class Nexmo::Signature
Public Class Methods
new(config)
click to toggle source
# File lib/nexmo/signature.rb, line 9 def initialize(config) @config = config end
Public Instance Methods
check(params, signature_method: @config.signature_method)
click to toggle source
Check webhook request signature.
@example
client = Nexmo::Client.new client.config.signature_secret = 'secret' client.config.signature_method = 'sha512' if client.signature.check(request.GET) # valid signature else # invalid signature end
@param [Hash] params
@see developer.nexmo.com/concepts/guides/signing-messages
# File lib/nexmo/signature.rb, line 30 def check(params, signature_method: @config.signature_method) params = params.dup signature = params.delete('sig') ::JWT::SecurityUtils.secure_compare(signature, digest(params, signature_method)) end
Private Instance Methods
digest(params, signature_method)
click to toggle source
# File lib/nexmo/signature.rb, line 40 def digest(params, signature_method) digest_string = params.sort.map { |k, v| "&#{k}=#{v.tr('&=', '_')}" }.join case signature_method when 'md5', 'sha1', 'sha256', 'sha512' OpenSSL::HMAC.hexdigest(signature_method, @config.signature_secret, digest_string).upcase when 'md5hash' Digest::MD5.hexdigest("#{digest_string}#{@config.signature_secret}") else raise ArgumentError, "Unknown signature algorithm: #{signature_method}. Expected: md5hash, md5, sha1, sha256, or sha512." end end