paypal-rest 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bee5f5d7151ee8a98165bb500f97a9e0d553026d330eb2ce76dabc39cef1286f
+  data.tar.gz: 8fcb2b0980ccdaf75e201c505d0ae22f244380f7c2ae7bb39af22c524faddd97
+SHA512:
+  metadata.gz: 692661c0bed877069c25404f9e4ad672d7f25a7587101ee123c073eaf575a952f4458fcb9b87d4d4b630679d35546df804b54877ddb0ee9a67339ff74e49379f
+  data.tar.gz: 901482d2ca9335fd41a12213db7e94356fa3e0b45151f89c2270a6d62cd3e0826b55b906057d5181f870371f600b2760f720daf322c1dc62d5cee1838bea5b13

data/.circleci/config.yml

@@ -0,0 +1,13 @@
+version: 2.1
+jobs:
+  build:
+    docker:
+      - image: ruby:3.1
+    steps:
+      - checkout
+      - run:
+          name: Run the default task
+          command: |
+            gem install bundler -v 2.3.10
+            bundle install
+            bundle exec rake

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.gem

data/.rspec

@@ -0,0 +1 @@
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,226 @@
+AllCops:
+  TargetRubyVersion: 3.1
+  Exclude:
+    - bin/**/*
+  <% `git status --ignored --porcelain`.scan(/^!!\s+(.*)$/).each do |match| %>
+    - <%= match[0] %>**/*
+  <% end %>
+
+# Extensions
+require:
+  - rubocop-rake
+  - rubocop-rspec
+
+# New rules
+Lint/DuplicateBranch: # (new in 1.3)
+  Enabled: true
+Lint/DuplicateRegexpCharacterClassElement: # (new in 1.1)
+  Enabled: true
+Lint/EmptyBlock: # (new in 1.1)
+  Enabled: true
+Lint/EmptyClass: # (new in 1.3)
+  Enabled: true
+Lint/NoReturnInBeginEndBlocks: # (new in 1.2)
+  Enabled: true
+Lint/ToEnumArguments: # (new in 1.1)
+  Enabled: true
+Lint/UnexpectedBlockArity: # (new in 1.5)
+  Enabled: true
+Lint/UnmodifiedReduceAccumulator: # (new in 1.1)
+  Enabled: true
+Style/ArgumentsForwarding: # (new in 1.1)
+  Enabled: true
+Style/CollectionCompact: # (new in 1.2)
+  Enabled: true
+Style/DocumentDynamicEvalDefinition: # (new in 1.1)
+  Enabled: true
+Style/NegatedIfElseCondition: # (new in 1.2)
+  Enabled: true
+Style/NilLambda: # (new in 1.3)
+  Enabled: true
+Style/RedundantArgument: # (new in 1.4)
+  Enabled: true
+Style/SwapValues: # (new in 1.1)
+  Enabled: true
+Gemspec/DateAssignment: # (new in 1.10)
+  Enabled: true
+Layout/SpaceBeforeBrackets: # (new in 1.7)
+  Enabled: true
+Lint/AmbiguousAssignment: # (new in 1.7)
+  Enabled: true
+Lint/DeprecatedConstants: # (new in 1.8)
+  Enabled: true
+Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
+  Enabled: true
+Lint/NumberedParameterAssignment: # (new in 1.9)
+  Enabled: true
+Lint/OrAssignmentToConstant: # (new in 1.9)
+  Enabled: true
+Lint/RedundantDirGlobSort: # (new in 1.8)
+  Enabled: true
+Lint/SymbolConversion: # (new in 1.9)
+  Enabled: true
+Lint/TripleQuotes: # (new in 1.9)
+  Enabled: true
+Style/EndlessMethod: # (new in 1.8)
+  Enabled: true
+Style/HashConversion: # (new in 1.10)
+  Enabled: true
+Style/HashExcept: # (new in 1.7)
+  Enabled: true
+Style/IfWithBooleanLiteralBranches: # (new in 1.9)
+  Enabled: true
+Gemspec/RequireMFA: # new in 1.23
+  Enabled: true
+Layout/LineEndStringConcatenationIndentation: # new in 1.18
+  Enabled: true
+Lint/AmbiguousOperatorPrecedence: # new in 1.21
+  Enabled: true
+Lint/AmbiguousRange: # new in 1.19
+  Enabled: true
+Lint/EmptyInPattern: # new in 1.16
+  Enabled: true
+Lint/IncompatibleIoSelectWithFiberScheduler: # new in 1.21
+  Enabled: true
+Lint/RequireRelativeSelfPath: # new in 1.22
+  Enabled: true
+Lint/UselessRuby2Keywords: # new in 1.23
+  Enabled: true
+Naming/BlockForwarding: # new in 1.24
