increase 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43bc6e7b10ff9beb7aad80057ffd20e38540f60b6d2324e119326218794e14b3
-  data.tar.gz: 8bb3bb23e78e81801fb0fa3ab29019c2b663a9dd2cd0462d3946698c347fff5a
+  metadata.gz: c94e77f42a4d8c725f5518af02301564c6cbff71f90015063313e983aeac5124
+  data.tar.gz: 1d5ec565ec368dd713b47f18a41d5eb1363e624ef6792c05b87952f9fe368695
 SHA512:
-  metadata.gz: af671bbe00de695ebee4d75c90e0207f87f79c20b2ad431919d6016987859821397c15ab596268ace2958cbee054832349262764413cc53ddda844a4bc7a4178
-  data.tar.gz: 1187e2cefba42d32e0c18c13bfbac49be565def33cbc832ef4a897d88aaf87d087a781a3d3750979fb697026fce327c16b74131058e3e76e2426502126de5968
+  metadata.gz: 4dd0a71c6eac5742ca4f63237eb8bbccffc8eefe625ce63e345b97cb4431b3cba04744e9acd426665757ab0d1240637a4fb02311cda84cbe7dc8fa1f2657c7bf
+  data.tar.gz: cba66503cbbeaf4fd7bdc6541899d033126a2efbc20a7ce70cb8b14f42a78a30628b3ea40b3da1b7b176e4d8219291d800846061f3004c70c2d0e96f4b548a64

data/README.md

@@ -1,35 +1,200 @@
 # Increase
 
-TODO: Delete this and the text below, and describe your gem
-
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/increase`. To experiment with that code, run `bin/console` for an interactive prompt.
+A Ruby API client for [Increase](https://increase.com/), a platform for Bare-Metal Banking APIs!
 
 ## Installation
 
-TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org.
-
 Install the gem and add to the application's Gemfile by executing:
 
-    $ bundle add UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG
+```sh
+$ bundle add increase
+```
 
 If bundler is not being used to manage dependencies, install the gem by executing:
 
-    $ gem install UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG
+```sh
+$ gem install increase
+```
 
