RubyGems - bongloy - Versions diffs - 4.21.3 - Mend

bongloy 4.21.3

Files changed (210) hide show

checksums.yaml +7 -0
data/.circleci/config.yml +76 -0
data/.editorconfig +10 -0
data/.gitattributes +4 -0
data/.github/ISSUE_TEMPLATE.md +5 -0
data/.github/README.md +79 -0
data/.github/pull.yml +5 -0
data/.gitignore +8 -0
data/.rubocop.yml +43 -0
data/.rubocop_todo.yml +38 -0
data/.travis.yml +43 -0
data/.vscode/extensions.json +7 -0
data/.vscode/settings.json +8 -0
data/CHANGELOG.md +770 -0
data/CONTRIBUTORS +3 -0
data/Gemfile +39 -0
data/History.txt +1 -0
data/LICENSE +21 -0
data/README.md +282 -0
data/Rakefile +36 -0
data/VERSION +1 -0
data/bin/stripe-console +16 -0
data/bongloy.gemspec +37 -0
data/lib/bongloy.rb +7 -0
data/lib/data/ca-certificates.crt +4043 -0
data/lib/stripe.rb +208 -0
data/lib/stripe/api_operations/create.rb +12 -0
data/lib/stripe/api_operations/delete.rb +35 -0
data/lib/stripe/api_operations/list.rb +30 -0
data/lib/stripe/api_operations/nested_resource.rb +70 -0
data/lib/stripe/api_operations/request.rb +53 -0
data/lib/stripe/api_operations/save.rb +94 -0
data/lib/stripe/api_resource.rb +107 -0
data/lib/stripe/errors.rb +156 -0
data/lib/stripe/list_object.rb +110 -0
data/lib/stripe/oauth.rb +63 -0
data/lib/stripe/object_types.rb +98 -0
data/lib/stripe/resources.rb +79 -0
data/lib/stripe/resources/account.rb +174 -0
data/lib/stripe/resources/account_link.rb +9 -0
data/lib/stripe/resources/alipay_account.rb +34 -0
data/lib/stripe/resources/apple_pay_domain.rb +16 -0
data/lib/stripe/resources/application_fee.rb +24 -0
data/lib/stripe/resources/application_fee_refund.rb +30 -0
data/lib/stripe/resources/balance.rb +7 -0
data/lib/stripe/resources/balance_transaction.rb +13 -0
data/lib/stripe/resources/bank_account.rb +42 -0
data/lib/stripe/resources/bitcoin_receiver.rb +23 -0
data/lib/stripe/resources/bitcoin_transaction.rb +15 -0
data/lib/stripe/resources/capability.rb +33 -0
data/lib/stripe/resources/card.rb +37 -0
data/lib/stripe/resources/charge.rb +84 -0
data/lib/stripe/resources/checkout/session.rb +11 -0
data/lib/stripe/resources/country_spec.rb +9 -0
data/lib/stripe/resources/coupon.rb +12 -0
data/lib/stripe/resources/credit_note.rb +18 -0
data/lib/stripe/resources/customer.rb +95 -0
data/lib/stripe/resources/customer_balance_transaction.rb +30 -0
data/lib/stripe/resources/discount.rb +7 -0
data/lib/stripe/resources/dispute.rb +23 -0
data/lib/stripe/resources/ephemeral_key.rb +19 -0
data/lib/stripe/resources/event.rb +9 -0
data/lib/stripe/resources/exchange_rate.rb +9 -0
data/lib/stripe/resources/file.rb +44 -0
data/lib/stripe/resources/file_link.rb +11 -0
data/lib/stripe/resources/invoice.rb +48 -0
data/lib/stripe/resources/invoice_item.rb +12 -0
data/lib/stripe/resources/invoice_line_item.rb +7 -0
data/lib/stripe/resources/issuer_fraud_record.rb +9 -0
data/lib/stripe/resources/issuing/authorization.rb +25 -0
data/lib/stripe/resources/issuing/card.rb +20 -0
data/lib/stripe/resources/issuing/card_details.rb +9 -0
data/lib/stripe/resources/issuing/cardholder.rb +13 -0
data/lib/stripe/resources/issuing/dispute.rb +13 -0
data/lib/stripe/resources/issuing/transaction.rb +12 -0
data/lib/stripe/resources/login_link.rb +14 -0
