|
|
@ -2329,13 +2329,19 @@ get "/feed/webhook/:token" do |env|
|
|
|
|
challenge = env.params.query["hub.challenge"]
|
|
|
|
challenge = env.params.query["hub.challenge"]
|
|
|
|
lease_seconds = env.params.query["hub.lease_seconds"]
|
|
|
|
lease_seconds = env.params.query["hub.lease_seconds"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if verify_token.starts_with? "v1"
|
|
|
|
|
|
|
|
_, time, nonce, signature = verify_token.split(":")
|
|
|
|
|
|
|
|
data = "#{time}:#{nonce}"
|
|
|
|
|
|
|
|
else
|
|
|
|
time, signature = verify_token.split(":")
|
|
|
|
time, signature = verify_token.split(":")
|
|
|
|
|
|
|
|
data = "#{time}"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
if Time.now.to_unix - time.to_i > 600
|
|
|
|
if Time.now.to_unix - time.to_i > 600
|
|
|
|
halt env, status_code: 400
|
|
|
|
halt env, status_code: 400
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
if OpenSSL::HMAC.hexdigest(:sha1, HMAC_KEY, time) != signature
|
|
|
|
if OpenSSL::HMAC.hexdigest(:sha1, HMAC_KEY, data) != signature
|
|
|
|
halt env, status_code: 400
|
|
|
|
halt env, status_code: 400
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|