class Wix::Apps::SignedInstance

This class deals with Wix Signed Instance (dev.wix.com/docs/display/DRAF/Using+the+Signed+App+Instance)

Example: si = SignedInstance.new('vrinSv2HB9tqbnJ.…')

Constants

OPTIONAL_PROPERTIES

maps optional instance properties to object attributes

PERMISSIONS_OWNER
REQUIRED_PROPERTIES

maps required instance properties to object attributes

Attributes

raw_signed_instance[RW]
secret_key[RW]
strict_properties[RW]

Public Class Methods

new(raw_signed_instance, options={}) click to toggle source

@param [String] raw_signed_instance The “instance” parameter Wix sends with the request @param [Hash] options Options for

# File lib/wix-apps/signed_instance.rb, line 45
def initialize(raw_signed_instance, options={})
  self.strict_properties = options[:strict_properties].nil? ? true : !!options[:strict_properties]
  self.secret_key = options[:secret_key] || options[:secret] # :secret for backwards compatibility
  raise SignedInstanceNoSecretKey.new('secret key must be provided') if secret_key.nil?
  self.raw_signed_instance = raw_signed_instance
  raise SignedInstanceParseError.new('invalid instance signature') unless instance_signature_valid?

  initialize_from_signed_instance
end

Public Instance Methods

owner_logged_in?() click to toggle source

did the one single site owner log in?

# File lib/wix-apps/signed_instance.rb, line 61
def owner_logged_in?
  # note: site owner id is required so we wouldn't have to check for nil,
  # but this method's output can be very important and I'm paranoid. ;)
  !site_owner_id.nil? && site_owner_id == uid
end
owner_permissions?() click to toggle source

owner or site collaborator visiting?

# File lib/wix-apps/signed_instance.rb, line 56
def owner_permissions?
  permissions == PERMISSIONS_OWNER
end

Private Instance Methods

initialize_from_signed_instance() click to toggle source

initializes object attributes from parsed instance

# File lib/wix-apps/signed_instance.rb, line 86
def initialize_from_signed_instance
  encoded_json = raw_signed_instance.split('.', 2).last

  # Need to add Base64 padding.
  # (http://stackoverflow.com/questions/4987772/decoding-facebooks-signed-request-in-ruby-sinatra)
  padded_json = encoded_json
  padded_json += ('=' * (4 - encoded_json.length % 4)) if padded_json.length % 4 != 0

  begin
    json = Base64.urlsafe_decode64(padded_json)
    signed_instance = MultiJson.load(json)
  rescue ArgumentError, MultiJson::ParseError => e
    raise SignedInstanceParseError.new(e.message)
  end

  # set all required instance properties
  REQUIRED_PROPERTIES.each { |instance_key, attribute|
    instance_value = signed_instance[instance_key]
    raise SignedInstanceParseError.new("missing instance property: #{instance_key}") if strict_properties && instance_value.nil?
    send "#{attribute}=", instance_value
  }
  # overwrite sign date with real DateTime object
  self.sign_date = DateTime.parse(sign_date) if strict_properties || sign_date

  # set all optional instance properties (if set)
  OPTIONAL_PROPERTIES.each { |instance_key, attribute|
    send "#{attribute}=", signed_instance[instance_key] if signed_instance.has_key? instance_key
  }
end
instance_signature_valid?() click to toggle source

validates signature

# File lib/wix-apps/signed_instance.rb, line 74
def instance_signature_valid?
  signature, encoded_json = (raw_signed_instance || '').split('.', 2)
  return false if signature.nil? || encoded_json.nil?

  digest = OpenSSL::Digest.new('sha256')
  hmac_digest = OpenSSL::HMAC.digest(digest, secret_key, encoded_json)
  my_signature = Base64.urlsafe_encode64(hmac_digest).gsub('=', '')

  my_signature == signature
end