data/lib/stripe/resources/order.rb +32 -0
data/lib/stripe/resources/order_return.rb +9 -0
data/lib/stripe/resources/payment_intent.rb +30 -0
data/lib/stripe/resources/payment_method.rb +24 -0
data/lib/stripe/resources/payout.rb +24 -0
data/lib/stripe/resources/person.rb +31 -0
data/lib/stripe/resources/plan.rb +12 -0
data/lib/stripe/resources/product.rb +12 -0
data/lib/stripe/resources/radar/early_fraud_warning.rb +11 -0
data/lib/stripe/resources/radar/value_list.rb +14 -0
data/lib/stripe/resources/radar/value_list_item.rb +13 -0
data/lib/stripe/resources/recipient.rb +17 -0
data/lib/stripe/resources/recipient_transfer.rb +7 -0
data/lib/stripe/resources/refund.rb +11 -0
data/lib/stripe/resources/reporting/report_run.rb +12 -0
data/lib/stripe/resources/reporting/report_type.rb +12 -0
data/lib/stripe/resources/reversal.rb +29 -0
data/lib/stripe/resources/review.rb +16 -0
data/lib/stripe/resources/setup_intent.rb +24 -0
data/lib/stripe/resources/sigma/scheduled_query_run.rb +15 -0
data/lib/stripe/resources/sku.rb +12 -0
data/lib/stripe/resources/source.rb +42 -0
data/lib/stripe/resources/source_transaction.rb +7 -0
data/lib/stripe/resources/subscription.rb +25 -0
data/lib/stripe/resources/subscription_item.rb +17 -0
data/lib/stripe/resources/subscription_schedule.rb +32 -0
data/lib/stripe/resources/subscription_schedule_revision.rb +34 -0
data/lib/stripe/resources/tax_id.rb +26 -0
data/lib/stripe/resources/tax_rate.rb +11 -0
data/lib/stripe/resources/terminal/connection_token.rb +11 -0
data/lib/stripe/resources/terminal/location.rb +14 -0
data/lib/stripe/resources/terminal/reader.rb +14 -0
data/lib/stripe/resources/three_d_secure.rb +13 -0
data/lib/stripe/resources/token.rb +9 -0
data/lib/stripe/resources/topup.rb +18 -0
data/lib/stripe/resources/transfer.rb +27 -0
data/lib/stripe/resources/usage_record.rb +23 -0
data/lib/stripe/resources/usage_record_summary.rb +7 -0
data/lib/stripe/resources/webhook_endpoint.rb +12 -0
data/lib/stripe/singleton_api_resource.rb +26 -0
data/lib/stripe/stripe_client.rb +686 -0
data/lib/stripe/stripe_object.rb +583 -0
data/lib/stripe/stripe_response.rb +50 -0
data/lib/stripe/util.rb +336 -0
data/lib/stripe/version.rb +5 -0
data/lib/stripe/webhook.rb +90 -0
data/stripe.gemspec +37 -0
data/test/api_stub_helpers.rb +1 -0
data/test/openapi/README.md +9 -0
data/test/stripe/account_link_test.rb +18 -0
data/test/stripe/account_test.rb +428 -0
data/test/stripe/alipay_account_test.rb +37 -0
data/test/stripe/api_operations_test.rb +80 -0
data/test/stripe/api_resource_test.rb +544 -0
data/test/stripe/apple_pay_domain_test.rb +46 -0
data/test/stripe/application_fee_refund_test.rb +37 -0
data/test/stripe/application_fee_test.rb +58 -0
data/test/stripe/balance_test.rb +13 -0
data/test/stripe/bank_account_test.rb +36 -0
data/test/stripe/capability_test.rb +45 -0
data/test/stripe/charge_test.rb +80 -0
data/test/stripe/checkout/session_test.rb +41 -0
data/test/stripe/country_spec_test.rb +20 -0
data/test/stripe/coupon_test.rb +61 -0
data/test/stripe/credit_note_test.rb +61 -0
data/test/stripe/customer_balance_transaction_test.rb +37 -0
data/test/stripe/customer_card_test.rb +42 -0
