connector-ruby 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d3564fee7248f47cf5a37285ef65601563ad281f509ac7e62a7a990219d81a87
-  data.tar.gz: 1edc94f66291c7d36116fb37af9d7546d3d275993e56ecdb49bac5b9afc1775e
+  metadata.gz: 1de5c96a15261fbdc6a099b482fff88814b390a1d268e36b3fd0d1c50e518fb4
+  data.tar.gz: a78552343670e2581bfbb91dee27832f15afe8e5643a41edf26b04fa3ba26c8a
 SHA512:
-  metadata.gz: 7b1f6ee12c630043c864c2a60e0684e388e50e2cbb53ce868377e6fb5254ce93fc2927dec99efb3841a960316a2924e8a47348d6dee1909f746098065973c3d3
-  data.tar.gz: 168d00e2d6bb2779f8e32a47224bd390a08e70cf13faa05eefcb44f8748aff2deb9e96b19e2a415bff468e3722122348537daae1d0a3e575252133fe781b913b
+  metadata.gz: a148220f6acd6dc59d030e43eb7ff52de63d99d377f21b799d00af7c1f416c57633618392cdc418f12d427d4811846c9efc0d06bb36215e5d5dca54595ad08cd
+  data.tar.gz: f508ead3c9681cd3f5787a7835cf33280c7534cf7f0d194bae36912f9ec421df831d0daa57556c95272ad912817924799a9ccf83cb9eed97bddc4ead1bf54b19

data/CHANGELOG.md

@@ -1,11 +1,63 @@
 # Changelog
 
-## 0.1.0 (2026-03-09)
-
-- Initial release
-- WhatsApp Cloud API support (send text, buttons, image; parse webhooks)
-- Telegram Bot API support (send text, buttons, image; parse webhooks)
-- Unified Event model for normalized inbound messages
-- Webhook signature verification (WhatsApp HMAC-SHA256)
-- HTTP client with retry and timeout support
-- Configuration DSL
+All notable changes to this project are documented in this file.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.3.0] - 2026-04-11
+
+Reshape release — the original v0.3.0 Rails-integration plan was redistributed
+to v0.4.0 (Rails integration) and v0.5.0 (channel expansion + advanced features)
+to unblock the downstream omnibot Phase 2.4 channel rollout, which needed
+webhook verification for all shipped channels plus a LiveChat transport.
+
+### Added
+- `WebhookVerifier.verify_messenger(payload, signature:, app_secret:)` — HMAC-SHA256 signature verification for Meta Messenger webhooks (`X-Hub-Signature-256` header).
+- `WebhookVerifier.verify_line(payload, signature:, channel_secret:)` — Base64 HMAC-SHA256 signature verification for LINE Messaging API webhooks (`X-Line-Signature` header), with case-sensitive comparison.
+- `WebhookVerifier.verify_slack(payload, timestamp:, signature:, signing_secret:, tolerance: 300)` — Slack v0 signature verification with replay protection. Rejects requests whose `X-Slack-Request-Timestamp` is outside the tolerance window (default 5 minutes).
+- `WebhookVerifier.verify_livechat(payload, expected_secret:)` — shared-secret verification for LiveChat webhooks. LiveChat does not use HMAC; it embeds a `secret_key` field in the webhook body.
+- `Channels::LiveChat` — minimal LiveChat (livechatinc.com / text.com) Agent API support: `send_text` + `parse_webhook`. Basic auth with a PAT (`base64(account_id:region:pat_value)`) and optional `X-Region` header.
