Class: StraightServer::SignatureValidator

Inherits:

Object

• Object
• StraightServer::SignatureValidator

Includes:

Goliath::Constants

Defined in:

lib/straight-server/signature_validator.rb

Constant Summary

SignatureValidatorError =

Class.new(StandardError)

InvalidNonce =

Class.new(SignatureValidatorError)

InvalidSignature =

Class.new(SignatureValidatorError)

Instance Attribute Summary

• #env ⇒ Object readonly

  Returns the value of attribute env.

• #gateway ⇒ Object readonly

  Returns the value of attribute gateway.

Class Method Summary

• .signature(nonce:, body:, method:, request_uri:, secret:) ⇒ Object

  Should mirror StraightServerKit.signature.

Instance Method Summary

• #initialize(gateway, env) ⇒ SignatureValidator constructor

  A new instance of SignatureValidator.

• #last_nonce_key ⇒ Object
• #signature ⇒ Object
• #valid_nonce? ⇒ Boolean
• #valid_signature? ⇒ Boolean
• #validate! ⇒ Object

Constructor Details

#initialize(gateway, env) ⇒ SignatureValidator

Returns a new instance of SignatureValidator.

# File 'lib/straight-server/signature_validator.rb', line 14

def initialize(gateway, env)
  @gateway = gateway
  @env     = env
end

Instance Attribute Details

#env ⇒ Object (readonly)

Returns the value of attribute env.

# File 'lib/straight-server/signature_validator.rb', line 12

def env
  @env
end

#gateway ⇒ Object (readonly)

Returns the value of attribute gateway.

# File 'lib/straight-server/signature_validator.rb', line 12

def gateway
  @gateway
end

Class Method Details

.signature(nonce:, body:, method:, request_uri:, secret:) ⇒ Object

Should mirror StraightServerKit.signature

# File 'lib/straight-server/signature_validator.rb', line 63

def self.signature(nonce:, body:, method:, request_uri:, secret:)
  sha512  = OpenSSL::Digest::SHA512.new
  request = "#{method.to_s.upcase}#{request_uri}#{sha512.digest("#{nonce}#{body}")}"
  Base64.strict_encode64 OpenSSL::HMAC.digest(sha512, secret.to_s, request)
end

Instance Method Details

#last_nonce_key ⇒ Object

# File 'lib/straight-server/signature_validator.rb', line 48

def last_nonce_key
  "#{Config[:'redis.prefix']}:LastNonce:#{gateway.id}"
end

#signature ⇒ Object

# File 'lib/straight-server/signature_validator.rb', line 52

def signature
  self.class.signature(
    nonce:       env["#{HTTP_PREFIX}X_NONCE"],
    body:        env[RACK_INPUT].kind_of?(StringIO) ? env[RACK_INPUT].string : env[RACK_INPUT].to_s,
    method:      env[REQUEST_METHOD],
    request_uri: env[REQUEST_URI],
    secret:      gateway.secret,
  )
end

#valid_nonce? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/straight-server/signature_validator.rb', line 25

def valid_nonce?
  nonce = env["#{HTTP_PREFIX}X_NONCE"].to_i
  redis = StraightServer.redis_connection
  loop do
    redis.watch last_nonce_key do
      last_nonce = redis.get(last_nonce_key).to_i
      if last_nonce < nonce
        result = redis.multi do |multi|
          multi.set last_nonce_key, nonce
        end
        return true if result[0] == 'OK'
      else
        redis.unwatch
        return false
      end
    end
  end
end

#valid_signature? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/straight-server/signature_validator.rb', line 44

def valid_signature?
  signature == env["#{HTTP_PREFIX}X_SIGNATURE"]
end

#validate! ⇒ Object

Raises:

• (InvalidNonce)

# File 'lib/straight-server/signature_validator.rb', line 19

def validate!
  raise InvalidNonce unless valid_nonce?
  raise InvalidSignature unless valid_signature?
  true
end