Module: Codebot::Cryptography

Defined in:

lib/codebot/cryptography.rb

Overview

This module provides convenience methods for performing cryptographic operations.

Class Method Summary

• .generate_endpoint ⇒ String

  Generates a random name for an integration endpoint.

• .generate_secret(len = nil) ⇒ String

  Generates a random webhook secret.

• .valid_signature?(body, secret, signature) ⇒ Boolean

  Verifies a webhook signature.

Class Method Details

.generate_endpoint ⇒ String

Generates a random name for an integration endpoint.

Returns:

• (String) —

  the generated name

# File 'lib/codebot/cryptography.rb', line 13

def self.generate_endpoint
  SecureRandom.uuid
end

.generate_secret(len = nil) ⇒ String

Generates a random webhook secret.

Returns:

• (String) —

  the generated secret

# File 'lib/codebot/cryptography.rb', line 20

def self.generate_secret(len = nil)
  SecureRandom.base64(len || 32)
end

.valid_signature?(body, secret, signature) ⇒ Boolean

Verifies a webhook signature.

Parameters:

• body (String) —

  the webhook body

• secret (String) —

  the correct secret

• signature (String) —

  the signature to verify

Returns:

• (Boolean) —

  whether the signature is correct

# File 'lib/codebot/cryptography.rb', line 30

def self.valid_signature?(body, secret, signature)
  return false if signature.nil?

  digest = OpenSSL::Digest.new 'sha1'
  good_signature = 'sha1=' + OpenSSL::HMAC.hexdigest(digest, secret, body)
  Rack::Utils.secure_compare good_signature, signature
end