+- `Configuration#livechat_pat` and `Configuration#livechat_region`.
+- `WebhookVerifier.secure_compare` now accepts `case_sensitive:` keyword (default `false` for hex signatures; pass `true` for Base64 or shared-secret comparisons).
+- Runtime dependency on the `base64` gem so `verify_line` works on Ruby 3.4+ (where `base64` was removed from default gems).
+
+### Changed
+- README rewritten to cover all 6 channels with per-channel webhook verification examples.
+
+### Notes
+- Rails integration work (Railtie, mountable WebhookController, install generator, ActiveJob integration, omnibot helper) has been moved to milestone v0.4.0.
+- Instagram, Discord, Email, conversation state, multi-tenancy, outbox pattern, signature rotation, and rich message adapters have been moved to milestone v0.5.0.
+
+## [0.2.0] - 2026-03-17
+
+### Added
+- **Channels:** Facebook Messenger (`Channels::Messenger`), LINE Messaging API (`Channels::Line`), Slack Web API (`Channels::Slack`). Each supports `send_text`, `send_buttons`, `send_image`, and `parse_webhook`, plus channel-specific rich types (Messenger quick replies, LINE flex, Slack blocks).
+- **WhatsApp rich message types:** templates, documents, location, contacts, reactions, interactive lists.
+- **Message builder DSL:** fluent API for constructing outbound messages.
+- **Batch sending:** `BatchSender` with rate limiting.
+- **Delivery tracking:** correlate sent message IDs with status webhooks.
+- **Typing indicators** and `mark_as_read` where the platform supports them.
+
+## [0.1.1] - 2026-03-09
+
+### Fixed
+- Telegram webhook verification now enforces the `X-Telegram-Bot-Api-Secret-Token` header set via `setWebhook`.
+- `parse_webhook` no longer crashes on malformed payloads with missing nested keys; nil guards throughout.
+- WhatsApp signature comparison handles differing byte lengths gracefully.
+- HTTP retry now applies exponential backoff for 429 responses (previously `RateLimitError` was raised but never retried).
+
+### Added
+- Input validation: reject empty `to`/`chat_id`, enforce WhatsApp/Telegram 4096-char text limits.
+- Phone number normalization for WhatsApp (strip spaces, enforce `+` prefix).
+- Raw response access on `ApiError` (`error.response`).
+- Logging hooks: `on_request`, `on_response`, `on_error` callbacks in `Configuration`.
+
+## [0.1.0] - 2026-03-09
+
+- Initial release.
+- WhatsApp Cloud API support (send text, buttons, image; parse webhooks).
+- Telegram Bot API support (send text, buttons, image; parse webhooks).
+- Unified `Event` model for normalized inbound messages.
+- Webhook signature verification (WhatsApp HMAC-SHA256).
+- HTTP client with retry and timeout support.
+- Configuration DSL.

