Module: Fizzy::Webhooks::Verify

Defined in:: lib/fizzy/webhooks/verify.rb

Overview

HMAC-SHA256 signature verification for webhook payloads.

Class Method Summary collapse

.compute_signature(payload:, secret:) ⇒ Object

Computes the HMAC-SHA256 signature for a webhook payload.
.valid?(payload:, signature:, secret:) ⇒ Boolean

Verifies an HMAC-SHA256 signature for a webhook payload.

Class Method Details

.compute_signature(payload:, secret:) ⇒ `Object`

Computes the HMAC-SHA256 signature for a webhook payload.



20
21
22

# File 'lib/fizzy/webhooks/verify.rb', line 20

def self.compute_signature(payload:, secret:)
  OpenSSL::HMAC.hexdigest("SHA256", secret, payload)
end

.valid?(payload:, signature:, secret:) ⇒ `Boolean`

Verifies an HMAC-SHA256 signature for a webhook payload. Returns false if secret or signature is empty/nil.

Returns:

(Boolean)

# File 'lib/fizzy/webhooks/verify.rb', line 11

def self.valid?(payload:, signature:, secret:)
  return false if secret.nil? || secret.empty?
  return false if signature.nil? || signature.empty?

  expected = compute_signature(payload: payload, secret: secret)
  secure_compare(expected, signature)
end