svix 0.16.0 → 0.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/src/svix/errors.rb +4 -1
- data/src/svix/version.rb +3 -1
- data/src/svix/webhook.rb +41 -4
- data/svix.gemspec +2 -2
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8651d1d4cf9fa7f6dd65198a111215eaa22ec98bdbe8df8e003b701c15fc7d4f
|
4
|
+
data.tar.gz: 2053ab0dd50d3c0136de7e83d92edfe21f87e73c663c318fab208c0101345776
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 06c768854e7f5a34cacd15de32092a2ca1b7d18fde8ad07f00e5eeefb84d6b26926e574c70db168060974eae77fd820d80a395d9a6eae5aecaf905b067c18cb6
|
7
|
+
data.tar.gz: a19267a68e6472ec9f966a5b1a7441c64c648fdc9202b0cf5c0427407761a3582ba8eb7fb85f63cd1e7c10f3ecc26e5b7df766ae1414012db011078ffc01ef00
|
data/Gemfile.lock
CHANGED
data/src/svix/errors.rb
CHANGED
data/src/svix/version.rb
CHANGED
data/src/svix/webhook.rb
CHANGED
@@ -2,7 +2,12 @@
|
|
2
2
|
|
3
3
|
module Svix
|
4
4
|
class Webhook
|
5
|
+
|
5
6
|
def initialize(secret)
|
7
|
+
if secret.start_with?(SECRET_PREFIX)
|
8
|
+
secret = secret[SECRET_PREFIX.length..-1]
|
9
|
+
end
|
10
|
+
|
6
11
|
@secret = Base64.decode64(secret)
|
7
12
|
end
|
8
13
|
|
@@ -14,12 +19,13 @@ module Svix
|
|
14
19
|
raise WebhookVerificationError, "Missing required headers"
|
15
20
|
end
|
16
21
|
|
17
|
-
|
18
|
-
|
22
|
+
verify_timestamp(msgTimestamp)
|
23
|
+
|
24
|
+
_, signature = sign(msgId, msgTimestamp, payload).split(",", 2)
|
19
25
|
|
20
26
|
passedSignatures = msgSignature.split(" ")
|
21
27
|
passedSignatures.each do |versionedSignature|
|
22
|
-
version, expectedSignature = versionedSignature.split(
|
28
|
+
version, expectedSignature = versionedSignature.split(",", 2)
|
23
29
|
if version != "v1"
|
24
30
|
next
|
25
31
|
end
|
@@ -29,5 +35,36 @@ module Svix
|
|
29
35
|
end
|
30
36
|
raise WebhookVerificationError, "No matching signature found"
|
31
37
|
end
|
38
|
+
|
39
|
+
def sign(msgId, timestamp, payload)
|
40
|
+
begin
|
41
|
+
now = Integer(timestamp)
|
42
|
+
rescue
|
43
|
+
raise WebhookSigningError, "Invalid timestamp"
|
44
|
+
end
|
45
|
+
toSign = "#{msgId}.#{timestamp}.#{payload}"
|
46
|
+
signature = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), @secret, toSign)).strip
|
47
|
+
return "v1,#{signature}"
|
48
|
+
end
|
49
|
+
|
50
|
+
private
|
51
|
+
SECRET_PREFIX = "whsec_"
|
52
|
+
TOLERANCE = 5 * 60
|
53
|
+
|
54
|
+
def verify_timestamp(timestampHeader)
|
55
|
+
begin
|
56
|
+
now = Integer(Time.now)
|
57
|
+
timestamp = Integer(timestampHeader)
|
58
|
+
rescue
|
59
|
+
raise WebhookVerificationError, "Invalid Signature Headers"
|
60
|
+
end
|
61
|
+
|
62
|
+
if timestamp < (now - TOLERANCE)
|
63
|
+
raise WebhookVerificationError, "Message timestamp too old"
|
64
|
+
end
|
65
|
+
if timestamp > (now + TOLERANCE)
|
66
|
+
raise WebhookVerificationError, "Message timestamp too new"
|
67
|
+
end
|
68
|
+
end
|
32
69
|
end
|
33
|
-
end
|
70
|
+
end
|
data/svix.gemspec
CHANGED
@@ -21,8 +21,8 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.metadata["allowed_push_host"] = "https://rubygems.org"
|
22
22
|
|
23
23
|
spec.metadata["homepage_uri"] = spec.homepage
|
24
|
-
spec.metadata["source_code_uri"] = "https://github.com/
|
25
|
-
spec.metadata["changelog_uri"] = "https://github.com/
|
24
|
+
spec.metadata["source_code_uri"] = "https://github.com/svix/svix-libs"
|
25
|
+
spec.metadata["changelog_uri"] = "https://github.com/svix/svix-libs/blob/main/ChangeLog.md"
|
26
26
|
else
|
27
27
|
raise "RubyGems 2.0 or newer is required to protect against " \
|
28
28
|
"public gem pushes."
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: svix
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.21.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Svix
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -76,8 +76,8 @@ licenses:
|
|
76
76
|
metadata:
|
77
77
|
allowed_push_host: https://rubygems.org
|
78
78
|
homepage_uri: https://www.svix.com
|
79
|
-
source_code_uri: https://github.com/
|
80
|
-
changelog_uri: https://github.com/
|
79
|
+
source_code_uri: https://github.com/svix/svix-libs
|
80
|
+
changelog_uri: https://github.com/svix/svix-libs/blob/main/ChangeLog.md
|
81
81
|
post_install_message:
|
82
82
|
rdoc_options: []
|
83
83
|
require_paths:
|