Sha256: fa9724549d3c6b753ddfe1516007e11a80d28cf40a31e6deb49a9c1131310f18
Contents?: true
Size: 1.36 KB
Versions: 10
Compression:
Stored size: 1.36 KB
Contents
# typed: strict
# frozen_string_literal: true
module ShopifyAPI
module Utils
module HmacValidator
extend T::Sig
class << self
extend T::Sig
sig { params(verifiable_query: VerifiableQuery).returns(T::Boolean) }
def validate(verifiable_query)
return false unless verifiable_query.hmac
result = validate_signature(verifiable_query, Context.api_secret_key)
if result || Context.old_api_secret_key.nil? || T.must(Context.old_api_secret_key).empty?
result
else
validate_signature(verifiable_query, T.must(Context.old_api_secret_key))
end
end
private
sig { params(verifiable_query: VerifiableQuery, secret: String).returns(T::Boolean) }
def validate_signature(verifiable_query, secret)
received_signature = verifiable_query.hmac
computed_signature = compute_signature(verifiable_query.to_signable_string, secret)
OpenSSL.secure_compare(computed_signature, T.must(received_signature))
end
sig { params(signable_string: String, secret: String).returns(String) }
def compute_signature(signable_string, secret)
OpenSSL::HMAC.hexdigest(
OpenSSL::Digest.new("sha256"),
secret,
signable_string,
)
end
end
end
end
end
Version data entries
10 entries across 10 versions & 1 rubygems