class Pusher::WebHook
Used to parse and authenticate WebHooks
@example Sinatra
post '/webhooks' do webhook = Pusher::WebHook.new(request) if webhook.valid? webhook.events.each do |event| case event["name"] when 'channel_occupied' puts "Channel occupied: #{event["channel"]}" when 'channel_vacated' puts "Channel vacated: #{event["channel"]}" end end else status 401 end return end
Attributes
key[R]
signature[R]
Public Class Methods
new(request, client = Pusher)
click to toggle source
Provide either a Rack::Request or a Hash containing :key, :signature, :body, and :content_type (optional)
# File lib/pusher/webhook.rb, line 31 def initialize(request, client = Pusher) @client = client # For Rack::Request and ActionDispatch::Request if request.respond_to?(:env) && request.respond_to?(:content_type) @key = request.env['HTTP_X_PUSHER_KEY'] @signature = request.env["HTTP_X_PUSHER_SIGNATURE"] @content_type = request.content_type request.body.rewind @body = request.body.read request.body.rewind else @key, @signature, @body = request.values_at(:key, :signature, :body) @content_type = request[:content_type] || 'application/json' end end
Public Instance Methods
data()
click to toggle source
Access the parsed WebHook
body
# File lib/pusher/webhook.rb, line 84 def data @data ||= begin case @content_type when 'application/json' MultiJson.decode(@body) else raise "Unknown Content-Type (#{@content_type})" end end end
events()
click to toggle source
Array of events (as Hashes) contained inside the webhook
# File lib/pusher/webhook.rb, line 69 def events data["events"] end
time()
click to toggle source
valid?(extra_tokens = nil)
click to toggle source
Returns whether the WebHook
is valid by checking that the signature matches the configured key & secret. In the case that the webhook is invalid, the reason is logged
@param extra_tokens [Hash] If you have extra tokens for your Pusher
app, you can specify them so that they're used to attempt validation.
# File lib/pusher/webhook.rb, line 54 def valid?(extra_tokens = nil) extra_tokens = [extra_tokens] if extra_tokens.kind_of?(Hash) if @key == @client.key return check_signature(@client.secret) elsif extra_tokens extra_tokens.each do |token| return check_signature(token[:secret]) if @key == token[:key] end end Pusher.logger.warn "Received webhook with unknown key: #{key}" return false end
Private Instance Methods
check_signature(secret)
click to toggle source
Checks signature against secret and returns boolean
# File lib/pusher/webhook.rb, line 99 def check_signature(secret) digest = OpenSSL::Digest::SHA256.new expected = OpenSSL::HMAC.hexdigest(digest, secret, @body) if @signature == expected return true else Pusher.logger.warn "Received WebHook with invalid signature: got #{@signature}, expected #{expected}" return false end end