bongloy 4.21.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.circleci/config.yml +76 -0
- data/.editorconfig +10 -0
- data/.gitattributes +4 -0
- data/.github/ISSUE_TEMPLATE.md +5 -0
- data/.github/README.md +79 -0
- data/.github/pull.yml +5 -0
- data/.gitignore +8 -0
- data/.rubocop.yml +43 -0
- data/.rubocop_todo.yml +38 -0
- data/.travis.yml +43 -0
- data/.vscode/extensions.json +7 -0
- data/.vscode/settings.json +8 -0
- data/CHANGELOG.md +770 -0
- data/CONTRIBUTORS +3 -0
- data/Gemfile +39 -0
- data/History.txt +1 -0
- data/LICENSE +21 -0
- data/README.md +282 -0
- data/Rakefile +36 -0
- data/VERSION +1 -0
- data/bin/stripe-console +16 -0
- data/bongloy.gemspec +37 -0
- data/lib/bongloy.rb +7 -0
- data/lib/data/ca-certificates.crt +4043 -0
- data/lib/stripe.rb +208 -0
- data/lib/stripe/api_operations/create.rb +12 -0
- data/lib/stripe/api_operations/delete.rb +35 -0
- data/lib/stripe/api_operations/list.rb +30 -0
- data/lib/stripe/api_operations/nested_resource.rb +70 -0
- data/lib/stripe/api_operations/request.rb +53 -0
- data/lib/stripe/api_operations/save.rb +94 -0
- data/lib/stripe/api_resource.rb +107 -0
- data/lib/stripe/errors.rb +156 -0
- data/lib/stripe/list_object.rb +110 -0
- data/lib/stripe/oauth.rb +63 -0
- data/lib/stripe/object_types.rb +98 -0
- data/lib/stripe/resources.rb +79 -0
- data/lib/stripe/resources/account.rb +174 -0
- data/lib/stripe/resources/account_link.rb +9 -0
- data/lib/stripe/resources/alipay_account.rb +34 -0
- data/lib/stripe/resources/apple_pay_domain.rb +16 -0
- data/lib/stripe/resources/application_fee.rb +24 -0
- data/lib/stripe/resources/application_fee_refund.rb +30 -0
- data/lib/stripe/resources/balance.rb +7 -0
- data/lib/stripe/resources/balance_transaction.rb +13 -0
- data/lib/stripe/resources/bank_account.rb +42 -0
- data/lib/stripe/resources/bitcoin_receiver.rb +23 -0
- data/lib/stripe/resources/bitcoin_transaction.rb +15 -0
- data/lib/stripe/resources/capability.rb +33 -0
- data/lib/stripe/resources/card.rb +37 -0
- data/lib/stripe/resources/charge.rb +84 -0
- data/lib/stripe/resources/checkout/session.rb +11 -0
- data/lib/stripe/resources/country_spec.rb +9 -0
- data/lib/stripe/resources/coupon.rb +12 -0
- data/lib/stripe/resources/credit_note.rb +18 -0
- data/lib/stripe/resources/customer.rb +95 -0
- data/lib/stripe/resources/customer_balance_transaction.rb +30 -0
- data/lib/stripe/resources/discount.rb +7 -0
- data/lib/stripe/resources/dispute.rb +23 -0
- data/lib/stripe/resources/ephemeral_key.rb +19 -0
- data/lib/stripe/resources/event.rb +9 -0
- data/lib/stripe/resources/exchange_rate.rb +9 -0
- data/lib/stripe/resources/file.rb +44 -0
- data/lib/stripe/resources/file_link.rb +11 -0
- data/lib/stripe/resources/invoice.rb +48 -0
- data/lib/stripe/resources/invoice_item.rb +12 -0
- data/lib/stripe/resources/invoice_line_item.rb +7 -0
- data/lib/stripe/resources/issuer_fraud_record.rb +9 -0
- data/lib/stripe/resources/issuing/authorization.rb +25 -0
- data/lib/stripe/resources/issuing/card.rb +20 -0
- data/lib/stripe/resources/issuing/card_details.rb +9 -0
- data/lib/stripe/resources/issuing/cardholder.rb +13 -0