+  Enabled: true
+Security/IoMethods: # new in 1.22
+  Enabled: true
+Style/FileRead: # new in 1.24
+  Enabled: true
+Style/FileWrite: # new in 1.24
+  Enabled: true
+Style/InPatternThen: # new in 1.16
+  Enabled: true
+Style/MapToHash: # new in 1.24
+  Enabled: true
+Style/MultilineInPatternThen: # new in 1.16
+  Enabled: true
+Style/NumberedParameters: # new in 1.22
+  Enabled: true
+Style/NumberedParametersLimit: # new in 1.22
+  Enabled: true
+Style/OpenStructUse: # new in 1.23
+  Enabled: true
+Style/QuotedSymbols: # new in 1.16
+  Enabled: true
+Style/RedundantSelfAssignmentBranch: # new in 1.19
+  Enabled: true
+Style/SelectByRegexp: # new in 1.22
+  Enabled: true
+Style/StringChars: # new in 1.12
+  Enabled: true
+RSpec/ExcessiveDocstringSpacing: # new in 2.5
+  Enabled: true
+RSpec/IdenticalEqualityAssertion: # new in 2.4
+  Enabled: true
+RSpec/SubjectDeclaration: # new in 2.5
+  Enabled: true
+RSpec/FactoryBot/SyntaxMethods: # new in 2.7
+  Enabled: true
+RSpec/Rails/AvoidSetupHook: # new in 2.4
+  Enabled: true
+Style/NestedFileDirname: # new in 1.26
+  Enabled: true
+RSpec/BeEq: # new in 2.9.0
+  Enabled: true
+RSpec/BeNil: # new in 2.9.0
+  Enabled: true
+Lint/RefinementImportMethods: # new in 1.27
+  Enabled: true
+Style/RedundantInitialize: # new in 1.27
+  Enabled: true
+
+# Alterations
+Naming/RescuedExceptionsVariableName:
+  Enabled: false
+Style/BlockComments:
+  Exclude:
+    - spec/**/*
+Style/Documentation:
+  Enabled: false
+Style/FrozenStringLiteralComment:
+  Enabled: false
+Layout/MultilineMethodCallIndentation:
+  Enabled: false
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+Layout/AccessModifierIndentation:
+  EnforcedStyle: outdent
+RSpec/NestedGroups:
+  Enabled: false
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+RSpec/MultipleExpectations:
+  Enabled: false
+RSpec/ExampleLength:
+  Enabled: false
+RSpec/ContextWording:
+  Prefixes:
+    - but
+    - if
+    - when
+    - with
+    - without
+RSpec/AnyInstance:
+  Enabled: false
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*
+Layout/ArgumentAlignment:
+  Enabled: false
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: consistent_comma
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: consistent_comma
+Style/TrailingCommaInHashLiteral:
+  EnforcedStyleForMultiline: consistent_comma
+Layout/MultilineMethodCallBraceLayout:
+  EnforcedStyle: new_line
+Style/AsciiComments:
+  Enabled: false
+Layout/CaseIndentation:
+  EnforcedStyle: end
+Style/Lambda:
+  Enabled: false
+Layout/SpaceInLambdaLiteral:
+  Enabled: false
+Style/RedundantSelf:
+  Enabled: false
+Style/PreferredHashMethods:
+  EnforcedStyle: verbose
+Style/IfUnlessModifier:
+  Enabled: false
+Layout/EndAlignment:
+  EnforcedStyleAlignWith: variable
+Style/BlockDelimiters:
+  EnforcedStyle: semantic
+  AllowBracesOnProceduralOneLiners: true
+Style/GuardClause:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Naming/MethodParameterName:
+  AllowedNames:
+    - as
+    - id
+Metrics/AbcSize:
+  Enabled: false
+Style/IfUnlessModifierOfIfUnless:
+  Enabled: false
+Style/NestedModifier:
+  Enabled: false
+Style/SoleNestedConditional:
+  Enabled: false
+Naming/VariableNumber:
+  EnforcedStyle: snake_case
+RSpec/SubjectStub:
+  Enabled: false
+Layout/ArrayAlignment:
+  Enabled: false
+Layout/FirstArrayElementIndentation:
+  Enabled: false

data/.ruby-version

@@ -0,0 +1 @@
+3.1.1

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [1.0.0] - 2022-04-13
+
+- Initial release

