Add a helper function to verify webhook requests

The new `request::verified()` takes POST params as a string as does all
the work needed to call `paddle::verify_signature()`.

This involves extracting the `p_signature` POST parameter to get the
signature, and getting the public key PEM.

Change `params::parse()` to return a
`BTreeMap<Cow<'a, str>, Cow<'a, str>>` instead of `String` keys &
values. This is because `paddle::verify_signature()` needs a `(<&str,
&str)` iterator. Actually, it still doesn't solve the problem because
the types don't match. We need to modify the input type of
`verify_signature()`, but at least this change gives us references.

Make `params` private to the crate because we no longer need to use it
in `main()`.

1 files changed, 14 insertions, 0 deletions

diff --git a/license-generator/src/request.rs b/license-generator/src/request.rs
new file mode 100644
index 0000000..103656c
--- /dev/null
+++ b/license-generator/src/request.rs
@@ -0,0 +1,14 @@
+use paddle;
+
+use params;
+
+pub fn verified(req_params: &str) -> bool {
+    let mut p = params::parse(&req_params);
+    let signature = p.remove("p_signature");
+    let pem = include_bytes!("../private/paddle.pubkey.asc");
+
+    match signature {
+        Some(signature) => paddle::verify_signature(pem, &signature, p),
+        None => false,
+    }
+}