module ShopifyAPI::Utils::HmacValidator

Public Class Methods

validate(verifiable_query) click to toggle source
# File lib/shopify_api/utils/hmac_validator.rb, line 13
def validate(verifiable_query)
  return false unless verifiable_query.hmac

  result = validate_signature(verifiable_query, Context.api_secret_key)
  if result || Context.old_api_secret_key.nil? || T.must(Context.old_api_secret_key).empty?
    result
  else
    validate_signature(verifiable_query, T.must(Context.old_api_secret_key))
  end
end

Private Class Methods

compute_signature(signable_string, secret) click to toggle source
# File lib/shopify_api/utils/hmac_validator.rb, line 34
def compute_signature(signable_string, secret)
  OpenSSL::HMAC.hexdigest(
    OpenSSL::Digest.new("sha256"),
    secret,
    signable_string,
  )
end
validate_signature(verifiable_query, secret) click to toggle source
# File lib/shopify_api/utils/hmac_validator.rb, line 27
def validate_signature(verifiable_query, secret)
  received_signature = verifiable_query.hmac
  computed_signature = compute_signature(verifiable_query.to_signable_string, secret)
  OpenSSL.secure_compare(computed_signature, T.must(received_signature))
end