data/test/stripe/customer_test.rb +269 -0
data/test/stripe/dispute_test.rb +51 -0
data/test/stripe/ephemeral_key_test.rb +93 -0
data/test/stripe/errors_test.rb +20 -0
data/test/stripe/exchange_rate_test.rb +20 -0
data/test/stripe/file_link_test.rb +41 -0
data/test/stripe/file_test.rb +97 -0
data/test/stripe/file_upload_test.rb +79 -0
data/test/stripe/invoice_item_test.rb +66 -0
data/test/stripe/invoice_line_item_test.rb +8 -0
data/test/stripe/invoice_test.rb +213 -0
data/test/stripe/issuer_fraud_record_test.rb +20 -0
data/test/stripe/issuing/authorization_test.rb +72 -0
data/test/stripe/issuing/card_test.rb +62 -0
data/test/stripe/issuing/cardholder_test.rb +53 -0
data/test/stripe/issuing/dispute_test.rb +45 -0
data/test/stripe/issuing/transaction_test.rb +48 -0
data/test/stripe/list_object_test.rb +156 -0
data/test/stripe/login_link_test.rb +37 -0
data/test/stripe/oauth_test.rb +88 -0
data/test/stripe/order_return_test.rb +21 -0
data/test/stripe/order_test.rb +82 -0
data/test/stripe/payment_intent_test.rb +107 -0
data/test/stripe/payment_method_test.rb +84 -0
data/test/stripe/payout_test.rb +57 -0
data/test/stripe/person_test.rb +46 -0
data/test/stripe/plan_test.rb +98 -0
data/test/stripe/product_test.rb +59 -0
data/test/stripe/radar/early_fraud_warning_test.rb +22 -0
data/test/stripe/radar/value_list_item_test.rb +48 -0
data/test/stripe/radar/value_list_test.rb +61 -0
data/test/stripe/recipient_test.rb +62 -0
data/test/stripe/refund_test.rb +39 -0
data/test/stripe/reporting/report_run_test.rb +33 -0
data/test/stripe/reporting/report_type_test.rb +22 -0
data/test/stripe/reversal_test.rb +43 -0
data/test/stripe/review_test.rb +27 -0
data/test/stripe/setup_intent_test.rb +84 -0
data/test/stripe/sigma/scheduled_query_run_test.rb +22 -0
data/test/stripe/sku_test.rb +60 -0
data/test/stripe/source_test.rb +99 -0
data/test/stripe/source_transaction_test.rb +19 -0
data/test/stripe/stripe_client_test.rb +842 -0
data/test/stripe/stripe_object_test.rb +525 -0
data/test/stripe/stripe_response_test.rb +49 -0
data/test/stripe/subscription_item_test.rb +63 -0
data/test/stripe/subscription_schedule_revision_test.rb +37 -0
data/test/stripe/subscription_schedule_test.rb +116 -0
data/test/stripe/subscription_test.rb +80 -0
data/test/stripe/tax_id_test.rb +31 -0
data/test/stripe/tax_rate_test.rb +43 -0
data/test/stripe/terminal/connection_token_test.rb +16 -0
data/test/stripe/terminal/location_test.rb +68 -0
data/test/stripe/terminal/reader_test.rb +62 -0
data/test/stripe/three_d_secure_test.rb +23 -0
data/test/stripe/topup_test.rb +62 -0
data/test/stripe/transfer_test.rb +88 -0
data/test/stripe/usage_record_summary_test.rb +19 -0
data/test/stripe/usage_record_test.rb +28 -0
data/test/stripe/util_test.rb +402 -0
data/test/stripe/webhook_endpoint_test.rb +59 -0
data/test/stripe/webhook_test.rb +96 -0
data/test/stripe_mock.rb +77 -0
data/test/stripe_test.rb +63 -0
data/test/test_data.rb +61 -0
data/test/test_helper.rb +71 -0
metadata +372 -0

data/lib/stripe/stripe_response.rb ADDED

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+module Stripe
+  # StripeResponse encapsulates some vitals of a response that came back from
+  # the Stripe API.