 ## Usage
 
-TODO: Write usage instructions here
+```ruby
+require 'increase'
+
+# Grab your API key from https://dashboard.increase.com/developers/api_keys
+Increase.api_key = 'my_api_key'
+Increase.base_url = 'https://api.increase.com'
+
+# List transactions
+Increase::Transactions.list
+
+# Retrieve a transaction
+Increase::Transactions.retrieve('transaction_1234abcd')
+
+# Create an ACH Transfer
+Increase::AchTransfers.create(
+  account_id: 'account_1234abcd',
+  amount: 100_00, # 10,000 cents ($100 dollars)
+  routing_number: '123456789',
+  account_number: '9876543210',
+  statement_descriptor: 'broke the bank for some retail therapy'
+)
+```
+
+### Per-request Configuration
+
+By default, the client will use the global API key and configurations. However, you can define a custom client to be
+used for per-request configuration.
+
+For example, you may want to have access to production and sandbox data at the same.
+
+```ruby
+sandbox = Increase::Client.new(
+  api_key: 'time_is_money',
+  base_url: 'https://sandbox.increase.com'
+)
+
+# This request will use the `sandbox` client and its configurations
+Increase::Transactions.with_config(sandbox).list
+# => [{some sandbox transactions here}, {transaction}, {transaction}]
+
+# This request will still use the global configurations (where the API key is a production key)
+Increase::Transactions.list
+# => [{some production transactions here}, {transaction}, {transaction}]
+```
+
+See the [Configuration](#configuration) section for more information on the available configurations.
+
+### Pagination
+
+When listing resources (e.g. transactions), **Increase** limits the number of results per page to 100. Luckily, the
+client will automatically paginate through all the results for you!
+
+```ruby
+Increase::Transactions.list(limit: :all) do |transactions|
+  # This block will be called once for each page of results
+  puts "I got #{transactions.count} transactions!"
+end
+
+# Or, if you'd like a gargantuan array of all the transactions
+Increase::Transactions.list(limit: :all)
+Increase::Transactions.list(limit: 2_000)
+```
+
+Watch out for the rate limit!
+
+### Error Handling
+
+Whenever you make an oopsies, the client will raise an error! Errors originating from the API will be a subclass
+of `Increase::ApiError`.
+
+```ruby
+
+begin
+  Increase::Transactions.retrieve('transaction_1234abcd')
+rescue Increase::ApiError => e
+  puts e.message # "[404: object_not_found_error] Could not find the specified object. No resource of type ..."
+  puts e.title # "Could not find the specified object."
+  puts e.detail # "No resource of type transaction was found with ID transaction_1234abcd."
+  puts e.status # 404
+
+  puts e.response # This contains the full response from the API, including headers! (its a Faraday::Env object)
+
+  puts e.class # Increase::ObjectNotFoundError (it's a subclass of Increase::ApiError!)
+end
+```
+
+To disable this behavior, set `Increase.raise_api_errors = false`. Errors will then be returned as a normal response.
+
+```ruby
+Increase.raise_api_errors = false # Default: true
+
+Increase::Transactions.retrieve('transaction_1234abcd')
+# => {"status"=>404, "type"=>"object_not_found_error", ... }
+```
+
+### Configuration
+
+| Name                 | Description                                                                                                                                                                                                                                                     | Default                      |
+|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|
+| **api_key**          | Your Increase API Key. Grab it from https://dashboard.increase.com/developers/api_keys                                                                                                                                                                          | `nil`                        |
+| **base_url**         | The base URL for Increase's API. You can use `:production` (https://api.increase.com), `:sandbox` (https://sandbox.increase.com), or set an actual URL                                                                                                          | `"https://api.increase.com"` |
+| **raise_api_errors** | Whether to raise an error when the API returns a non-2XX status. Learn more about Increase's errors [here](https://increase.com/documentation/api#errors). See error classes [here](https://github.com/garyhtou/increase-ruby/blob/main/lib/increase/errors.rb) | `true`                       |
+
+There are multiple syntaxes for configuring the client. Choose your favorite!
+
+```ruby
+# Set the configurations directly
+Increase.api_key = 'terabytes_of_cash' # Default: nil (you'll need one tho!)
+Increase.base_url = :production # Default: :production
+Increase.raise_api_errors = true # Default: true
+
+# Or, you can use a block
+Increase.configure do |config|
+  config.api_key = 'digital_dough'
+  config.base_url = :sandbox
+  config.raise_api_errors = false
+end
+
+# Or, you can pass in a hash
+Increase.configure(api_key: 'just_my_two_cents')
+```
+
+### Idempotency
+
+**Increase** supports [idempotent requests](https://increase.com/documentation/api#idempotency) to allow for safely
+retrying requests without accidentally performing the same operation twice.
+
+```ruby
+card = Increase::Cards.create(
+  {
+    # Card parameters
+    account_id: 'account_1234abcd',
+    description: 'My Chipotle card'
+  },
+  {
+    # Request headers
+    'Idempotency-Key': 'use a V4 UUID here'
+  }
+)
+# => {"id"=>"card_1234abcd", "type"=>"card", ... }
+
+idempotent_replayed = card.response.headers['Idempotent-Replayed']
+# => "false"
+```
+
+Reusing the key in subsequent requests will return the same response code and body as the original request along with an
+additional HTTP header (Idempotent-Replayed: true). This applies to both success and error responses. In situations
+where your request results in a validation error, you'll need to update your request and retry with a new idempotency
+key.
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can
+also run `bin/console` for an interactive prompt that will allow you to experiment.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+You can also run `INCREASE_API_KEY=my_key_here INCREASE_BASE_URL=https://sandbox.increase.com bin/console` to run the
+console with your Increase sandbox API key pre-filled.
+
+To install this gem onto your local machine, run `bundle exec rake install`.
+
+To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will
+create a git tag for the version, push git commits and the created tag, and push the `.gem` file
+to [rubygems.org](https://rubygems.org).
+
+Alternatively, use [`gem-release`](https://github.com/svenfuchs/gem-release) and
+run `gem bump --version patch|minor|major`. Then release the gem by running `bundle exec rake release`.
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/increase.
+Bug reports and pull requests are welcome on GitHub at https://github.com/garyhtou/increase.
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+The gem is available as open source under the terms of
+the [MIT License](https://github.com/garyhtou/increase-ruby/blob/main/LICENSE.txt).
+
+---
+
+Please note that this is not an official library written by **Increase**. Its written and maintained
+by [Gary Tou](https://garytou.com/) who just uses Increase at work!

