mergent 0.1.2 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 642ea17eb70a5ca0ff84a2925c80fa1e733500ab83e27cfeba9b88daf2ded004
-  data.tar.gz: 2866865e873ec4122c4bda14f2b7e003293679c452745ff7897375a11a318b4b
+  metadata.gz: cc06e24825269b013a4a16a36b4efbacce4bff7072a3f477d315a2662b6e9d1b
+  data.tar.gz: e1827059fe19cce91e14bacea197db6d56d9faafb4499103e2a03515491064be
 SHA512:
-  metadata.gz: 61903d6cdb937faaa6a30c77f6088dd766825a14ee72b4e8234b228d84bb56e44fea75f9b36d7e7aff17f3bdabad1881d3514ea6ee0b8f1e722b3489862eecb3
-  data.tar.gz: 7309d2edd09df2c59dec2fb22df1e5cfa82caa2e6faba27e42f03999f35093b913df83a7ee4e23385b1ddd7d498e3aba663e7f0cc1a3fabd78e01521383f0364
+  metadata.gz: 2b205d9443bb5589e6425969bc735fdfb01b43f14b60c5b94b5409e8ce4113c11c3504f2f28dd1898030a4ca2364d7162367ff59f4483ea1d0d299ac4182b953
+  data.tar.gz: baeff3cb6c216746c0b39007b4271282cdc85a9c2ef9de0d7953a0ad6cd46e0a09b4bbec8b231377f72ae2ee977b6d0255ff58f3292d00002faacf507682a57b

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 ## [Unreleased]
 
+## [0.2.0] - 2022-01-20
+
+- Add `Mergent::RequestValidator` to validate that webhooks came from Mergent's API
+
 ## [0.1.2] - 2022-1-13
 
 - Define explicit methods in `Mergent::Task`, to allow for use of verifying doubles when testing against them.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    mergent (0.1.2)
+    mergent (0.2.0)
 
 GEM
   remote: https://rubygems.org/
@@ -17,7 +17,7 @@ GEM
     parser (3.1.0.0)
       ast (~> 2.4.1)
     public_suffix (4.0.6)
-    rainbow (3.0.0)
+    rainbow (3.1.1)
     rake (13.0.6)
     regexp_parser (2.2.0)
     rexml (3.2.5)
@@ -27,7 +27,7 @@ GEM
       rspec-mocks (~> 3.10.0)
     rspec-core (3.10.1)
       rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec-expectations (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-mocks (3.10.2)
@@ -45,7 +45,7 @@ GEM
       unicode-display_width (>= 1.4.0, < 3.0)
     rubocop-ast (1.15.1)
       parser (>= 3.0.1.1)
-    rubocop-performance (1.13.1)
+    rubocop-performance (1.13.2)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
     rubocop-rake (0.6.0)

data/README.md

@@ -47,10 +47,11 @@ After checking out the repo, run `bundle` to install dependencies. Then, run
 `rake spec` to run the tests.
 
 To install this gem onto your local machine, run `bundle exec rake install`.
-To release a new version, update the version number in `version.rb`, and then
-run `bundle exec rake release`, which will create a git tag for the version,
-push git commits and the created tag, and push the `.gem` file to
-[rubygems.org](https://rubygems.org).
+
+To release a new version, update the changelog, bump the version number in
+`version.rb`, commit that change, and then run `bundle exec rake release`, which
+will create a git tag for the version, push git commits and the created tag, and
+push the `.gem` file to [rubygems.org](https://rubygems.org).
 
 ## Contributing
 

data/lib/mergent/client.rb

@@ -6,7 +6,7 @@ require "json"
 module Mergent
   class Client
     def self.post(resource, params) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-      uri = URI("https://api.mergent.co/v1/#{resource}")
+      uri = URI("#{Mergent.endpoint}/#{resource}")
       headers = {
         Authorization: "Bearer #{Mergent.api_key}",
         "Content-Type": "application/json"
@@ -15,7 +15,7 @@ module Mergent
       request.body = params.to_json
 
       https = Net::HTTP.new(uri.host, uri.port)
-      https.use_ssl = true
+      https.use_ssl = Mergent.endpoint.start_with?("https")
       response = https.request(request)
 
       case response
@@ -27,10 +27,20 @@ module Mergent
         rescue JSON::ParserError
           body = {}
         end
-        raise Mergent::Error, body["message"]
+        raise Mergent::Error, error_message(body)
       end
     rescue EOFError, Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ETIMEDOUT, SocketError
       raise Mergent::ConnectionError
     end
+
+    private
+
+    def self.error_message(body)
+      breakdown = body.fetch("errors", []).map { |error| error.fetch("message", nil) }.compact.join(", ")
+      msg = body["message"]
+      msg << " - #{breakdown}" unless breakdown.empty?
+      msg
+    end
+    private_class_method :error_message
   end
 end

data/lib/mergent/request_validator.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Mergent
+  class RequestValidator
+    def initialize(api_key)
+      @api_key = api_key || Mergent.api_key
+    end
+
+    def build_signature_for(url, body)
+      data = (url || "") + (body || "")
+      digest = OpenSSL::Digest.new("sha1")
+      Base64.strict_encode64(OpenSSL::HMAC.digest(digest, @api_key, data))
+    end
+
+    def valid_signature?(url, body, signature)
+      build_signature_for(url, body) == signature
+    end
+  end
+end

data/lib/mergent/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mergent
-  VERSION = "0.1.2"
+  VERSION = "0.2.0"
 end

data/lib/mergent.rb

@@ -1,11 +1,16 @@
 # frozen_string_literal: true
 
 require_relative "mergent/errors"
+require_relative "mergent/request_validator"
 require_relative "mergent/task"
 require_relative "mergent/version"
 
 module Mergent
+  ENDPOINT = "https://api.mergent.co/v1"
+
   class << self
-    attr_accessor :api_key
+    attr_accessor :api_key, :endpoint
   end
 end
+
+Mergent.endpoint = Mergent::ENDPOINT

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mergent
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.0
 platform: ruby
 authors:
 - Mergent
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-13 00:00:00.000000000 Z
+date: 2022-01-20 00:00:00.000000000 Z
 dependencies: []
 description: Ruby library for the Mergent API. See https://mergent.co for details.
 email: support@mergent.co
@@ -29,6 +29,7 @@ files:
 - lib/mergent/client.rb
 - lib/mergent/errors.rb
 - lib/mergent/object.rb
+- lib/mergent/request_validator.rb
 - lib/mergent/task.rb
 - lib/mergent/version.rb
 - mergent.gemspec