data/README.md

@@ -1,42 +1,187 @@
 # connector-ruby
 
-Unified channel messaging SDK for Ruby. Send and receive messages across WhatsApp and Telegram with a consistent API.
+Unified channel messaging SDK for Ruby. Send and receive messages across **WhatsApp, Telegram, Facebook Messenger, LINE, Slack, and LiveChat** with a consistent API, normalized webhook events, and first-class signature verification for every channel.
 
 ## Installation
 
 ```ruby
-gem "connector-ruby"
+gem "connector-ruby", "~> 0.3"
 ```
 
-## Usage
-
 ```ruby
 require "connector_ruby"
+```
+
+## Channel support
+
+| Channel | Send text | Send buttons | Send image | Rich messages | Parse webhook | Verify webhook |
+|---|:---:|:---:|:---:|:---:|:---:|:---:|
+| WhatsApp   | ✅ | ✅ | ✅ | templates, documents, location, contacts, reactions, lists | ✅ | ✅ |
+| Telegram   | ✅ | ✅ | ✅ | documents, location | ✅ | ✅ |
+| Messenger  | ✅ | ✅ | ✅ | quick replies | ✅ | ✅ |
+| LINE       | ✅ | ✅ | ✅ | flex messages | ✅ | ✅ |
+| Slack      | ✅ | ✅ | ✅ | blocks | ✅ | ✅ |
+| LiveChat   | ✅ | — | — | *(minimal in v0.3.0)* | ✅ | ✅ |
 
-# WhatsApp
-wa = ConnectorRuby::Channels::WhatsApp.new(
+## Quickstart
+
+```ruby
+# WhatsApp Cloud API
+wa = ConnectorRuby::WhatsApp.new(
   access_token: ENV["WHATSAPP_TOKEN"],
   phone_number_id: ENV["WHATSAPP_PHONE_ID"]
 )
-wa.send_text(to: "+1234567890", text: "Hello!")
+wa.send_text(to: "+6281234567890", text: "Hello!")
 
-# Telegram
-tg = ConnectorRuby::Channels::Telegram.new(bot_token: ENV["TELEGRAM_TOKEN"])
+# Telegram Bot API
+tg = ConnectorRuby::Telegram.new(bot_token: ENV["TELEGRAM_BOT_TOKEN"])
 tg.send_text(to: "chat_id", text: "Hello!")
 
-# Webhook verification
-verifier = ConnectorRuby::WebhookVerifier.new(secret_token: "secret")
-verifier.verify!(request_body, signature_header)
+# Facebook Messenger
+fb = ConnectorRuby::Messenger.new(page_access_token: ENV["MESSENGER_PAGE_TOKEN"])
+fb.send_text(to: "psid", text: "Hello!")
+
+# LINE Messaging API
+line = ConnectorRuby::Line.new(channel_access_token: ENV["LINE_CHANNEL_TOKEN"])
+line.send_text(to: "user_id", text: "Hello!")
+
+# Slack Web API
+slack = ConnectorRuby::Slack.new(bot_token: ENV["SLACK_BOT_TOKEN"])
+slack.send_text(channel: "C0123456", text: "Hello!")
+
+# LiveChat Agent API (Basic auth with a PAT)
+lc = ConnectorRuby::LiveChat.new(
+  pat: ENV["LIVECHAT_PAT"],       # base64(account_id:region:pat_value)
+  region: ENV["LIVECHAT_REGION"]  # e.g. "dal" — extracted from the PAT
+)
+lc.send_text(to: "CHAT_abc123", text: "Hello!")
+```
+
+## Global configuration
+
+Configure credentials once and every channel picks them up automatically:
+
+```ruby
+ConnectorRuby.configure do |c|
+  c.whatsapp_phone_number_id      = ENV["WHATSAPP_PHONE_ID"]
+  c.whatsapp_access_token         = ENV["WHATSAPP_TOKEN"]
+  c.telegram_bot_token            = ENV["TELEGRAM_BOT_TOKEN"]
+  c.messenger_page_access_token   = ENV["MESSENGER_PAGE_TOKEN"]
+  c.line_channel_access_token     = ENV["LINE_CHANNEL_TOKEN"]
+  c.slack_bot_token               = ENV["SLACK_BOT_TOKEN"]
+  c.livechat_pat                  = ENV["LIVECHAT_PAT"]
+  c.livechat_region               = ENV["LIVECHAT_REGION"]
+
+  # HTTP client
+  c.http_timeout      = 30
+  c.http_retries      = 3
+  c.http_open_timeout = 10
+
+  # Instrumentation callbacks
+  c.on_request  = ->(method:, url:, headers:, body:) { Rails.logger.info("[connector] → #{method} #{url}") }
+  c.on_response = ->(status:, body:)                  { Rails.logger.info("[connector] ← #{status}") }
+  c.on_error    = ->(error:)                          { Sentry.capture_exception(error) }
+end
+```
+
+## Parsing inbound webhooks
+
+Every channel exposes a `parse_webhook` class method that returns a normalized `ConnectorRuby::Event`:
+
+```ruby
+event = ConnectorRuby::WhatsApp.parse_webhook(request.raw_post)