data/Gemfile

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in paypal-rest.gemspec
+gemspec
+
+gem "rack", "~> 2.2"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.11"
+gem "rubocop", "~> 1.7"
+gem "rubocop-rake", "~> 0.6"
+gem "rubocop-rspec", "~> 2.9"
+gem "webmock", "~> 3.14"

data/Gemfile.lock

@@ -0,0 +1,82 @@
+PATH
+  remote: .
+  specs:
+    paypal-rest (1.0.0)
+      faraday (~> 2.2)
+      faraday-retry (~> 1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ast (2.4.2)
+    crack (0.4.5)
+      rexml
+    diff-lcs (1.5.0)
+    faraday (2.2.0)
+      faraday-net_http (~> 2.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (2.0.2)
+    faraday-retry (1.0.3)
+    hashdiff (1.0.1)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
+    public_suffix (4.0.7)
+    rack (2.2.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.3.0)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubocop (1.27.0)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.16.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.17.0)
+      parser (>= 3.1.1.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.9.0)
+      rubocop (~> 1.19)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    unicode-display_width (2.1.0)
+    webmock (3.14.0)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+
+PLATFORMS
+  x86_64-darwin-21
+
+DEPENDENCIES
+  paypal-rest!
+  rack (~> 2.2)
+  rake (~> 13.0)
+  rspec (~> 3.11)
+  rubocop (~> 1.7)
+  rubocop-rake (~> 0.6)
+  rubocop-rspec (~> 2.9)
+  webmock (~> 3.14)
+
+BUNDLED WITH
+   2.3.10

data/LICENCE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Smart/Casual Ltd
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,31 @@
+# Paypal::REST
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'paypal-rest'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install paypal-rest
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/SmartCasual/paypal-rest.

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rubocop/rake_task"
+require "rspec/core/rake_task"
+
+RuboCop::RakeTask.new
+RSpec::Core::RakeTask.new(:spec)
+
+task default: %i[rubocop spec]

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "paypal/rest"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/paypal/rest/bearer_token.rb

@@ -0,0 +1,47 @@
+require_relative "connection"
+
+module Paypal
+  class REST
+    class BearerToken
+      def expired?
+        return false if expires_at.nil?
+
+        Util.now > (expires_at - 60)
+      end
+
+      def to_s
+        token
+      end
+
+    private
+
+      def token
+        response[:access_token]
+      end
+
+      def expires_at
+        if (expires_in = response[:expires_in])
+          Util.now + expires_in.to_i
+        end
+      end
+
+      def response
+        @response ||= connection.post("/v1/oauth2/token", grant_type: "client_credentials").body.tap do |body|
+          body = Util.deep_symbolize_keys(body)
+
+          raise body[:message] if body[:name] == "Bad Request"
+          raise body[:error_description] if body.has_key?(:error_description)
+        end
+      end
+
+      def connection
+        @connection ||= Connection.new do |faraday|
+          faraday.request :authorization, :basic, config.client_id, config.client_secret
+
+          faraday.request :url_encoded
+          faraday.response :json
+        end
+      end
+    end
+  end
+end

data/lib/paypal/rest/connection.rb

@@ -0,0 +1,30 @@
+require "delegate"
+require "faraday"
+require "faraday/retry"
+
+module Paypal
+  class REST
+    class Connection < SimpleDelegator
+      def initialize(&block)
+        connection = Faraday.new(url: config.api_endpoint) do |faraday|
+          faraday.request :retry
+          faraday.response :logger, logger, bodies: config.log_response_bodies
+
+          block.call(faraday) if Util.present?(block)
+        end
+
+        super(connection)
+      end
+
+    private
+
+      def config
+        @config ||= Paypal::REST.configuration
+      end
+
+      def logger
+        @logger ||= (config.logger || Logger.new($stdout))
+      end
+    end
+  end
+end

data/lib/paypal/rest/version.rb

@@ -0,0 +1,5 @@
+module Paypal
+  class REST
+    VERSION = "1.0.0".freeze
+  end
+end

