From 54f7ca4d3b528324b127df4bebf3e05a08830235 Mon Sep 17 00:00:00 2001 From: Henri-Damien LAURENT Date: Tue, 7 Jul 2009 15:44:26 +0200 Subject: [PATCH] bug 3204: implement request signing for Amazon Web Services After 2009-08-15, Amazon Web Services will expect that all requests to the Product Advertising API, which is what Koha uses for retrieving reviews and other enhanced content from Amazon, include signatures. This patch and subsequenct patches implement this functionality. What this means in practice (assuming the user has elected to use any enhanced content from Amazon) is that [1] The user must get a Amazon Secret Access Key. This can be done by logging in to the user's AWS account at (e.g.) http://aws.amazon.com/, going to the 'Access Identifiers' page, and from there retrieving and/or creating a new Secret Access Key. [2] The contents of the Secret Access Key should then be entered into the new AWSPrivateKey system preference. Once that is done, grabbing reviews and table of contents from Amazon should work as normal. If the user doesn't do this before 2009-08-15, reviews and TOCs will no longer be supplied from Amazon, although there should be no crashes - the content will simply not show up. Note that the requirement to sign requests does *NOT* appear to apply to simply displaying book covers from Amazon. Signed-off-by: Galen Charlton --- C4/External/Amazon.pm | 45 ++++++++++++++----- Makefile.PL | 2 + install_misc/debian-lenny.packages | 1 + .../data/mysql/en/mandatory/sysprefs.sql | 1 + .../unimarc_standard_systemprefs.sql | 1 + 5 files changed, 38 insertions(+), 12 deletions(-) diff --git a/C4/External/Amazon.pm b/C4/External/Amazon.pm index 47f4b5ee83..d6145b342b 100644 --- a/C4/External/Amazon.pm +++ b/C4/External/Amazon.pm @@ -22,6 +22,9 @@ use LWP::Simple; use LWP::UserAgent; use HTTP::Request::Common; use C4::Koha; +use URI::Escape; +use POSIX; +use Digest::SHA qw(hmac_sha256_base64); use strict; use warnings; @@ -129,18 +132,25 @@ sub get_amazon_details { my %hformat = ( a => 'Books', g => 'Video', j => 'Music' ); my $search_index = $hformat{ substr($record->leader(),6,1) } || 'Books'; - my $url = - "http://ecs.amazonaws" . get_amazon_tld() . - "/onca/xml?Service=AWSECommerceService" . - "&AWSAccessKeyId=" . C4::Context->preference('AWSAccessKeyID') . - "&Operation=ItemLookup" . - "&AssociateTag=" . C4::Context->preference('AmazonAssocTag') . - "&Version=2009-02-01" . - "&ItemId=$item_id" . - "&IdType=$id_type" . - "&ResponseGroup=" . join( ',', @aws ); - $url .= "&SearchIndex=$search_index" if $id_type ne 'ASIN'; - #warn $url; + my $parameters={Service=>"AWSECommerceService" , + "AWSAccessKeyId"=> C4::Context->preference('AWSAccessKeyID') , + "Operation"=>"ItemLookup", + "AssociateTag"=> C4::Context->preference('AmazonAssocTag') , + "Version"=>"2009-06-01", + "ItemId"=>$item_id, + "IdType"=>$id_type, + "ResponseGroup"=> join( ',', @aws ), + "Timestamp"=>strftime("%Y-%m-%dT%H:%M:%SZ", gmtime) + }; + $$parameters{"SearchIndex"} = $search_index if $id_type ne 'ASIN'; + my @params; + while (my ($key,$value)=each %$parameters){ + push @params, qq{$key=}.uri_escape($value, "^A-Za-z0-9\-_.~" ); + } + + my $url =qq{http://webservices.amazon}. get_amazon_tld(). + "/onca/xml?".join("&",sort @params).qq{&Signature=}.uri_escape(SignRequest(@params),"^A-Za-z0-9\-_.