Yandex.Money notification validator
Table of Contents
Features
Checks integrity of Yandex.Money payment notification by comparing SHA of strigified params including a secret shared with Yandex.
Here are the official docs for the notification service and validating notifications specifically.
Requirements
- Ruby 2.5.0 or higher.
- An account in Yandex.Money
- A notifications secret key (obtained from Yandex.Money somewehre in the settings)
- Rails is assumed but not required
Setup
Add the following to your Gemfile:
gem "integral-yandex-money-notification_validator"
Usage
Intended to use in a Rails controller like so:
class YandexMoneyReceiptsController < ApplicationController
def create
secret = "YOUR_YANDEX_MONEY_NOTIFICATIONS_SHARED_SECRET"
validator = Integral::Yandex::Money::NotificationValidator.new(params: params, secret: secret)
if validator.valid?
# Do your thing here, for example create a new `YandexMoneyReceipt` record in DB
else
render text: validator.errors.join(". "), status: :bad_request and return
end
end
end
params
are supposed to be an ActionController::Parameters
or just a Hash
.
validator.errors
returns an Array of message strings — most often only 1 message, but who knows.
secret
is recommended to be kept in an ENV variable, Rails credentials or elsewhere secure.
Tests
To test, run:
bundle exec rake
Credits
Developed by Sergey Pedan at Integral Design.