lib/mandrill/web_hook/processor.rb in mandrill-rails-0.0.4 vs lib/mandrill/web_hook/processor.rb in mandrill-rails-1.0.0
- old
+ new
@@ -1,15 +1,23 @@
class Mandrill::WebHook::Processor
- attr_accessor :mandrill_events, :callback_host
+ attr_accessor :params, :callback_host, :mandrill_events
# Command initialise the processor with +params+ Hash.
- # +params+ is expected to contain an array of mandrill_events
- def initialize(params={})
- @mandrill_events = JSON.parse(params['mandrill_events'] || '[]')
+ # +params+ is expected to contain an array of mandrill_events.
+ # +callback_host+ is a handle to the controller making the request.
+ def initialize(params={},callback_host=nil)
+ @params = params
+ @callback_host = callback_host
end
+ def mandrill_events
+ @mandrill_events ||= JSON.parse(params['mandrill_events'] || '[]')
+ rescue
+ @mandrill_events = []
+ end
+
# Command: processes all +mandrill_events+
def run!
mandrill_events.each do |raw_payload|
event_payload = wrap_payload(raw_payload)
handler = "handle_#{event_payload.event_type}".to_sym
@@ -24,8 +32,33 @@
end
# Returns a suitably ecapsulated +raw_event_payload+
def wrap_payload(raw_event_payload)
Mandrill::WebHook::EventDecorator[raw_event_payload]
+ end
+
+ class << self
+
+ # Returns true if +params+ sent to +original_url+ are authentic given +expected_signature+ and +mandrill_webhook_keys+.
+ def authentic?(expected_signature, mandrill_webhook_keys, original_url, params)
+ result = true
+ Array(mandrill_webhook_keys).each do |key|
+ signature = generate_signature(key, original_url, params)
+ result = (signature == expected_signature)
+ break if result
+ end
+ result
+ end
+
+ # Method described in docs: http://help.mandrill.com/entries/23704122-Authenticating-webhook-requests
+ def generate_signature(webhook_key, original_url, params)
+ signed_data = original_url.dup
+ params.except(:action, :controller).keys.sort.each do |key|
+ signed_data << key
+ signed_data << params[key]
+ end
+ Base64.encode64("#{OpenSSL::HMAC.digest('sha1', webhook_key, signed_data)}").strip
+ end
+
end
end