event_sub_events 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 94315c973dda08607844c54e85c32e898ba09c7c678f140227b7b590aa3c7dd3
+  data.tar.gz: 695a9cc7782fe1dbdb13ee31c277ba76a0a44405cde47e5623f86217c992f2be
+SHA512:
+  metadata.gz: 5d778d89c4097a472d9593b72a9dfa74588b7b8d2586a9c9f5dff45520365d5ff8c145483a07aca79911c17ddafb40d03df1a1694a36e99a23b6510e980bccce
+  data.tar.gz: c8e26f57f29d47e0489703798673ad790e502267e9c45bb81cb634443d2e27c75ca14bd8d7296999c2f43b6389de72639cddb0c130e422993650fd22ceb2c8d3

data/.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+github: deanpcmad
+ko_fi: deanpcmad

data/.github/workflows/main.yml

@@ -0,0 +1,27 @@
+name: Ruby
+
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: Ruby ${{ matrix.ruby }}
+    strategy:
+      matrix:
+        ruby:
+          - '3.2.2'
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Run the default task
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,7 @@
+.bundle/
+log/*.log
+pkg/
+spec/dummy/db/*.sqlite3
+spec/dummy/log/*.log
+spec/dummy/tmp/
+spec/dummy/.sass-cache

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format documentation

data/CHANGELOG.md

@@ -0,0 +1,165 @@
+### [Unreleased] - TBD
+
+### 2.7.0 (Nov 27, 2022)
+
+- Add Stripe 8 support (#159)
+
+### 2.6.0 (Aug 8, 2022)
+
+- Introduce StripeEvent::ProcessError and possible HTTP 422 responses (#155, #132)
+
+### 2.5.0 (Aug 5, 2022)
+
+- Add Stripe 7 support (#154)
+
+### 2.4.0 (May 12, 2022)
+
+- Add Stripe 6 support (#151)
+- Add Rails 7 support (#151)
+- Add Ruby 3.1 support (#152)
+- Improved build matrix
+
+### 2.3.2 (February 21, 2022)
+
+- Fix signature validation error if the first signing secret is nil (#146)
+- Update README (#143)
+- Setup github actions for CI (#147)
+
+### 2.3.1 (May 12, 2020)
+
+- Fix deprecation warning in Ruby 2.7 (#130)
+- Fixes tests for Stripe 5.19.0 (#133)
+
+### 2.3.0 (August 23, 2019)
+
+- Add support for Stripe v5.x (#119)
+- Add support for Rails v6.x to the build matrix (#119)
+
+### 2.2.0 (December 6, 2018)
+
+- Add support for Stripe v4.x (#119)
+- Documentation Updates and Fixes (#113 and #117)
+
+### 2.1.1 (January 31, 2018)
+
+- Adds better support for Rails 5.2 (#105, #106, #107)
+- `StripeEvent::WebhookController` now calls `skip_before_action :verify_authenticity_token` if `Rails.application.config.action_controller.default_protect_from_forgery` is set (as it is by default in Rails 5.2)
+
+### 2.1.0 (yanked)
+
+### 2.0.0 (December 14, 2017)
+
+**Backwards incompatible release. [Signed webhooks are now required.](https://stripe.com/docs/webhooks#signatures).**
+
+- **Requires `StripeEvent.signing_secret` configuration** (#95, #97)
+- Adds support for multiple signing secrets using `StripeEvent.signing_secrets` (#98, #99)
+- Removes `StripeEvent.authentication_secret` and associated basic auth support (#97)
+- Adds `StripeEvent.event_filter` (replaces use-cases for the now removed `event_retriever` config) (#97)
+
+### 1.9.1 (December 5, 2017)
+
+This release is in preparation for some backward incompatible changes due to
+arrive in v2.0.0.  It is highly recommended that everyone secure their webhook
+endpoints by using `StripeEvent.signing_secret`. See the README and [Stripe's
+documentation](https://stripe.com/docs/webhooks#signatures) for more
+information.
+
+  * Deprecate `StripeEvent.authentication_secret` (#96)
+  * Deprecate unverified use of Stripe's webhooks (#96)
+
+### 1.9.0 (November 30, 2017)
+
+  * Support for Rails 5.1 (#94, Thanks @krasnoukhov and @simplepractice!)
+
+### 1.8.0 (August 29, 2017)
+
+  * Support for [Stripe's Webhook Signature Verification](https://stripe.com/docs/webhooks#signatures) (#83, #90, Thanks @mikeycgto!)
+  * Secure compare during basic authentication check (#91, Thanks @mikeycgto!)
+
+### 1.7.0 (July 5, 2017)
+
+  * Support stripe v3 gem as a dependency (#87)
+
+### 1.6.0 (February 27, 2017)
+
+  * Support stripe v2 gem as a dependency (#82, b3cee03)
+
+### 1.5.1 (September 20, 2016)
+
+  * Better Rails 5 support. Prefer `before_action` over `before_filter`. (#69, Thanks @mcolyer)
+
+### 1.5.0 (February 25, 2015)
