rocket-webhook 0.1.0-alpha.2

Webhook validation for Rocket applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

//! Interface for webhooks that use HMAC signature validation

use hmac::{Mac, digest::KeyInit};
use rocket::{
    Request, data::Outcome, futures::StreamExt, http::Status, outcome::try_outcome,
    tokio::io::AsyncRead,
};
use subtle::ConstantTimeEq;
use tokio_util::io::ReaderStream;

use crate::{
    WebhookError,
    webhooks::{Webhook, utils::body_size},
};

/// Trait for webhooks that use HMAC signature validation.
pub trait WebhookHmac: Webhook {
    /// MAC algorithm (from the `hmac` crate) used to calculate the signature
    type MAC: Mac + KeyInit + Send;

    /// Get the secret key used to sign the webhook
    fn secret_key(&self) -> &[u8];

    /// Get the expected signature(s) from the request. To obtain required headers,
    /// you can use the `self.get_header()` utility.
    fn expected_signatures(&self, req: &Request<'_>) -> Outcome<'_, Vec<Vec<u8>>, WebhookError>;

    /// Get an optional prefix to attach to the raw body when calculating the signature. Timestamps
    /// should be validated against the given bounds.
    #[allow(unused_variables)]
    fn body_prefix(
        &self,
        req: &Request<'_>,
        time_bounds: (u32, u32),
    ) -> Outcome<'_, Option<Vec<u8>>, WebhookError> {
        Outcome::Success(None)
    }

    /// Get an optional suffix to attach to the raw body when calculating the signature. Timestamps
    /// should be validated against the given bounds.
    #[allow(unused_variables)]
    fn body_suffix(
        &self,
        req: &Request<'_>,
        time_bounds: (u32, u32),
    ) -> Outcome<'_, Option<Vec<u8>>, WebhookError> {
        Outcome::Success(None)
    }

    /// Read the request body and verify the HMAC signature. Calculates the HMAC
    /// directly from the raw streamed body (with a prefix if configured).
    fn validate_with_hmac(
        &self,
        req: &Request<'_>,
        body: impl AsyncRead + Unpin + Send + Sync,
        time_bounds: (u32, u32),
    ) -> impl Future<Output = Outcome<'_, Vec<u8>, WebhookError>> + Send + Sync
    where
        Self: Sync,
        Self::MAC: Sync,
    {
        async move {
            // Get expected signatures from request
            let expected_signatures = try_outcome!(self.expected_signatures(req));

            // Get secret key and initialize HMAC
            let key = self.secret_key();
            let mut mac = <<Self as WebhookHmac>::MAC as hmac::Mac>::new_from_slice(key)
                .expect("HMAC should take any key length");

            // Update HMAC with prefix if there is one
            if let Some(prefix) = try_outcome!(self.body_prefix(req, time_bounds)) {
                mac.update(&prefix);
            }

            // Read body stream while calculating HMAC
            let mut body_stream = ReaderStream::new(body);
            let mut raw_body = Vec::with_capacity(body_size(req.headers()).unwrap_or(512));
            while let Some(chunk_result) = body_stream.next().await {
                match chunk_result {
                    Ok(chunk_bytes) => {
                        mac.update(&chunk_bytes);
                        raw_body.extend_from_slice(&chunk_bytes);
                    }
                    Err(e) => {
                        return Outcome::Error((Status::BadRequest, WebhookError::Read(e)));
                    }
                }
            }

            // Update HMAC with suffix if there is one
            if let Some(suffix) = try_outcome!(self.body_suffix(req, time_bounds)) {
                mac.update(&suffix);
            }

            // Check HMAC against all provided signatures
            let body_sig = mac.finalize().into_bytes();
            for signature in expected_signatures {
                if body_sig.ct_eq(&signature).into() {
                    return Outcome::Success(raw_body);
                }
            }
            return Outcome::Error((
                Status::Unauthorized,
                WebhookError::Signature("HMAC didn't match any provided signature".into()),
            ));
        }
    }
}