+# => #<ConnectorRuby::Event type=:message channel=:whatsapp from="+6281..." text="Hi">
+
+event.message?            # => true
+event.text                # => "Hi"
+event.from                # => "+6281234567890"
+event.channel             # => :whatsapp
+event.metadata            # => channel-specific extras
+```
+
+Same shape for `Telegram`, `Messenger`, `Line`, `Slack`, `LiveChat`.
+
+## Webhook verification
+
+Each channel has its own verification contract. `WebhookVerifier` has a dedicated method per provider — don't hand-roll HMACs in your controllers.
+
+```ruby
+# WhatsApp — X-Hub-Signature-256: sha256=<hex>
+ConnectorRuby::WebhookVerifier.verify_whatsapp(
+  request.raw_post,
+  signature: request.headers["X-Hub-Signature-256"],
+  app_secret: ENV["WHATSAPP_APP_SECRET"]
+)
+
+# Telegram — X-Telegram-Bot-Api-Secret-Token (configured via setWebhook)
+ConnectorRuby::WebhookVerifier.verify_telegram(
+  token: ENV["TELEGRAM_BOT_TOKEN"],
+  payload: request.raw_post,
+  secret_token: ENV["TELEGRAM_WEBHOOK_SECRET"],
+  header_value: request.headers["X-Telegram-Bot-Api-Secret-Token"]
+)
+
+# Messenger — X-Hub-Signature-256: sha256=<hex>
+ConnectorRuby::WebhookVerifier.verify_messenger(
+  request.raw_post,
+  signature: request.headers["X-Hub-Signature-256"],
+  app_secret: ENV["FB_APP_SECRET"]
+)
+
+# LINE — X-Line-Signature: <base64 HMAC-SHA256>
+ConnectorRuby::WebhookVerifier.verify_line(
+  request.raw_post,
+  signature: request.headers["X-Line-Signature"],
+  channel_secret: ENV["LINE_CHANNEL_SECRET"]
+)
+
+# Slack — X-Slack-Signature + X-Slack-Request-Timestamp (with replay protection)
+ConnectorRuby::WebhookVerifier.verify_slack(
+  request.raw_post,
+  timestamp: request.headers["X-Slack-Request-Timestamp"],
+  signature: request.headers["X-Slack-Signature"],
+  signing_secret: ENV["SLACK_SIGNING_SECRET"]
+  # tolerance: 300  # default; override if your clock skew demands it
+)
+
+# LiveChat — shared secret_key embedded IN the JSON body (no header, no HMAC)
+ConnectorRuby::WebhookVerifier.verify_livechat(
+  request.raw_post,
+  expected_secret: ENV["LIVECHAT_WEBHOOK_SECRET"]
+)
+```
+
+All verifiers return `true`/`false` and use a constant-time comparison internally. Slack verification additionally rejects timestamps outside a 5-minute tolerance window (configurable via `tolerance:`) to prevent replay attacks.
+
+> **Why LiveChat is different:** LiveChat does not sign webhooks with HMAC. Every webhook body contains a `secret_key` field, and verification is a constant-time compare between that field and the shared secret configured in your LiveChat webhook settings. See `WebhookVerifier.verify_livechat` for the production-tested implementation.
+
+## Additional features (v0.2.0)
+
+- **Message builder DSL** — fluent API: `ConnectorRuby::Message.to("+62...").text("Hi").buttons([...]).send_via(wa)`
+- **Batch sending** — `BatchSender` with rate limiting for bulk outbound
+- **Delivery tracking** — correlate sent message IDs with status webhooks
+- **Rich WhatsApp types** — templates, documents, location, contacts, reactions, interactive lists
+- **Typing indicators** — `send_typing` / `mark_as_read` where supported
+
+## Error handling
+
+All API failures raise `ConnectorRuby::ApiError` (or its subclasses `AuthenticationError`, `RateLimitError`). Rate limits are automatically retried with exponential backoff; after `http_retries` attempts the error propagates so you can observe and alert.
+
+```ruby
+begin
+  wa.send_text(to: "+6281...", text: "Hi")
+rescue ConnectorRuby::AuthenticationError => e
+  # 401 — bad token
+rescue ConnectorRuby::RateLimitError => e
+  # 429 after retries exhausted
+rescue ConnectorRuby::ApiError => e
+  # other 4xx/5xx; inspect e.status, e.body, e.response
+end
 ```
 
