Base64.encode64(policy))
signature = OpenSSL::HMAC.hexdigest('sha256', secret, encoded_policy)
puts "?signature=#{signature}&policy=#{encoded_policy}"

The trick is to use Base64.urlsafe_encode64 instead of CGI.escape:
require 'rubygems'
require 'base64'
require 'cgi'
require 'openssl'
require 'json'
handle = ARGV[0]
expiry = Time::now.to_i + 3600
policy = {:handle=>handle, :expiry=>expiry}.to_json
puts policy
puts "\n"
secret = 'SECRET'
encoded_policy = Base64.urlsafe_encode64(policy)
signature = OpenSSL::HMAC.hexdigest('sha256', secret, encoded_policy)
puts "?signature=#{signature}&policy=#{encoded_policy}"
When tested with the sample values for expiry, handle, and secret in the Filepicker.io docs it returns same values as the python example.

I resolved this in my Ruby 1.8 environment by removing the CGI.escape and gsubbing out the newline:
Base64.encode64(policy).gsub("\n","")
elevenarms's answer is the best for Ruby 1.9 users, but you have to do something a bit kludgy like the above for Ruby 1.8. I'll accept his answer nonetheless, since most of us are or shortly will be in 1.9 these days.

Related

How to parse a URL using Ruby

Hi
how i print
http://site.tf/home/
from
http://site.tf/home/index.php?id=12
using ruby parse url
Do like this
require 'uri'
uri = URI.parse('http://site.tf/home/index.php?id=12')
"#{uri.scheme}://#{uri.host}/#{uri.path.split('/')[1]}"
#=> "http://site.tf/home/"
Didn't tested though.I guess it should work fine
Update
If you want just site.tf,just do like this
require 'uri'
uri = URI.parse('http://site.tf/home/index.php?id=12')
uri.host.split('/').first
#=> "site.tf"

How to handle a json file return by the server with ruby?

I have a json file return by a web radio
require 'open-uri'
rquiire 'json'
songlist=open('http://douban.fm/j/mine/playlist?type=n&channel=0')
##this will return a json file:
##{"r":0,"song" [{"album":"\/subject\/25863639\/","picture":"http:\/\/img5.douban.com\/mpic\/s27256956.jpg","ssid":"7656","artist":"Carousel Kings","url":"http:\/\/mr3.douban.com\/201404122019\/660a1b4494a255e0333dfdc9ffadcf08\/view\/song\/small\/p2055547.mp3","company":"Not On Label","title":"Silence","rating_avg":3.73866,"length":194,"subtype":"","public_time":"2014","sid":"2055547","aid":"25863639","sha256":"ebf027adfaf9882118456941a774eeb509c29c4c278f55f587ba2faaa858a49d","kbps":"64","albumtitle":"Unity","like":false}]
I want to get the information like this song[0]['url'], song[0]['title'],song[0]['album']and using smplayer in terminal to play the song by pointed by url.
How can i do that with ruby?
Thanks.
I would use JSON.parse as below
require 'open-uri'
require 'json'
songlist = open('http://douban.fm/j/mine/playlist?type=n&channel=0').read
parsed_songlist = JSON.parse(songlist)
parsed_songlist["song"][0]["url"] #=> "http:\/\/mr3.douban.com\/201404122019\/660a1b4494a255e0333dfdc9ffadcf08\/view\/song\/small\/p2055547.mp3"
parsed_songlist["song"][0]["title"] #=> "Silence"

