Sha256: 9387dea06dc2524cea1ac14c8e7652ea15b34286aaaa67366fee0f79ae0674c0

Contents?: true

Size: 994 Bytes

Versions: 6

Compression:

Stored size: 994 Bytes

Contents

module SpiffyStoresApp
  module AppProxyVerification
    extend ActiveSupport::Concern

    included do
      skip_before_action :verify_authenticity_token, raise: false
      before_action :verify_proxy_request
    end

    def verify_proxy_request
      return head :forbidden unless query_string_valid?(request.query_string)
    end

    private

    def query_string_valid?(query_string)
      query_hash = Rack::Utils.parse_query(query_string)

      signature = query_hash.delete('signature')
      return false if signature.nil?

      ActiveSupport::SecurityUtils.secure_compare(
        calculated_signature(query_hash),
        signature
      )
    end

    def calculated_signature(query_hash_without_signature)
      sorted_params = query_hash_without_signature.collect{|k,v| "#{k}=#{Array(v).join(',')}"}.sort.join

      OpenSSL::HMAC.hexdigest(
        OpenSSL::Digest.new('sha256'),
        SpiffyStoresApp.configuration.secret,
        sorted_params
      )
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
spiffy_stores_app-8.2.11 lib/spiffy_stores_app/controller_concerns/app_proxy_verification.rb
spiffy_stores_app-8.2.10 lib/spiffy_stores_app/controller_concerns/app_proxy_verification.rb
spiffy_stores_app-8.2.9 lib/spiffy_stores_app/controller_concerns/app_proxy_verification.rb
spiffy_stores_app-8.2.8 lib/spiffy_stores_app/controller_concerns/app_proxy_verification.rb
spiffy_stores_app-8.2.7 lib/spiffy_stores_app/controller_concerns/app_proxy_verification.rb
spiffy_stores_app-8.2.6 lib/spiffy_stores_app/controller_concerns/app_proxy_verification.rb