Class: Svix::Webhook

Inherits:
Object
  • Object
show all
Defined in:
lib/svix/webhook.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(secret) ⇒ Webhook

Returns a new instance of Webhook.



10
11
12
13
14
15
16
 
# File 'lib/svix/webhook.rb', line 10

def initialize(secret)
    if secret.start_with?(SECRET_PREFIX)
        secret = secret[SECRET_PREFIX.length..-1]
    end

    @secret = Base64.decode64(secret)
end

Class Method Details

.new_using_raw_bytes(secret) ⇒ Object 



6
7
8
 
# File 'lib/svix/webhook.rb', line 6

def self.new_using_raw_bytes(secret)
    self.new(secret.pack("C*").force_encoding("UTF-8"))
end

Instance Method Details

#sign(msgId, timestamp, payload) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
 
# File 'lib/svix/webhook.rb', line 48

def sign(msgId, timestamp, payload)
    begin
        now = Integer(timestamp)
    rescue
        raise WebhookSigningError, "Invalid timestamp"
    end
    toSign = "#{msgId}.#{timestamp}.#{payload}"
    signature = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), @secret, toSign)).strip
    return "v1,#{signature}"
end

#verify(payload, headers) ⇒ Object

Raises:



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/svix/webhook.rb', line 18

def verify(payload, headers)
    msgId = headers["svix-id"]
    msgSignature = headers["svix-signature"]
    msgTimestamp = headers["svix-timestamp"]
    if !msgSignature || !msgId || !msgTimestamp
        msgId = headers["webhook-id"]
        msgSignature = headers["webhook-signature"]
        msgTimestamp = headers["webhook-timestamp"]
        if !msgSignature || !msgId || !msgTimestamp
            raise WebhookVerificationError, "Missing required headers"
        end
    end

    verify_timestamp(msgTimestamp)

    _, signature = sign(msgId, msgTimestamp, payload).split(",", 2)

    passedSignatures = msgSignature.split(" ")
    passedSignatures.each do |versionedSignature|
        version, expectedSignature = versionedSignature.split(",", 2)
        if version != "v1"
            next
        end
        if ::Svix::secure_compare(signature, expectedSignature)
            return JSON.parse(payload, symbolize_names: true)
        end
    end
    raise WebhookVerificationError, "No matching signature found"
end