Sha256: 0909f8550c0e98a2061c3c69cd901b1620fbd5850c15472c0c9020c537961b06
Contents?: true
Size: 1.03 KB
Versions: 5
Compression:
Stored size: 1.03 KB
Contents
# frozen_string_literal: true module DuodealerApp module AppProxyVerification extend ActiveSupport::Concern included do skip_before_action :verify_authenticity_token, raise: false before_action :verify_proxy_request end def verify_proxy_request return head :forbidden unless query_string_valid?(request.query_string) end private def query_string_valid?(query_string) query_hash = Rack::Utils.parse_query(query_string) signature = query_hash.delete("signature") return false if signature.nil? ActiveSupport::SecurityUtils.secure_compare( calculated_signature(query_hash), signature ) end def calculated_signature(query_hash_without_signature) sorted_params = query_hash_without_signature.collect { |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join OpenSSL::HMAC.hexdigest( OpenSSL::Digest.new("sha256"), DuodealerApp.configuration.secret, sorted_params ) end end end
Version data entries
5 entries across 5 versions & 1 rubygems