+  * Added [replay attack protection](https://github.com/integrallis/stripe_event#securing-your-webhook-endpoint) on webhooks. See  `StripeEvent.authentication_secret`. Thanks @brentdax for both the initial discussion and the implementation! #53, #55
+  * Dropped official support for Rails 3.1 and Rails 4.0
+
+### 1.4.0 (November 1, 2014)
+  * Add `StripeEvent.listening?` method to easily determine if an event type has any registered handlers. Thank you to [Vladimir Andrijevik](https://github.com/vandrijevik) for the [idea and implementation](https://github.com/integrallis/stripe_event/pull/42).
+
+### 1.3.0 (July 22, 2014)
+  * Allow for ignoring particular events. Thank you to [anark](https://github.com/anark) for suggesting the change, and [Ryan McGeary](https://github.com/rmm5t) and [Pete Keen](https://github.com/peterkeen) for working on the implementation.
+
+### 1.2.0 (June 17, 2014)
+  * Gracefully authenticate `account.application.deauthorized` events. Thank you to [Ryan McGeary](https://github.com/rmm5t) for the pull request and for taking the time to test the change in a live environment.
+
+### 1.1.0 (January 8, 2014)
+  * Deprecate `StripeEvent.setup` in favor of `StripeEvent.configure`. Remove `setup` at next major release.
+  * `StripeEvent.configure` yields the module to the block for configuration.
+  * `StripeEvent.configure` will raise `ArgumentError` unless a block is given.
+  * Track test coverage
+
+### 1.0.0 (December 19, 2013)
+  * Internally namespace dispatched events to avoid maintaining a list of all possible event types.
+  * Subscribe to all event types with `StripeEvent.all` instead of `StripeEvent.subscribe`.
+  * Remove ability to subscribe to many event types with once call to `StripeEvent.subscribe`.
+  * Subscribers can be an object that responds to #call.
+  * Allow subscriber-generated `Stripe::StripeError`'s to bubble up. Thank you to [adamonduty](https://github.com/adamonduty) for the [patch](https://github.com/integrallis/stripe_event/pull/26).
+  * Only depend on `stripe` and `activesupport` gems.
+  * Add `rails` as a development dependency.
+  * Only `require 'stripe_event/engine'` if `Rails` constant exists to allow StripeEvent to be used outside of a Rails application.
+
+### 0.6.1 (August 19, 2013)
+  * Update event type list
+  * Update test gemfiles
+
+### 0.6.0 (March 18, 2013)
+  * Rails 4 compatibility. Thank you to Ben Ubois for reporting the [issue](https://github.com/integrallis/stripe_event/issues/13) and to Matt Goldman for the [pull request](https://github.com/integrallis/stripe_event/pull/14).
+  * Run specs against different Rails versions
+  * Refactor internal usage of AS::Notifications
+  * Remove jruby-openssl as platform conditional dependency
+
+### 0.5.0 (December 16, 2012)
+  * Remove `Gemfile.lock` from version control
+  * Internal event type list is now a set
+  * Update event type list
+  * Various internal refactorings
+  * More readable tests
+
+### 0.4.0 (September 24, 2012)
+  * Add configuration for custom event retrieval. Thanks to Dan Hodos for the [pull request](https://github.com/integrallis/stripe_event/pull/6).
+  * Move module methods only used in tests into a test helper.
+  * Various internal refactorings and additional tests.
+  * Error classes will inherit from a base error class now.
+
+### 0.3.1 (August 14, 2012)
+  * Fix controller inheritance issue. Thanks to Christopher Baran for [reporting the bug](https://github.com/integrallis/stripe_event/issues/1), and to Robert Bousquet for [fixing it](https://github.com/integrallis/stripe_event/pull/3).
+  * Deprecate registration method. Use 'setup' instead.
+
+### 0.3.0 (July 16, 2012)
+  * Add registration method for conveniently adding many subscribers
+  * Depend on jruby-openssl when running on jruby
+  * Remove unneeded rake dependency
+  * Remove configure method
+
+### 0.2.0 (July 12, 2012)
+  * Register a subscriber to one/many/all events
+  * Remove sqlite3 development dependency
+  * Setup travis-ci for repo
+  * Hard code a placeholder api key in dummy app. Fixes failing tests when env var not defined.
+
+### 0.1.1 (July 4, 2012)
+  * Improve README
+  * Specify development dependency versions
+  * Fix controller test which was passing incorrectly
+
+### 0.1.0 (June 24, 2012)
+  * Initial release

