lib/telnyx/webhook.rb in telnyx-0.0.1 vs lib/telnyx/webhook.rb in telnyx-0.0.2
- old
+ new
@@ -1,9 +1,10 @@
# frozen_string_literal: true
require "openssl"
require "base64"
+require "ed25519"
module Telnyx
module Webhook
DEFAULT_TOLERANCE = 300
@@ -33,34 +34,37 @@
# tolerance
#
# Returns true otherwise
def self.verify(payload, signature_header, timestamp, tolerance: nil)
signature = Base64.decode64(signature_header)
+ timestamp = timestamp.to_i
signed_payload = "#{timestamp}|#{payload}"
- unless public_key.verify(digest, signature, signed_payload)
+ if tolerance && timestamp < Time.now.to_f - tolerance
raise SignatureVerificationError.new(
- "Signature is invalid and does not match the payload",
- signature, http_body: payload
+ "Timestamp outside the tolerance zone (#{Time.at(timestamp)})",
+ signature_header, http_body: payload
)
end
- if tolerance && timestamp < Time.now.to_f - tolerance
+ begin
+ verify_key.verify(signature, signed_payload)
+ rescue Ed25519::VerifyError
raise SignatureVerificationError.new(
- "Timestamp outside the tolerance zone (#{Time.at(timestamp)})",
- signature_header, http_body: payload
+ "Signature is invalid and does not match the payload",
+ signature, http_body: payload
)
end
true
end
- def self.public_key
- @public_key ||= OpenSSL::PKey::RSA.new(ENV.fetch("TELNYX_PUBLIC_KEY"))
+ def self.verify_key
+ @verify_key ||= reload_verify_key
end
- def self.digest
- @digest ||= OpenSSL::Digest::SHA256.new
+ def self.reload_verify_key
+ @verify_key = Ed25519::VerifyKey.new(Base64.decode64(ENV.fetch("TELNYX_PUBLIC_KEY")))
end
end
end
end