Module: SignedRequest
- Defined in:
- lib/signed_request.rb
Constant Summary collapse
- STRIP_PARAMS =
['action', 'controller', 'format']
Class Method Summary collapse
-
.sign(params, secret_key) ⇒ Object
Sign a request on the sending end.
-
.validate(params, secret_key) ⇒ Object
Validate an incoming request on the receiving end.
Class Method Details
.sign(params, secret_key) ⇒ Object
Sign a request on the sending end.
9 10 11 12 13 14 |
# File 'lib/signed_request.rb', line 9 def self.sign(params, secret_key) query = params.sort_by { |k,v| k.to_s.downcase } digest = OpenSSL::Digest::Digest.new('sha1') hmac = OpenSSL::HMAC.digest(digest, secret_key, query.to_s) encoded = Base64.encode64(hmac).chomp end |
.validate(params, secret_key) ⇒ Object
Validate an incoming request on the receiving end.
17 18 19 20 21 22 23 24 |
# File 'lib/signed_request.rb', line 17 def self.validate(params, secret_key) signature = params.delete('signature') return false if !signature strip_keys_from!(params, *STRIP_PARAMS) actual_signature = sign(params, secret_key) actual_signature == signature end |