connector-ruby 0.1.1 → 0.3.0

data/lib/connector_ruby/webhook_verifier.rb

@@ -1,23 +1,117 @@
 # frozen_string_literal: true
 
 require "openssl"
+require "base64"
+require "json"
 
 module ConnectorRuby
   class WebhookVerifier
+    # Verify a WhatsApp Cloud API webhook signature.
+    #
+    # WhatsApp sends the signature in the `X-Hub-Signature-256` header as
+    # `sha256=<hex>`, computed with HMAC-SHA256 over the raw request body
+    # using the app secret as the key.
     def self.verify_whatsapp(payload, signature:, app_secret:)
       expected = "sha256=#{OpenSSL::HMAC.hexdigest("SHA256", app_secret, payload)}"
       secure_compare(expected, signature)
     end
 
+    # Verify a Telegram webhook using the `X-Telegram-Bot-Api-Secret-Token`
+    # header configured via `setWebhook`.
     def self.verify_telegram(token:, payload:, secret_token: nil, header_value: nil)
       return false unless secret_token && header_value
       computed = OpenSSL::HMAC.hexdigest("SHA256", secret_token, payload.to_s)
       secure_compare(computed, header_value.to_s)
     end
 
-    def self.secure_compare(a, b)
-      a = a.to_s.downcase
-      b = b.to_s.downcase
+    # Verify a Meta Messenger webhook signature.
+    #
+    # Messenger sends the signature in the `X-Hub-Signature-256` header as
+    # `sha256=<hex>`, computed with HMAC-SHA256 over the raw request body
+    # using the Facebook app secret as the key.
+    #
+    # Reference: https://developers.facebook.com/docs/messenger-platform/webhooks#security
+    def self.verify_messenger(payload, signature:, app_secret:)
+      return false if signature.nil? || app_secret.nil?
+      expected = "sha256=#{OpenSSL::HMAC.hexdigest("SHA256", app_secret, payload.to_s)}"
+      secure_compare(expected, signature)
+    end
+
+    # Verify a LINE Messaging API webhook signature.
+    #
+    # LINE sends the signature in the `X-Line-Signature` header as the
+    # Base64-encoded HMAC-SHA256 digest of the raw request body, using the
+    # channel secret as the key.
+    #
+    # Because the signature is Base64 (which contains uppercase letters),
+    # the comparison is case-sensitive.
+    #
+    # Reference: https://developers.line.biz/en/reference/messaging-api/#signature-validation
+    def self.verify_line(payload, signature:, channel_secret:)
+      return false if signature.nil? || channel_secret.nil?
+      digest = OpenSSL::HMAC.digest("SHA256", channel_secret, payload.to_s)
+      expected = Base64.strict_encode64(digest)
+      secure_compare(expected, signature, case_sensitive: true)
+    end
+
+    # Verify a Slack webhook signature with replay protection.
+    #
+    # Slack sends the signature in `X-Slack-Signature` as `v0=<hex>`, computed
+    # as HMAC-SHA256 over the base string `v0:{timestamp}:{body}` using the
+    # signing secret as the key. The `X-Slack-Request-Timestamp` value must
+    # also be checked for freshness to prevent replay attacks.
+    #
+    # @param tolerance [Integer] max allowed delta between the timestamp and
+    #   the current time, in seconds (default 300 = 5 minutes, matching
+    #   Slack's own recommendation).
+    #
+    # Reference: https://api.slack.com/authentication/verifying-requests-from-slack
+    def self.verify_slack(payload, timestamp:, signature:, signing_secret:, tolerance: 300)
+      return false if timestamp.nil? || signature.nil? || signing_secret.nil?
+      ts = timestamp.to_i
+      return false if ts.zero?
+      return false if (Time.now.to_i - ts).abs > tolerance
+
+      basestring = "v0:#{ts}:#{payload}"
+      expected = "v0=#{OpenSSL::HMAC.hexdigest("SHA256", signing_secret, basestring)}"
+      secure_compare(expected, signature)
+    end
+
+    # Verify a LiveChat webhook using the shared secret embedded in the body.
+    #
+    # LiveChat does NOT sign webhooks with HMAC and does NOT use a signature
+    # header. Instead, every webhook body contains a `secret_key` field;
+    # verification is a constant-time compare between that field and the
+    # shared secret you configured in your LiveChat webhook settings.
+    #
+    # Reference: https://platform.text.com/docs/messaging/webhooks
+    #   and (production reference) chatbotlic's webhooks_controller.rb
+    def self.verify_livechat(payload, expected_secret:)
+      return false if expected_secret.nil?
+
+      data = payload.is_a?(String) ? JSON.parse(payload) : payload
+      return false unless data.is_a?(Hash)
+
+      received = data["secret_key"]
+      return false if received.nil?
+
+      secure_compare(received.to_s, expected_secret.to_s, case_sensitive: true)
+    rescue JSON::ParserError
+      false
+    end
+
+    # Constant-time string comparison.
+    #
+    # By default, comparisons are case-insensitive (safe for hex signatures).
+    # Pass `case_sensitive: true` for Base64 or shared-secret comparisons where
+    # case carries meaning.
+    def self.secure_compare(a, b, case_sensitive: false)
+      a = a.to_s
+      b = b.to_s
+      unless case_sensitive
+        a = a.downcase
+        b = b.downcase
+      end
       return false unless a.bytesize == b.bytesize
 
