convoy.rb 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/convoy/version.rb +1 -1
- data/lib/convoy/webhook.rb +9 -6
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e8f15617864719123de4834de4b15ae72db7ab5015e9a58a5abd51e4d08dbdac
|
4
|
+
data.tar.gz: 41e3736a899549a250bdfe9067e7b8c9d8cbbd24662c4eba4e6f2bebedabe3d0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 65ec9158b0afd2ca52b44133f70aa9355ba515c520a78eddc95d1e2d576917c2a5e1bf9a40dae5caf6bc5e3f14a9b5798700a2c9928df03a10d9453198b30273
|
7
|
+
data.tar.gz: a60f5bc98eef97a940fad99c84111c164f6948ce01c17929cea9c712ec1403084b293119895e88138f0284c1fc53419e797b5944cabcf55fc8159c312884a417
|
data/lib/convoy/version.rb
CHANGED
data/lib/convoy/webhook.rb
CHANGED
@@ -34,8 +34,7 @@ module Convoy
|
|
34
34
|
is_advanced = (sig_header.split(",")).length > 1
|
35
35
|
|
36
36
|
if is_advanced
|
37
|
-
verify_advanced_signature(payload, sig_header)
|
38
|
-
return
|
37
|
+
return verify_advanced_signature(payload, sig_header)
|
39
38
|
end
|
40
39
|
|
41
40
|
verify_simple_signature(payload, sig_header)
|
@@ -49,7 +48,7 @@ module Convoy
|
|
49
48
|
|
50
49
|
def verify_advanced_signature(payload, sig_header)
|
51
50
|
timestamp_header, signatures = get_timestamp_and_signatures(sig_header)
|
52
|
-
payload = "
|
51
|
+
payload = "#{Integer(timestamp_header)},#{payload}"
|
53
52
|
|
54
53
|
verify_timestamp(timestamp_header)
|
55
54
|
|
@@ -57,6 +56,8 @@ module Convoy
|
|
57
56
|
raise SignatureVerificationError.new,
|
58
57
|
"No signatures found matching the expected signature for payload"
|
59
58
|
end
|
59
|
+
|
60
|
+
return true
|
60
61
|
end
|
61
62
|
|
62
63
|
def verify_timestamp(timestamp_header)
|
@@ -76,17 +77,19 @@ module Convoy
|
|
76
77
|
def compute_signature(payload)
|
77
78
|
case @encoding
|
78
79
|
when "hex"
|
79
|
-
|
80
|
+
val = OpenSSL::HMAC.hexdigest(@hash, @secret, payload)
|
81
|
+
return val
|
80
82
|
when "base64"
|
81
83
|
hmac = OpenSSL::HMAC.digest(@hash, @secret, payload)
|
82
|
-
return Base64.
|
84
|
+
return Base64.strict_encode64(hmac)
|
83
85
|
end
|
84
86
|
end
|
85
87
|
|
86
88
|
def get_timestamp_and_signatures(sig_header)
|
87
89
|
list_items = sig_header.split(/,\s*/).map { |i| i.split("=", 2) }
|
88
90
|
timestamp = Integer(list_items.select { |i| i[0] == "t" }[0][1])
|
89
|
-
[
|
91
|
+
signatures = list_items[1..].map { |i| i[1] }
|
92
|
+
[Time.at(timestamp), signatures]
|
90
93
|
end
|
91
94
|
end
|
92
95
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: convoy.rb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Subomi Oluwalana
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: zeitwerk
|