Module: Hephaestus::ValidatesFromYetto
- Extended by:
- ActiveSupport::Concern
- Includes:
- Responses
- Defined in:
- app/controllers/concerns/hephaestus/validates_from_yetto.rb
Constant Summary
collapse
- SHA256_DIGEST =
OpenSSL::Digest.new("sha256")
Instance Method Summary
collapse
Methods included from Responses
#bad_gateway, #bad_request, #created, #forbidden, #internal_server_error, #no_content, #not_acceptable, #not_found, #okay, #service_unavailable
Instance Method Details
#from_yetto? ⇒ Boolean
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# File 'app/controllers/concerns/hephaestus/validates_from_yetto.rb', line 12
def from_yetto?
return bad_request if request..blank?
yetto_signature = request..fetch(Hephaestus::Headers::HEADER_SIGNATURE, "")
return bad_request unless yetto_signature.start_with?("sha256=")
= yetto_signature.split("sha256=").last
body = request.env.fetch("RAW_POST_DATA", "")
calculated_hmac = OpenSSL::HMAC.hexdigest(SHA256_DIGEST, Hephaestus::YETTO_SIGNING_SECRET, body)
return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, )
bad_request
end
|
#from_yetto_inline? ⇒ Boolean
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# File 'app/controllers/concerns/hephaestus/validates_from_yetto.rb', line 29
def from_yetto_inline?
return bad_request if request..blank?
yetto_signature = request..fetch(Hephaestus::Headers::HEADER_SIGNATURE, "")
return bad_request unless yetto_signature.start_with?("sha256=")
= yetto_signature.split("sha256=").last
body = params["encrypted_payload"]
@payload = T.let(ActiveSupport::MessageEncryptor.new(Hephaestus::YETTO_SIGNING_SECRET, url_safe: true, serializer: :json).decrypt_and_verify(body), T.nilable(String))
calculated_hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), Hephaestus::YETTO_SIGNING_SECRET, @payload)
return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, )
bad_request
end
|