+  class StripeResponse
+    # The data contained by the HTTP body of the response deserialized from
+    # JSON.
+    attr_accessor :data
+    # The raw HTTP body of the response.
+    attr_accessor :http_body
+    # A Hash of the HTTP headers of the response.
+    attr_accessor :http_headers
+    # The integer HTTP status code of the response.
+    attr_accessor :http_status
+    # The Stripe request ID of the response.
+    attr_accessor :request_id
+    # Initializes a StripeResponse object from a Hash like the kind returned as
+    # part of a Faraday exception.
+    #
+    # This may throw JSON::ParserError if the response body is not valid JSON.
+    def self.from_faraday_hash(http_resp)
+      resp = StripeResponse.new
+      resp.data = JSON.parse(http_resp[:body], symbolize_names: true)
+      resp.http_body = http_resp[:body]
+      resp.http_headers = http_resp[:headers]
+      resp.http_status = http_resp[:status]
+      resp.request_id = http_resp[:headers]["Request-Id"]
+      resp
+    end
+    # Initializes a StripeResponse object from a Faraday HTTP response object.
+    #
+    # This may throw JSON::ParserError if the response body is not valid JSON.
+    def self.from_faraday_response(http_resp)
+      resp = StripeResponse.new
+      resp.data = JSON.parse(http_resp.body, symbolize_names: true)
+      resp.http_body = http_resp.body
+      resp.http_headers = http_resp.headers
+      resp.http_status = http_resp.status
+      resp.request_id = http_resp.headers["Request-Id"]
+      resp
+    end
+  end
+end

data/lib/stripe/util.rb ADDED

@@ -0,0 +1,336 @@
+# frozen_string_literal: true
+require "cgi"
+module Stripe
+  module Util
+    # Options that a user is allowed to specify.
+    OPTS_USER_SPECIFIED = Set[
+      :api_key,
+      :idempotency_key,
+      :stripe_account,
+      :stripe_version
+    ].freeze
+    # Options that should be copyable from one StripeObject to another
+    # including options that may be internal.
+    OPTS_COPYABLE = (
+      OPTS_USER_SPECIFIED + Set[:api_base]
+    ).freeze
+    # Options that should be persisted between API requests. This includes
+    # client, which is an object containing an HTTP client to reuse.
+    OPTS_PERSISTABLE = (
+      OPTS_USER_SPECIFIED + Set[:client] - Set[:idempotency_key]
+    ).freeze
+    def self.objects_to_ids(obj)
+      case obj
+      when APIResource
+        obj.id
+      when Hash
+        res = {}
+        obj.each { |k, v| res[k] = objects_to_ids(v) unless v.nil? }
+        res
+      when Array
+        obj.map { |v| objects_to_ids(v) }
+      else
+        obj
+      end
+    end
+    def self.object_classes
+      @object_classes ||= Stripe::ObjectTypes.object_names_to_classes
+    end
+    # Converts a hash of fields or an array of hashes into a +StripeObject+ or
+    # array of +StripeObject+s. These new objects will be created as a concrete
+    # type as dictated by their `object` field (e.g. an `object` value of
+    # `charge` would create an instance of +Charge+), but if `object` is not
+    # present or of an unknown type, the newly created instance will fall back
+    # to being a +StripeObject+.
+    #
+    # ==== Attributes
+    #
+    # * +data+ - Hash of fields and values to be converted into a StripeObject.
+    # * +opts+ - Options for +StripeObject+ like an API key that will be reused
+    #   on subsequent API calls.
