Class: Rack::Facebook::MethodFix

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/facebook/method-fix.rb

Instance Method Summary collapse

Constructor Details

#initialize(app, settings = {}) ⇒ MethodFix

Returns a new instance of MethodFix.



5
6
7
8
 
# File 'lib/rack/facebook/method-fix.rb', line 5

def initialize(app, settings={})
  @app = app
  @settings = settings
end

Instance Method Details

#call(env) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
 
# File 'lib/rack/facebook/method-fix.rb', line 10

def call(env)
  if env["REQUEST_METHOD"] == "POST"
    request = Request.new(env)
    if @settings[:secret_id] && request.params["signed_request"]
      env["REQUEST_METHOD"] = "GET" if signed_request_valid?(@settings[:secret_id], request)          
    else
      env["REQUEST_METHOD"] = "GET" if request.params["signed_request"]
    end
  end
  @app.call(env)
end

#signed_request_valid?(secret_id, request) ⇒ Boolean

Code adapted from github.com/nsanta/fbgraph

Returns:

  • (Boolean) 


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/rack/facebook/method-fix.rb', line 23

def signed_request_valid?(secret_id, request)
  encoded_signature, payload = request.params["signed_request"].split(".", 2)
  signature = ""
  valid = true
  
  url_decode_64(encoded_signature).each_byte do |byte|
    signature << "%02x" % byte
  end
  
  data = JSON.parse(url_decode_64(payload))
  if data["algorithm"].to_s.upcase != "HMAC-SHA256"
    valid = false
  end
  
  expected_signature = OpenSSL::HMAC.hexdigest("sha256", secret_id, payload)
  if expected_signature != signature
    valid = false
  end
  
  valid
end

#url_decode_64(string) ⇒ Object 



45
46
47
48
49
 
# File 'lib/rack/facebook/method-fix.rb', line 45

def url_decode_64(string)
  encoded_string = string.gsub("-", "+").gsub("_", "/")
  encoded_string += "=" while !(encoded_string.size % 4).zero?
  Base64.decode64(encoded_string)
end