Class Rack::Facebook
In: lib/rack/facebook.rb
Parent: Object

This Rack middleware checks the signature of Facebook params, and converts them to Ruby objects when appropiate. Also, it converts the request method from the Facebook POST to the original HTTP method used by the client.

If the signature is wrong, it returns a "400 Invalid Facebook Signature".

Optionally, it can take a block that receives the Rack environment and returns a value that evaluates to true when we want the middleware to be executed for the specific request.

Usage

In your config.ru:

  require 'rack/facebook'
  use Rack::Facebook, "my_facebook_secret_key"

Using a block condition:

  use Rack::Facebook, "my_facebook_secret_key" do |env|
    env['REQUEST_URI'] =~ /^\/facebook_only/
  end

Methods

call   new  

Public Class methods

[Source]

# File lib/rack/facebook.rb, line 27
    def initialize(app, &condition)
      @app = app
      @condition = condition
    end

Public Instance methods

[Source]

# File lib/rack/facebook.rb, line 32
    def call(env)
      return @app.call(env) unless @condition.nil? || @condition.call(env)

      request = Rack::Request.new(env)
      fb_sig, fb_params = nil, nil

      [ request.POST, request.GET ].each do |params|
        fb_sig, fb_params = fb_sig_and_params( params )
        break if fb_sig
      end

      return @app.call(env) if fb_params.empty?

      Facebooker.with_application(fb_params['api_key']) do
        unless signature_is_valid?(fb_params, fb_sig)
          return Rack::Response.new(["Invalid Facebook signature"], 400).finish
        end
        env['REQUEST_METHOD'] = fb_params["request_method"] if fb_params["request_method"]
        convert_parameters!(request.params)
        @app.call(env)
      end
    end

[Validate]