~" ); + my $content = get($url); warn "could not retrieve $url" unless $content; my $xmlsimple = XML::Simple->new(); @@ -151,6 +161,17 @@ sub get_amazon_details { return $response; } +sub SignRequest{ + my @params=@_; + my $tld=get_amazon_tld(); + my $string = qq{ +GET +webservices.amazon$tld +/onca/xml +}.join("&",sort @params); + return hmac_sha256_base64($string,C4::Context->preference('AWSPrivateKey')); +} + sub check_search_inside { my $isbn = shift; my $ua = LWP::UserAgent->new( diff --git a/Makefile.PL b/Makefile.PL index 99d1189813..a3775f0ea5 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -549,6 +549,7 @@ WriteMakefile( 'Date::ICal' => 1.72, 'Date::Manip' => 5.44, 'Digest::MD5' => 2.36, + 'Digest::SHA' => 5.43, 'Email::Date' => 1.103, 'File::Temp' => 0.16, 'GD' => 2.39, #optional @@ -599,6 +600,7 @@ WriteMakefile( 'Time::HiRes' => 1.86, 'Time::localtime' => 1.02, 'Unicode::Normalize' => 0.32, + 'URI::Escape' => 1.36, 'XML::Dumper' => 0.81, 'XML::LibXML' => 1.59, 'XML::LibXSLT' => 1.59, diff --git a/install_misc/debian-lenny.packages b/install_misc/debian-lenny.packages index 029af5ea90..d8b43964ed 100644 --- a/install_misc/debian-lenny.packages +++ b/install_misc/debian-lenny.packages @@ -29,6 +29,7 @@ libdbd-mysql-perl install libdbd-mysql-perl install libdbd-sqlite2-perl install libdbi-perl install +libdigest-sha-perl install libemail-date-perl install libemail-date-perl install libgcrypt11-dev install diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql b/installer/data/mysql/en/mandatory/sysprefs.sql index b2ace6fcdb..cb0cd042b5 100644 --- a/installer/data/mysql/en/mandatory/sysprefs.sql +++ b/installer/data/mysql/en/mandatory/sysprefs.sql @@ -249,3 +249,4 @@ INSERT INTO systempreferences (variable,value,explanation,options,type)VALUES('v INSERT INTO systempreferences (variable,value,explanation,options,type)VALUES('FilterBeforeOverdueReport','0','Do not run overdue report until filter selected','','YesNo'); INSERT INTO systempreferences (variable,value,options,explanation,type)VALUES('SpineLabelFormat', '', '30|10', 'This preference defines the format for the quick spine label printer. Just list the fields you would like to see in the order you would like to see them, surrounded by <>, for example .', 'Textarea'); INSERT INTO systempreferences (variable,value,options,explanation,type)VALUES('SpineLabelAutoPrint', '0', '', 'If this setting is turned on, a print dialog will automatically pop up for the quick spine label printer.', 'YesNo'); +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('AWSPrivateKey','','See: http://aws.amazon.com','','free'); diff --git a/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql b/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql index 5effe28842..db7671576d 100644 --- a/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql +++ b/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql @@ -251,3 +251,4 @@ INSERT INTO systempreferences (variable,value,explanation,options,type)VALUES('v INSERT INTO systempreferences (variable,value,explanation,options,type)VALUES('FilterBeforeOverdueReport','0','Ne pas lancer le rapport sur les retards tant qu''il n''y a pas de filtre','','YesNo'); INSERT INTO systempreferences (variable,value,options,explanation,type)VALUES('SpineLabelFormat', '', '30|10', 'This preference defines the format for the quick spine label printer. Just list the fields you would like to see in the order you would like to see them, surrounded by <>, for example .', 'Textarea'); INSERT INTO systempreferences (variable,value,options,explanation,type)VALUES('SpineLabelAutoPrint', '0', '', 'If this setting is turned on, a print dialog will automatically pop up for the quick spine label printer.', 'YesNo'); +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('AWSPrivateKey','','See: http://aws.amazon.com','','free'); -- 2.39.5