Sha256: ee36c18a56fde64b3e16a55d60a9754788897a6d1b957f1d65cc3fd7aefd8cb6
Contents?: true
Size: 1.56 KB
Versions: 9
Compression:
Stored size: 1.56 KB
Contents
# typed: strict
# frozen_string_literal: true
module Authable
extend T::Sig
include ActionDispatch::Http::Cache::Response
include ActionController::Helpers::ClassMethods
include ActionController::HttpAuthentication::Basic::ControllerMethods
include BodyParameter::YettoParameters
SHA256_DIGEST = OpenSSL::Digest.new("sha256")
sig { void }
def <%= plug_name %>_calling_back?
state = params.fetch(:state, "")
state_obj = parse_state(state)
nonce = state_obj.fetch(:nonce, "")
return true if ActiveSupport::SecurityUtils.secure_compare(nonce, <%= upcase_plug_name %>_APP_NONCE)
self.status = Hephaestus::HTTP::BAD_REQUEST_I
self.response_body = ::Hephaestus::ErrorSerializer.format(Hephaestus::HTTP::BAD_REQUEST)
end
sig { void }
def webhook_from_<%= plug_name %>?
# TODO: do whatever needs to be done to ensure that the webhook is coming from <%= plug_name %>
# github_header = request.headers[::Constants::GITHUB_HTTP_X_HUB_SIGNATURE_256_HEADER]
# if github_header.blank?
# self.status = Hephaestus::HTTP::NOT_FOUND_I
# self.response_body = ::Hephaestus::ErrorSerializer.format(Hephaestus::HTTP::NOT_FOUND)
# return false
# end
# body = request.body.read
# signature = "sha256=#{OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), GITHUB_SECRET_TOKEN, body)}"
# return true if Rack::Utils.secure_compare(signature, github_header)
# self.status = Hephaestus::HTTP::BAD_REQUEST_I
# self.response_body = ::Hephaestus::ErrorSerializer.format(Hephaestus::HTTP::BAD_REQUEST)
end
end
Version data entries
9 entries across 9 versions & 1 rubygems