5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# File 'lib/facebooker3/signed_request.rb', line 5
def self.valid?(signed_request, secret = ENV['FACEBOOK_SECRET_KEY'])
return false if signed_request.nil?
encoded_sign, payload = signed_request.split('.')
sign = str_to_hex(base64_url_decode(encoded_sign))
data = ActiveSupport::JSON.decode base64_url_decode(payload)
if data['algorithm'].to_s.upcase != 'HMAC-SHA256'
return false
end
expected_sig = OpenSSL::HMAC.hexdigest('sha256', secret, payload)
if expected_sig != sign
return false
end
return true
end
|