fangamb/Facebooker Post Callbacks

## Facebooker Post Callbacks
#Facebooker Post Authorize / Post DeAuthorize Callbacks
#from the FanGamb team - http://www.fangamb.com
class CallbacksController < ApplicationController
  skip_before_filter :ensure_app_installed, :except => :post_authorize
  skip_before_filter :verify_authenticity_token

  def post_authorize
    if request.post?
      if verify_uninstall_signature
        #set user's has_app indicator to 1 to indicate active
      end
    end
    render :nothing => true
  end

  def post_deauthorize
    if request.post?
      if verify_uninstall_signature
        #set user's has_app indicator to 0 to indicate inactive
      end
    end
    render :nothing => true
  end

  private
      #based on http://wiki.developers.facebook.com/index.php/Post-Remove_URL
      def verify_uninstall_signature
        signature = ''
        keys = params.keys.sort
        keys.each do |key|
          next if key == 'fb_sig'
          next unless key.include?('fb_sig')
          key_name = key.gsub('fb_sig_', '')
          signature += key_name
          signature += '='
          signature += params[key]
        end

        signature += FACEBOOK_YAML['secret_key']
        calculated_sig = Digest::MD5.hexdigest(signature)

        if calculated_sig != params[:fb_sig]
          logger.warn "\nWARNING :: potential spoofing :: expected signatures did not match"
          logger.info "\nSignature (fb_sig param from facebook) :: #{params[:fb_sig]}"
          logger.info "\nSignature String (pre-hash) :: #{signature}"
          logger.info "\nMD5 Hashed Sig :: #{calculated_sig}"

          #check to see if ip variables are nil
          if not request.env['HTTP_X_FORWARDED_FOR'].nil? and not request.env['HTTP_X_REAL_IP'].nil?
            ip = request.env['HTTP_X_FORWARDED_FOR'] || request.env['HTTP_X_REAL_IP']
          else
            ip = request.remote_ip
          end

          logger.info "\nRemote IP :: #{ip}"
          return false
        else
          #logger.warn "\n\nSUCCESS!! Signatures matched.\n"
        end
        return true
      end

end
	#Facebooker Post Authorize / Post DeAuthorize Callbacks
	#from the FanGamb team - http://www.fangamb.com
	class CallbacksController < ApplicationController
	skip_before_filter :ensure_app_installed, :except => :post_authorize
	skip_before_filter :verify_authenticity_token

	def post_authorize
	if request.post?
	if verify_uninstall_signature
	#set user's has_app indicator to 1 to indicate active
	end
	end
	render :nothing => true
	end

	def post_deauthorize
	if request.post?
	if verify_uninstall_signature
	#set user's has_app indicator to 0 to indicate inactive
	end
	end
	render :nothing => true
	end

	private
	#based on http://wiki.developers.facebook.com/index.php/Post-Remove_URL
	def verify_uninstall_signature
	signature = ''
	keys = params.keys.sort
	keys.each do \|key\|
	next if key == 'fb_sig'
	next unless key.include?('fb_sig')
	key_name = key.gsub('fb_sig_', '')
	signature += key_name
	signature += '='
	signature += params[key]
	end

	signature += FACEBOOK_YAML['secret_key']
	calculated_sig = Digest::MD5.hexdigest(signature)

	if calculated_sig != params[:fb_sig]
	logger.warn "\nWARNING :: potential spoofing :: expected signatures did not match"
	logger.info "\nSignature (fb_sig param from facebook) :: #{params[:fb_sig]}"
	logger.info "\nSignature String (pre-hash) :: #{signature}"
	logger.info "\nMD5 Hashed Sig :: #{calculated_sig}"

	#check to see if ip variables are nil
	if not request.env['HTTP_X_FORWARDED_FOR'].nil? and not request.env['HTTP_X_REAL_IP'].nil?
	ip = request.env['HTTP_X_FORWARDED_FOR'] \|\| request.env['HTTP_X_REAL_IP']
	else
	ip = request.remote_ip
	end

	logger.info "\nRemote IP :: #{ip}"
	return false
	else
	#logger.warn "\n\nSUCCESS!! Signatures matched.\n"
	end
	return true
	end

	end