class Boxr::WebhookValidator
Constants
- MAXIMUM_MESSAGE_AGE
Attributes
payload[R]
primary_signature[R]
primary_signature_key[R]
secondary_signature[R]
secondary_signature_key[R]
timestamp[R]
Public Class Methods
new(headers, payload, primary_signature_key: nil, secondary_signature_key: nil)
click to toggle source
# File lib/boxr/webhook_validator.rb, line 16 def initialize(headers, payload, primary_signature_key: nil, secondary_signature_key: nil) @payload = payload @timestamp = headers['BOX-DELIVERY-TIMESTAMP'].to_s @primary_signature_key = primary_signature_key.to_s @secondary_signature_key = secondary_signature_key.to_s @primary_signature = headers['BOX-SIGNATURE-PRIMARY'] @secondary_signature = headers['BOX-SIGNATURE-SECONDARY'] end
Public Instance Methods
generate_signature(key)
click to toggle source
# File lib/boxr/webhook_validator.rb, line 37 def generate_signature(key) message_as_bytes = (payload.bytes + timestamp.bytes).pack('U') digest = OpenSSL::HMAC.hexdigest('SHA256', key, message_as_bytes) Base64.encode64(digest) end
valid_message?()
click to toggle source
# File lib/boxr/webhook_validator.rb, line 25 def valid_message? verify_delivery_timestamp && verify_signature end
verify_delivery_timestamp()
click to toggle source
# File lib/boxr/webhook_validator.rb, line 29 def verify_delivery_timestamp message_age < MAXIMUM_MESSAGE_AGE end
verify_signature()
click to toggle source
# File lib/boxr/webhook_validator.rb, line 33 def verify_signature generate_signature(primary_signature_key) == primary_signature || generate_signature(secondary_signature_key) == secondary_signature end
Private Instance Methods
current_time()
click to toggle source
# File lib/boxr/webhook_validator.rb, line 45 def current_time Time.now.utc end
delivery_time()
click to toggle source
# File lib/boxr/webhook_validator.rb, line 49 def delivery_time Time.parse(timestamp).utc rescue ArgumentError raise BoxrError.new(boxr_message: "Webhook authenticity not verified: invalid timestamp") end
message_age()
click to toggle source
# File lib/boxr/webhook_validator.rb, line 55 def message_age current_time - delivery_time end