Contents

module FBGraph
  
  class Canvas
    
    class << self
      def parse_signed_request(secret_id,request)
        encoded_sig, payload = request.split('.', 2)
        sig = ""
        urldecode64(encoded_sig).each_byte { |b|
          sig << "%02x" % b
        }
        data = JSON.parse(urldecode64(payload))
          if data['algorithm'].to_s.upcase != 'HMAC-SHA256'
          raise "Bad signature algorithm: %s" % data['algorithm']
        end
        expected_sig = OpenSSL::HMAC.hexdigest('sha256', secret_id, payload)
        if expected_sig != sig
          raise "Bad signature"
        end
        data
      end
      
      private
      
      def urldecode64(str)
        encoded_str = str.gsub('-','+').gsub('_','/')
        encoded_str += '=' while !(encoded_str.size % 4).zero?
        Base64.decode64(encoded_str)
      end
    end  
    
  end
  
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version	Path
fbgraph-1.8.0	lib/fbgraph/canvas.rb
fbgraph-1.7.1	lib/fbgraph/canvas.rb
fbgraph-1.7.0	lib/fbgraph/canvas.rb
fbgraph-1.6.0	lib/fbgraph/canvas.rb
fbgraph-1.5.4	lib/fbgraph/canvas.rb
fbgraph-1.5.2	lib/fbgraph/canvas.rb
fbgraph-0.1.6.4.1	lib/fbgraph/canvas.rb