Module: PostProxy::WebhookSignature

Defined in:: lib/postproxy/webhook_signature.rb

Class Method Summary collapse

.verify(payload, signature_header, secret) ⇒ Object

Class Method Details

.verify(payload, signature_header, secret) ⇒ `Object`

# File 'lib/postproxy/webhook_signature.rb', line 5

def self.verify(payload, signature_header, secret)
  parts = signature_header.split(",").map { |p| p.split("=", 2) }.to_h
  timestamp = parts["t"]
  expected = parts["v1"]

  return false if timestamp.nil? || expected.nil?

  signed_payload = "#{timestamp}.#{payload}"
  computed = OpenSSL::HMAC.hexdigest("SHA256", secret, signed_payload)

  secure_compare(computed, expected)
end

Module: PostProxy::WebhookSignature

Class Method Summary collapse

Class Method Details

.verify(payload, signature_header, secret) ⇒ Object

.verify(payload, signature_header, secret) ⇒ `Object`