       OpenSSL.fixed_length_secure_compare(a, b)

data/lib/connector_ruby.rb

@@ -10,6 +10,12 @@ require_relative "connector_ruby/webhook_verifier"
 require_relative "connector_ruby/channels/base"
 require_relative "connector_ruby/channels/whatsapp"
 require_relative "connector_ruby/channels/telegram"
+require_relative "connector_ruby/channels/messenger"
+require_relative "connector_ruby/channels/line"
+require_relative "connector_ruby/channels/slack"
+require_relative "connector_ruby/channels/livechat"
+require_relative "connector_ruby/batch_sender"
+require_relative "connector_ruby/delivery_tracker"
 
 module ConnectorRuby
   class << self
@@ -29,4 +35,8 @@ module ConnectorRuby
   # Convenience aliases
   WhatsApp = Channels::WhatsApp
   Telegram = Channels::Telegram
+  Messenger = Channels::Messenger
+  Line = Channels::Line
+  Slack = Channels::Slack
+  LiveChat = Channels::LiveChat
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: connector-ruby
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Johannes Dwi Cahyo
@@ -9,6 +9,20 @@ bindir: bin
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -52,7 +66,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 description: Framework-agnostic SDK for sending/receiving messages across chat platforms.
-  Supports WhatsApp Cloud API, Telegram Bot API, and more.
+  Supports WhatsApp Cloud API, Telegram Bot API, Facebook Messenger, LINE Messaging
+  API, Slack Web API, and LiveChat Agent API.
 email:
 - johannes@example.com
 executables: []
@@ -65,10 +80,16 @@ files:
 - Rakefile
 - connector-ruby.gemspec
 - lib/connector_ruby.rb
+- lib/connector_ruby/batch_sender.rb
 - lib/connector_ruby/channels/base.rb
+- lib/connector_ruby/channels/line.rb
+- lib/connector_ruby/channels/livechat.rb
+- lib/connector_ruby/channels/messenger.rb
+- lib/connector_ruby/channels/slack.rb
 - lib/connector_ruby/channels/telegram.rb
 - lib/connector_ruby/channels/whatsapp.rb
 - lib/connector_ruby/configuration.rb
+- lib/connector_ruby/delivery_tracker.rb
 - lib/connector_ruby/error.rb
 - lib/connector_ruby/event.rb
 - lib/connector_ruby/http_client.rb