Module: Stripe::Webhook

Defined in:
lib/stripe/webhook.rb

Defined Under Namespace

Modules: Signature

Constant Summary collapse

DEFAULT_TOLERANCE = 
300

Class Method Summary collapse

Class Method Details

.construct_event(payload, sig_header, secret, tolerance: DEFAULT_TOLERANCE) ⇒ Object

Initializes an Event object from a JSON payload.

This may raise JSON::ParserError if the payload is not valid JSON, or SignatureVerificationError if the signature verification fails.



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/stripe/webhook.rb', line 11

def self.construct_event(payload, sig_header, secret,
                         tolerance: DEFAULT_TOLERANCE)
  Signature.verify_header(payload, sig_header, secret, tolerance: tolerance)

  # It's a good idea to parse the payload only after verifying it. We use
  # `symbolize_names` so it would otherwise be technically possible to
  # flood a target's memory if they were on an older version of Ruby that
  # doesn't GC symbols. It also decreases the likelihood that we receive a
  # bad payload that fails to parse and throws an exception.
  data = JSON.parse(payload, symbolize_names: true)

  if data[:object] == "v2.core.event"
    raise ArgumentError,
          "You passed an event notification to Webhook.construct_event, which expects " \
          "a webhook payload. Use StripeClient#parse_event_notification instead."
  end

  Event.construct_from(data, {}, nil, :v1, APIRequestor.active_requestor)
end