Class: MaliPoPay::Webhooks::Verifier

Inherits:

Object

Object
MaliPoPay::Webhooks::Verifier

show all

Defined in:: lib/malipopay/webhooks/verifier.rb

Constant Summary collapse

TOLERANCE_IN_SECONDS = 5 minutes

Class Method Summary collapse

.sign(payload, secret, timestamp: nil) ⇒ String

Generate an HMAC signature for a payload.

Instance Method Summary collapse

#construct_event(payload, signature, timestamp: nil) ⇒ Hash

Verify and parse a webhook event.
#initialize(secret) ⇒ Verifier constructor

A new instance of Verifier.
#verify(payload, signature, timestamp: nil) ⇒ Boolean

Verify a webhook signature.

Constructor Details

#initialize(secret) ⇒ `Verifier`

Returns a new instance of Verifier.



11
12
13

# File 'lib/malipopay/webhooks/verifier.rb', line 11

def initialize(secret)
  @secret = secret
end

Class Method Details

.sign(payload, secret, timestamp: nil) ⇒ `String`

Generate an HMAC signature for a payload

Parameters:

payload (String) —

Raw payload string
secret (String) —

Webhook secret
timestamp (String, nil) (defaults to: nil) —

Optional timestamp to include in signature

Returns:

(String) —

Hex-encoded HMAC-SHA256 signature

# File 'lib/malipopay/webhooks/verifier.rb', line 51

def self.sign(payload, secret, timestamp: nil)
  signed_payload = timestamp ? "#{timestamp}.#{payload}" : payload
  OpenSSL::HMAC.hexdigest("SHA256", secret, signed_payload)
end

Instance Method Details

#construct_event(payload, signature, timestamp: nil) ⇒ `Hash`

Verify and parse a webhook event

Parameters:

payload (String) —

Raw request body
signature (String) —

Signature from header
timestamp (String, nil) (defaults to: nil) —

Timestamp from header

Returns:

(Hash) —

Parsed event data

Raises:

(MaliPoPay::Error) —

If signature is invalid

# File 'lib/malipopay/webhooks/verifier.rb', line 38

def construct_event(payload, signature, timestamp: nil)
  unless verify(payload, signature, timestamp: timestamp)
    raise MaliPoPay::AuthenticationError.new("Invalid webhook signature")
  end

  JSON.parse(payload)
end

#verify(payload, signature, timestamp: nil) ⇒ `Boolean`

Verify a webhook signature

Parameters:

payload (String) —

Raw request body
signature (String) —

Signature from X-MaliPoPay-Signature header
timestamp (String, nil) (defaults to: nil) —

Timestamp from X-MaliPoPay-Timestamp header

Returns:

(Boolean) —

Whether the signature is valid

# File 'lib/malipopay/webhooks/verifier.rb', line 20

def verify(payload, signature, timestamp: nil)
  return false if signature.nil? || signature.empty?

  if timestamp
    ts = timestamp.to_i
    return false if (Time.now.to_i - ts).abs > TOLERANCE_IN_SECONDS
  end

  expected = self.class.sign(payload, @secret, timestamp: timestamp)
  secure_compare(expected, signature)
end

Class: MaliPoPay::Webhooks::Verifier

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(secret) ⇒ Verifier

Class Method Details

.sign(payload, secret, timestamp: nil) ⇒ String

Instance Method Details

#construct_event(payload, signature, timestamp: nil) ⇒ Hash

#verify(payload, signature, timestamp: nil) ⇒ Boolean

#initialize(secret) ⇒ `Verifier`

.sign(payload, secret, timestamp: nil) ⇒ `String`

#construct_event(payload, signature, timestamp: nil) ⇒ `Hash`

#verify(payload, signature, timestamp: nil) ⇒ `Boolean`