RubygemsResearch

Sha256: 0fb88946a0a744a6f7f8db0b9a9e17769a4b18bd31ef2fe83a2014c528cbe9de

Contents?: true

Size: 1.52 KB

Versions: 35

Compression:

Stored size: 1.52 KB

# typed: false
# frozen_string_literal: true

module Hephaestus
  module ValidatesFromYetto
    SHA256_DIGEST = OpenSSL::Digest.new("sha256")

    extend ActiveSupport::Concern

    include Hephaestus::Responses

    def from_yetto?
      return bad_request if request.headers.blank?

      yetto_signature = request.headers.fetch(Hephaestus::Headers::HEADER_SIGNATURE, "")

      return bad_request unless yetto_signature.start_with?("sha256=")

      hmac_header = yetto_signature.split("sha256=").last
      body = request.env.fetch("RAW_POST_DATA", "")

      calculated_hmac = OpenSSL::HMAC.hexdigest(SHA256_DIGEST, Hephaestus::YETTO_SIGNING_SECRET, body)

      return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)

      bad_request
    end

    def from_yetto_inline?
      return bad_request if request.headers.blank?

      yetto_signature = request.headers.fetch(Hephaestus::Headers::HEADER_SIGNATURE, "")

      return bad_request unless yetto_signature.start_with?("sha256=")

      hmac_header = yetto_signature.split("sha256=").last
      body = params["encrypted_payload"]

      @payload = T.let(ActiveSupport::MessageEncryptor.new(Hephaestus::YETTO_SIGNING_SECRET, url_safe: true, serializer: :json).decrypt_and_verify(body), T.nilable(String))
      calculated_hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), Hephaestus::YETTO_SIGNING_SECRET, @payload)

      return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)

      bad_request
    end
  end
end

Version data entries

35 entries across 35 versions & 1 rubygems

Version	Path
hephaestus-0.8.15.5	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.15.4	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.15.3	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.15.2	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.15.1	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.15	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.14	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.13	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.12.2	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.12.1	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.12	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.11	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.10	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.9.2	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.9.1	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.9	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.8	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.7.5	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.7.4	app/controllers/concerns/hephaestus/validates_from_yetto.rb
hephaestus-0.8.7.3	app/controllers/concerns/hephaestus/validates_from_yetto.rb