+    def self.convert_to_stripe_object(data, opts = {})
+      opts = normalize_opts(opts)
+      case data
+      when Array
+        data.map { |i| convert_to_stripe_object(i, opts) }
+      when Hash
+        # Try converting to a known object class.  If none available, fall back
+        # to generic StripeObject
+        object_classes.fetch(data[:object], StripeObject)
+                      .construct_from(data, opts)
+      else
+        data
+      end
+    end
+    def self.log_error(message, data = {})
+      if !Stripe.logger.nil? ||
+         !Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_ERROR
+        log_internal(message, data, color: :cyan, level: Stripe::LEVEL_ERROR,
+                                    logger: Stripe.logger, out: $stderr)
+      end
+    end
+    def self.log_info(message, data = {})
+      if !Stripe.logger.nil? ||
+         !Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_INFO
+        log_internal(message, data, color: :cyan, level: Stripe::LEVEL_INFO,
+                                    logger: Stripe.logger, out: $stdout)
+      end
+    end
+    def self.log_debug(message, data = {})
+      if !Stripe.logger.nil? ||
+         !Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_DEBUG
+        log_internal(message, data, color: :blue, level: Stripe::LEVEL_DEBUG,
+                                    logger: Stripe.logger, out: $stdout)
+      end
+    end
+    def self.symbolize_names(object)
+      case object
+      when Hash
+        new_hash = {}
+        object.each do |key, value|
+          key = (begin
+                   key.to_sym
+                 rescue StandardError
+                   key
+                 end) || key
+          new_hash[key] = symbolize_names(value)
+        end
+        new_hash
+      when Array
+        object.map { |value| symbolize_names(value) }
+      else
+        object
+      end
+    end
+    # Encodes a hash of parameters in a way that's suitable for use as query
+    # parameters in a URI or as form parameters in a request body. This mainly
+    # involves escaping special characters from parameter keys and values (e.g.
+    # `&`).
+    def self.encode_parameters(params)
+      Util.flatten_params(params)
+          .map { |k, v| "#{url_encode(k)}=#{url_encode(v)}" }.join("&")
+    end
+    # Encodes a string in a way that makes it suitable for use in a set of
+    # query parameters in a URI or in a set of form parameters in a request
+    # body.
+    def self.url_encode(key)
+      CGI.escape(key.to_s).
+        # Don't use strict form encoding by changing the square bracket control
+        # characters back to their literals. This is fine by the server, and
+        # makes these parameter strings easier to read.
+        gsub("%5B", "[").gsub("%5D", "]")
+    end
+    def self.flatten_params(params, parent_key = nil)
+      result = []
+      # do not sort the final output because arrays (and arrays of hashes
+      # especially) can be order sensitive, but do sort incoming parameters
+      params.each do |key, value|
+        calculated_key = parent_key ? "#{parent_key}[#{key}]" : key.to_s
+        if value.is_a?(Hash)
+          result += flatten_params(value, calculated_key)
+        elsif value.is_a?(Array)
+          result += flatten_params_array(value, calculated_key)
+        else
+          result << [calculated_key, value]
+        end
+      end
+      result
+    end
+    def self.flatten_params_array(value, calculated_key)
+      result = []
+      value.each_with_index do |elem, i|
+        if elem.is_a?(Hash)
+          result += flatten_params(elem, "#{calculated_key}[#{i}]")
+        elsif elem.is_a?(Array)
+          result += flatten_params_array(elem, calculated_key)
+        else
+          result << ["#{calculated_key}[#{i}]", elem]
+        end
+      end
+      result
+    end
+    def self.normalize_id(id)
+      if id.is_a?(Hash) # overloaded id
+        params_hash = id.dup
+        id = params_hash.delete(:id)
+      else
+        params_hash = {}
+      end
+      [id, params_hash]
+    end
+    # The secondary opts argument can either be a string or hash
+    # Turn this value into an api_key and a set of headers
+    def self.normalize_opts(opts)
+      case opts
+      when String
+        { api_key: opts }
+      when Hash
+        check_api_key!(opts.fetch(:api_key)) if opts.key?(:api_key)
+        opts.clone
+      else
+        raise TypeError, "normalize_opts expects a string or a hash"
+      end
+    end
+    def self.check_string_argument!(key)
+      raise TypeError, "argument must be a string" unless key.is_a?(String)
+      key
+    end
+    def self.check_api_key!(key)
+      raise TypeError, "api_key must be a string" unless key.is_a?(String)
+      key
+    end
+    # Normalizes header keys so that they're all lower case and each
+    # hyphen-delimited section starts with a single capitalized letter. For
+    # example, `request-id` becomes `Request-Id`. This is useful for extracting
+    # certain key values when the user could have set them with a variety of
+    # diffent naming schemes.