- data/lib/stripe/resources/issuing/dispute.rb +13 -0
- data/lib/stripe/resources/issuing/transaction.rb +12 -0
- data/lib/stripe/resources/login_link.rb +14 -0
- data/lib/stripe/resources/order.rb +32 -0
- data/lib/stripe/resources/order_return.rb +9 -0
- data/lib/stripe/resources/payment_intent.rb +30 -0
- data/lib/stripe/resources/payment_method.rb +24 -0
- data/lib/stripe/resources/payout.rb +24 -0
- data/lib/stripe/resources/person.rb +31 -0
- data/lib/stripe/resources/plan.rb +12 -0
- data/lib/stripe/resources/product.rb +12 -0
- data/lib/stripe/resources/radar/early_fraud_warning.rb +11 -0
- data/lib/stripe/resources/radar/value_list.rb +14 -0
- data/lib/stripe/resources/radar/value_list_item.rb +13 -0
- data/lib/stripe/resources/recipient.rb +17 -0
- data/lib/stripe/resources/recipient_transfer.rb +7 -0
- data/lib/stripe/resources/refund.rb +11 -0
- data/lib/stripe/resources/reporting/report_run.rb +12 -0
- data/lib/stripe/resources/reporting/report_type.rb +12 -0
- data/lib/stripe/resources/reversal.rb +29 -0
- data/lib/stripe/resources/review.rb +16 -0
- data/lib/stripe/resources/setup_intent.rb +24 -0
- data/lib/stripe/resources/sigma/scheduled_query_run.rb +15 -0
- data/lib/stripe/resources/sku.rb +12 -0
- data/lib/stripe/resources/source.rb +42 -0
- data/lib/stripe/resources/source_transaction.rb +7 -0
- data/lib/stripe/resources/subscription.rb +25 -0
- data/lib/stripe/resources/subscription_item.rb +17 -0
- data/lib/stripe/resources/subscription_schedule.rb +32 -0
- data/lib/stripe/resources/subscription_schedule_revision.rb +34 -0
- data/lib/stripe/resources/tax_id.rb +26 -0
- data/lib/stripe/resources/tax_rate.rb +11 -0
- data/lib/stripe/resources/terminal/connection_token.rb +11 -0
- data/lib/stripe/resources/terminal/location.rb +14 -0
- data/lib/stripe/resources/terminal/reader.rb +14 -0
- data/lib/stripe/resources/three_d_secure.rb +13 -0
- data/lib/stripe/resources/token.rb +9 -0
- data/lib/stripe/resources/topup.rb +18 -0
- data/lib/stripe/resources/transfer.rb +27 -0
- data/lib/stripe/resources/usage_record.rb +23 -0
- data/lib/stripe/resources/usage_record_summary.rb +7 -0
- data/lib/stripe/resources/webhook_endpoint.rb +12 -0
- data/lib/stripe/singleton_api_resource.rb +26 -0
- data/lib/stripe/stripe_client.rb +686 -0
- data/lib/stripe/stripe_object.rb +583 -0
- data/lib/stripe/stripe_response.rb +50 -0
- data/lib/stripe/util.rb +336 -0
- data/lib/stripe/version.rb +5 -0
- data/lib/stripe/webhook.rb +90 -0
- data/stripe.gemspec +37 -0
- data/test/api_stub_helpers.rb +1 -0
- data/test/openapi/README.md +9 -0
- data/test/stripe/account_link_test.rb +18 -0
- data/test/stripe/account_test.rb +428 -0
- data/test/stripe/alipay_account_test.rb +37 -0
- data/test/stripe/api_operations_test.rb +80 -0
- data/test/stripe/api_resource_test.rb +544 -0
- data/test/stripe/apple_pay_domain_test.rb +46 -0
- data/test/stripe/application_fee_refund_test.rb +37 -0
- data/test/stripe/application_fee_test.rb +58 -0
- data/test/stripe/balance_test.rb +13 -0
- data/test/stripe/bank_account_test.rb +36 -0
- data/test/stripe/capability_test.rb +45 -0
- data/test/stripe/charge_test.rb +80 -0
