recurly 4.23.0 → 4.24.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.bumpversion.cfg +1 -1
- data/CHANGELOG.md +8 -0
- data/GETTING_STARTED.md +1 -1
- data/lib/recurly/errors/webhooks_errors.rb +5 -0
- data/lib/recurly/errors.rb +1 -0
- data/lib/recurly/version.rb +1 -1
- data/lib/recurly/webhooks.rb +52 -0
- data/lib/recurly.rb +1 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5f585c84e359302293e13409b5162b2ad56241f342b0c9e9c2c4200f29782a32
|
|
4
|
+
data.tar.gz: d8908b9d5e9cefcce7a9fa6cfa0d75b69dcd8b885ac6ce6dacc2ec416f56c1a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3d42081e4d4e095850d9b1158e8c798ab0cc11d9f9d68bb895ba77808a2d6f4f1a0bdfeac2c6394d704ea74add4df4ba63ca2eca70d1c05c1b3499e3c9bbbb76
|
|
7
|
+
data.tar.gz: 1bb51683c999694c1843c378754ba2fb6556d205db5f50ebf93cde4cb46997548cd31f3062b75f6b1db7d3bb575a3040ddea88276f1172fca424785e96b92304
|
data/.bumpversion.cfg
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [4.24.0](https://github.com/recurly/recurly-client-ruby/tree/4.24.0) (2022-11-03)
|
|
4
|
+
|
|
5
|
+
[Full Changelog](https://github.com/recurly/recurly-client-ruby/compare/4.23.0...4.24.0)
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
|
|
3
11
|
## [4.23.0](https://github.com/recurly/recurly-client-ruby/tree/4.23.0) (2022-10-27)
|
|
4
12
|
|
|
5
13
|
[Full Changelog](https://github.com/recurly/recurly-client-ruby/compare/4.22.0...4.23.0)
|
data/GETTING_STARTED.md
CHANGED
|
@@ -5,7 +5,7 @@ This repository houses the official ruby client for Recurly's V3 API.
|
|
|
5
5
|
In your Gemfile, add `recurly` as a dependency.
|
|
6
6
|
|
|
7
7
|
```ruby
|
|
8
|
-
gem 'recurly', '~> 4.
|
|
8
|
+
gem 'recurly', '~> 4.24'
|
|
9
9
|
```
|
|
10
10
|
|
|
11
11
|
> *Note*: We try to follow [semantic versioning](https://semver.org/) and will only apply breaking changes to major versions.
|
data/lib/recurly/errors.rb
CHANGED
data/lib/recurly/version.rb
CHANGED
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
module Recurly
|
|
2
|
+
module Webhooks
|
|
3
|
+
DEFAULT_TOLERANCE = 5 * 60 * 1000
|
|
4
|
+
|
|
5
|
+
# Verify webhook signature
|
|
6
|
+
#
|
|
7
|
+
# @param header [String] recurly-signature header from request
|
|
8
|
+
# @param secret [String] Shared secret for notification endpoint
|
|
9
|
+
# @param body [String] Request POST body
|
|
10
|
+
# @param tolerance [Integer] Allowed notification time drift in milliseconds
|
|
11
|
+
# @example
|
|
12
|
+
# begin
|
|
13
|
+
# Recurly::Webhooks.verify_signature(header,
|
|
14
|
+
# ENV['WEBHOOKS_KEY'],
|
|
15
|
+
# request.body)
|
|
16
|
+
# rescue Recurly::Errors::SignatureVerificationError => e
|
|
17
|
+
# puts e.message
|
|
18
|
+
# end
|
|
19
|
+
#
|
|
20
|
+
def self.verify_signature(header, secret, body, tolerance: DEFAULT_TOLERANCE)
|
|
21
|
+
s_timestamp, *signatures = header.split(",")
|
|
22
|
+
timestamp = Integer(s_timestamp)
|
|
23
|
+
now = (Time.now.to_f * 1000).to_i
|
|
24
|
+
|
|
25
|
+
if (now - timestamp).abs > tolerance
|
|
26
|
+
raise Recurly::Errors::SignatureVerificationError.new(
|
|
27
|
+
"Notification (#{Time.at(timestamp / 1000.0)}) is more than #{tolerance / 1000.0}s out of date"
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
expected = OpenSSL::HMAC.hexdigest("sha256", secret, "#{timestamp}.#{body}")
|
|
32
|
+
|
|
33
|
+
unless signatures.any? { |s| secure_compare(expected, s) }
|
|
34
|
+
raise Recurly::Errors::SignatureVerificationError.new(
|
|
35
|
+
"No matching signatures found for payload"
|
|
36
|
+
)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# https://github.com/rack/rack/blob/2-2-stable/lib/rack/utils.rb#L374
|
|
41
|
+
# https://github.com/heartcombo/devise/blob/4-1-stable/lib/devise.rb#L477
|
|
42
|
+
def self.secure_compare(a, b)
|
|
43
|
+
return false if a.bytesize != b.bytesize
|
|
44
|
+
l = a.unpack("C#{a.bytesize}")
|
|
45
|
+
|
|
46
|
+
res = 0
|
|
47
|
+
b.each_byte { |byte| res |= byte ^ l.shift }
|
|
48
|
+
res == 0
|
|
49
|
+
end
|
|
50
|
+
private_class_method :secure_compare
|
|
51
|
+
end
|
|
52
|
+
end
|
data/lib/recurly.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: recurly
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.24.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Recurly
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-11-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -141,6 +141,7 @@ files:
|
|
|
141
141
|
- lib/recurly/errors.rb
|
|
142
142
|
- lib/recurly/errors/api_errors.rb
|
|
143
143
|
- lib/recurly/errors/network_errors.rb
|
|
144
|
+
- lib/recurly/errors/webhooks_errors.rb
|
|
144
145
|
- lib/recurly/http.rb
|
|
145
146
|
- lib/recurly/pager.rb
|
|
146
147
|
- lib/recurly/request.rb
|
|
@@ -304,6 +305,7 @@ files:
|
|
|
304
305
|
- lib/recurly/schema/schema_factory.rb
|
|
305
306
|
- lib/recurly/schema/schema_validator.rb
|
|
306
307
|
- lib/recurly/version.rb
|
|
308
|
+
- lib/recurly/webhooks.rb
|
|
307
309
|
- openapi/api.yaml
|
|
308
310
|
- recurly.gemspec
|
|
309
311
|
- scripts/build
|
|
@@ -320,7 +322,7 @@ metadata:
|
|
|
320
322
|
changelog_uri: https://github.com/recurly/recurly-client-ruby/blob/master/CHANGELOG.md
|
|
321
323
|
documentation_uri: https://recurly.github.io/recurly-client-ruby/
|
|
322
324
|
homepage_uri: https://github.com/recurly/recurly-client-ruby
|
|
323
|
-
source_code_uri: https://github.com/recurly/recurly-client-ruby/tree/4.
|
|
325
|
+
source_code_uri: https://github.com/recurly/recurly-client-ruby/tree/4.24.0
|
|
324
326
|
post_install_message:
|
|
325
327
|
rdoc_options: []
|
|
326
328
|
require_paths:
|