Contents

module StripeEvent
  class WebhookController < ActionController::Base
    if Rails.application.config.action_controller.default_protect_from_forgery
      skip_before_action :verify_authenticity_token
    end

    def event
      StripeEvent.instrument(verified_event)
      head :ok
    rescue Stripe::SignatureVerificationError => e
      log_error(e)
      head :bad_request
    end

    private

    def verified_event
      payload          = request.body.read
      signature        = request.headers['Stripe-Signature']
      possible_secrets = secrets(payload, signature)

      possible_secrets.each_with_index do |secret, i|
        begin
          return Stripe::Webhook.construct_event(payload, signature, secret.to_s)
        rescue Stripe::SignatureVerificationError
          raise if i == possible_secrets.length - 1
          next
        end
      end
    end

    def secrets(payload, signature)
      return StripeEvent.signing_secrets if StripeEvent.signing_secret
      raise Stripe::SignatureVerificationError.new(
              "Cannot verify signature without a `StripeEvent.signing_secret`",
              signature, http_body: payload)
    end

    def log_error(e)
      logger.error e.message
      e.backtrace.each { |line| logger.error "  #{line}" }
    end
  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version	Path
stripe_event-2.5.0	app/controllers/stripe_event/webhook_controller.rb
stripe_event-2.4.0	app/controllers/stripe_event/webhook_controller.rb
stripe_event-2.3.2	app/controllers/stripe_event/webhook_controller.rb
stripe_event-2.3.1	app/controllers/stripe_event/webhook_controller.rb
stripe_event-2.3.0	app/controllers/stripe_event/webhook_controller.rb
stripe_event-2.2.0	app/controllers/stripe_event/webhook_controller.rb
stripe_event-2.1.1	app/controllers/stripe_event/webhook_controller.rb