diff --git a/Gemfile.lock b/Gemfile.lock index 06ada5b..6379f23 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -65,7 +65,7 @@ GEM coderay (>= 1.0.0) erubi (>= 1.0.0) rack (>= 0.9.0) - bindata (2.4.10) + bindata (2.4.14) bindex (0.8.1) binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) @@ -92,42 +92,27 @@ GEM dotenv (= 2.7.6) railties (>= 3.2) erubi (1.10.0) - faraday (1.10.0) - faraday-em_http (~> 1.0) - faraday-em_synchrony (~> 1.0) - faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0) - faraday-multipart (~> 1.0) - faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.0) - faraday-patron (~> 1.0) - faraday-rack (~> 1.0) - faraday-retry (~> 1.0) + faraday (2.7.1) + faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) - faraday-em_http (1.0.0) - faraday-em_synchrony (1.0.0) - faraday-excon (1.1.0) - faraday-httpclient (1.0.1) - faraday-multipart (1.0.4) - multipart-post (~> 2) - faraday-net_http (1.0.1) - faraday-net_http_persistent (1.2.0) - faraday-patron (1.0.0) - faraday-rack (1.0.0) - faraday-retry (1.0.3) + faraday-follow_redirects (0.3.0) + faraday (>= 1, < 3) + faraday-net_http (3.0.2) ffi (1.15.5) globalid (1.0.0) activesupport (>= 5.0) - i18n (1.10.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) jbuilder (2.11.5) actionview (>= 5.0.0) activesupport (>= 5.0.0) - json (2.6.2) - json-jwt (1.13.0) + json (2.6.3) + json-jwt (1.16.1) activesupport (>= 4.2) aes_key_wrap bindata + faraday (~> 2.0) + faraday-follow_redirects jwt (2.4.1) listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) @@ -142,9 +127,8 @@ GEM method_source (1.0.0) mini_mime (1.1.2) mini_portile2 (2.8.0) - minitest (5.16.1) + minitest (5.16.3) msgpack (1.5.2) - multipart-post (2.2.3) nio4r (2.5.8) nokogiri (1.13.6) mini_portile2 (~> 2.8.0) @@ -233,7 +217,7 @@ GEM turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.9) + tzinfo (1.2.10) thread_safe (~> 0.1) web-console (4.2.0) actionview (>= 6.0.0) @@ -253,13 +237,13 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - xero-ruby (3.10.0) - faraday (~> 1.0, >= 1.0.1) + xero-ruby (3.17.0) + faraday (>= 1.0.1, < 3.0) json (~> 2.1, >= 2.1.0) json-jwt (~> 1.5, >= 1.5.2) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.0) + zeitwerk (2.6.6) PLATFORMS arm64-darwin-21 diff --git a/app/controllers/webhooks_controller.rb b/app/controllers/webhooks_controller.rb new file mode 100644 index 0000000..fbd3c84 --- /dev/null +++ b/app/controllers/webhooks_controller.rb @@ -0,0 +1,16 @@ +class WebhooksController < ApplicationController + skip_before_action :verify_authenticity_token + + def webhook + key = ENV['WEBHOOK_KEY'] + payload = request.body.read + calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest('sha256', key, payload)) + puts calculated_hmac.strip() + puts request.headers['x-xero-signature'] + if calculated_hmac.strip() == request.headers['x-xero-signature'] + render json: {}, status: :ok + else + render json: {}, status: :unauthorized + end + end +end diff --git a/config/environments/development.rb b/config/environments/development.rb index 66df51f..02a9f3f 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -59,4 +59,8 @@ # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. config.file_watcher = ActiveSupport::EventedFileUpdateChecker + + config.hosts.clear + # set this to your ngrok or localtunnel domain for testing webhooks in development + # config.hosts << "solid-boats-sip-107-2-160-48.loca.lt" end diff --git a/config/routes.rb b/config/routes.rb index 998ec03..6952796 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -165,4 +165,7 @@ get '/finance/revenue_by_contact', to: 'finances#financial_statement_contacts_revenue' get '/finance/expenses_by_contact', to: 'finances#financial_statement_contacts_expense' get '/finance/bank_statement_accounting', to: 'finances#bank_statement_accounting' + + # webhook route + post '/webhook', to: 'webhooks#webhook' end