+    def self.normalize_headers(headers)
+      headers.each_with_object({}) do |(k, v), new_headers|
+        k = k.to_s.tr("_", "-") if k.is_a?(Symbol)
+        k = k.split("-").reject(&:empty?).map(&:capitalize).join("-")
+        new_headers[k] = v
+      end
+    end
+    # Generates a Dashboard link to inspect a request ID based off of a request
+    # ID value and an API key, which is used to attempt to extract whether the
+    # environment is livemode or testmode.
+    def self.request_id_dashboard_url(request_id, api_key)
+      env = !api_key.nil? && api_key.start_with?("sk_live") ? "live" : "test"
+      "https://dashboard.stripe.com/#{env}/logs/#{request_id}"
+    end
+    # Constant time string comparison to prevent timing attacks
+    # Code borrowed from ActiveSupport
+    def self.secure_compare(str_a, str_b)
+      return false unless str_a.bytesize == str_b.bytesize
+      l = str_a.unpack "C#{str_a.bytesize}"
+      res = 0
+      str_b.each_byte { |byte| res |= byte ^ l.shift }
+      res.zero?
+    end
+    #
+    # private
+    #
+    COLOR_CODES = {
+      black:   0, light_black:   60,
+      red:     1, light_red:     61,
+      green:   2, light_green:   62,
+      yellow:  3, light_yellow:  63,
+      blue:    4, light_blue:    64,
+      magenta: 5, light_magenta: 65,
+      cyan:    6, light_cyan:    66,
+      white:   7, light_white:   67,
+      default: 9,
+    }.freeze
+    private_constant :COLOR_CODES
+    # Uses an ANSI escape code to colorize text if it's going to be sent to a
+    # TTY.
+    def self.colorize(val, color, isatty)
+      return val unless isatty
+      mode = 0 # default
+      foreground = 30 + COLOR_CODES.fetch(color)
+      background = 40 + COLOR_CODES.fetch(:default)
+      "\033[#{mode};#{foreground};#{background}m#{val}\033[0m"
+    end
+    private_class_method :colorize
+    # Turns an integer log level into a printable name.
+    def self.level_name(level)
+      case level
+      when LEVEL_DEBUG then "debug"
+      when LEVEL_ERROR then "error"
+      when LEVEL_INFO  then "info"
+      else level
+      end
+    end
+    private_class_method :level_name
+    # TODO: Make these named required arguments when we drop support for Ruby
+    # 2.0.
+    def self.log_internal(message, data = {}, color: nil, level: nil,
+                          logger: nil, out: nil)
+      data_str = data.reject { |_k, v| v.nil? }
+                     .map do |(k, v)|
+        format("%<key>s=%<value>s",
+               key: colorize(k, color, logger.nil? && !out.nil? && out.isatty),
+               value: wrap_logfmt_value(v))
+      end.join(" ")
+      if !logger.nil?
+        # the library's log levels are mapped to the same values as the
+        # standard library's logger
+        logger.log(level,
+                   format("message=%<message>s %<data_str>s",
+                          message: wrap_logfmt_value(message),
+                          data_str: data_str))
+      elsif out.isatty
+        out.puts format("%<level>s %<message>s %<data_str>s",
+                        level: colorize(level_name(level)[0, 4].upcase,
+                                        color, out.isatty),
+                        message: message,
+                        data_str: data_str)
+      else
+        out.puts format("message=%<message>s level=%<level>s %<data_str>s",
+                        message: wrap_logfmt_value(message),
+                        level: level_name(level),
+                        data_str: data_str)
+      end
+    end
+    private_class_method :log_internal
+    # Wraps a value in double quotes if it looks sufficiently complex so that
+    # it can be read by logfmt parsers.
