This repository was archived by the owner on Mar 10, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathamazon-auth-proxy.cgi
More file actions
executable file
·116 lines (102 loc) · 2.46 KB
/
amazon-auth-proxy.cgi
File metadata and controls
executable file
·116 lines (102 loc) · 2.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/usr/bin/env ruby
#
# amazon-auth-proxy.cgi:
# Authentication Proxy Server of Amazon Product Advertising API.
#
# Copyright (C) 2009 TADA Tadashi <t@tdtds.jp>
# You can redistribute it and/or modify it under GPL2.
#
require 'uri'
require 'base64'
require 'digest/sha2'
require 'time'
require 'timeout'
require 'open-uri'
require 'erb'
include ERB::Util
# for ruby < 1.8.7
unless defined?( Object::tap )
class Object
def tap
yield(self)
self
end
end
end
module HMAC
IPAD = [0x36] * 64
OPAD = [0x5c] * 64
module_function
def sha256( key, message )
ikey = IPAD.dup
okey = OPAD.dup
key = [].tap {|k| key.each_byte {|x| k << x}}
key.size.times{|i|
ikey[i] = key[i] ^ IPAD[i]
okey[i] = key[i] ^ OPAD[i]
}
ik = ikey.pack( "C*" )
ok = okey.pack( "C*" )
value = Digest::SHA256.digest( ik + message )
value = Digest::SHA256.digest( ok + value )
end
end
def paapi( conf, params )
raise ArgumentError::new( 'No AssociateTag' ) unless conf['default_aid']
xslt = false
qs = [].tap {|q|
params.each do |key, values|
if key =~ /^(AWSAccessKeyId|SubscriptionId)$/
q << "#{u key}=#{u conf['access_key']}"
elsif key == 'AssociateTag'
# ignore this key and insert after
elsif key == 'Timestamp'
# ignore this key and insert after
else
q << "#{u key}=#{u values[0]}"
xslt = true if key == 'Style'
end
end
q << "AssociateTag=#{u conf['default_aid']}"
q << "Timestamp=#{u DateTime.now.new_offset.strftime('%Y-%m-%dT%XZ') }"
}.sort
uri = URI.parse( conf[xslt ? 'xslt_entry_point' : 'entry_point'] )
message = ['GET', uri.host, uri.path, qs * '&'] * "\n"
begin
require 'openssl'
hash = OpenSSL::HMAC::digest( OpenSSL::Digest::SHA256.new, conf['secret_key'], message )
rescue LoadError, NameError
hash = HMAC::sha256( conf['secret_key'], message )
end
qs << "Signature=#{u [hash].pack( "m" ).chomp}"
url = uri.to_s + '?' + qs * '&'
return [302, url] if conf['use_redirect']
timeout( 10 ) do
return [200, open( url, &:read )]
end
end
if __FILE__ == $0 then
require 'cgi'
cgi = CGI::new
require 'yaml'
conf = YAML::load_file( 'amazon-auth-proxy.yaml' )
begin
status, body = paapi( conf, cgi.params )
if status == 200 then
print cgi.header(
'status' => '200',
'type' => 'text/xml;charset="UTF-8"'
)
print body
elsif 302
print cgi.header(
'status' => '302',
'location' => body
)
puts "\n\n"
end
rescue
print "Status: 500\nContent-Type: text/plain\n\n"
print $!.message
end
end