class Boxr::WebhookValidator

Constants

MAXIMUM_MESSAGE_AGE

Attributes

payload[R]
primary_signature[R]
primary_signature_key[R]
secondary_signature[R]
secondary_signature_key[R]
timestamp[R]

Public Class Methods

new(headers, payload, primary_signature_key: nil, secondary_signature_key: nil) click to toggle source
# File lib/boxr/webhook_validator.rb, line 16
def initialize(headers, payload, primary_signature_key: nil, secondary_signature_key: nil)
  @payload                 = payload
  @timestamp               = headers['BOX-DELIVERY-TIMESTAMP'].to_s
  @primary_signature_key   = primary_signature_key.to_s
  @secondary_signature_key = secondary_signature_key.to_s
  @primary_signature       = headers['BOX-SIGNATURE-PRIMARY']
  @secondary_signature     = headers['BOX-SIGNATURE-SECONDARY']
end

Public Instance Methods

generate_signature(key) click to toggle source
# File lib/boxr/webhook_validator.rb, line 37
def generate_signature(key)
  message_as_bytes = (payload.bytes + timestamp.bytes).pack('U')
  digest = OpenSSL::HMAC.hexdigest('SHA256', key, message_as_bytes)
  Base64.encode64(digest)
end
valid_message?() click to toggle source
# File lib/boxr/webhook_validator.rb, line 25
def valid_message?
  verify_delivery_timestamp && verify_signature
end
verify_delivery_timestamp() click to toggle source
# File lib/boxr/webhook_validator.rb, line 29
def verify_delivery_timestamp
  message_age < MAXIMUM_MESSAGE_AGE
end
verify_signature() click to toggle source
# File lib/boxr/webhook_validator.rb, line 33
def verify_signature
  generate_signature(primary_signature_key) == primary_signature || generate_signature(secondary_signature_key) == secondary_signature
end

Private Instance Methods

current_time() click to toggle source
# File lib/boxr/webhook_validator.rb, line 45
def current_time
  Time.now.utc
end
delivery_time() click to toggle source
# File lib/boxr/webhook_validator.rb, line 49
def delivery_time
  Time.parse(timestamp).utc
rescue ArgumentError
  raise BoxrError.new(boxr_message: "Webhook authenticity not verified: invalid timestamp")
end
message_age() click to toggle source
# File lib/boxr/webhook_validator.rb, line 55
def message_age
  current_time - delivery_time
end