+    def self.wrap_logfmt_value(val)
+      # If value is any kind of number, just allow it to be formatted directly
+      # to a string (this will handle integers or floats).
+      return val if val.is_a?(Numeric)
+      # Hopefully val is a string, but protect in case it's not.
+      val = val.to_s
+      if %r{[^\w\-/]} =~ val
+        # If the string contains any special characters, escape any double
+        # quotes it has, remove newlines, and wrap the whole thing in quotes.
+        format(%("%<value>s"), value: val.gsub('"', '\"').delete("\n"))
+      else
+        # Otherwise use the basic value if it looks like a standard set of
+        # characters (and allow a few special characters like hyphens, and
+        # slashes)
+        val
+      end
+    end
+    private_class_method :wrap_logfmt_value
+  end
+end

data/lib/stripe/version.rb ADDED

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+module Stripe
+  VERSION = "4.21.3".freeze
+end

data/lib/stripe/webhook.rb ADDED

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+module Stripe
+  module Webhook
+    DEFAULT_TOLERANCE = 300
+    # Initializes an Event object from a JSON payload.
+    #
+    # This may raise JSON::ParserError if the payload is not valid JSON, or
+    # SignatureVerificationError if the signature verification fails.
+    def self.construct_event(payload, sig_header, secret,
+                             tolerance: DEFAULT_TOLERANCE)
+      Signature.verify_header(payload, sig_header, secret, tolerance: tolerance)
+      # It's a good idea to parse the payload only after verifying it. We use
+      # `symbolize_names` so it would otherwise be technically possible to
+      # flood a target's memory if they were on an older version of Ruby that
+      # doesn't GC symbols. It also decreases the likelihood that we receive a
+      # bad payload that fails to parse and throws an exception.
+      data = JSON.parse(payload, symbolize_names: true)
+      Event.construct_from(data)
+    end
+    module Signature
+      EXPECTED_SCHEME = "v1".freeze
+      def self.compute_signature(payload, secret)
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), secret, payload)
+      end
+      private_class_method :compute_signature
+      # Extracts the timestamp and the signature(s) with the desired scheme
+      # from the header
+      def self.get_timestamp_and_signatures(header, scheme)
+        list_items = header.split(/,\s*/).map { |i| i.split("=", 2) }
+        timestamp = Integer(list_items.select { |i| i[0] == "t" }[0][1])
+        signatures = list_items.select { |i| i[0] == scheme }.map { |i| i[1] }
+        [timestamp, signatures]
+      end
+      private_class_method :get_timestamp_and_signatures
+      # Verifies the signature header for a given payload.
+      #
+      # Raises a SignatureVerificationError in the following cases:
+      # - the header does not match the expected format
+      # - no signatures found with the expected scheme
+      # - no signatures matching the expected signature
+      # - a tolerance is provided and the timestamp is not within the
+      #   tolerance
+      #
+      # Returns true otherwise
+      def self.verify_header(payload, header, secret, tolerance: nil)
+        begin
+          timestamp, signatures =
+            get_timestamp_and_signatures(header, EXPECTED_SCHEME)
+        rescue StandardError
+          raise SignatureVerificationError.new(
+            "Unable to extract timestamp and signatures from header",
+            header, http_body: payload
+          )
+        end
+        if signatures.empty?
+          raise SignatureVerificationError.new(
+            "No signatures found with expected scheme #{EXPECTED_SCHEME}",
+            header, http_body: payload
+          )
+        end
+        signed_payload = "#{timestamp}.#{payload}"
+        expected_sig = compute_signature(signed_payload, secret)
+        unless signatures.any? { |s| Util.secure_compare(expected_sig, s) }
+          raise SignatureVerificationError.new(
+            "No signatures found matching the expected signature for payload",
+            header, http_body: payload
+          )
+        end
+        if tolerance && timestamp < Time.now.to_f - tolerance
+          raise SignatureVerificationError.new(
+            "Timestamp outside the tolerance zone (#{Time.at(timestamp)})",
+            header, http_body: payload
+          )
+        end
+        true
+      end
+    end
+  end
+end