data/lib/paypal/rest.rb

@@ -0,0 +1,75 @@
+require "English"
+
+require_relative "util"
+require_relative "rest/bearer_token"
+require_relative "rest/connection"
+
+module Paypal
+  class REST
+    class << self
+      def configure(&block)
+        block.call(configuration)
+      end
+
+      def configuration
+        @configuration ||= RESTConfiguration.new
+      end
+
+      def clear_configuration
+        @configuration = nil
+      end
+
+      def create_order(params)
+        post("/v2/checkout/orders", params)[:id]
+      end
+
+      def capture_payment_for_order(order_id)
+        post("/v2/checkout/orders/#{order_id}/capture")
+      end
+
+      def reset_connection
+        @connection = nil
+        @bearer_token = nil
+      end
+
+    private
+
+      def post(path, params = {})
+        response = connection.post(path, params).body
+
+        response = JSON.parse(response) if response.is_a?(String)
+        response = Util.deep_symbolize_keys(response)
+
+        raise response[:error_description] if response.has_key?(:error_description)
+
+        response
+      rescue JSON::ParserError, Faraday::ClientError => e
+        Rails.logger.error(["#{self.class} - #{e.class}: #{e.message}", e.backtrace].join($INPUT_RECORD_SEPARATOR))
+        head :unprocessable_entity
+      end
+
+      def connection
+        @connection ||= Connection.new do |faraday|
+          faraday.request :json
+          faraday.response :json
+
+          faraday.request :authorization, "Bearer", bearer_token
+        end
+      end
+
+      def bearer_token
+        return @bearer_token if @bearer_token && !@bearer_token.expired?
+
+        @bearer_token = BearerToken.new
+      end
+    end
+  end
+
+  RESTConfiguration = Struct.new("RESTConfiguration",
+    :api_endpoint,
+    :client_id,
+    :client_secret,
+    :log_response_bodies,
+    :logger,
+  )
+end

data/lib/paypal/util.rb

@@ -0,0 +1,25 @@
+module Paypal
+  module Util
+    def self.deep_symbolize_keys(hash)
+      hash.each_with_object({}) do |(key, value), memo|
+        memo[key.to_sym] = value.is_a?(Hash) ? deep_symbolize_keys(value) : value
+      end
+    end
+
+    def self.blank?(value)
+      value.respond_to?(:empty?) ? value.empty? : !value
+    end
+
+    def self.present?(...)
+      !blank?(...)
+    end
+
+    def self.now
+      if Time.respond_to?(:zone)
+        Time.zone.now
+      else
+        Time.now
+      end
+    end
+  end
+end

data/lib/paypal/webhooks/event.rb

@@ -0,0 +1,140 @@
+require_relative "x509_certificate"
+
+module Paypal
+  module Webhooks
+    class Event # rubocop:disable Metrics/ClassLength
+      VALID_PAYPAL_CERT_CN = "messageverificationcerts.paypal.com".freeze
+      VALID_PAYPAL_CERT_HOST = "api.paypal.com".freeze
+
+      class << self
+        def cert_cache
+          @cert_cache ||= {}
+        end
+
+        def clear_cert_cache
+          @cert_cache = nil
+        end
+      end
+
+      def initialize(params:, request:)
+        @request = request
+        @body = request.body&.read
+        @params = params
+      end
+
+      def verify!
+        raise EventVerificationFailed unless verify
+      end
+
+      def verify
+        verify_cert_url && verify_cert && verify_signature
+      end
+
+      def data
+        @data ||= Util.deep_symbolize_keys(@params)
+      end
+
+    private
+
+      def verify_signature
+        cert.verify(
+          algorithm:,
+          signature:,
+          fingerprint:,
+        ).tap do |result|
+          logger.debug("Bad signature") unless result
+        end
+      end
+
+      def verify_cert
+        verify_common_name && verify_date
+      end
+
+      def verify_common_name
+        (cert.common_name == VALID_PAYPAL_CERT_CN).tap do |result|
+          unless result
+            logger.debug {
+              "Incorrect common name #{cert.common_name} (expected #{VALID_PAYPAL_CERT_CN})"
+            }
+          end
+        end
+      end
+
+      def verify_date
+        cert.in_date?.tap do |result|
+          logger.debug("Not in date") unless result
+        end
+      end
+
+      def verify_cert_url
+        return false if Util.blank?(cert_url)
+
+        verify_cert_url_scheme && verify_cert_url_host
+      end
+
+      def verify_cert_url_scheme
+        (cert_url.scheme == "https").tap do |result|
+          logger.debug { "#{cert_url.scheme} is not HTTPS" } unless result
+        end
+      end
+
+      def verify_cert_url_host
+        (cert_url.host == VALID_PAYPAL_CERT_HOST).tap do |result|
+          unless result
+            logger.debug {
+              "Incorrect cert URL host #{cert_url.host} (expected #{VALID_PAYPAL_CERT_HOST})"
+            }
+          end
+        end
+      end
+
+      def algorithm
+        case (algo = get_header("HTTP_PAYPAL_AUTH_ALGO"))
+        when "SHA256withRSA" then "SHA256"
+        else
+          algo
+        end
+      end
+
+      def signature
+        get_header("HTTP_PAYPALAUTH_SIGNATURE")
+      end
+
+      def cert_url
+        @cert_url ||= URI.parse(get_header("HTTP_PAYPAL_CERT_URL")) if has_header?("HTTP_PAYPAL_CERT_URL")
+      end
+
+      def cert
+        self.class.cert_cache[cert_url.to_s] ||= X509Certificate.new(cert_url.open.read)
+      end
+
+      # https://developer.paypal.com/api/rest/webhooks/#link-eventheadervalidation
+      def fingerprint
+        [
+          get_header("HTTP_PAYPAL_TRANSMISSION_ID"),
+          get_header("HTTP_PAYPAL_TRANSMISSION_TIME"),
+          config.webhook_id,
+          Zlib.crc32(@body),
+        ].join("|")
+      end
+
+      def config
+        @config ||= Paypal::Webhooks.configuration
+      end
+
+      def logger
+        @logger ||= (config.logger || Logger.new($stdout))
+      end
+
+      def get_header(...)
+        @request.get_header(...)
+      end
+
+      def has_header?(...) # rubocop:disable Naming/PredicateName
+        @request.has_header?(...)
+      end
+    end
+
+    class EventVerificationFailed < StandardError; end
+  end
+end