data/lib/increase/client.rb

@@ -27,7 +27,8 @@ module Increase
       Faraday.new(
         url: @configuration.base_url,
         headers: {
-          Authorization: "Bearer #{@configuration.api_key}"
+          Authorization: "Bearer #{@configuration.api_key}",
+          "User-Agent": "Increase Ruby Gem v#{Increase::VERSION} (https://github.com/garyhtou/increase-ruby)"
         }
       ) do |f|
         f.request :json

data/lib/increase/configuration.rb

@@ -8,16 +8,13 @@ module Increase
     # TODO: support Faraday config
 
     def initialize(config = nil)
-      if config.nil?
-        reset
-      else
-        configure(config)
-      end
+      reset
+      configure(config) if config
     end
 
     def reset
       @base_url = ENV["INCREASE_BASE_URL"] || Increase::PRODUCTION_URL
-      @api_key = nil || ENV["INCREASE_API_KEY"]
+      @api_key = ENV["INCREASE_API_KEY"]
       @raise_api_errors = true
     end
 

data/lib/increase/errors.rb

@@ -82,4 +82,18 @@ module Increase
     "private_feature_error" => PrivateFeatureError,
     "rate_limited_error" => RateLimitedError
   }
+
+  # WebhookSignatureVerificationError is raised when a received webhook's
+  # signature is invalid.
+  class WebhookSignatureVerificationError < Error
+    attr_reader :signature_header
+    attr_reader :payload
+
+    def initialize(message = "Increase webhook signature verification failed", signature_header: nil, payload: nil)
+      @signature_header = signature_header
+      @payload = payload
+
+      super(message)
+    end
+  end
 end

data/lib/increase/resource.rb

@@ -29,41 +29,170 @@ module Increase
       name.split("::").last.gsub(/[A-Z]/, ' \0').strip
     end
 
-    def self.endpoint(method, as: nil, with: nil)
-      if as == :action
-        raise Error, "`with` must be a valid HTTP method" unless %i[get post put patch delete].include?(with)
-        return endpoint_action(method, with)
-      end
-      raise Error, "as must be :action" if as
+    def self.endpoint(name, http_method, to: :same_as_name, with: nil)
+      to = nil if to == :root
+      to = name.to_s if to == :same_as_name
+      to = [to].flatten.compact
+      with = [with].flatten.compact
+
+      raise Error, "Invalid `to`. Max of 2 elements allowed" if to.size > 2
+      raise Error, "Only one `to` allowed when not `with` an `id`" if to.size > 1 && !with.include?(:id)
+
+      request_method = :request
+      request_method = :paginated_request if with.include?(:pagination)
+
+      method =
+        if with.include?(:id)
+          # Method signature with a required `id` param
+          ->(id, params = nil, headers = nil, &block) do
+            url = self.class.resource_url
+            url +=
+              if to.size == 2
+                "/#{to[0]}/#{id}/#{to[1]}"
+              elsif to.size == 1
+                # Default to id first
+                "/#{id}/#{to[0]}"
+              else
+                "/#{id}"
+              end
+
+            send(request_method, http_method, url, params, headers, &block)
+          end
+        else
+          # Method signature without a required `id` param
+          ->(params = nil, headers = nil, &block) do
+            url = self.class.resource_url
+            url += "/#{to[0]}" if to.size == 1
 
-      define_singleton_method(method) do |*args, &block|
-        new.send(method, *args, &block)
-      end
+            send(request_method, http_method, url, params, headers, &block)
+          end
+        end
+
+      # Define instance method
+      define_method(name, &method)
 
-      public method
+      # Define class method (uses default config by calling `new`)
+      define_singleton_method(name) do |*args, &block|
+        new.send(name, *args, &block)
+      end
     end
 
     private_class_method :endpoint
 
-    def self.endpoint_action(method, http_method)
-      define_singleton_method(method) do |*args, &block|
-        new.send(:action, method, http_method, *args, &block)
+    class << self
+      private
+
+      # These methods here are shortcuts for the `endpoint` method. They define
+      # commonly used endpoints. For example, nearly all resources have a `list`
+      # endpoint which is a `GET` request to the resource's root URL.
+
+      def create
+        endpoint :create, :post, to: :root
       end
 