data/Gemfile

@@ -0,0 +1,2 @@
+source "https://rubygems.org"
+gemspec

data/Gemfile.lock

@@ -0,0 +1,222 @@
+PATH
+  remote: .
+  specs:
+    event_sub_events (0.1.0)
+      activesupport (>= 3.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (7.1.1)
+      actionpack (= 7.1.1)
+      activesupport (= 7.1.1)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+      zeitwerk (~> 2.6)
+    actionmailbox (7.1.1)
+      actionpack (= 7.1.1)
+      activejob (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
+      mail (>= 2.7.1)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.1.1)
+      actionpack (= 7.1.1)
+      actionview (= 7.1.1)
+      activejob (= 7.1.1)
+      activesupport (= 7.1.1)
+      mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
+      rails-dom-testing (~> 2.2)
+    actionpack (7.1.1)
+      actionview (= 7.1.1)
+      activesupport (= 7.1.1)
+      nokogiri (>= 1.8.5)
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actiontext (7.1.1)
+      actionpack (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (7.1.1)
+      activesupport (= 7.1.1)
+      builder (~> 3.1)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.1.1)
+      activesupport (= 7.1.1)
+      globalid (>= 0.3.6)
+    activemodel (7.1.1)
+      activesupport (= 7.1.1)
+    activerecord (7.1.1)
+      activemodel (= 7.1.1)
+      activesupport (= 7.1.1)
+      timeout (>= 0.4.0)
+    activestorage (7.1.1)
+      actionpack (= 7.1.1)
+      activejob (= 7.1.1)
+      activerecord (= 7.1.1)
+      activesupport (= 7.1.1)
+      marcel (~> 1.0)
+    activesupport (7.1.1)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      mutex_m
+      tzinfo (~> 2.0)
+    addressable (2.8.5)
+      public_suffix (>= 2.0.2, < 6.0)
+    base64 (0.1.1)
+    bigdecimal (3.1.4)
+    builder (3.2.4)
+    concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
+    crack (0.4.5)
+      rexml
+    crass (1.0.6)
+    date (3.3.3)
+    diff-lcs (1.5.0)
+    drb (2.1.1)
+      ruby2_keywords
+    erubi (1.12.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
+    hashdiff (1.0.1)
+    i18n (1.14.1)
+      concurrent-ruby (~> 1.0)
+    io-console (0.6.0)
+    irb (1.8.3)
+      rdoc
+      reline (>= 0.3.8)
+    loofah (2.21.4)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    mail (2.8.1)
+      mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
+    marcel (1.0.2)
+    mini_mime (1.1.5)
+    minitest (5.20.0)
+    mutex_m (0.1.2)
+    net-imap (0.4.3)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
+      timeout
+    net-smtp (0.4.0)
+      net-protocol
+    nio4r (2.5.9)
+    nokogiri (1.15.4-x86_64-linux)
+      racc (~> 1.4)
+    psych (5.1.1.1)
+      stringio
+    public_suffix (5.0.3)
+    racc (1.7.2)
+    rack (3.0.8)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
+    rails (7.1.1)
+      actioncable (= 7.1.1)
+      actionmailbox (= 7.1.1)
+      actionmailer (= 7.1.1)
+      actionpack (= 7.1.1)
+      actiontext (= 7.1.1)
+      actionview (= 7.1.1)
+      activejob (= 7.1.1)
+      activemodel (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
+      bundler (>= 1.15.0)
+      railties (= 7.1.1)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.1.1)
+      actionpack (= 7.1.1)
+      activesupport (= 7.1.1)
+      irb
+      rackup (>= 1.0.0)
+      rake (>= 12.2)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rake (13.1.0)
+    rdoc (6.5.0)
+      psych (>= 4.0.0)
+    reline (0.3.9)
+      io-console (~> 0.5)
+    rexml (3.2.6)
+    rspec-core (3.9.3)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.4)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-rails (3.9.1)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.4)
+    ruby2_keywords (0.0.5)
+    stringio (3.0.8)
+    thor (1.3.0)
+    timeout (0.4.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    webmock (1.24.6)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+    webrick (1.8.1)
+    websocket-driver (0.7.6)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.6.12)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  event_sub_events!
+  rails (>= 3.1)
+  rake
+  rspec-rails (~> 3.7)
+  webmock (~> 1.9)
+
+BUNDLED WITH
+   2.4.21

