Sha256: 893db42aef139ca63669cc70f6e2a6dd4d9aab666dc5ff364324fa5208796950

Contents?: true

Size: 886 Bytes

Versions: 5

Compression:

Stored size: 886 Bytes

Contents

# typed: strict
# frozen_string_literal: true

module Authable
  extend T::Sig

  include ActionDispatch::Http::Cache::Response

  include ActionController::Helpers::ClassMethods
  include ActionController::HttpAuthentication::Basic::ControllerMethods
  include BodyParameter::YettoParameters

  SHA256_DIGEST = OpenSSL::Digest.new("sha256")

  sig { void }
  def from_yetto?
    return bad_request if request.headers.blank?

    yetto_signature = request.headers.fetch(Headers::Yetto::HEADER_SIGNATURE, "")

    return bad_request unless yetto_signature.start_with?("sha256=")

    hmac_header = yetto_signature.split("sha256=").last
    body = request.env["RAW_POST_DATA"]

    calculated_hmac = OpenSSL::HMAC.hexdigest(SHA256_DIGEST, YETTO_PLUG_APP_TOKEN, body)

    return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)

    bad_request
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
hephaestus-0.1.3 templates/app/controllers/concerns/authable.rb
hephaestus-0.1.2 templates/app/controllers/concerns/authable.rb
hephaestus-0.1.1 templates/app/controllers/concerns/authable.rb
hephaestus-0.0.2 templates/app/controllers/concerns/authable.rb
hephaestus-0.0.1 templates/app/controllers/concerns/authable.rb