-      define_method(method) do |*args, &block|
-        new.send(:action, method, http_method, *args, &block)
+      def list
+        endpoint :list, :get, to: :root, with: :pagination
+      end
+
+      def update
+        endpoint :update, :patch, to: :root, with: :id
+      end
+
+      def retrieve
+        endpoint :retrieve, :get, to: :root, with: :id
       end
     end
 
-    private_class_method :endpoint_action
+    # def self.endpoint_action(method, http_method)
+    #   define_singleton_method(method) do |*args, &block|
+    #     new.send(:action, method, http_method, *args, &block)
+    #   end
+    #
+    #   define_method(method) do |*args, &block|
+    #     new.send(:action, method, http_method, *args, &block)
+    #   end
+    # end
+    #
+    # private_class_method :endpoint_action
+    #
+    # private
+    #
+    # def create(params = nil, headers = nil)
+    #   request(:post, self.class.resource_url, params, headers)
+    # end
+    #
+    # def list(params = nil, headers = nil, &block)
+    #   results = []
+    #   count = 0
+    #   limit = params&.[](:limit) || params&.[]("limit")
+    #   if limit == :all || limit&.>(100)
+    #     params&.delete(:limit)
+    #     params&.delete("limit")
+    #   end
+    #
+    #   loop do
+    #     res = request(:get, self.class.resource_url, params, headers)
+    #     data = res["data"]
+    #     count += data.size
+    #     if ![nil, :all].include?(limit) && count >= limit
+    #       data = data[0..(limit - (count - data.size) - 1)]
+    #     end
+    #
+    #     if block
+    #       block.call(data)
+    #     else
+    #       results += data
+    #     end
+    #
+    #     if limit.nil? || (limit != :all && count >= limit) || res["next_cursor"].nil?
+    #       if block
+    #         break
+    #       else
+    #         return results
+    #       end
+    #     end
+    #
+    #     params = (params || {}).merge({ cursor: res["next_cursor"] })
+    #   end
+    # end
+    #
+    # def update(id, params = nil, headers = nil)
+    #   raise Error, "id must be a string" unless id.is_a?(String)
+    #   path = "#{self.class.resource_url}/#{id}"
+    #   request(:patch, path, params, headers)
+    # end
+    #
+    # def retrieve(id, params = nil, headers = nil)
+    #   raise Error, "id must be a string" unless id.is_a?(String)
+    #   path = "#{self.class.resource_url}/#{id}"
+    #   request(:get, path, params, headers)
+    # end
+    #
+    # # Such as for "/accounts/{account_id}/close"
+    # # "close" is the action.
+    # def action(action, http_method, id, params = nil, headers = nil)
+    #   raise Error, "id must be a string" unless id.is_a?(String)
+    #   path = "#{self.class.resource_url}/#{id}/#{action}"
+    #   request(http_method, path, params, headers)
+    # end
 
     private
 
-    def create(params = nil, headers = nil)
-      request(:post, self.class.resource_url, params, headers)
+    def request(method, path, params = nil, headers = nil, &block)
+      if block
+        # Assume the caller wants to automatically paginate
+        return paginated_request(method, path, params, headers, &block)
+      end
+
+      if method == :post
+        headers = {"Content-Type" => "application/json"}.merge!(headers || {})
+      end
+
+      response = @client.connection.send(method, path, params, headers)
+      ResponseHash.new(response.body, response: response)
     end
 
-    def list(params = nil, headers = nil, &block)
+    def paginated_request(method, path, params = nil, headers = nil, &block)
       results = []
       count = 0
       limit = params&.[](:limit) || params&.[]("limit")
@@ -73,8 +202,17 @@ module Increase
       end
 
