button 1.1.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,15 @@
 ---
-SHA1:
-  metadata.gz: 554dc2147f47d860cca675f697009f591eaf9e05
-  data.tar.gz: eb9318d22215c7063b8d058c06a0bef8d8e656d4
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    Mjg5ZThjM2ExMjhiYmFiNjU1MTZhMzViYTIzY2NlYTNiNzc4NGM1ZQ==
+  data.tar.gz: !binary |-
+    ODBkYTM3Nzc4ZjdiODU2MDEwZWJiN2FkZTg3NTRkOTJhZTU3NGMxOQ==
 SHA512:
-  metadata.gz: e497e33ff19b28f46b9ccc24bd63bf87f6a1a331c42509285311c5a3853a0c5e18454de84ff75d5540af884fd021441fc8810dba9104405972e70f46dfa076c1
-  data.tar.gz: 2f9abd98c76efff13054341b34a362edc7ae9bd758b402d4308f7884751d02fe088bf7ac7bccfe6d087d2e76ec665a682eecea6f97d91d67f874139712dc24b5
+  metadata.gz: !binary |-
+    MWI4ODgzNjg0YTBkMjE5NTFiZDQ0YmI2M2MzZjJjYTg5MmE5ZGU0YWM2MjZj
+    ZjVjMjMxZGI4YTM4MmExNTM0ZDljOTg4NDRjMjIzZGIzYzlkMzJjMWE5N2U0
+    YmRiMzZiMTQ2MDZmNGQwMDI1Y2M3OTAxNTYwNWRiNTA1M2Y3ODU=
+  data.tar.gz: !binary |-
+    YmY1MGY3NjE4OTliYTU3Y2FjMTUwNjMwODkzMjYzZDNhNjg5YWI2MmU2OWUz
+    N2IzMjE1Yzg2OTVkZjM4YmU0NjMxNmMwYWMwNzI4YTE0YTAyZWEzNDk1MmU0
+    MzMxYWNhYjgxNjk1NGZiMTEyNDgwZjNkODliNTE0NTZiNDhiNDM=

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+1.2.0 January 4, 2017
+  - Add `Button::Utils::webhook_authentic?` function
+
 1.1.1 December 1, 2016
  - Fix User-Agent bug
 

data/README.md

@@ -140,9 +140,28 @@ puts response
 # => Button::Response()
 ```
 
+## Utils
+
+Utils houses generic helpers useful in a Button Integration.
+
+### #webhook_authentic?
+
+Used to verify that requests sent to a webhook endpoint are from Button and that their payload can be trusted. Returns `true` if a webhook request body matches the sent signature and `false` otherwise. See [Webhook Security](https://www.usebutton.com/developers/webhooks/#security) for more details.
+
+```ruby
+require 'button'
+
+Button::Utils::webhook_authentic?(
+  ENV['WEBHOOK_SECRET'],
+  request_body,
+  request_headers.fetch('X-Button-Signature')
+)
+```
+
 ## Contributing
 
 * Building the gem: `gem build button.gemspec`
 * Installing locally: `gem install ./button-X.Y.Z.gem`
 * Installing development dependencies: `bundle install`
+* Running linter: `rake lint`
 * Running tests: `bundle exec rake`

data/lib/button/client.rb

@@ -2,7 +2,7 @@ require 'button/resources/orders'
 require 'button/errors'
 
 NO_API_KEY_MESSAGE = 'Must provide a Button API key.  Find yours at '\
-  'https://app.usebutton.com/settings/organization'
+  'https://app.usebutton.com/settings/organization'.freeze
 
 module Button
   # Client is the top-level interface for the Button API.  It exposes one
@@ -29,7 +29,7 @@ module Button
     def merge_defaults(config)
       secure = config.fetch(:secure, true)
 
-      return {
+      {
         secure: secure,
         timeout: config.fetch(:timeout, nil),
         hostname: config.fetch(:hostname, 'api.usebutton.com'),

data/lib/button/resources/resource.rb

@@ -32,9 +32,8 @@ module Button
       @http = Net::HTTP.new(config[:hostname], config[:port])
       @http.use_ssl = config[:secure]
 
-      if not config[:timeout].nil?
-        @http.read_timeout = config[:timeout]
-      end
+      return if config[:timeout].nil?
+      @http.read_timeout = config[:timeout]
     end
 
     def timeout

data/lib/button/utils.rb

@@ -0,0 +1,23 @@
+require 'openssl'
+
+module Button
+  # Generally handy functions for various aspects of a Button integration
+  #
+  module Utils
+    # Used to verify that requests sent to a webhook endpoint are from Button
+    # and that their payload can be trusted. Returns true if a webhook request
+    # body matches the sent signature and false otherwise.
+    #
+    def webhook_authentic?(webhook_secret, request_body, sent_signature)
+      computed_signature = OpenSSL::HMAC.hexdigest(
+        OpenSSL::Digest.new('sha256'),
+        webhook_secret,
+        request_body
+      )
+
+      sent_signature == computed_signature
+    end
+
+    module_function :webhook_authentic?
+  end
+end

data/lib/button/version.rb

@@ -1,3 +1,3 @@
 module Button
-  VERSION = '1.1.1'.freeze
+  VERSION = '1.2.0'.freeze
 end

data/lib/button.rb

@@ -1,2 +1,3 @@
 require 'button/client'
 require 'button/version'
+require 'button/utils'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: button
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Button
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-12-01 00:00:00.000000000 Z
+date: 2017-01-04 00:00:00.000000000 Z
 dependencies: []
 description: Button is a contextual acquisition channel and closed-loop attribution
   and affiliation system for mobile commerce.
@@ -27,6 +27,7 @@ files:
 - lib/button/resources/orders.rb
 - lib/button/resources/resource.rb
 - lib/button/response.rb
+- lib/button/utils.rb
 - lib/button/version.rb
 homepage: https://usebutton.com
 licenses:
@@ -38,17 +39,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: ruby client for the Button Order API