hpricot-invalid byte sequence in UTF-8

I already done some searches but none of that can solve this peculiar,unexpected problem.
Just look at the code blow:
require 'open-uri'
require 'hpricot'
doc = Hpricot(open("http://www.baidu.com/")) #this web page's encoding is GB2312
I don't know what's going on here,you can this in your irb to see if you can get the problem
It just pop up "ArgumentError: invalid byte sequence in UTF-8"
I have try to convert the original HTML into utf-8 by Iconv but it still won't work
Guys,I really don't what to do now,please help me
Hpricot - UTF-8 issues
invalid byte sequence in UTF-8 (ArgumentError)
require 'hpricot'
require 'open-uri'
doc = open('http://www.amazon.co.jp/') {|f| Hpricot(f.read) }
puts doc.to_html
open('http://www.amazon.co.jp/') {|f| Hpricot(f.read.encode("UTF-8")) }
I know how it could work with Net::HTTP (Ruby 1.9.2):
require 'net/http'
require 'uri'
url = URI.parse('http://www.baidu.com')
res = Net::HTTP.start(url.host, url.port) {|http|
http.get('/')
}
str = res.body.force_encoding('GB2312')
puts str
puts str.encoding.name # => GB2312
Does that help?

http PUT a file to S3 presigned URLs using ruby

Anyone got a working example of using ruby to post to a presigned URL on s3
I have used aws-sdk and right_aws both.
Here is the code to do this.
require 'rubygems'
require 'aws-sdk'
require 'right_aws'
require 'net/http'
require 'uri'
require 'rack'
access_key_id = 'AAAAAAAAAAAAAAAAA'
secret_access_key = 'ASDFASDFAS4646ASDFSAFASDFASDFSADF'
s3 = AWS::S3.new( :access_key_id => access_key_id, :secret_access_key => secret_access_key)
right_s3 = RightAws::S3Interface.new(access_key_id, secret_access_key, {:multi_thread => true, :logger => nil} )
bucket_name = 'your-bucket-name'
key = "your-file-name.ext"
right_url = right_s3.put_link(bucket_name, key)
right_scan_command = "curl -I --upload-file #{key} '#{right_url.to_s}'"
system(right_scan_command)
bucket = s3.buckets[bucket_name]
form = bucket.presigned_post(:key => key)
uri = URI(form.url.to_s + '/' + key)
uri.query = Rack::Utils.build_query(form.fields)
scan_command = "curl -I --upload-file #{key} '#{uri.to_s}'"
system(scan_command)
Can you provide more information on how a "presigned URL" works? Is it like this:
AWS::S3::S3Object.url_for(self.full_filename,
self.bucket_name, {
:use_ssl => true,
:expires_in => ttl_seconds
})
I use this code to send authenticated clients the URL to their S3 file. I believe this is the "presigned URL" that you're asking about. I haven't used this code for a PUT, so I'm not exactly sure if it's right for you, but it might get you close.
I know this is an older question, but I was wondering the same thing and found an elegant solution in the AWS S3 Documentation.
require 'net/http'
file = "somefile.ext"
url = URI.parse(presigned_url)
Net::HTTP.start(url.host) do |http|
http.send_request("PUT", url.request_uri, File.read(file), {"content-type" => "",})
end
This worked great for my Device Farm uploads.
Does anything on the s3 library page cover what you need? There are loads of examples there.
There are some generic REST libraries for Ruby; Google for "ruby rest client". See also HTTParty.
I've managed to sort it out. Turns out the HTTP:Net in Ruby is has some short comings. Lot of Monkeypatch later I got it working.. More details when I have time. thank

How do I create a SHA1 hash in ruby?

SHA Hash functions
require 'digest/sha1'
Digest::SHA1.hexdigest 'foo'
For a Base64 encoded hash, to validated an Oauth signature, I used
require 'base64'
require 'hmac-sha1'
Base64.encode64((HMAC::SHA1.new('key') << 'base').digest).strip
I created a helper gem which is a simple wrapper around some sha1 code
require 'rickshaw'
> Rickshaw::SHA1.hash('LICENSE.txt')
=> "4659d94e7082a65ca39e7b6725094f08a413250a"
> "hello world".to_sha1
=> "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"
Where 'serialize' is some user function defined elsewhere.
def generateKey(data)
return Digest::SHA1.hexdigest ("#{serialize(data)}")
end

Resources