- data/test/stripe/checkout/session_test.rb +41 -0
- data/test/stripe/country_spec_test.rb +20 -0
- data/test/stripe/coupon_test.rb +61 -0
- data/test/stripe/credit_note_test.rb +61 -0
- data/test/stripe/customer_balance_transaction_test.rb +37 -0
- data/test/stripe/customer_card_test.rb +42 -0
- data/test/stripe/customer_test.rb +269 -0
- data/test/stripe/dispute_test.rb +51 -0
- data/test/stripe/ephemeral_key_test.rb +93 -0
- data/test/stripe/errors_test.rb +20 -0
- data/test/stripe/exchange_rate_test.rb +20 -0
- data/test/stripe/file_link_test.rb +41 -0
- data/test/stripe/file_test.rb +97 -0
- data/test/stripe/file_upload_test.rb +79 -0
- data/test/stripe/invoice_item_test.rb +66 -0
- data/test/stripe/invoice_line_item_test.rb +8 -0
- data/test/stripe/invoice_test.rb +213 -0
- data/test/stripe/issuer_fraud_record_test.rb +20 -0
- data/test/stripe/issuing/authorization_test.rb +72 -0
- data/test/stripe/issuing/card_test.rb +62 -0
- data/test/stripe/issuing/cardholder_test.rb +53 -0
- data/test/stripe/issuing/dispute_test.rb +45 -0
- data/test/stripe/issuing/transaction_test.rb +48 -0
- data/test/stripe/list_object_test.rb +156 -0
- data/test/stripe/login_link_test.rb +37 -0
- data/test/stripe/oauth_test.rb +88 -0
- data/test/stripe/order_return_test.rb +21 -0
- data/test/stripe/order_test.rb +82 -0
- data/test/stripe/payment_intent_test.rb +107 -0
- data/test/stripe/payment_method_test.rb +84 -0
- data/test/stripe/payout_test.rb +57 -0
- data/test/stripe/person_test.rb +46 -0
- data/test/stripe/plan_test.rb +98 -0
- data/test/stripe/product_test.rb +59 -0
- data/test/stripe/radar/early_fraud_warning_test.rb +22 -0
- data/test/stripe/radar/value_list_item_test.rb +48 -0
- data/test/stripe/radar/value_list_test.rb +61 -0
- data/test/stripe/recipient_test.rb +62 -0
- data/test/stripe/refund_test.rb +39 -0
- data/test/stripe/reporting/report_run_test.rb +33 -0
- data/test/stripe/reporting/report_type_test.rb +22 -0
- data/test/stripe/reversal_test.rb +43 -0
- data/test/stripe/review_test.rb +27 -0
- data/test/stripe/setup_intent_test.rb +84 -0
- data/test/stripe/sigma/scheduled_query_run_test.rb +22 -0
- data/test/stripe/sku_test.rb +60 -0
- data/test/stripe/source_test.rb +99 -0
- data/test/stripe/source_transaction_test.rb +19 -0
- data/test/stripe/stripe_client_test.rb +842 -0
- data/test/stripe/stripe_object_test.rb +525 -0
- data/test/stripe/stripe_response_test.rb +49 -0
- data/test/stripe/subscription_item_test.rb +63 -0
- data/test/stripe/subscription_schedule_revision_test.rb +37 -0
- data/test/stripe/subscription_schedule_test.rb +116 -0
- data/test/stripe/subscription_test.rb +80 -0
- data/test/stripe/tax_id_test.rb +31 -0
- data/test/stripe/tax_rate_test.rb +43 -0
- data/test/stripe/terminal/connection_token_test.rb +16 -0
- data/test/stripe/terminal/location_test.rb +68 -0
- data/test/stripe/terminal/reader_test.rb +62 -0
- data/test/stripe/three_d_secure_test.rb +23 -0
- data/test/stripe/topup_test.rb +62 -0
- data/test/stripe/transfer_test.rb +88 -0
- data/test/stripe/usage_record_summary_test.rb +19 -0
- data/test/stripe/usage_record_test.rb +28 -0
