Contents

# frozen_string_literal: true

require 'digest/md5'

module Uploadcare
  module Param
    # This object verifies a signature received along with webhook headers
    class WebhookSignatureVerifier
      # @see https://uploadcare.com/docs/security/secure-webhooks/
      def self.valid?(options = {})
        webhook_body_json = options[:webhook_body]
        signing_secret = options[:signing_secret] || ENV.fetch('UC_SIGNING_SECRET', nil)
        x_uc_signature_header = options[:x_uc_signature_header]

        digest = OpenSSL::Digest.new('sha256')

        calculated_signature = "v1=#{OpenSSL::HMAC.hexdigest(digest, signing_secret, webhook_body_json)}"

        calculated_signature == x_uc_signature_header
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version	Path
uploadcare-ruby-4.4.3	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.4.2	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.4.1	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.4.0	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.3.6	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.3.5	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.3.4	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.3.3	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.3.2	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.3.1	lib/uploadcare/param/webhook_signature_verifier.rb
uploadcare-ruby-4.3.0	lib/uploadcare/param/webhook_signature_verifier.rb