Sha256: 7a810c06ca6b25241d4064dafe6791cae45a0e5952b99515076fc922a4e65d14
Contents?: true
Size: 1.46 KB
Versions: 5
Compression:
Stored size: 1.46 KB
Contents
module Rack # Middleware that authenticates webhooks from Twilio using the request # validator. # # The middleware takes an auth token with which to set up the request # validator and any number of paths. When a path matches the incoming request # path, the request will be checked for authentication. # # Example: # # require 'rack' # use Rack::TwilioWebhookAuthentication, ENV['AUTH_TOKEN'], /\/messages/ # # The above appends this middleware to the stack, using an auth token saved in # the ENV and only against paths that match /\/messages/. If the request # validates then it gets passed on to the action as normal. If the request # doesn't validate then the middleware responds immediately with a 403 status. class TwilioWebhookAuthentication def initialize(app, auth_token, *paths) @app = app @auth_token = auth_token @path_regex = Regexp.union(paths) end def call(env) return @app.call(env) unless env["PATH_INFO"].match(@path_regex) validator = Twilio::Util::RequestValidator.new(@auth_token) request = Rack::Request.new(env) original_url = request.url params = request.post? ? request.POST : {} signature = env['HTTP_X_TWILIO_SIGNATURE'] if validator.validate(original_url, params, signature) @app.call(env) else [ 403, {'Content-Type' => 'text/plain'}, ["Twilio Request Validation Failed."] ] end end end end
Version data entries
5 entries across 5 versions & 1 rubygems