- data/test/stripe/util_test.rb +402 -0
- data/test/stripe/webhook_endpoint_test.rb +59 -0
- data/test/stripe/webhook_test.rb +96 -0
- data/test/stripe_mock.rb +77 -0
- data/test/stripe_test.rb +63 -0
- data/test/test_data.rb +61 -0
- data/test/test_helper.rb +71 -0
- metadata +372 -0
@@ -0,0 +1,50 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Stripe
|
4
|
+
# StripeResponse encapsulates some vitals of a response that came back from
|
5
|
+
# the Stripe API.
|
6
|
+
class StripeResponse
|
7
|
+
# The data contained by the HTTP body of the response deserialized from
|
8
|
+
# JSON.
|
9
|
+
attr_accessor :data
|
10
|
+
|
11
|
+
# The raw HTTP body of the response.
|
12
|
+
attr_accessor :http_body
|
13
|
+
|
14
|
+
# A Hash of the HTTP headers of the response.
|
15
|
+
attr_accessor :http_headers
|
16
|
+
|
17
|
+
# The integer HTTP status code of the response.
|
18
|
+
attr_accessor :http_status
|
19
|
+
|
20
|
+
# The Stripe request ID of the response.
|
21
|
+
attr_accessor :request_id
|
22
|
+
|
23
|
+
# Initializes a StripeResponse object from a Hash like the kind returned as
|
24
|
+
# part of a Faraday exception.
|
25
|
+
#
|
26
|
+
# This may throw JSON::ParserError if the response body is not valid JSON.
|
27
|
+
def self.from_faraday_hash(http_resp)
|
28
|
+
resp = StripeResponse.new
|
29
|
+
resp.data = JSON.parse(http_resp[:body], symbolize_names: true)
|
30
|
+
resp.http_body = http_resp[:body]
|
31
|
+
resp.http_headers = http_resp[:headers]
|
32
|
+
resp.http_status = http_resp[:status]
|
33
|
+
resp.request_id = http_resp[:headers]["Request-Id"]
|
34
|
+
resp
|
35
|
+
end
|
36
|
+
|
37
|
+
# Initializes a StripeResponse object from a Faraday HTTP response object.
|
38
|
+
#
|
39
|
+
# This may throw JSON::ParserError if the response body is not valid JSON.
|
40
|
+
def self.from_faraday_response(http_resp)
|
41
|
+
resp = StripeResponse.new
|
42
|
+
resp.data = JSON.parse(http_resp.body, symbolize_names: true)
|
43
|
+
resp.http_body = http_resp.body
|
44
|
+
resp.http_headers = http_resp.headers
|
45
|
+
resp.http_status = http_resp.status
|
46
|
+
resp.request_id = http_resp.headers["Request-Id"]
|
47
|
+
resp
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
data/lib/stripe/util.rb
ADDED
@@ -0,0 +1,336 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "cgi"
|
4
|
+
|
5
|
+
module Stripe
|
6
|
+
module Util
|
7
|
+
# Options that a user is allowed to specify.
|
8
|
+
OPTS_USER_SPECIFIED = Set[
|
9
|
+
:api_key,
|
10
|
+
:idempotency_key,
|
11
|
+
:stripe_account,
|
12
|
+
:stripe_version
|
13
|
+
].freeze
|
14
|
+
|
15
|
+
# Options that should be copyable from one StripeObject to another
|
16
|
+
# including options that may be internal.
|
17
|
+
OPTS_COPYABLE = (
|
18
|
+
OPTS_USER_SPECIFIED + Set[:api_base]
|
19
|
+
).freeze
|
20
|
+
|
21
|
+
# Options that should be persisted between API requests. This includes
|
22
|
+
# client, which is an object containing an HTTP client to reuse.
|
23
|
+
OPTS_PERSISTABLE = (
|
24
|
+
OPTS_USER_SPECIFIED + Set[:client] - Set[:idempotency_key]
|
25
|
+
).freeze
|
26
|
+
|
27
|
+
def self.objects_to_ids(obj)