       loop do
-        res = request(:get, self.class.resource_url, params, headers)
+        res = request(method, path, params, headers)
         data = res["data"]
+
+        # Handle case where endpoint doesn't actually support pagination.
+        # For example, someone passes a block to `Account.create`
+        if data.nil?
+          # In this case, we'll both yield and return the response
+          yield res if block
+          return res
+        end
+
         count += data.size
         if ![nil, :all].include?(limit) && count >= limit
           data = data[0..(limit - (count - data.size) - 1)]
@@ -97,34 +235,5 @@ module Increase
         params = (params || {}).merge({cursor: res["next_cursor"]})
       end
     end
-
-    def update(id, params = nil, headers = nil)
-      raise Error, "id must be a string" unless id.is_a?(String)
-      path = "#{self.class.resource_url}/#{id}"
-      request(:patch, path, params, headers)
-    end
-
-    def retrieve(id, params = nil, headers = nil)
-      raise Error, "id must be a string" unless id.is_a?(String)
-      path = "#{self.class.resource_url}/#{id}"
-      request(:get, path, params, headers)
-    end
-
-    # Such as for "/accounts/{account_id}/close"
-    # "close" is the action.
-    def action(action, http_method, id, params = nil, headers = nil)
-      raise Error, "id must be a string" unless id.is_a?(String)
-      path = "#{self.class.resource_url}/#{id}/#{action}"
-      request(http_method, path, params, headers)
-    end
-
-    def request(method, path, params = nil, headers = nil)
-      if method == :post
-        headers = {"Content-Type" => "application/json"}.merge!(headers || {})
-      end
-
-      response = @client.connection.send(method, path, params, headers)
-      ResponseHash.new(response.body, response: response)
-    end
   end
 end

data/lib/increase/resources/account_numbers.rb

@@ -4,9 +4,9 @@ require "increase/resource"
 
 module Increase
   class AccountNumbers < Resource
-    endpoint :create
-    endpoint :list
-    endpoint :update
-    endpoint :retrieve
+    create
+    list
+    update
+    retrieve
   end
 end

data/lib/increase/resources/account_transfers.rb

@@ -4,10 +4,10 @@ require "increase/resource"
 
 module Increase
   class AccountTransfers < Resource
-    endpoint :create
-    endpoint :list
-    endpoint :retrieve
-    endpoint :approve, as: :action, with: :post
-    endpoint :cancel, as: :action, with: :post
+    create
+    list
+    retrieve
+    endpoint :approve, :post, with: :id
+    endpoint :cancel, :post, with: :id
   end
 end

data/lib/increase/resources/accounts.rb

@@ -4,10 +4,10 @@ require "increase/resource"
 
 module Increase
   class Accounts < Resource
-    endpoint :create
-    endpoint :list
-    endpoint :update
-    endpoint :retrieve
-    endpoint :close, as: :action, with: :post
+    create
+    list
+    update
+    retrieve
+    endpoint :close, :post, with: :id
   end
 end

data/lib/increase/resources/ach_transfers.rb

@@ -4,10 +4,10 @@ require "increase/resource"
 
 module Increase
   class AchTransfers < Resource
-    endpoint :create
-    endpoint :list
-    endpoint :retrieve
-    endpoint :approve, as: :action, with: :post
-    endpoint :cancel, as: :action, with: :post
+    create
+    list
+    retrieve
+    endpoint :approve, :post, with: :id
+    endpoint :cancel, :post, with: :id
   end
 end

data/lib/increase/resources/cards.rb

@@ -4,10 +4,10 @@ require "increase/resource"
 
 module Increase
   class Cards < Resource
-    endpoint :create
-    endpoint :list
-    endpoint :details, as: :action, with: :get
-    endpoint :update
-    endpoint :retrieve
+    create
+    list
+    endpoint :details, :get, with: :id
+    update
+    retrieve
   end
 end

data/lib/increase/resources/events.rb

@@ -4,7 +4,7 @@ require "increase/resource"
 
 module Increase
   class Events < Resource
-    endpoint :list
-    endpoint :retrieve
+    list
+    retrieve
   end
 end

data/lib/increase/resources/pending_transactions.rb

@@ -4,7 +4,7 @@ require "increase/resource"
 
 module Increase
   class PendingTransactions < Resource
-    endpoint :list
-    endpoint :retrieve
+    list
+    retrieve
   end
 end

data/lib/increase/resources/transactions.rb

@@ -4,7 +4,7 @@ require "increase/resource"
 
 module Increase
   class Transactions < Resource
-    endpoint :list
-    endpoint :retrieve
+    list
+    retrieve
   end
 end

data/lib/increase/util.rb

@@ -0,0 +1,15 @@
+module Increase
+  module Util
+    # Constant time string comparison to prevent timing attacks
+    # Code borrowed from `stripe-ruby`, which was borrowed from ActiveSupport
+    def self.secure_compare(a, b)
+      return false unless a.bytesize == b.bytesize
+
+      l = a.unpack "C#{a.bytesize}"
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res.zero?
+    end
+  end
+end

data/lib/increase/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Increase
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/lib/increase/webhook/signature.rb

