Separate ActiveStorage facade from Cellar machinery

lib/cellar/amazon_v2_request_signer.rb

@@ -0,0 +1,43 @@
+require 'base64'
+require 'openssl'
+
+module Cellar
+  class AmazonV2RequestSigner
+    def initialize(access_key_id, secret_access_key, bucket)
+      @access_key_id = access_key_id
+      @secret_access_key = secret_access_key
+      @bucket = bucket
+    end
+
+    def sign(request, key)
+      date = Time.now.httpdate
+      sig = signature(
+        method: request.method,
+        key: key,
+        date: date,
+        checksum: request['Content-MD5'] || '',
+        content_type: request.content_type || ''
+      )
+      request['date'] = date
+      request['authorization'] = "AWS #{@access_key_id}:#{sig}"
+    end
+
+    def url_signature_params(method:, key:, expires_in:, content_type: '', checksum: '')
+      expires = expires_in.from_now.to_i
+
+      {
+        AWSAccessKeyId: @access_key_id,
+        Expires: expires,
+        Signature: signature(method: method, key: key, expires: expires, content_type: content_type, checksum: checksum)
+      }
+    end
+
+    def signature(method:, key:, expires: '', date: '', content_type: '', checksum: '')
+      canonicalized_amz_headers = ""
+      canonicalized_resource = "/#{@bucket}/#{key}"
+      string_to_sign = "#{method}\n#{checksum}\n#{content_type}\n#{expires}#{date}\n" +
+                       "#{canonicalized_amz_headers}#{canonicalized_resource}"
+      Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), @secret_access_key, string_to_sign)).strip
+    end
+  end
+end