|
28
|
+
case obj
|
29
|
+
when APIResource
|
30
|
+
obj.id
|
31
|
+
when Hash
|
32
|
+
res = {}
|
33
|
+
obj.each { |k, v| res[k] = objects_to_ids(v) unless v.nil? }
|
34
|
+
res
|
35
|
+
when Array
|
36
|
+
obj.map { |v| objects_to_ids(v) }
|
37
|
+
else
|
38
|
+
obj
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def self.object_classes
|
43
|
+
@object_classes ||= Stripe::ObjectTypes.object_names_to_classes
|
44
|
+
end
|
45
|
+
|
46
|
+
# Converts a hash of fields or an array of hashes into a +StripeObject+ or
|
47
|
+
# array of +StripeObject+s. These new objects will be created as a concrete
|
48
|
+
# type as dictated by their `object` field (e.g. an `object` value of
|
49
|
+
# `charge` would create an instance of +Charge+), but if `object` is not
|
50
|
+
# present or of an unknown type, the newly created instance will fall back
|
51
|
+
# to being a +StripeObject+.
|
52
|
+
#
|
53
|
+
# ==== Attributes
|
54
|
+
#
|
55
|
+
# * +data+ - Hash of fields and values to be converted into a StripeObject.
|
56
|
+
# * +opts+ - Options for +StripeObject+ like an API key that will be reused
|
57
|
+
# on subsequent API calls.
|
58
|
+
def self.convert_to_stripe_object(data, opts = {})
|
59
|
+
opts = normalize_opts(opts)
|
60
|
+
|
61
|
+
case data
|
62
|
+
when Array
|
63
|
+
data.map { |i| convert_to_stripe_object(i, opts) }
|
64
|
+
when Hash
|
65
|
+
# Try converting to a known object class. If none available, fall back
|
66
|
+
# to generic StripeObject
|
67
|
+
object_classes.fetch(data[:object], StripeObject)
|
68
|
+
.construct_from(data, opts)
|
69
|
+
else
|
70
|
+
data
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def self.log_error(message, data = {})
|
75
|
+
if !Stripe.logger.nil? ||
|
76
|
+
!Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_ERROR
|
77
|
+
log_internal(message, data, color: :cyan, level: Stripe::LEVEL_ERROR,
|
78
|
+
logger: Stripe.logger, out: $stderr)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
def self.log_info(message, data = {})
|
83
|
+
if !Stripe.logger.nil? ||
|
84
|
+
!Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_INFO
|
85
|
+
log_internal(message, data, color: :cyan, level: Stripe::LEVEL_INFO,
|
86
|
+
logger: Stripe.logger, out: $stdout)
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
def self.log_debug(message, data = {})
|
91
|
+
if !Stripe.logger.nil? ||
|
92
|
+
!Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_DEBUG
|
93
|
+
log_internal(message, data, color: :blue, level: Stripe::LEVEL_DEBUG,
|
94
|
+
logger: Stripe.logger, out: $stdout)
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
def self.symbolize_names(object)
|
99
|
+
case object
|
100
|
+
when Hash
|
101
|
+
new_hash = {}
|
102
|
+
object.each do |key, value|
|
103
|
+
key = (begin
|
104
|
+
key.to_sym
|
105
|
+
rescue StandardError
|
106
|
+
key
|
107
|
+
end) || key
|
108
|
+
new_hash[key] = symbolize_names(value)
|
109
|
+
end
|
110
|
+
new_hash
|
111
|
+
when Array
|
112
|
+
object.map { |value| symbolize_names(value) }
|
113
|
+
else
|
114
|
+
object
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
# Encodes a hash of parameters in a way that's suitable for use as query
|
119
|
+
# parameters in a URI or as form parameters in a request body. This mainly
|
120
|
+
# involves escaping special characters from parameter keys and values (e.g.
|
121
|
+
# `&`).
|
122
|
+
def self.encode_parameters(params)
|
123
|
+
Util.flatten_params(params)
|
124
|
+
.map { |k, v| "#{url_encode(k)}=#{url_encode(v)}" }.join("&")
|
125
|
+
end
|
126
|
+
|
127
|
+
# Encodes a string in a way that makes it suitable for use in a set of
|
128
|
+
# query parameters in a URI or in a set of form parameters in a request
|
129
|
+
# body.
|
130
|
+
def self.url_encode(key)
|
131
|
+
CGI.escape(key.to_s).
