RubyGems - standardwebhooks - Versions diffs - 1.0.1 - Mend

standardwebhooks 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +7 -0
data/Gemfile +3 -0
data/Gemfile.lock +35 -0
data/README.md +36 -0
data/Rakefile +2 -0
data/lib/standardwebhooks/errors.rb +17 -0
data/lib/standardwebhooks/util.rb +39 -0
data/lib/standardwebhooks/webhooks.rb +88 -0
data/lib/standardwebhooks.rb +3 -0
data/standardwebhooks.gemspec +38 -0
metadata +95 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 49abbd5549503d34882432103f14a3b8e730ef8677c1e06314ceac7bb471a7ca
+  data.tar.gz: f4b8df90ea0878fa129a1bd4484efb4338b869a3e843bd6cef8d0357ab722c11
+SHA512:
+  metadata.gz: 39cb65e84871f70082fa9275298c130455cb7e75c9229f56d2b6bd941c06f6e8d13195ea027435fd744eafbfe07c68a3768890c83e6eacf6a63a6d25301efabe
+  data.tar.gz: bdb9a899342976fa57d33024ed11616e4e895ac4f4e0835be0a7209d1c7af35bd7f85e40c671193979e969a042ab76915674ed2b5be6f518846e09d2f1d67d01

data/Gemfile ADDED Viewed

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+gemspec

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,35 @@
+PATH
+  remote: .
+  specs:
+    standardwebhooks (1.0.1)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.5.1)
+    rake (13.2.1)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.0)
+PLATFORMS
+  x86_64-linux
+DEPENDENCIES
+  bundler (>= 2.2.10)
+  rake (~> 13.0)
+  rspec (~> 3.2)
+  standardwebhooks!
+BUNDLED WITH
+   2.4.22

data/README.md ADDED Viewed

@@ -0,0 +1,36 @@
+Ruby library for Standard Webhooks
+# Example
+Verifying a webhook payload:
+```ruby
+require "standardwebhooks"
+wh = StandardWebhooks::Webhook.new(base64_secret)
+wh.verify(webhook_payload, webhook_headers)
+```
+# Development
+## Building
+```sh
+bundler exec rake build
+```
+## Contributing
+Before opening a PR be sure to format your code!
+```sh
+bundle exec rspec spec
+```
+## Running Tests
+Simply run:
+```sh
+bundle exec rspec spec
+```

data/Rakefile ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require "bundler/gem_tasks"
2	+ task :default => :spec

data/lib/standardwebhooks/errors.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module StandardWebhooks
+  class StandardWebhooksError < StandardError
+    attr_reader :message
+    def initialize(message = nil)
+      @message = message
+    end
+  end
+  class WebhookVerificationError < StandardWebhooksError
+  end
+  class WebhookSigningError < StandardWebhooksError
+  end
+end

data/lib/standardwebhooks/util.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+# Constant time string comparison, for fixed length strings.
+# Code borrowed from ActiveSupport
+# https://github.com/rails/rails/blob/75ac626c4e21129d8296d4206a1960563cc3d4aa/activesupport/lib/active_support/security_utils.rb#L33
+#
+# The values compared should be of fixed length, such as strings
+# that have already been processed by HMAC. Raises in case of length mismatch.
+module StandardWebhooks
+  if defined?(OpenSSL.fixed_length_secure_compare)
+    def fixed_length_secure_compare(a, b)
+      OpenSSL.fixed_length_secure_compare(a, b)
+    end
+  else
+    def fixed_length_secure_compare(a, b)
+      raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+      l = a.unpack "C#{a.bytesize}"
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
+  end
+  module_function :fixed_length_secure_compare
+  # Secure string comparison for strings of variable length.
+  #
+  # While a timing attack would not be able to discern the content of
+  # a secret compared via secure_compare, it is possible to determine
+  # the secret length. This should be considered when using secure_compare
+  # to compare weak, short secrets to user input.
+  def secure_compare(a, b)
+    a.length == b.length && fixed_length_secure_compare(a, b)
+  end
+  module_function :secure_compare
+end