data/lib/paypal/webhooks/x509_certificate.rb

@@ -0,0 +1,33 @@
+module Paypal
+  module Webhooks
+    class X509Certificate
+      def initialize(data)
+        @cert = OpenSSL::X509::Certificate.new(data)
+      end
+
+      def common_name
+        @common_name ||= get_subject_entry("CN")
+      end
+
+      def in_date?
+        Util.now.between?(@cert.not_before, @cert.not_after)
+      end
+
+      def verify(algorithm:, signature:, fingerprint:)
+        @cert.public_key.verify_pss(
+          algorithm,
+          signature,
+          fingerprint,
+          salt_length: :auto,
+          mgf1_hash: algorithm,
+        )
+      end
+
+    private
+
+      def get_subject_entry(key)
+        @cert.subject.to_a.assoc(key)[1]
+      end
+    end
+  end
+end

data/lib/paypal/webhooks.rb

@@ -0,0 +1,23 @@
+require_relative "util"
+
+module Paypal
+  module Webhooks
+    class << self
+      def configure(&block)
+        block.call(configuration)
+      end
+
+      def configuration
+        @configuration ||= WebhooksConfiguration.new
+      end
+
+      def clear_configuration
+        @configuration = nil
+      end
+    end
+  end
+
+  WebhooksConfiguration = Struct.new("WebhooksConfiguration", :logger, :webhook_id)
+end
+
+require_relative "webhooks/event"

data/paypal-rest.gemspec

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative "lib/paypal/rest/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "paypal-rest"
+  spec.version       = Paypal::REST::VERSION
+  spec.authors       = ["Elliot Crosby-McCullough"]
+  spec.email         = ["elliot.cm@gmail.com"]
+
+  spec.summary       = "Unofficial Ruby wrapper for the PayPal REST API"
+  spec.homepage      = "https://github.com/SmartCasual/paypal-rest"
+  spec.required_ruby_version = Gem::Requirement.new(">= 3.1.0")
+
+  spec.metadata["allowed_push_host"] = "https://rubygems.org"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = spec.homepage
+  spec.metadata["changelog_uri"] = "https://github.com/SmartCasual/paypal-rest/blob/#{spec.version}/CHANGELOG.md"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) {
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  }
+  spec.require_paths = ["lib"]
+  spec.metadata["rubygems_mfa_required"] = "true"
+
+  spec.add_runtime_dependency "faraday", "~> 2.2"
+  spec.add_runtime_dependency "faraday-retry", "~> 1.0"
+end

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: paypal-rest
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Elliot Crosby-McCullough
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-04-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: faraday-retry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description:
+email:
+- elliot.cm@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".circleci/config.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENCE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/paypal/rest.rb
+- lib/paypal/rest/bearer_token.rb
+- lib/paypal/rest/connection.rb
+- lib/paypal/rest/version.rb
+- lib/paypal/util.rb
+- lib/paypal/webhooks.rb
+- lib/paypal/webhooks/event.rb
+- lib/paypal/webhooks/x509_certificate.rb
+- paypal-rest.gemspec
+homepage: https://github.com/SmartCasual/paypal-rest
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/SmartCasual/paypal-rest
+  source_code_uri: https://github.com/SmartCasual/paypal-rest
+  changelog_uri: https://github.com/SmartCasual/paypal-rest/blob/1.0.0/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.7
+signing_key:
+specification_version: 4
+summary: Unofficial Ruby wrapper for the PayPal REST API
+test_files: []