class Restcomm::Util::RequestValidator

Public Class Methods

new(auth_token = nil) click to toggle source
  # File lib/restcomm-ruby/util/request_validator.rb
5 def initialize(auth_token = nil)
6   @auth_token = auth_token || Restcomm.auth_token
7   raise ArgumentError, 'Auth token is required' if @auth_token.nil?
8 end

Public Instance Methods

build_signature_for(url, params) click to toggle source
   # File lib/restcomm-ruby/util/request_validator.rb
15 def build_signature_for(url, params)
16   data = url + params.sort.join
17   digest = OpenSSL::Digest.new('sha1')
18   Base64.encode64(OpenSSL::HMAC.digest(digest, @auth_token, data)).strip
19 end
validate(url, params, signature) click to toggle source
   # File lib/restcomm-ruby/util/request_validator.rb
10 def validate(url, params, signature)
11   expected = build_signature_for url, params
12   secure_compare(expected, signature)
13 end

Private Instance Methods

secure_compare(a, b) click to toggle source

Compares two strings in constant time to avoid timing attacks. Borrowed from ActiveSupport::MessageVerifier. github.com/rails/rails/blob/master/activesupport/lib/active_support/message_verifier.rb

   # File lib/restcomm-ruby/util/request_validator.rb
26 def secure_compare(a, b)
27   return false unless a.bytesize == b.bytesize
28 
29   l = a.unpack("C#{a.bytesize}")
30 
31   res = 0
32   b.each_byte { |byte| res |= byte ^ l.shift }
33   res == 0
34 end