Sha256: fd9cde07fe8d8a66363fe2738a2d76c0881ff76fedd85402f241bf898cc9ab49

Contents?: true

Size: 668 Bytes

Versions: 6

Compression:

Stored size: 668 Bytes

Contents

# frozen_string_literal: true

module DuodealerApp
  class ExtensionVerificationController < ApplicationController
    protect_from_forgery with: :null_session
    before_action :verify_request

    private
      def verify_request
        hmac_header = request.headers["HTTP_X_DUODEALER_HMAC_SHA256"]
        request_body = request.body.read
        secret = DuodealerApp.configuration.secret
        digest = OpenSSL::Digest.new("sha256")

        expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
        head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
      end
  end
end

Version data entries

6 entries across 5 versions & 1 rubygems

Version Path
duodealer_app-1.0.4 app/controllers/duodealer_app/extension_verification_controller.rb
duodealer_app-1.0.3 app/controllers/duodealer_app/extension_verification_controller.rb
duodealer_app-1.0.2 app/controllers/duodealer_app/extension_verification_controller.rb
duodealer_app-1.0.1 app/controllers/duodealer_app/extension_verification_controller.rb
duodealer_app-1.0.0 app/controllers/duodealer_app/extension_verification_controller.rb
duodealer_app-1.0.0 app/controllers/duodealer_app/extension_verification_controller.rb-e