Class: Rack::SendGridWebhookVerification

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/sendgrid_webhook_verification.rb

Overview

Middleware that verifies webhooks from SendGrid using the EventWebhook verifier.

The middleware takes a public key with which to set up the request validator and any number of paths. When a path matches the incoming request path, the request will be verified using the signature and timestamp of the request.

Example:

require ‘rack’ use Rack::SendGridWebhookVerification, ENV, //emails/

The above appends this middleware to the stack, using a public key saved in the ENV and only against paths that match //emails/. If the request validates then it gets passed on to the action as normal. If the request doesn’t validate then the middleware responds immediately with a 403 status.

Instance Method Summary collapse

Constructor Details

#initialize(app, public_key, *paths) ⇒ SendGridWebhookVerification

Returns a new instance of SendGridWebhookVerification.



22
23
24
25
26
 
# File 'lib/rack/sendgrid_webhook_verification.rb', line 22

def initialize(app, public_key, *paths)
  @app = app
  @public_key = public_key
  @path_regex = Regexp.union(paths)
end

Instance Method Details

#call(env) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/rack/sendgrid_webhook_verification.rb', line 28

def call(env)
  return @app.call(env) unless env['PATH_INFO'].match(@path_regex)

  request = Rack::Request.new(env)

  event_webhook = SendGrid::EventWebhook.new
  ec_public_key = event_webhook.convert_public_key_to_ecdsa(@public_key)
  verified = event_webhook.verify_signature(
    ec_public_key,
    request.body.read,
    request.env[SendGrid::EventWebhookHeader::SIGNATURE],
    request.env[SendGrid::EventWebhookHeader::TIMESTAMP]
  )

  request.body.rewind

  if verified
    @app.call(env)
  else
    [
      403,
      { 'Content-Type' => 'text/plain' },
      ['SendGrid Request Verification Failed.']
    ]
  end
end