|
132
|
+
# Don't use strict form encoding by changing the square bracket control
|
133
|
+
# characters back to their literals. This is fine by the server, and
|
134
|
+
# makes these parameter strings easier to read.
|
135
|
+
gsub("%5B", "[").gsub("%5D", "]")
|
136
|
+
end
|
137
|
+
|
138
|
+
def self.flatten_params(params, parent_key = nil)
|
139
|
+
result = []
|
140
|
+
|
141
|
+
# do not sort the final output because arrays (and arrays of hashes
|
142
|
+
# especially) can be order sensitive, but do sort incoming parameters
|
143
|
+
params.each do |key, value|
|
144
|
+
calculated_key = parent_key ? "#{parent_key}[#{key}]" : key.to_s
|
145
|
+
if value.is_a?(Hash)
|
146
|
+
result += flatten_params(value, calculated_key)
|
147
|
+
elsif value.is_a?(Array)
|
148
|
+
result += flatten_params_array(value, calculated_key)
|
149
|
+
else
|
150
|
+
result << [calculated_key, value]
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
result
|
155
|
+
end
|
156
|
+
|
157
|
+
def self.flatten_params_array(value, calculated_key)
|
158
|
+
result = []
|
159
|
+
value.each_with_index do |elem, i|
|
160
|
+
if elem.is_a?(Hash)
|
161
|
+
result += flatten_params(elem, "#{calculated_key}[#{i}]")
|
162
|
+
elsif elem.is_a?(Array)
|
163
|
+
result += flatten_params_array(elem, calculated_key)
|
164
|
+
else
|
165
|
+
result << ["#{calculated_key}[#{i}]", elem]
|
166
|
+
end
|
167
|
+
end
|
168
|
+
result
|
169
|
+
end
|
170
|
+
|
171
|
+
def self.normalize_id(id)
|
172
|
+
if id.is_a?(Hash) # overloaded id
|
173
|
+
params_hash = id.dup
|
174
|
+
id = params_hash.delete(:id)
|
175
|
+
else
|
176
|
+
params_hash = {}
|
177
|
+
end
|
178
|
+
[id, params_hash]
|
179
|
+
end
|
180
|
+
|
181
|
+
# The secondary opts argument can either be a string or hash
|
182
|
+
# Turn this value into an api_key and a set of headers
|
183
|
+
def self.normalize_opts(opts)
|
184
|
+
case opts
|
185
|
+
when String
|
186
|
+
{ api_key: opts }
|
187
|
+
when Hash
|
188
|
+
check_api_key!(opts.fetch(:api_key)) if opts.key?(:api_key)
|
189
|
+
opts.clone
|
190
|
+
else
|
191
|
+
raise TypeError, "normalize_opts expects a string or a hash"
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
def self.check_string_argument!(key)
|
196
|
+
raise TypeError, "argument must be a string" unless key.is_a?(String)
|
197
|
+
key
|
198
|
+
end
|
199
|
+
|
200
|
+
def self.check_api_key!(key)
|
201
|
+
raise TypeError, "api_key must be a string" unless key.is_a?(String)
|
202
|
+
key
|
203
|
+
end
|
204
|
+
|
205
|
+
# Normalizes header keys so that they're all lower case and each
|
206
|
+
# hyphen-delimited section starts with a single capitalized letter. For
|
207
|
+
# example, `request-id` becomes `Request-Id`. This is useful for extracting
|
208
|
+
# certain key values when the user could have set them with a variety of
|
209
|
+
# diffent naming schemes.
|
210
|
+
def self.normalize_headers(headers)
|
211
|
+
headers.each_with_object({}) do |(k, v), new_headers|
|
212
|
+
k = k.to_s.tr("_", "-") if k.is_a?(Symbol)
|
213
|
+
k = k.split("-").reject(&:empty?).map(&:capitalize).join("-")
|
214
|
+
|
215
|
+
new_headers[k] = v
|
216
|
+
end
|
217
|
+
end
|
218
|
+
|
219
|
+
# Generates a Dashboard link to inspect a request ID based off of a request
|
220
|
+
# ID value and an API key, which is used to attempt to extract whether the
|
221
|
+
# environment is livemode or testmode.
|
222
|
+
def self.request_id_dashboard_url(request_id, api_key)
|
223
|
+
env = !api_key.nil? && api_key.start_with?("sk_live") ? "live" : "test"
|
224
|
+
"https://dashboard.stripe.com/#{env}/logs/#{request_id}"
|
225
|
+
end
|
226
|
+
|
227
|
+
# Constant time string comparison to prevent timing attacks
|
228
|
+
# Code borrowed from ActiveSupport
|
229
|
+
def self.secure_compare(str_a, str_b)
|
230
|
+
return false unless str_a.bytesize == str_b.bytesize
|
231
|
+
|
232
|
+
l = str_a.unpack "C#{str_a.bytesize}"
|
233
|
+
|
234
|
+
res = 0
|
235
|
+
str_b.each_byte { |byte| res |= byte ^ l.shift }
|
236
|
+
res.zero?