-## Features
+## Changelog
 
-- WhatsApp Business API (text, buttons, images)
-- Telegram Bot API (text, callbacks)
-- HMAC-SHA256 webhook verification
-- HTTP retry with exponential backoff for 429/5xx
-- Input validation and error handling
-- Logging hooks (on_request, on_response, on_error)
+See [CHANGELOG.md](CHANGELOG.md) for release history.
 
 ## License
 

data/connector-ruby.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.authors = ["Johannes Dwi Cahyo"]
   spec.email = ["johannes@example.com"]
   spec.summary = "Unified channel messaging SDK for Ruby"
-  spec.description = "Framework-agnostic SDK for sending/receiving messages across chat platforms. Supports WhatsApp Cloud API, Telegram Bot API, and more."
+  spec.description = "Framework-agnostic SDK for sending/receiving messages across chat platforms. Supports WhatsApp Cloud API, Telegram Bot API, Facebook Messenger, LINE Messaging API, Slack Web API, and LiveChat Agent API."
   spec.homepage = "https://github.com/johannesdwicahyo/connector-ruby"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 3.0.0"
@@ -27,6 +27,10 @@ Gem::Specification.new do |spec|
   ]
   spec.require_paths = ["lib"]
 
+  # base64 was removed from Ruby's default gems in 3.4; add as a runtime
+  # dependency so verify_line can Base64-encode HMAC digests on any Ruby.
+  spec.add_dependency "base64", "~> 0.2"
+
   spec.add_development_dependency "minitest", "~> 5.0"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "webmock", "~> 3.0"

data/lib/connector_ruby/channels/livechat.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require "time"
+
+module ConnectorRuby
+  module Channels
+    # LiveChat (livechatinc.com / text.com) Agent API channel.
+    #
+    # Minimal v0.3.0 surface: send_text + parse_webhook. Buttons, images,
+    # and rich events are intentionally deferred to a later release.
+    #
+    # Authentication uses a Personal Access Token (PAT) with Basic auth.
+    # The PAT is typically stored as `base64(account_id:region:pat_value)`,
+    # and an `X-Region` header should be sent alongside it. Pass the
+    # pre-encoded PAT as `pat:` and the region string as `region:`.
+    #
+    # Webhook verification is handled separately by
+    # `ConnectorRuby::WebhookVerifier.verify_livechat`, because LiveChat
+    # authenticates webhooks via a `secret_key` field in the JSON body
+    # rather than via HMAC signatures.
+    class LiveChat < Base
+      BASE_URL = "https://api.livechatinc.com/v3.5/agent/action"
+
+      def initialize(pat: nil, region: nil)
+        @pat = pat || ConnectorRuby.configuration.livechat_pat
+        @region = region || ConnectorRuby.configuration.livechat_region
+        raise ConfigurationError, "LiveChat pat is required" unless @pat
+      end
+
+      def send_text(to:, text:)
+        validate_send!(to: to, text: text)
+        payload = {
+          chat_id: to,
+          event: { type: "message", text: text }
+        }
+        http_client.post("#{BASE_URL}/send_event", body: payload, headers: auth_headers)
+      end
+
+      def self.parse_webhook(body)
+        data = body.is_a?(String) ? JSON.parse(body) : body
+        return nil unless data.is_a?(Hash)
+        return nil unless data["action"] == "incoming_event"
+
+        payload = data["payload"]
+        return nil unless payload.is_a?(Hash)
+
+        event = payload["event"]
+        return nil unless event.is_a?(Hash) && event["type"] == "message"
+
+        Event.new(
+          type: :message,
+          channel: :livechat,
+          from: event["author_id"],
+          text: event["text"],
+          timestamp: parse_timestamp(event["created_at"]),
+          message_id: event["id"],
+          metadata: {
+            chat_id: payload["chat_id"],
+            thread_id: payload["thread_id"],
+            organization_id: data["organization_id"]
+          }
+        )
+      rescue JSON::ParserError
+        nil
+      end
+
+      def self.parse_timestamp(value)
+        return nil unless value
+        Time.parse(value.to_s)
+      rescue ArgumentError
+        nil
+      end
+
+      private
+
+      def auth_headers
+        headers = { "Authorization" => "Basic #{@pat}" }
+        headers["X-Region"] = @region if @region
+        headers
+      end
+
+      def validate_send!(to:, text:)
+        raise ConnectorRuby::Error, "Recipient 'to' cannot be nil or empty" if to.nil? || to.to_s.strip.empty?
+        raise ConnectorRuby::Error, "Text cannot be nil or empty" if text.nil? || text.to_s.strip.empty?
+      end
+    end
+  end
+end

