Class: Readme::Webhook

Inherits:
Object
  • Object
show all
Defined in:
lib/readme/webhook.rb

Class Method Summary collapse

Class Method Details

.verify(body, signature, secret) ⇒ Object

Raises:



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/readme/webhook.rb', line 23

def self.verify(body, signature, secret)
  raise MissingSignatureError unless signature

  parsed = signature.split(',').each_with_object({ time: -1, readme_signature: '' }) do |item, accum|
    k, v = item.split('=')
    accum[:time] = v if k.eql? 't'
    accum[:readme_signature] = v if k.eql? 'v0'
  end

  # Make sure timestamp is recent to prevent replay attacks
  thirty_minutes = 30 * 60
  raise ExpiredSignatureError if Time.now.utc - Time.at(0, parsed[:time].to_i, :millisecond).utc > thirty_minutes

  # Verify the signature is valid
  unsigned = "#{parsed[:time]}.#{body}"
  mac = OpenSSL::HMAC.hexdigest('SHA256', secret, unsigned)
  raise InvalidSignatureError if mac != parsed[:readme_signature]
end