data/LICENSE.md

@@ -0,0 +1,22 @@
+The MIT License
+
+Copyright 2012-2015 Integrallis Software
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,96 @@
+# EventSub
+
+EventSub is a Ruby library for Twitch EventSub webhooks. It is built on the [ActiveSupport::Notifications API](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html).
+
+This is forked from [stripe_event](https://github.com/integrallis/stripe_event) and modified for use with Twitch EventSub.
+
+## Install
+
+```ruby
+# Gemfile
+gem "eventsub"
+```
+
+```ruby
+# config/routes.rb
+mount EventSub::Engine, at: "/my-chosen-path"
+```
+
+## Usage
+
+```ruby
+# config/initializers/event_sub.rb
+EventSub.signing_secret = ENV['TWITCH_SIGNING_SECRET']
+
+EventSub.configure do |events|
+  events.subscribe "channel.ban" do |event|
+    event.subscription
+    event.event
+  end
+
+  events.all do |event|
+    # Handle all event types - logging, etc.
+  end
+end
+```
+
+### Subscriber objects that respond to #call
+
+```ruby
+class CustomerCreated
+  def call(event)
+    # Event handling
+  end
+end
+
+class BillingEventLogger
+  def initialize(logger)
+    @logger = logger
+  end
+
+  def call(event)
+    @logger.info "BILLING:#{event.type}:#{event.id}"
+  end
+end
+```
+
+```ruby
+EventSub.configure do |events|
+  events.all BillingEventLogger.new(Rails.logger)
+  events.subscribe 'customer.created', CustomerCreated.new
+end
+```
+
+## Securing your webhook endpoint
+
+### Authenticating webhooks with signatures
+
+Twitch will cryptographically sign webhook events with a signature which is included with a header sent with the request.
+Verifying this signature lets your application properly authenticate the request originated from Twitch.
+
+Please set the `signing_secret` configuration value:
+
+```ruby
+EventSub.signing_secret = "abc123"
+```
+
+Please refer to [Twitch's documentation](https://dev.twitch.tv/docs/eventsub/handling-webhook-events/#verifying-the-event-message) for more details
+
+### Support for multiple signing secrets
+
+You can also supply multiple secrets by sending an array to `signing_secrets` like so:
+
+```ruby
+EventSub.signing_secrets = [
+  "abc123",
+  "123abc"
+]
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/deanpcmad/eventsub-gem.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec
+

data/app/controllers/event_sub_events/webhook_controller.rb

@@ -0,0 +1,23 @@
+module EventSubEvents
+  class WebhookController < ActionController::Base
+
+    if Rails.application.config.action_controller.default_protect_from_forgery
+      skip_before_action :verify_authenticity_token
+    end
+
+    def event
+      EventSubEvents.instrument(verified_event)
+      head :ok
+    rescue EventSubEvents::SignatureVerificationError => e
+      render plain: e, status: :bad_request
+    end
+
+    private
+
+    def verified_event
+      verifier = EventSubEvents::SignatureVerifier.new(request)
+      verifier.reconstruct_event if verifier.verify
+    end
+
+  end
+end

data/config/routes.rb

@@ -0,0 +1,3 @@
+EventSubEvents::Engine.routes.draw do
+  root to: 'webhook#event', via: :post
+end

data/event_sub_events.gemspec

@@ -0,0 +1,34 @@
+$LOAD_PATH.push File.expand_path("lib", __dir__)
+
+# Maintain your gem's version:
+require "event_sub_events/version"
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |spec|
+  spec.name        = "event_sub_events"
+  spec.version     = EventSubEvents::VERSION
+  spec.authors     = ["Dean Perry"]
+  spec.email       = "dean@deanpcmad.com"
+
+  spec.summary     = "Twitch EventSub webhook integration for Rails apps"
+  spec.homepage    = "https://deanpcmad.com"
+  spec.license     = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  # spec.metadata["homepage_uri"]    = spec.homepage
+  # spec.metadata["source_code_uri"] = "https://github.com/deanpcmad/eventsub-gem"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activesupport", ">= 3.1"
+
+  spec.add_development_dependency "rails", [">= 3.1"]
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec-rails", "~> 3.7"
+  spec.add_development_dependency "webmock", "~> 1.9"
+end

data/lib/event_sub_events/engine.rb

@@ -0,0 +1,5 @@
+module EventSubEvents
+  class Engine < ::Rails::Engine
+    isolate_namespace EventSubEvents
+  end
+end

