Rack middleware for authorizing the signature on Twilio requests. Read more about Twilio security at Twilio Security
Due to some legacy issues with how Twilio generates the signature, versions 0.0.3 and prior may not properly validate requests where basic authentication credentials are provided via the url, or when SSL requests are made to a non-standard port. See more at http://www.twilio.com/docs/security#notes
I'm looking to fix this shortly, but for the time being recommend either avoid using the gem if you have such a setup, or, do heavy manual integration testing to ensure the validation is functioning as you expect. Apologies for the inconvenience.
You should verify the signature in requests to your Twilio controllers for any app. Tutorials often miss this, and it's redundant to have to add it to the application layer for every app you build. Hence, middleware!
install it via rubygems:
gem install rack-twilio-validator
or put it in your Gemfile:
# Gemfile gem 'rack-twilio-validator', :require => 'rack/twilio-validator'
In a Sinatra application, it would be something like:
# app.rb use Rack::TwilioValidator :auth_token => "your_auth_token", :protected_path => "/twilio_switchboard/"
auth_token is required config, whereas
protected_path is optional but
recommended if your application talks to both end users and Twilio.
Copyright (c) (2012) Brendon Murphy. See license.txt for details.