Module: WhisplerSignature

Defined in:: lib/whispler-signature.rb

Constant Summary collapse

HEADER =

"X-W-Signature"

Class Method Summary collapse

.calculate(api_key, verb, path, headers, body) ⇒ Object

calculate outgoing signature; returns as a hash.
.validate?(api_key, req) ⇒ Boolean

validates incoming signature.

Class Method Details

.calculate(api_key, verb, path, headers, body) ⇒ `Object`

calculate outgoing signature; returns as a hash

{ “X-W-Signature”, “ajhgdkhjgd:kjhgsjkhsgjhksgs” }

# File 'lib/whispler-signature.rb', line 9

def self.calculate(api_key, verb, path, headers, body)
  api_key = api_key.api_key if api_key.respond_to?(:api_key)
  return {} unless api_key
  
  salt = salt!
  signature = calc_signature verb, path, body, api_key, salt
  { HEADER => "#{salt}:#{signature}" }
end

.validate?(api_key, req) ⇒ `Boolean`

validates incoming signature

true: valid request signature
false: no request signature

Raises an exception (ArgumentError) is the signature exists, but is invalid.

Returns:

(Boolean)

Raises:

(ArgumentError)

# File 'lib/whispler-signature.rb', line 26

def self.validate?(api_key, req)
  api_key = api_key.api_key if api_key.respond_to?(:api_key)
  return false unless api_key && signature = req.headers[HEADER]

  raise ArgumentError, "Invalid signature format" unless signature =~ /^(.+):([^:]+)$/

  salt, checksum = $1, $2
  sig = calc_signature req.method, req.env["REQUEST_URI"], req.raw_post, api_key, salt

  raise ArgumentError, "Invalid signature" unless checksum == sig

  true
end