Class: Vortex::Webhooks
- Inherits:
-
Object
- Object
- Vortex::Webhooks
- Defined in:
- lib/vortex/webhooks.rb
Overview
Core webhook verification and parsing.
This class is framework-agnostic — use it directly or with the Rails/Sinatra framework integrations.
Instance Method Summary collapse
-
#construct_event(payload, signature) ⇒ WebhookEvent, AnalyticsEvent
Verify and parse an incoming webhook payload.
-
#initialize(secret:) ⇒ Webhooks
constructor
A new instance of Webhooks.
-
#verify_signature(payload, signature) ⇒ Boolean
Verify the HMAC-SHA256 signature of an incoming webhook payload.
Constructor Details
#initialize(secret:) ⇒ Webhooks
Returns a new instance of Webhooks.
24 25 26 27 28 |
# File 'lib/vortex/webhooks.rb', line 24 def initialize(secret:) raise ArgumentError, 'Vortex::Webhooks requires a secret' if secret.nil? || secret.empty? @secret = secret end |
Instance Method Details
#construct_event(payload, signature) ⇒ WebhookEvent, AnalyticsEvent
Verify and parse an incoming webhook payload.
50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/vortex/webhooks.rb', line 50 def construct_event(payload, signature) raise WebhookSignatureError unless verify_signature(payload, signature) parsed = JSON.parse(payload) if Vortex.webhook_event?(parsed) WebhookEvent.new(parsed) elsif Vortex.analytics_event?(parsed) AnalyticsEvent.new(parsed) else WebhookEvent.new(parsed) end end |
#verify_signature(payload, signature) ⇒ Boolean
Verify the HMAC-SHA256 signature of an incoming webhook payload.
35 36 37 38 39 40 41 42 |
# File 'lib/vortex/webhooks.rb', line 35 def verify_signature(payload, signature) return false if signature.nil? || signature.empty? expected = OpenSSL::HMAC.hexdigest('SHA256', @secret, payload) # Timing-safe comparison to prevent timing attacks secure_compare(signature, expected) end |