data/lib/event_sub_events/signature_verifier.rb

@@ -0,0 +1,50 @@
+require "openssl"
+require "ostruct"
+require "json"
+
+module EventSubEvents
+  class SignatureVerifier
+    def initialize(request)
+      @request = request
+    end
+
+    def verify
+      request = @request
+
+      message_id = request.headers["Twitch-Eventsub-Message-Id"]
+      timestamp  = request.headers["Twitch-Eventsub-Message-Timestamp"]
+      signature  = request.headers["Twitch-Eventsub-Message-Signature"].gsub("sha256=", "")
+      body       = request.body.read
+
+      hmac_message = message_id + timestamp + body
+
+      secrets = EventSubEvents.signing_secrets if EventSubEvents.signing_secret
+
+      secrets.each_with_index do |secret, i|
+        begin
+          hex = OpenSSL::HMAC.hexdigest('sha256', secret, hmac_message)
+          return validate(hex, signature)
+        rescue EventSubEvents::SignatureVerificationError
+          raise if i == secrets.length - 1
+          next
+        end
+      end
+    end
+
+    def reconstruct_event
+      body = @request.body.read
+      JSON.parse(body, object_class: OpenStruct)
+    end
+
+    private
+
+    def validate(hex, signature)
+      if ActiveSupport::SecurityUtils::secure_compare(hex, signature)
+        true
+      else
+        raise EventSubEvents::SignatureVerificationError
+      end
+    end
+
+  end
+end

data/lib/event_sub_events/version.rb

@@ -0,0 +1,3 @@
+module EventSubEvents
+  VERSION = "0.1.0"
+end

data/lib/event_sub_events.rb

@@ -0,0 +1,76 @@
+require "active_support/notifications"
+require "event_sub_events/signature_verifier"
+require "event_sub_events/engine" if defined?(Rails)
+
+module EventSubEvents
+  class << self
+    attr_accessor :adapter, :backend, :namespace, :event_filter
+    attr_reader :signing_secrets
+
+    def configure(&block)
+      raise ArgumentError, "must provide a block" unless block_given?
+      block.arity.zero? ? instance_eval(&block) : yield(self)
+    end
+    alias :setup :configure
+
+    def instrument(event)
+      event = event_filter.call(event)
+      backend.instrument namespace.call(event.subscription.type), event if event
+    end
+
+    def subscribe(name, callable = nil, &block)
+      callable ||= block
+      backend.subscribe namespace.to_regexp(name), adapter.call(callable)
+    end
+
+    def all(callable = nil, &block)
+      callable ||= block
+      subscribe nil, callable
+    end
+
+    def listening?(name)
+      namespaced_name = namespace.call(name)
+      backend.notifier.listening?(namespaced_name)
+    end
+
+    def signing_secret=(value)
+      @signing_secrets = Array(value).compact
+    end
+    alias signing_secrets= signing_secret=
+
+    def signing_secret
+      self.signing_secrets && self.signing_secrets.first
+    end
+  end
+
+  class Namespace < Struct.new(:value, :delimiter)
+    def call(name = nil)
+      "#{value}#{delimiter}#{name}"
+    end
+
+    def to_regexp(name = nil)
+      %r{^#{Regexp.escape call(name)}}
+    end
+  end
+
+  class NotificationAdapter < Struct.new(:subscriber)
+    def self.call(callable)
+      new(callable)
+    end
+
+    def call(*args)
+      payload = args.last
+      subscriber.call(payload)
+    end
+  end
+
+  class Error < StandardError; end
+  class UnauthorizedError < Error; end
+  class SignatureVerificationError < Error; end
+  class ProcessError < Error; end
+
+  self.adapter = NotificationAdapter
+  self.backend = ActiveSupport::Notifications
+  self.namespace = Namespace.new("event_sub", ".")
+  self.event_filter = lambda { |event| event }
+end

data/lib/eventsub.rb

@@ -0,0 +1 @@
+require "event_sub_events"

metadata

@@ -0,0 +1,130 @@
+--- !ruby/object:Gem::Specification
+name: event_sub_events
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Dean Perry
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-02-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+description: 
+email: dean@deanpcmad.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/FUNDING.yml"
+- ".github/workflows/main.yml"
+- ".gitignore"
+- ".rspec"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.md
+- README.md
+- Rakefile
+- app/controllers/event_sub_events/webhook_controller.rb
+- config/routes.rb
+- event_sub_events.gemspec
+- lib/event_sub_events.rb
+- lib/event_sub_events/engine.rb
+- lib/event_sub_events/signature_verifier.rb
+- lib/event_sub_events/version.rb
+- lib/eventsub.rb
+homepage: https://deanpcmad.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.22
+signing_key: 
+specification_version: 4
+summary: Twitch EventSub webhook integration for Rails apps
+test_files: []