Class: Attio::WebhookUtils::SignatureVerifier

Inherits:

Object

Object
Attio::WebhookUtils::SignatureVerifier

show all

Defined in:: lib/attio/webhook/signature_verifier.rb

Overview

Verifies webhook signatures to ensure payloads are from Attio

Constant Summary collapse

TOLERANCE = 5 minutes in seconds

Instance Method Summary collapse

#initialize(secret) ⇒ SignatureVerifier constructor
A new instance of SignatureVerifier.
#verify(payload, signature_header, tolerance: TOLERANCE) ⇒ Boolean
Verify the webhook signature.

Constructor Details

#initialize(secret) ⇒ `SignatureVerifier`



11
12
13

# File 'lib/attio/webhook/signature_verifier.rb', line 11

def initialize(secret)
  @secret = secret
end

Instance Method Details

#verify(payload, signature_header, tolerance: TOLERANCE) ⇒ `Boolean`

Verify the webhook signature

# File 'lib/attio/webhook/signature_verifier.rb', line 20

def verify(payload, signature_header, tolerance: TOLERANCE)
  timestamp, signature = parse_signature_header(signature_header)
  return false unless timestamp && signature

  # Check timestamp tolerance
  current_time = Time.now.to_i
  if (current_time - timestamp.to_i).abs > tolerance
    return false
  end

  # Generate expected signature
  signed_payload = "#{timestamp}.#{payload}"
  expected_signature = OpenSSL::HMAC.hexdigest("SHA256", @secret, signed_payload)

  # Compare signatures securely
  secure_compare(signature, expected_signature)
end

Class: Attio::WebhookUtils::SignatureVerifier

Overview

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(secret) ⇒ SignatureVerifier

Instance Method Details

#verify(payload, signature_header, tolerance: TOLERANCE) ⇒ Boolean

#initialize(secret) ⇒ `SignatureVerifier`

#verify(payload, signature_header, tolerance: TOLERANCE) ⇒ `Boolean`