data/lib/connector_ruby/configuration.rb

@@ -7,6 +7,7 @@ module ConnectorRuby
                   :messenger_page_access_token,
                   :line_channel_access_token,
                   :slack_bot_token,
+                  :livechat_pat, :livechat_region,
                   :http_timeout, :http_retries, :http_open_timeout,
                   :on_request, :on_response, :on_error
 
@@ -17,6 +18,8 @@ module ConnectorRuby
       @messenger_page_access_token = nil
       @line_channel_access_token = nil
       @slack_bot_token = nil
+      @livechat_pat = nil
+      @livechat_region = nil
       @http_timeout = 30
       @http_retries = 3
       @http_open_timeout = 10

data/lib/connector_ruby/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ConnectorRuby
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/lib/connector_ruby/webhook_verifier.rb

@@ -1,23 +1,117 @@
 # frozen_string_literal: true
 
 require "openssl"
+require "base64"
+require "json"
 
 module ConnectorRuby
   class WebhookVerifier
+    # Verify a WhatsApp Cloud API webhook signature.
+    #
+    # WhatsApp sends the signature in the `X-Hub-Signature-256` header as
+    # `sha256=<hex>`, computed with HMAC-SHA256 over the raw request body
+    # using the app secret as the key.
     def self.verify_whatsapp(payload, signature:, app_secret:)
       expected = "sha256=#{OpenSSL::HMAC.hexdigest("SHA256", app_secret, payload)}"
       secure_compare(expected, signature)
     end
 
+    # Verify a Telegram webhook using the `X-Telegram-Bot-Api-Secret-Token`
+    # header configured via `setWebhook`.
     def self.verify_telegram(token:, payload:, secret_token: nil, header_value: nil)
       return false unless secret_token && header_value
       computed = OpenSSL::HMAC.hexdigest("SHA256", secret_token, payload.to_s)
       secure_compare(computed, header_value.to_s)
     end
 
