payrail 0.1.1

Provider-neutral Rust payments facade for Stripe, PayPal, and Mobile Money
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

use crate::PaymentError;
use base64::{Engine as _, engine::general_purpose::STANDARD};
use hmac::{Hmac, KeyInit, Mac};
use secrecy::{ExposeSecret, SecretString};
use sha2::Sha256;
use subtle::ConstantTimeEq;
use time::OffsetDateTime;

type HmacSha256 = Hmac<Sha256>;

pub(crate) fn verify_signature(
    id: &str,
    timestamp: &str,
    signatures: &str,
    payload: &[u8],
    secret: &SecretString,
) -> Result<(), PaymentError> {
    reject_stale_timestamp(timestamp)?;
    let secret = STANDARD
        .decode(secret.expose_secret())
        .map_err(|_| PaymentError::WebhookVerificationFailed)?;
    let mut signed_payload = Vec::with_capacity(id.len() + timestamp.len() + payload.len() + 2);
    signed_payload.extend_from_slice(id.as_bytes());
    signed_payload.push(b'.');
    signed_payload.extend_from_slice(timestamp.as_bytes());
    signed_payload.push(b'.');
    signed_payload.extend_from_slice(payload);

    let mut mac =
        HmacSha256::new_from_slice(&secret).map_err(|_| PaymentError::WebhookVerificationFailed)?;
    mac.update(&signed_payload);
    let expected = format!("v1,{}", STANDARD.encode(mac.finalize().into_bytes()));

    if signatures
        .split_whitespace()
        .any(|signature| expected.as_bytes().ct_eq(signature.as_bytes()).into())
    {
        return Ok(());
    }

    Err(PaymentError::WebhookVerificationFailed)
}

fn reject_stale_timestamp(timestamp: &str) -> Result<(), PaymentError> {
    let timestamp = timestamp
        .parse::<i64>()
        .map_err(|_| PaymentError::WebhookVerificationFailed)?;
    let timestamp = OffsetDateTime::from_unix_timestamp(timestamp)
        .map_err(|_| PaymentError::WebhookVerificationFailed)?;
    let age = OffsetDateTime::now_utc() - timestamp;
    if age.whole_seconds().abs() > 300 {
        return Err(PaymentError::WebhookVerificationFailed);
    }

    Ok(())
}

#[cfg(test)]
mod tests {
    use base64::{Engine as _, engine::general_purpose::STANDARD};
    use secrecy::SecretString;
    use time::OffsetDateTime;

    use super::*;

    #[test]
    fn verify_signature_accepts_valid_signature() {
        let raw_secret = b"test-webhook-secret";
        let secret = SecretString::from(STANDARD.encode(raw_secret));
        let timestamp = OffsetDateTime::now_utc().unix_timestamp().to_string();
        let payload = br#"{"referenceId":"ORDER-1"}"#;
        let signed = format!("evt_1.{timestamp}.{}", String::from_utf8_lossy(payload));
        let mut mac = HmacSha256::new_from_slice(raw_secret).expect("hmac should initialize");
        mac.update(signed.as_bytes());
        let signature = format!("v1,{}", STANDARD.encode(mac.finalize().into_bytes()));

        verify_signature("evt_1", &timestamp, &signature, payload, &secret)
            .expect("signature should verify");
    }

    #[test]
    fn verify_signature_rejects_stale_timestamp() {
        let secret = SecretString::from(STANDARD.encode(b"test-webhook-secret"));

        assert!(matches!(
            verify_signature("evt_1", "1", "v1,bad", b"{}", &secret),
            Err(PaymentError::WebhookVerificationFailed)
        ));
    }
}