Sha256: 6974acdb8c3256e90a204f8710eddf21a6baa204437677512f517c1fe47d3771

Contents?: true

Size: 949 Bytes

Versions: 4

Compression:

Stored size: 949 Bytes

Contents

module SpiffyStoresApp
  module WebhookVerification
    extend ActiveSupport::Concern

    included do
      skip_before_action :verify_authenticity_token, raise: false
      before_action :verify_request
    end

    private

    def verify_request
      data = request.raw_post
      return head :unauthorized unless hmac_valid?(data)
    end

    def hmac_valid?(data)
      secret = SpiffyStoresApp.configuration.secret
      digest = OpenSSL::Digest.new('sha256')
      encoded_params = JSON.parse(data).map {|i| "#{URI.escape(i[0].to_s, '&=%')}=#{URI.escape(i[1].to_s, '&%')}"}.sort.join('&')
      ActiveSupport::SecurityUtils.secure_compare(
        spiffy_stores_hmac,
        OpenSSL::HMAC.hexdigest(digest, secret, encoded_params)
      )
    end

    def shop_domain
      request.headers['HTTP_X_SPIFFY_STORES_SHOP_DOMAIN']
    end

    def spiffy_stores_hmac
      request.headers['HTTP_X_SPIFFY_STORES_HMAC_SHA256']
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
spiffy_stores_app-8.2.10 lib/spiffy_stores_app/controller_concerns/webhook_verification.rb
spiffy_stores_app-8.2.9 lib/spiffy_stores_app/controller_concerns/webhook_verification.rb
spiffy_stores_app-8.2.8 lib/spiffy_stores_app/controller_concerns/webhook_verification.rb
spiffy_stores_app-8.2.7 lib/spiffy_stores_app/controller_concerns/webhook_verification.rb