module IntercomApp::WebhookVerification

Private Instance Methods

hmac_valid?(payload_body) click to toggle source
# File lib/intercom-app/webhook_verification.rb, line 15
def hmac_valid?(payload_body)
  secret = IntercomApp.configuration.hub_secret
  signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), secret, payload_body)
  Rack::Utils.secure_compare(signature, intercom_hmac)
end
intercom_hmac() click to toggle source
# File lib/intercom-app/webhook_verification.rb, line 21
def intercom_hmac
  request.headers['X-Hub-Signature']
end
verify_request() click to toggle source
# File lib/intercom-app/webhook_verification.rb, line 10
def verify_request
  body = request.body.read
  return head :unauthorized unless hmac_valid?(body)
end