Sha256: 0909f8550c0e98a2061c3c69cd901b1620fbd5850c15472c0c9020c537961b06

Contents?: true

Size: 1.03 KB

Versions: 5

Compression:

Stored size: 1.03 KB

Contents

# frozen_string_literal: true

module DuodealerApp
  module AppProxyVerification
    extend ActiveSupport::Concern

    included do
      skip_before_action :verify_authenticity_token, raise: false
      before_action :verify_proxy_request
    end

    def verify_proxy_request
      return head :forbidden unless query_string_valid?(request.query_string)
    end

    private
      def query_string_valid?(query_string)
        query_hash = Rack::Utils.parse_query(query_string)

        signature = query_hash.delete("signature")
        return false if signature.nil?

        ActiveSupport::SecurityUtils.secure_compare(
          calculated_signature(query_hash),
          signature
        )
      end

      def calculated_signature(query_hash_without_signature)
        sorted_params = query_hash_without_signature.collect { |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join

        OpenSSL::HMAC.hexdigest(
          OpenSSL::Digest.new("sha256"),
          DuodealerApp.configuration.secret,
          sorted_params
        )
      end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
duodealer_app-1.0.4 lib/duodealer_app/controller_concerns/app_proxy_verification.rb
duodealer_app-1.0.3 lib/duodealer_app/controller_concerns/app_proxy_verification.rb
duodealer_app-1.0.2 lib/duodealer_app/controller_concerns/app_proxy_verification.rb
duodealer_app-1.0.1 lib/duodealer_app/controller_concerns/app_proxy_verification.rb
duodealer_app-1.0.0 lib/duodealer_app/controller_concerns/app_proxy_verification.rb