|
237
|
+
end
|
238
|
+
|
239
|
+
#
|
240
|
+
# private
|
241
|
+
#
|
242
|
+
|
243
|
+
COLOR_CODES = {
|
244
|
+
black: 0, light_black: 60,
|
245
|
+
red: 1, light_red: 61,
|
246
|
+
green: 2, light_green: 62,
|
247
|
+
yellow: 3, light_yellow: 63,
|
248
|
+
blue: 4, light_blue: 64,
|
249
|
+
magenta: 5, light_magenta: 65,
|
250
|
+
cyan: 6, light_cyan: 66,
|
251
|
+
white: 7, light_white: 67,
|
252
|
+
default: 9,
|
253
|
+
}.freeze
|
254
|
+
private_constant :COLOR_CODES
|
255
|
+
|
256
|
+
# Uses an ANSI escape code to colorize text if it's going to be sent to a
|
257
|
+
# TTY.
|
258
|
+
def self.colorize(val, color, isatty)
|
259
|
+
return val unless isatty
|
260
|
+
|
261
|
+
mode = 0 # default
|
262
|
+
foreground = 30 + COLOR_CODES.fetch(color)
|
263
|
+
background = 40 + COLOR_CODES.fetch(:default)
|
264
|
+
|
265
|
+
"\033[#{mode};#{foreground};#{background}m#{val}\033[0m"
|
266
|
+
end
|
267
|
+
private_class_method :colorize
|
268
|
+
|
269
|
+
# Turns an integer log level into a printable name.
|
270
|
+
def self.level_name(level)
|
271
|
+
case level
|
272
|
+
when LEVEL_DEBUG then "debug"
|
273
|
+
when LEVEL_ERROR then "error"
|
274
|
+
when LEVEL_INFO then "info"
|
275
|
+
else level
|
276
|
+
end
|
277
|
+
end
|
278
|
+
private_class_method :level_name
|
279
|
+
|
280
|
+
# TODO: Make these named required arguments when we drop support for Ruby
|
281
|
+
# 2.0.
|
282
|
+
def self.log_internal(message, data = {}, color: nil, level: nil,
|
283
|
+
logger: nil, out: nil)
|
284
|
+
data_str = data.reject { |_k, v| v.nil? }
|
285
|
+
.map do |(k, v)|
|
286
|
+
format("%<key>s=%<value>s",
|
287
|
+
key: colorize(k, color, logger.nil? && !out.nil? && out.isatty),
|
288
|
+
value: wrap_logfmt_value(v))
|
289
|
+
end.join(" ")
|
290
|
+
|
291
|
+
if !logger.nil?
|
292
|
+
# the library's log levels are mapped to the same values as the
|
293
|
+
# standard library's logger
|
294
|
+
logger.log(level,
|
295
|
+
format("message=%<message>s %<data_str>s",
|
296
|
+
message: wrap_logfmt_value(message),
|
297
|
+
data_str: data_str))
|
298
|
+
elsif out.isatty
|
299
|
+
out.puts format("%<level>s %<message>s %<data_str>s",
|
300
|
+
level: colorize(level_name(level)[0, 4].upcase,
|
301
|
+
color, out.isatty),
|
302
|
+
message: message,
|
303
|
+
data_str: data_str)
|
304
|
+
else
|
305
|
+
out.puts format("message=%<message>s level=%<level>s %<data_str>s",
|
306
|
+
message: wrap_logfmt_value(message),
|
307
|
+
level: level_name(level),
|
308
|
+
data_str: data_str)
|
309
|
+
end
|
310
|
+
end
|
311
|
+
private_class_method :log_internal
|
312
|
+
|
313
|
+
# Wraps a value in double quotes if it looks sufficiently complex so that
|
314
|
+
# it can be read by logfmt parsers.
|
315
|
+
def self.wrap_logfmt_value(val)
|
316
|
+
# If value is any kind of number, just allow it to be formatted directly
|
317
|
+
# to a string (this will handle integers or floats).
|
318
|
+
return val if val.is_a?(Numeric)
|
319
|
+
|
320
|
+
# Hopefully val is a string, but protect in case it's not.
|
321
|
+
val = val.to_s
|
322
|
+
|
323
|
+
if %r{[^\w\-/]} =~ val
|
324
|
+
# If the string contains any special characters, escape any double
|
325
|
+
# quotes it has, remove newlines, and wrap the whole thing in quotes.
|
326
|
+
format(%("%<value>s"), value: val.gsub('"', '\"').delete("\n"))
