Status of dj/webhook-signatures?

[lukemelia]

I'm working on a project with this SDK and would like to verify webhook signatures. I was considering implementing signature verification per your spec, and submitting a pull request, but I came across the branch "dj/webhook-signatures", in which it looks like this was done last year but has not been merged. What is the status of this branch and is there something we can do to help it over the finish line?

[dylanjha]

Thanks for bringing this up @lukemelia . Indeed the code was written, but there's one more step before we can get this changes in. This SDK, along with a few others are actually generated based on our open API spec.

There's currently no way that this kind of signature verification code can be auto-generated so we will have to revisit the code that repo that does code-generation (currently closed source) and update the toolchain there to have the capability of pulling in non-autogenerated code in order to add this functionality.

It's definitely on our roadmap and something we want to address, but I don't have an exact timeline.

[Nodalailama]

Hi,

If someone need to implement this, take a look at https://s-moyashi.com/2022/02/23/mux-com-verify-webhook-signatures-case-ruby

Best regards,

[matthewlein]

For anyone that needs to implement that, you can copy that branch's code from https://github.com/muxinc/mux-ruby/blob/69a8a5fd4979851366324e19517321a8341b2aed/lib/mux_ruby/models/webhook.rb

and then in your webhook controller (assuming rails)

valid = RubyMux::Webhook.verify_header(request.raw_post, request.headers['Mux-Signature'], your_secret)