-    def self.secure_compare(a, b)
-      a = a.to_s.downcase
-      b = b.to_s.downcase
+    # Verify a Meta Messenger webhook signature.
+    #
+    # Messenger sends the signature in the `X-Hub-Signature-256` header as
+    # `sha256=<hex>`, computed with HMAC-SHA256 over the raw request body
+    # using the Facebook app secret as the key.
+    #
+    # Reference: https://developers.facebook.com/docs/messenger-platform/webhooks#security
+    def self.verify_messenger(payload, signature:, app_secret:)
+      return false if signature.nil? || app_secret.nil?
+      expected = "sha256=#{OpenSSL::HMAC.hexdigest("SHA256", app_secret, payload.to_s)}"
+      secure_compare(expected, signature)
+    end
+
+    # Verify a LINE Messaging API webhook signature.
+    #
+    # LINE sends the signature in the `X-Line-Signature` header as the
+    # Base64-encoded HMAC-SHA256 digest of the raw request body, using the
+    # channel secret as the key.
+    #
+    # Because the signature is Base64 (which contains uppercase letters),
+    # the comparison is case-sensitive.
+    #
+    # Reference: https://developers.line.biz/en/reference/messaging-api/#signature-validation
+    def self.verify_line(payload, signature:, channel_secret:)
+      return false if signature.nil? || channel_secret.nil?
+      digest = OpenSSL::HMAC.digest("SHA256", channel_secret, payload.to_s)
+      expected = Base64.strict_encode64(digest)
+      secure_compare(expected, signature, case_sensitive: true)
+    end
+
+    # Verify a Slack webhook signature with replay protection.
+    #
+    # Slack sends the signature in `X-Slack-Signature` as `v0=<hex>`, computed
+    # as HMAC-SHA256 over the base string `v0:{timestamp}:{body}` using the
+    # signing secret as the key. The `X-Slack-Request-Timestamp` value must
+    # also be checked for freshness to prevent replay attacks.
+    #
+    # @param tolerance [Integer] max allowed delta between the timestamp and
+    #   the current time, in seconds (default 300 = 5 minutes, matching
+    #   Slack's own recommendation).
+    #
+    # Reference: https://api.slack.com/authentication/verifying-requests-from-slack
+    def self.verify_slack(payload, timestamp:, signature:, signing_secret:, tolerance: 300)
+      return false if timestamp.nil? || signature.nil? || signing_secret.nil?
+      ts = timestamp.to_i
+      return false if ts.zero?
+      return false if (Time.now.to_i - ts).abs > tolerance
+
+      basestring = "v0:#{ts}:#{payload}"
+      expected = "v0=#{OpenSSL::HMAC.hexdigest("SHA256", signing_secret, basestring)}"
+      secure_compare(expected, signature)
+    end
+
+    # Verify a LiveChat webhook using the shared secret embedded in the body.
+    #
+    # LiveChat does NOT sign webhooks with HMAC and does NOT use a signature
+    # header. Instead, every webhook body contains a `secret_key` field;
+    # verification is a constant-time compare between that field and the
+    # shared secret you configured in your LiveChat webhook settings.
+    #
+    # Reference: https://platform.text.com/docs/messaging/webhooks
+    #   and (production reference) chatbotlic's webhooks_controller.rb
+    def self.verify_livechat(payload, expected_secret:)
+      return false if expected_secret.nil?
+
+      data = payload.is_a?(String) ? JSON.parse(payload) : payload
+      return false unless data.is_a?(Hash)
+
+      received = data["secret_key"]
+      return false if received.nil?
+
+      secure_compare(received.to_s, expected_secret.to_s, case_sensitive: true)
+    rescue JSON::ParserError
+      false
+    end
+
+    # Constant-time string comparison.
+    #
+    # By default, comparisons are case-insensitive (safe for hex signatures).
+    # Pass `case_sensitive: true` for Base64 or shared-secret comparisons where
+    # case carries meaning.
+    def self.secure_compare(a, b, case_sensitive: false)
+      a = a.to_s
+      b = b.to_s
+      unless case_sensitive
+        a = a.downcase
+        b = b.downcase
+      end
       return false unless a.bytesize == b.bytesize
 
       OpenSSL.fixed_length_secure_compare(a, b)

data/lib/connector_ruby.rb

@@ -13,6 +13,7 @@ require_relative "connector_ruby/channels/telegram"
 require_relative "connector_ruby/channels/messenger"
 require_relative "connector_ruby/channels/line"
 require_relative "connector_ruby/channels/slack"
+require_relative "connector_ruby/channels/livechat"
 require_relative "connector_ruby/batch_sender"
 require_relative "connector_ruby/delivery_tracker"
 
@@ -37,4 +38,5 @@ module ConnectorRuby
   Messenger = Channels::Messenger
   Line = Channels::Line
   Slack = Channels::Slack
+  LiveChat = Channels::LiveChat
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: connector-ruby
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Johannes Dwi Cahyo
@@ -9,6 +9,20 @@ bindir: bin
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -52,7 +66,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 description: Framework-agnostic SDK for sending/receiving messages across chat platforms.
-  Supports WhatsApp Cloud API, Telegram Bot API, and more.
+  Supports WhatsApp Cloud API, Telegram Bot API, Facebook Messenger, LINE Messaging
+  API, Slack Web API, and LiveChat Agent API.
 email:
 - johannes@example.com
 executables: []
@@ -68,6 +83,7 @@ files:
 - lib/connector_ruby/batch_sender.rb
 - lib/connector_ruby/channels/base.rb
 - lib/connector_ruby/channels/line.rb
+- lib/connector_ruby/channels/livechat.rb
 - lib/connector_ruby/channels/messenger.rb
 - lib/connector_ruby/channels/slack.rb
 - lib/connector_ruby/channels/telegram.rb