Method: Koala::Facebook::RealtimeUpdates#validate_update

Defined in:: lib/koala/realtime_updates.rb

#validate_update(body, headers) ⇒ `Object`

Public: As a security measure, all updates from facebook are signed using X-Hub-Signature: sha1=XXXX where XXX is the sha1 of the json payload using your application secret as the key.

Example:

# in Rails controller
# @oauth being a previously defined Koala::Facebook::OAuth instance
def receive_update
  if @oauth.validate_update(request.body, headers)
    ...
  end
end

# File 'lib/koala/realtime_updates.rb', line 127

def validate_update(body, headers)
  unless @secret
    raise AppSecretNotDefinedError, "You must init RealtimeUpdates with your app secret in order to validate updates"
  end

  if request_signature = headers['X-Hub-Signature'] || headers['HTTP_X_HUB_SIGNATURE'] and
     signature_parts = request_signature.split("sha1=")
    request_signature = signature_parts[1]
    calculated_signature = OpenSSL::HMAC.hexdigest('sha1', @secret, body)
    calculated_signature == request_signature
  end
end

Method: Koala::Facebook::RealtimeUpdates#validate_update

#validate_update(body, headers) ⇒ Object

#validate_update(body, headers) ⇒ `Object`