From 8edf2808e1b2f11ecb5e395452886e98ce8acb18 Mon Sep 17 00:00:00 2001
From: Teddy Wing
Date: Sat, 10 Nov 2018 15:00:45 +0100
Subject: Add a helper function to verify webhook requests

The new `request::verified()` takes POST params as a string as does all
the work needed to call `paddle::verify_signature()`.

This involves extracting the `p_signature` POST parameter to get the
signature, and getting the public key PEM.

Change `params::parse()` to return a
`BTreeMap<Cow<'a, str>, Cow<'a, str>>` instead of `String` keys &
values. This is because `paddle::verify_signature()` needs a `(<&str,
&str)` iterator. Actually, it still doesn't solve the problem because
the types don't match. We need to modify the input type of
`verify_signature()`, but at least this change gives us references.

Make `params` private to the crate because we no longer need to use it
in `main()`.
---
 license-generator/src/request.rs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 license-generator/src/request.rs

(limited to 'license-generator/src/request.rs')

diff --git a/license-generator/src/request.rs b/license-generator/src/request.rs
new file mode 100644
index 0000000..103656c
--- /dev/null
+++ b/license-generator/src/request.rs
@@ -0,0 +1,14 @@
+use paddle;
+
+use params;
+
+pub fn verified(req_params: &str) -> bool {
+    let mut p = params::parse(&req_params);
+    let signature = p.remove("p_signature");
+    let pem = include_bytes!("../private/paddle.pubkey.asc");
+
+    match signature {
+        Some(signature) => paddle::verify_signature(pem, &signature, p),
+        None => false,
+    }
+}
-- 
cgit v1.2.3