Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for verifying webhook signatures #413

Merged
merged 1 commit into from Mar 30, 2023
Merged

Add support for verifying webhook signatures #413

merged 1 commit into from Mar 30, 2023

Conversation

mrashed-dev
Copy link
Collaborator

@mrashed-dev mrashed-dev commented Mar 30, 2023
edited

Description

This PR adds support for verifying the webhook signature of inbound webhook notifications.

Usage

require 'sinatra'
require 'nylas'
require 'json'

set :port, 9000
NYLAS_CLIENT_SECRET = ENV['NYLAS_CLIENT_SECRET']

post '/' do
  content_type :json
  x_nylas_signature = request.env['HTTP_X_NYLAS_SIGNATURE']
  raw_body = request.body.read

  unless Nylas::Webhook::verify_webhook_signature(x_nylas_signature, raw_body, NYLAS_CLIENT_SECRET)
    status 403
    return { error: 'Invalid signature' }.to_json
  end

  body = JSON.parse(raw_body)
  puts "Webhook event received: #{JSON.pretty_generate(body)}"

  status 200
  { success: true }.to_json
end

run Sinatra::Application.run!

License

I confirm that this contribution is made under the terms of the MIT license and that I have the authority necessary to make this contribution on behalf of its copyright owner.

@codecov
Copy link

codecov bot commented Mar 30, 2023

Codecov Report

Merging #413 (d7aa3de) into main (860d8b6) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##             main     #413   +/-   ##
=======================================
  Coverage   97.83%   97.84%           
=======================================
  Files         128      128           
  Lines        4721     4732   +11     
=======================================
+ Hits         4619     4630   +11     
  Misses        102      102
Impacted Files Coverage Δ
lib/nylas/webhook.rb 97.05% <100.00%> (+0.18%) ⬆️
spec/nylas/webhook_spec.rb 100.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@mrashed-dev mrashed-dev merged commit 27c3e37 into main Mar 30, 2023
8 checks passed
@mrashed-dev mrashed-dev deleted the ACE-118-ruby-sdk-add-webhook-verification-function branch March 30, 2023 21:04
@mrashed-dev mrashed-dev mentioned this pull request Apr 4, 2023
Merged
@kwayebopp
Copy link

The usage described in the Release Notes and this PR does not match the function header of Nylas::Webhook::verify_webhook_signature:

def self.verify_webhook_signature(nylas_signature, raw_body, client_secret)
   digest = OpenSSL::HMAC.hexdigest("SHA256", client_secret, raw_body)
   digest == nylas_signature
 end

Can this be corrected in the Release Notes, at the very least?

@mrashed-dev
Copy link
Collaborator Author

Thanks for the catch @kwayebopp, usage has been updated!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@quzhi1 quzhi1 quzhi1 approved these changes

@agtang96 agtang96 Awaiting requested review from agtang96

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mrashed-dev @kwayebopp @quzhi1