module CoinbaseCommerce::Webhook::WebhookSignature

Public Class Methods

verify_header(payload, sig_header, secret) click to toggle source
# File lib/coinbase_commerce/webhooks.rb, line 18
def self.verify_header(payload, sig_header, secret)
  unless [payload, sig_header, secret].all?
    raise CoinbaseCommerce::Errors::WebhookInvalidPayload.new(
        "Missing payload or signature",
        sig_header, http_body: payload)
  end
  expected_sig = compute_signature(payload, secret)
  unless secure_compare(expected_sig, sig_header)
    raise CoinbaseCommerce::Errors::SignatureVerificationError.new(
        "No signatures found matching the expected signature for payload",
        sig_header, http_body: payload
    )
  end
  true
end

Private Class Methods

compute_signature(payload, secret) click to toggle source
# File lib/coinbase_commerce/webhooks.rb, line 45
def self.compute_signature(payload, secret)
  OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), secret, payload)
end
secure_compare(a, b) click to toggle source
# File lib/coinbase_commerce/webhooks.rb, line 34
def self.secure_compare(a, b)
  return false unless a.bytesize == b.bytesize

  l = a.unpack "C#{a.bytesize}"
  res = 0
  b.each_byte {|byte| res |= byte ^ l.shift}
  res.zero?
end