diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb index 7b251cf804..ce353f1dee 100644 --- a/app/controllers/concerns/signature_verification.rb +++ b/app/controllers/concerns/signature_verification.rb @@ -23,6 +23,19 @@ module SignatureVerification @signature_verification_failure_code || 401 end + def signature_key_id + raw_signature = request.headers['Signature'] + signature_params = {} + + raw_signature.split(',').each do |part| + parsed_parts = part.match(/([a-z]+)="([^"]+)"/i) + next if parsed_parts.nil? || parsed_parts.size != 3 + signature_params[parsed_parts[1]] = parsed_parts[2] + end + + signature_params['keyId'] + end + def signed_request_account return @signed_request_account if defined?(@signed_request_account) @@ -154,7 +167,7 @@ module SignatureVerification .with_fallback { nil } .with_threshold(1) .with_cool_off_time(5.minutes.seconds) - .with_error_handler { |error, handle| error.is_a?(HTTP::Error) ? handle.call(error) : raise(error) } + .with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) } .run end diff --git a/config/environments/production.rb b/config/environments/production.rb index 70baa6ad1a..d1b5a8df54 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -71,6 +71,12 @@ Rails.application.configure do # Better log formatting config.lograge.enabled = true + config.lograge.custom_payload do |controller| + if controller.respond_to?(:signed_request?) && controller.signed_request? + { key: controller.signature_key_id } + end + end + # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false