Open jalcine opened 4 years ago
Thanks @jalcine! This is a great issue!
I've taken some time to flesh out the acceptance criteria; feel free to edit it as you see fit!
I've also transferred you 20 patronage points as a way to say thank you for your contribution.
Feel free to pass them on to other folks who are doing work you appreciate, or hold on to them! Once Zinc starts generating revenue in excess of our operating costs, Contributors will be able to redeem them for cash.
OK, feature tests are starting to be framed in. Would appreciate any feedback or commits from other people.
Stripe, by design, has a method for signing and verifying messages sent to its API. This kind of security should be applied to the proxy when receiving messages and (perhaps also sending messages to the forwarded event listener endpoint).
Feature Definition
There are two scenarios in play here, one is for the Operator of the Compensated Proxy, and the other is for a Client Developer.
Here's the one for the Proxy
And here's one for the Core library:
We may want to split this into two issues; so that it's easier to close; or we can leave it as one big issue with as many patches as it takes to get this across the finish line.
This Issue May Be Closed When
compensated-ruby
library can verify incoming Stripe Event's Signaturecompensated-ruby/CHANGELOG.md
indicates that this feature existscompensated-ruby
library.compensated-proxy
application can verify incoming Stripe Event's signaturecompensated-proxy/CHANGELOG.md
indicates that this feature existscompensated-proxy
application