recurly 4.23.0 → 4.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.bumpversion.cfg +1 -1
- data/CHANGELOG.md +8 -0
- data/GETTING_STARTED.md +1 -1
- data/lib/recurly/errors/webhooks_errors.rb +5 -0
- data/lib/recurly/errors.rb +1 -0
- data/lib/recurly/version.rb +1 -1
- data/lib/recurly/webhooks.rb +52 -0
- data/lib/recurly.rb +1 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5f585c84e359302293e13409b5162b2ad56241f342b0c9e9c2c4200f29782a32
|
|
4
|
+
data.tar.gz: d8908b9d5e9cefcce7a9fa6cfa0d75b69dcd8b885ac6ce6dacc2ec416f56c1a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3d42081e4d4e095850d9b1158e8c798ab0cc11d9f9d68bb895ba77808a2d6f4f1a0bdfeac2c6394d704ea74add4df4ba63ca2eca70d1c05c1b3499e3c9bbbb76
|
|
7
|
+
data.tar.gz: 1bb51683c999694c1843c378754ba2fb6556d205db5f50ebf93cde4cb46997548cd31f3062b75f6b1db7d3bb575a3040ddea88276f1172fca424785e96b92304
|
data/.bumpversion.cfg
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [4.24.0](https://github.com/recurly/recurly-client-ruby/tree/4.24.0) (2022-11-03)
|
|
4
|
+
|
|
5
|
+
[Full Changelog](https://github.com/recurly/recurly-client-ruby/compare/4.23.0...4.24.0)
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
|
|
3
11
|
## [4.23.0](https://github.com/recurly/recurly-client-ruby/tree/4.23.0) (2022-10-27)
|
|
4
12
|
|
|
5
13
|
[Full Changelog](https://github.com/recurly/recurly-client-ruby/compare/4.22.0...4.23.0)
|
data/GETTING_STARTED.md
CHANGED
|
@@ -5,7 +5,7 @@ This repository houses the official ruby client for Recurly's V3 API.
|
|
|
5
5
|
In your Gemfile, add `recurly` as a dependency.
|
|
6
6
|
|
|
7
7
|
```ruby
|
|
8
|
-
gem 'recurly', '~> 4.
|
|
8
|
+
gem 'recurly', '~> 4.24'
|
|
9
9
|
```
|
|
10
10
|
|
|
11
11
|
> *Note*: We try to follow [semantic versioning](https://semver.org/) and will only apply breaking changes to major versions.
|
data/lib/recurly/errors.rb
CHANGED
data/lib/recurly/version.rb
CHANGED
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
module Recurly
|
|
2
|
+
module Webhooks
|
|
3
|
+
DEFAULT_TOLERANCE = 5 * 60 * 1000
|
|
4
|
+
|
|
5
|
+
# Verify webhook signature
|
|
6
|
+
#
|
|
7
|
+
# @param header [String] recurly-signature header from request
|
|
8
|
+
# @param secret [String] Shared secret for notification endpoint
|
|
9
|
+
# @param body [String] Request POST body
|
|
10
|
+
# @param tolerance [Integer] Allowed notification time drift in milliseconds
|
|
11
|
+
# @example
|
|
12
|
+
# begin
|
|
13
|
+
# Recurly::Webhooks.verify_signature(header,
|
|
14
|
+
# ENV['WEBHOOKS_KEY'],
|
|
15
|
+
# request.body)
|
|
16
|
+
# rescue Recurly::Errors::SignatureVerificationError => e
|
|
17
|
+
# puts e.message
|
|
18
|
+
# end
|
|
19
|
+
#
|
|
20
|
+
def self.verify_signature(header, secret, body, tolerance: DEFAULT_TOLERANCE)
|
|
21
|
+
s_timestamp, *signatures = header.split(",")
|
|
22
|
+
timestamp = Integer(s_timestamp)
|
|
23
|
+
now = (Time.now.to_f * 1000).to_i
|
|
24
|
+
|
|
25
|
+
if (now - timestamp).abs > tolerance
|
|
26
|
+
raise Recurly::Errors::SignatureVerificationError.new(
|
|
27
|
+
"Notification (#{Time.at(timestamp / 1000.0)}) is more than #{tolerance / 1000.0}s out of date"
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
expected = OpenSSL::HMAC.hexdigest("sha256", secret, "#{timestamp}.#{body}")
|
|
32
|
+
|
|
33
|
+
unless signatures.any? { |s| secure_compare(expected, s) }
|
|
34
|
+
raise Recurly::Errors::SignatureVerificationError.new(
|
|
35
|
+
"No matching signatures found for payload"
|
|
36
|
+
)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# https://github.com/rack/rack/blob/2-2-stable/lib/rack/utils.rb#L374
|
|
41
|
+
# https://github.com/heartcombo/devise/blob/4-1-stable/lib/devise.rb#L477
|
|
42
|
+
def self.secure_compare(a, b)
|
|
43
|
+
return false if a.bytesize != b.bytesize
|
|
44
|
+
l = a.unpack("C#{a.bytesize}")
|
|
45
|
+
|
|
46
|
+
res = 0
|
|
47
|
+
b.each_byte { |byte| res |= byte ^ l.shift }
|
|
48
|
+
res == 0
|
|
49
|
+
end
|
|
50
|
+
private_class_method :secure_compare
|
|
51
|
+
end
|
|
52
|
+
end
|
data/lib/recurly.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: recurly
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.24.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Recurly
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-11-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -141,6 +141,7 @@ files:
|
|
|
141
141
|
- lib/recurly/errors.rb
|
|
142
142
|
- lib/recurly/errors/api_errors.rb
|
|
143
143
|
- lib/recurly/errors/network_errors.rb
|
|
144
|
+
- lib/recurly/errors/webhooks_errors.rb
|
|
144
145
|
- lib/recurly/http.rb
|
|
145
146
|
- lib/recurly/pager.rb
|
|
146
147
|
- lib/recurly/request.rb
|
|
@@ -304,6 +305,7 @@ files:
|
|
|
304
305
|
- lib/recurly/schema/schema_factory.rb
|
|
305
306
|
- lib/recurly/schema/schema_validator.rb
|
|
306
307
|
- lib/recurly/version.rb
|
|
308
|
+
- lib/recurly/webhooks.rb
|
|
307
309
|
- openapi/api.yaml
|
|
308
310
|
- recurly.gemspec
|
|
309
311
|
- scripts/build
|
|
@@ -320,7 +322,7 @@ metadata:
|
|
|
320
322
|
changelog_uri: https://github.com/recurly/recurly-client-ruby/blob/master/CHANGELOG.md
|
|
321
323
|
documentation_uri: https://recurly.github.io/recurly-client-ruby/
|
|
322
324
|
homepage_uri: https://github.com/recurly/recurly-client-ruby
|
|
323
|
-
source_code_uri: https://github.com/recurly/recurly-client-ruby/tree/4.
|
|
325
|
+
source_code_uri: https://github.com/recurly/recurly-client-ruby/tree/4.24.0
|
|
324
326
|
post_install_message:
|
|
325
327
|
rdoc_options: []
|
|
326
328
|
require_paths:
|