|
327
|
+
else
|
328
|
+
# Otherwise use the basic value if it looks like a standard set of
|
329
|
+
# characters (and allow a few special characters like hyphens, and
|
330
|
+
# slashes)
|
331
|
+
val
|
332
|
+
end
|
333
|
+
end
|
334
|
+
private_class_method :wrap_logfmt_value
|
335
|
+
end
|
336
|
+
end
|
@@ -0,0 +1,90 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Stripe
|
4
|
+
module Webhook
|
5
|
+
DEFAULT_TOLERANCE = 300
|
6
|
+
|
7
|
+
# Initializes an Event object from a JSON payload.
|
8
|
+
#
|
9
|
+
# This may raise JSON::ParserError if the payload is not valid JSON, or
|
10
|
+
# SignatureVerificationError if the signature verification fails.
|
11
|
+
def self.construct_event(payload, sig_header, secret,
|
12
|
+
tolerance: DEFAULT_TOLERANCE)
|
13
|
+
Signature.verify_header(payload, sig_header, secret, tolerance: tolerance)
|
14
|
+
|
15
|
+
# It's a good idea to parse the payload only after verifying it. We use
|
16
|
+
# `symbolize_names` so it would otherwise be technically possible to
|
17
|
+
# flood a target's memory if they were on an older version of Ruby that
|
18
|
+
# doesn't GC symbols. It also decreases the likelihood that we receive a
|
19
|
+
# bad payload that fails to parse and throws an exception.
|
20
|
+
data = JSON.parse(payload, symbolize_names: true)
|
21
|
+
Event.construct_from(data)
|
22
|
+
end
|
23
|
+
|
24
|
+
module Signature
|
25
|
+
EXPECTED_SCHEME = "v1".freeze
|
26
|
+
|
27
|
+
def self.compute_signature(payload, secret)
|
28
|
+
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), secret, payload)
|
29
|
+
end
|
30
|
+
private_class_method :compute_signature
|
31
|
+
|
32
|
+
# Extracts the timestamp and the signature(s) with the desired scheme
|
33
|
+
# from the header
|
34
|
+
def self.get_timestamp_and_signatures(header, scheme)
|
35
|
+
list_items = header.split(/,\s*/).map { |i| i.split("=", 2) }
|
36
|
+
timestamp = Integer(list_items.select { |i| i[0] == "t" }[0][1])
|
37
|
+
signatures = list_items.select { |i| i[0] == scheme }.map { |i| i[1] }
|
38
|
+
[timestamp, signatures]
|
39
|
+
end
|
40
|
+
private_class_method :get_timestamp_and_signatures
|
41
|
+
|
42
|
+
# Verifies the signature header for a given payload.
|
43
|
+
#
|
44
|
+
# Raises a SignatureVerificationError in the following cases:
|
45
|
+
# - the header does not match the expected format
|
46
|
+
# - no signatures found with the expected scheme
|
47
|
+
# - no signatures matching the expected signature
|
48
|
+
# - a tolerance is provided and the timestamp is not within the
|
49
|
+
# tolerance
|
50
|
+
#
|
51
|
+
# Returns true otherwise
|
52
|
+
def self.verify_header(payload, header, secret, tolerance: nil)
|
53
|
+
begin
|
54
|
+
timestamp, signatures =
|
55
|
+
get_timestamp_and_signatures(header, EXPECTED_SCHEME)
|
56
|
+
rescue StandardError
|
57
|
+
raise SignatureVerificationError.new(
|
58
|
+
"Unable to extract timestamp and signatures from header",
|
59
|
+
header, http_body: payload
|
60
|
+
)
|
61
|
+
end
|
62
|
+
|
63
|
+
if signatures.empty?
|
64
|
+
raise SignatureVerificationError.new(
|
65
|
+
"No signatures found with expected scheme #{EXPECTED_SCHEME}",
|
66
|
+
header, http_body: payload
|
67
|
+
)
|
68
|
+
end
|
69
|
+
|
70
|
+
signed_payload = "#{timestamp}.#{payload}"
|
71
|
+
expected_sig = compute_signature(signed_payload, secret)
|
72
|
+
unless signatures.any? { |s| Util.secure_compare(expected_sig, s) }
|
73
|
+
raise SignatureVerificationError.new(
|
74
|
+
"No signatures found matching the expected signature for payload",
|
75
|
+
header, http_body: payload
|
76
|
+
)
|
77
|
+
end
|
78
|
+
|
79
|
+
if tolerance && timestamp < Time.now.to_f - tolerance
|
80
|
+
raise SignatureVerificationError.new(
|
81
|
+
"Timestamp outside the tolerance zone (#{Time.at(timestamp)})",
|
82
|
+
header, http_body: payload
|
83
|
+
)
|
84
|
+
end
|
85
|
+
|
86
|
+
true
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|