Sha256: e08745958bbe97b86d57ddf7f85d6516a5359800a623dd0f3ee8c0be7260db1d
Contents?: true
Size: 1.64 KB
Versions: 16
Compression:
Stored size: 1.64 KB
Contents
module Rack
# Middleware that authenticates webhooks from Twilio using the request
# validator.
#
# The middleware takes an auth token with which to set up the request
# validator and any number of paths. When a path matches the incoming request
# path, the request will be checked for authentication.
#
# Example:
#
# require 'rack'
# use Rack::TwilioWebhookAuthentication, ENV['AUTH_TOKEN'], /\/messages/
#
# The above appends this middleware to the stack, using an auth token saved in
# the ENV and only against paths that match /\/messages/. If the request
# validates then it gets passed on to the action as normal. If the request
# doesn't validate then the middleware responds immediately with a 403 status.
class TwilioWebhookAuthentication
def initialize(app, auth_token, *paths, &auth_token_lookup)
@app = app
@auth_token = auth_token
define_singleton_method(:get_auth_token, auth_token_lookup) if block_given?
@path_regex = Regexp.union(paths)
end
def call(env)
return @app.call(env) unless env['PATH_INFO'].match(@path_regex)
request = Rack::Request.new(env)
original_url = request.url
params = request.post? ? request.POST : {}
auth_token = @auth_token || get_auth_token(params['AccountSid'])
validator = Twilio::Security::RequestValidator.new(auth_token)
signature = env['HTTP_X_TWILIO_SIGNATURE'] || ""
if validator.validate(original_url, params, signature)
@app.call(env)
else
[
403,
{'Content-Type' => 'text/plain'},
['Twilio Request Validation Failed.']
]
end
end
end
end
Version data entries
16 entries across 16 versions & 1 rubygems