Class: Pusher::WebHook

Inherits:

Object

• Object
• Pusher::WebHook

Defined in:

lib/pusher/webhook.rb

Overview

Used to parse and authenticate WebHooks

Examples:

Sinatra

post '/webhooks' do
  webhook = Pusher::WebHook.new(request)
  if webhook.valid?
    webhook.events.each do |event|
      case event["name"]
      when 'channel_occupied'
        puts "Channel occupied: #{event["channel"]}"
      when 'channel_vacated'
        puts "Channel vacated: #{event["channel"]}"
      end
    end
  else
    status 401
  end
  return
end

Instance Attribute Summary

• #key ⇒ Object readonly

  Returns the value of attribute key.

• #signature ⇒ Object readonly

  Returns the value of attribute signature.

Instance Method Summary

• #data ⇒ Object

  Access the parsed WebHook body.

• #events ⇒ Object

  Array of events (as Hashes) contained inside the webhook.

• #initialize(request, client = Pusher) ⇒ WebHook constructor

  Provide either a Rack::Request or a Hash containing :key, :signature, :body, and :content_type (optional).

• #time ⇒ Time

  The time at which the WebHook was initially triggered by Pusher, i.e.

• #valid?(extra_tokens = nil) ⇒ Boolean

  Returns whether the WebHook is valid by checking that the signature matches the configured key & secret.

Constructor Details

#initialize(request, client = Pusher) ⇒ WebHook

Provide either a Rack::Request or a Hash containing :key, :signature, :body, and :content_type (optional)

# File 'lib/pusher/webhook.rb', line 31

def initialize(request, client = Pusher)
  @client = client
  # For Rack::Request and ActionDispatch::Request
  if request.respond_to?(:env) && request.respond_to?(:content_type)
    @key = request.env['HTTP_X_PUSHER_KEY']
    @signature = request.env["HTTP_X_PUSHER_SIGNATURE"]
    # Rails 7.1+ changed content_type to return the full header value
    # (e.g. "application/json; charset=utf-8"). Use media_type when
    # available (ActionDispatch::Request) to get just the MIME type.
    @content_type = request.respond_to?(:media_type) ? request.media_type : request.content_type

    request.body.rewind
    @body = request.body.read
    request.body.rewind
  else
    @key, @signature, @body = request.values_at(:key, :signature, :body)
    @content_type = request[:content_type] || 'application/json'
  end
end

Instance Attribute Details

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/pusher/webhook.rb', line 26

def key
  @key
end

#signature ⇒ Object (readonly)

Returns the value of attribute signature.

# File 'lib/pusher/webhook.rb', line 26

def signature
  @signature
end

Instance Method Details

#data ⇒ Object

Access the parsed WebHook body

# File 'lib/pusher/webhook.rb', line 87

def data
  @data ||= begin
    case @content_type
    when 'application/json'
      MultiJson.load(@body)
    else
      raise "Unknown Content-Type (#{@content_type})"
    end
  end
end

#events ⇒ Object

Array of events (as Hashes) contained inside the webhook

# File 'lib/pusher/webhook.rb', line 72

def events
  data["events"]
end

#time ⇒ Time

The time at which the WebHook was initially triggered by Pusher, i.e. when the event occurred

Returns:

• (Time)

# File 'lib/pusher/webhook.rb', line 81

def time
  Time.at(data["time_ms"].to_f/1000)
end

#valid?(extra_tokens = nil) ⇒ Boolean

Returns whether the WebHook is valid by checking that the signature matches the configured key & secret. In the case that the webhook is invalid, the reason is logged

Parameters:

• extra_tokens (Hash) (defaults to: nil) —

  If you have extra tokens for your Pusher app, you can specify them so that they’re used to attempt validation.

Returns:

• (Boolean)

# File 'lib/pusher/webhook.rb', line 57

def valid?(extra_tokens = nil)
  extra_tokens = [extra_tokens] if extra_tokens.kind_of?(Hash)
  if @key == @client.key
    return check_signature(@client.secret)
  elsif extra_tokens
    extra_tokens.each do |token|
      return check_signature(token[:secret]) if @key == token[:key]
    end
  end
  Pusher.logger.warn "Received webhook with unknown key: #{key}"
  return false
end