@@ -0,0 +1,56 @@
+require "increase/util"
+require "increase/errors"
+
+module Increase
+  # Keeping this module singular in case Increase adds a `webhooks` resource
+  module Webhook
+    module Signature
+      DEFAULT_TIME_TOLERANCE = 300 # 300 seconds (5 minutes)
+      DEFAULT_SCHEME = "v1"
+
+      def self.verify?(payload:, signature_header:, secret:, scheme: DEFAULT_SCHEME, time_tolerance: DEFAULT_TIME_TOLERANCE)
+        # Helper for raising errors with additional metadata
+        sig_error = ->(msg) do
+          WebhookSignatureVerificationError.new(msg, signature_header: signature_header, payload: payload)
+        end
+
+        # Parse header
+        sig_values = signature_header.split(",").map { |pair| pair.split("=") }.to_h
+
+        # Extract values
+        t = sig_values["t"] # Should be a string (ISO-8601 timestamp)
+        sig = sig_values[scheme]
+        raise sig_error.call("No timestamp found in signature header") if t.nil?
+        raise sig_error.call("No signature found with scheme #{scheme} in signature header") if sig.nil?
+
+        # Check signature
+        expected_sig = compute_signature(timestamp: t, payload: payload, secret: secret)
+        matches = Util.secure_compare(expected_sig, sig)
+        raise sig_error.call("Signature mismatch") unless matches
+
+        # Check timestamp tolerance to prevent timing attacks
+        if time_tolerance > 0
+          begin
+            timestamp = DateTime.parse(t)
+            now = DateTime.now
+            diff = (now - timestamp) * 24 * 60 * 60 # in seconds
+
+            # Don't allow timestamps in the future
+            if diff > time_tolerance || diff < 0
+              raise sig_error.call("Timestamp outside of the tolerance zone")
+            end
+          rescue Date::Error
+            raise sig_error.call("Invalid timestamp in signature header: #{t}")
+          end
+        end
+
+        true
+      end
+
+      def self.compute_signature(timestamp:, payload:, secret:)
+        signed_payload = timestamp.to_s + "." + payload.to_s
+        OpenSSL::HMAC.hexdigest("SHA256", secret, signed_payload)
+      end
+    end
+  end
+end

data/lib/increase.rb

@@ -5,7 +5,7 @@ require "increase/client"
 require "increase/configuration"
 require "increase/errors"
 require "increase/resources"
-require "increase/webhooks"
+require "increase/webhook/signature"
 
 module Increase
   PRODUCTION_URL = "https://api.increase.com"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: increase
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Gary Tou
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-03-19 00:00:00.000000000 Z
+date: 2023-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -38,20 +38,6 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.3.0
-- !ruby/object:Gem::Dependency
-  name: securecompare
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -151,8 +137,9 @@ files:
 - lib/increase/resources/pending_transactions.rb
 - lib/increase/resources/transactions.rb
 - lib/increase/response_hash.rb
+- lib/increase/util.rb
 - lib/increase/version.rb
-- lib/increase/webhooks.rb
+- lib/increase/webhook/signature.rb
 - sig/increase.rbs
 homepage: https://github.com/garyhtou/increase-ruby
 licenses:
@@ -169,7 +156,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 2.7.4
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/lib/increase/webhooks.rb

@@ -1,16 +0,0 @@
-require "openssl"
-require "securecompare"
-
-module Increase
-  class Webhooks
-    def self.verify?(payload:, signature_header:, secret:, scheme: "v1")
-      sig_values = signature_header.split(",").map { |pair| pair.split("=") }
-      sig_values = sig_values.to_h
-
-      signed_payload = sig_values["t"] + "." + payload.to_s
-
-      expected_sig = OpenSSL::HMAC.hexdigest("SHA256", secret, signed_payload)
-      SecureCompare.compare(expected_sig, sig_values["v1"])
-    end
-  end
-end