Class: WebBotAuth::DirectoryController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• WebBotAuth::DirectoryController

Defined in:

app/controllers/web_bot_auth/directory_controller.rb

Overview

Serves the Web Bot Auth key directory (a JWK Set) at
+/.well-known/http-message-signatures-directory+, signed over the request
+@authority+ per draft-meunier-http-message-signatures-directory.

Inherits from ActionController::Base (not ApplicationController) so no
authentication / locale / CSRF filters run — the directory is a public,
host-agnostic, locale-free endpoint (mirrors RobotsController).

See Also:

• Key

Constant Summary

CONTENT_TYPE =

The IANA media type for the signatures directory.

'application/http-message-signatures-directory+json'

CACHE_TTL =

How long the directory may be cached at the edge / by clients.

5.minutes

SIGNATURE_VALIDITY =

The signed-response validity window. Kept comfortably longer than
CACHE_TTL so a cached copy never carries an already-expired signature.

1.hour

Instance Method Summary

• #show ⇒ void

  GET /.well-known/http-message-signatures-directory.

Instance Method Details

#show ⇒ void

This method returns an undefined value.

GET /.well-known/http-message-signatures-directory

# File 'app/controllers/web_bot_auth/directory_controller.rb', line 27

def show
  return head(:service_unavailable) unless WebBotAuth::Key.configured?

  now = Time.current
  authority = WebBotAuth.authority_for(request.base_url) || request.host.to_s.downcase
  signature = WebBotAuth::MessageSignature.new(
    label: 'sig1',
    components: [
      WebBotAuth::MessageSignature::Component.new(
        name: '@authority', value: authority, params: { req: true }
      )
    ],
    created: now.to_i,
    expires: (now + SIGNATURE_VALIDITY).to_i,
    keyid: WebBotAuth::Key.kid,
    tag: WebBotAuth::TAG_DIRECTORY
  )

  signature.headers.each { |name, value| response.set_header(name, value) }
  response.set_header('X-Content-Type-Options', 'nosniff')
  expires_in CACHE_TTL, public: true

  render body: JSON.generate(keys: [WebBotAuth::Key.public_jwk]), content_type: CONTENT_TYPE
end