Sha256: 5594493ae7330bf9bb167f1b40d022a0d63db7baf61e7ac12b7eb9fb3eb90a61

Contents?: true

Size: 1.64 KB

Versions: 44

Compression:

Stored size: 1.64 KB

Contents

module Rack
  # Middleware that authenticates webhooks from Twilio using the request
  # validator.
  #
  # The middleware takes an auth token with which to set up the request
  # validator and any number of paths. When a path matches the incoming request
  # path, the request will be checked for authentication.
  #
  # Example:
  #
  # require 'rack'
  # use Rack::TwilioWebhookAuthentication, ENV['AUTH_TOKEN'], /\/messages/
  #
  # The above appends this middleware to the stack, using an auth token saved in
  # the ENV and only against paths that match /\/messages/. If the request
  # validates then it gets passed on to the action as normal. If the request
  # doesn't validate then the middleware responds immediately with a 403 status.

  class TwilioWebhookAuthentication
    def initialize(app, auth_token, *paths, &auth_token_lookup)
      @app = app
      @auth_token = auth_token
      define_singleton_method(:get_auth_token, auth_token_lookup) if block_given?
      @path_regex = Regexp.union(paths)
    end

    def call(env)
      return @app.call(env) unless env["PATH_INFO"].match(@path_regex)
      request = Rack::Request.new(env)
      original_url = request.url
      params = request.post? ? request.POST : {}
      auth_token = @auth_token || get_auth_token(params['AccountSid'])
      validator = Twilio::Util::RequestValidator.new(auth_token)
      signature = env['HTTP_X_TWILIO_SIGNATURE'] || ""
      if validator.validate(original_url, params, signature)
        @app.call(env)
      else
        [
          403,
          {'Content-Type' => 'text/plain'},
          ["Twilio Request Validation Failed."]
        ]
      end
    end
  end

end

Version data entries

44 entries across 44 versions & 1 rubygems

Version Path
twilio-ruby-4.13.0 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.12.1 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-5.0.0.rc10 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-5.0.0.rc9 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-5.0.0.rc8 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-5.0.0.rc7 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-5.0.0.rc5 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-5.0.0.rc4 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-5.0.0.rc3 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.11.1 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.11.0 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-5.0.0.rc2 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.10.0.edge lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.10.0 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.9.1 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.9.1.edge lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.9.0 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.9.0.edge lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.8.0 lib/rack/twilio_webhook_authentication.rb
twilio-ruby-4.7.0 lib/rack/twilio_webhook_authentication.rb