data/lib/standardwebhooks/webhooks.rb ADDED Viewed

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+require "json"
+require "openssl"
+require "base64"
+require "uri"
+module StandardWebhooks
+  class Webhook
+    def self.new_using_raw_bytes(secret)
+      self.new(secret.pack("C*").force_encoding("UTF-8"))
+    end
+    def initialize(secret)
+      if secret.start_with?(SECRET_PREFIX)
+        secret = secret[SECRET_PREFIX.length..-1]
+      end
+      @secret = Base64.decode64(secret)
+    end
+    def verify(payload, headers)
+      msg_id = headers["webhook-id"]
+      msg_signature = headers["webhook-signature"]
+      msg_timestamp = headers["webhook-timestamp"]
+      if !msg_signature || !msg_id || !msg_timestamp
+        raise WebhookVerificationError, "Missing required headers"
+      end
+      verify_timestamp(msg_timestamp)
+      _, signature = sign(msg_id, msg_timestamp, payload).split(",", 2)
+      passed_signatures = msg_signature.split(" ")
+      passed_signatures.each do |versioned_signature|
+        version, expected_signature = versioned_signature.split(",", 2)
+        if version != "v1"
+          next
+        end
+        if ::StandardWebhooks::secure_compare(signature, expected_signature)
+          return JSON.parse(payload, symbolize_names: true)
+        end
+      end
+      raise WebhookVerificationError, "No matching signature found"
+    end
+    def sign(msg_id, timestamp, payload)
+      begin
+        now = Integer(timestamp)
+      rescue
+        raise WebhookSigningError, "Invalid timestamp"
+      end
+      to_sign = "#{msg_id}.#{timestamp}.#{payload}"
+      signature = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), @secret, to_sign)).strip
+      return "v1,#{signature}"
+    end
+    private
+    SECRET_PREFIX = "whsec_"
+    TOLERANCE = 5 * 60
+    def verify_timestamp(timestamp_header)
+      begin
+        now = Integer(Time.now)
+        timestamp = Integer(timestamp_header)
+      rescue
+        raise WebhookVerificationError, "Invalid Signature Headers"
+      end
+      if timestamp < (now - TOLERANCE)
+        raise WebhookVerificationError, "Message timestamp too old"
+      end
+      if timestamp > (now + TOLERANCE)
+        raise WebhookVerificationError, "Message timestamp too new"
+      end
+    end
+  end
+end

data/lib/standardwebhooks.rb ADDED Viewed

@@ -0,0 +1,3 @@
+require "standardwebhooks/errors.rb"
+require "standardwebhooks/util.rb"
+require "standardwebhooks/webhooks.rb"

data/standardwebhooks.gemspec ADDED Viewed

@@ -0,0 +1,38 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+Gem::Specification.new do |spec|
+  spec.name          = "standardwebhooks"
+  spec.version       = "1.0.1"
+  spec.authors       = ["Standard Webhooks"]
+  spec.license       = "MIT"
+  spec.summary       = "Ruby library for creating and verifying webhook signatures."
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = "https://rubygems.org"
+    spec.metadata["source_code_uri"] = "https://github.com/standard-webhooks/standard-webhooks"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+  # Specify which files should be added to the gem when it is released.
+  ignored = Regexp.union(
+    /\Aspec/,
+    /\Apkg/,
+    /\Atemplates/,
+    /\A.gitignore/,
+    /.gem\z/
+  )
+  spec.files = Dir['**/*'].reject {|f| !File.file?(f) || ignored.match(f) }
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", ">= 2.2.10"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.2"
+end

metadata ADDED Viewed

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: standardwebhooks
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Standard Webhooks
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-03-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+description:
+email:
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- lib/standardwebhooks.rb
+- lib/standardwebhooks/errors.rb
+- lib/standardwebhooks/util.rb
+- lib/standardwebhooks/webhooks.rb
+- standardwebhooks.gemspec
+homepage:
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  source_code_uri: https://github.com/standard-webhooks/standard-webhooks
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: Ruby library for creating and verifying webhook signatures.
+test_files: []