Coder Social home page Coder Social logo

alexa_verifier's Introduction

Alexa Verifier

AlexaVerifier is a gem created to verify that requests received within a Rack-based application originate from Amazon's Alexa API.

This gem is framework agnostic and should work with any Rack based application including both Rails and Sinatra.

Gem Version Build Status Code Coverage License

Contents

Requirements

AlexaVerifier requires the following:

  • Ruby - version 2.0 or greater

Installation

Add this line to your application's Gemfile:

gem 'alexa_verifier'

Usage

This gem's main function is taking an Rack request and verifying that it was sent by Amazon.

Sinatra

# within server.rb (or equivalent)

post '/' do
  AlexaVerifier.valid!(request)
end

Rails

# config/routes.rb

post '/', to: 'alexa#index'
# app/controllers/alexa_controller.rb

class AlexaController < ApplicationController
  skip_before_action :verify_authenticity_token, only: :index

  def index
    AlexaVerifier.valid!(request)
  end
end

Methods

AlexaVerifier has two main entry points, detailsed below:

Method Parameter type Returns
AlexaVerifier.valid!(request) Rack-based request object true on successful verification. Raises an error if unsuccessful.
AlexaVerifier.valid?(request) Rack-based request object true on successful verificatipn. false if unsuccessful.

You are also able to configure AlexaVerifier to disable some checks. This is detailed in the section below.

Disabling checks

If you'd like to disable one (or more) of the checks performed by AlexaVerifier, you can do so by passing a #configure block. Each of the configuration attributes are Boolean values and are detailed below.

It is possible to disable checks either globally, or for a specific instance. This is useful if you want to run multiple instances of the verifier within your application.

Option Default Description
enabled true Enables or disables AlexaVerifier checks. This setting overrides all others i.e. setting config.enabled = false disables all checks even if you set others to true.
verify_uri true Enables or disables checks on the certificate URI. Set to false to allow serving of certificates from non-amazon approved domains.
verify_timeliness true Enables or disables timeliness checks. Set to false to allow requests generated in the past to be executed. Good for serving test requests.
verify_certificate true Enables or disabled checks on whether the certificate is in date, or contains the SAN address we expect.
verify_signature true Enables or disables checks to see if a request was actually signed by a certificate.

Examples

The below is an example of a 'complete' configure block, setting attributes both globally and for an individual instance.

Globally
AlexaVerifier.configure do |config|
  config.enabled            = false # Disables all checks, even though we enable them individually below
  config.verify_uri         = true
  config.verify_timeliness  = true
  config.verify_certificate = true
  config.verify_signature   = true
end
AlexaVerifier.valid!(request)
Instance level
With a block
verifier = AlexaVerifier::Verifier.new do |config|
  config.enabled            = false
  config.verify_uri         = true
  config.verify_timeliness  = true
  config.verify_certificate = true
  config.verify_signature   = true
end
verifier.valid!(request)
Calling #configure
verifier = AlexaVerifier::Verifier.new
verifier.configure do |config|
  config.enabled            = false
  config.verify_uri         = true
  config.verify_timeliness  = true
  config.verify_certificate = true
  config.verify_signature   = true
end
verifier.valid!(request)

Handling errors

AlexaVerifier#valid! will raise one of the following expected errors if verification cannot be performed.

Please note that all errors come with (hopefully) helpful accompanying messages.

Error Description
AlexaVerifier::InvalidCertificateURIError Raised when the certificate URI does not pass validation.
AlexaVerifier::InvalidCertificateError Raised when the certificate itself does not pass validation e.g. out of date, does not contain the requires SAN extension, etc.
AlexaVerifier::InvalidRequestError Raised when the request cannot be verified (not timely, not signed with the certificate, etc.)

Getting Started with Development

To clone the repository and set up the dependencies, run the following:

git clone https://github.com/mattrayner/alexa_verifier.git
cd alexa_verifier
bundle install

Running the tests

We use RSpec as our testing framework and tests can be run using:

bundle exec rake

Contributing

If you wish to submit a bug fix or feature, you can create a pull request and it will be merged pending a code review.

  1. Fork the repository
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Ensure your changes are tested using Rspec
  6. Create a new Pull Request

License

AlexaVerifier is licensed under the MIT.

Code of Conduct

Everyone interacting in the AlexaVerifier project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

alexa_verifier's People

Contributors

mattrayner avatar sidoh avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.