class Restcomm::Util::RequestValidator
Public Class Methods
new(auth_token = nil)
click to toggle source
# File lib/restcomm-ruby/util/request_validator.rb 5 def initialize(auth_token = nil) 6 @auth_token = auth_token || Restcomm.auth_token 7 raise ArgumentError, 'Auth token is required' if @auth_token.nil? 8 end
Public Instance Methods
build_signature_for(url, params)
click to toggle source
# File lib/restcomm-ruby/util/request_validator.rb 15 def build_signature_for(url, params) 16 data = url + params.sort.join 17 digest = OpenSSL::Digest.new('sha1') 18 Base64.encode64(OpenSSL::HMAC.digest(digest, @auth_token, data)).strip 19 end
validate(url, params, signature)
click to toggle source
# File lib/restcomm-ruby/util/request_validator.rb 10 def validate(url, params, signature) 11 expected = build_signature_for url, params 12 secure_compare(expected, signature) 13 end
Private Instance Methods
secure_compare(a, b)
click to toggle source
Compares two strings in constant time to avoid timing attacks. Borrowed from ActiveSupport::MessageVerifier. github.com/rails/rails/blob/master/activesupport/lib/active_support/message_verifier.rb
# File lib/restcomm-ruby/util/request_validator.rb 26 def secure_compare(a, b) 27 return false unless a.bytesize == b.bytesize 28 29 l = a.unpack("C#{a.bytesize}") 30 31 res = 0 32 b.each_byte { |byte| res |= byte ^ l.shift } 33 res == 0 34 end