Rails Controller for Chargify Webhooks with support for HMAC-SHA-256 signatures and all current possible events

hooks_controller.rb

class Chargify::HooksController < ApplicationController
  protect_from_forgery :except => :dispatch_handler
  before_filter :verify, :only => :dispatch_handler

  EVENTS = %w[ test signup_success signup_failure renewal_success renewal_failure payment_success payment_failure billing_date_change subscription_state_change subscription_product_change subscription_card_update expiring_card customer_update component_allocation_change metered_usage upcoming_renewal_notice end_of_trial_notice statement_closed statement_settled upgrade_downgrade_success upgrade_downgrade_failure refund_success refund_failure expiration_date_change ].freeze

  SHARED_KEY = 'Chargify Shared Key Here'

  def dispatch_handler
    event = params[:event]

    unless EVENTS.include? event
      render :nothing => true, :status => 404 and return
    end

    begin
      convert_payload
      self.send event
    rescue Exception => e
      render :nothing => true, :status => 422 and return
    end
  end

  def test
    Rails.logger.debug "Chargify Webhook test!"
    render :nothing => true, :status => 200
  end

  def signup_success
    render :nothing => true, :status => 200
  end

  def signup_failure
    render :nothing => true, :status => 200
  end

  def renewal_success
    render :nothing => true, :status => 200
  end

  def renewal_failure
    render :nothing => true, :status => 200
  end

  def payment_success
    render :nothing => true, :status => 200
  end

  def payment_failure
    render :nothing => true, :status => 200
  end

  def billing_date_change
    render :nothing => true, :status => 200
  end

  def subscription_state_change
    render :nothing => true, :status => 200
  end

  def subscription_product_change
    render :nothing => true, :status => 200
  end

  def subscription_card_update
    render :nothing => true, :status => 200
  end

  def expiring_card
    render :nothing => true, :status => 200
  end

  def customer_update
    render :nothing => true, :status => 200
  end

  def component_allocation_change
    render :nothing => true, :status => 200
  end

  def metered_usage
    render :nothing => true, :status => 200
  end

  def upcoming_renewal_notice
    render :nothing => true, :status => 200
  end

  def end_of_trial_notice
    render :nothing => true, :status => 200
  end

  def statement_closed
    render :nothing => true, :status => 200
  end

  def statement_settled
    render :nothing => true, :status => 200
  end

  def upgrade_downgrade_success
    render :nothing => true, :status => 200
  end

  def upgrade_downgrade_failure
    render :nothing => true, :status => 200
  end

  def refund_success
    render :nothing => true, :status => 200
  end

  def refund_failure
    render :nothing => true, :status => 200
  end

  def expiration_date_change
    render :nothing => true, :status => 200
  end


  protected
  def verify
    if params[:signature_hmac_sha_256].nil?
      params[:signature_hmac_sha_256] = request.headers["HTTP_X_CHARGIFY_WEBHOOK_SIGNATURE_HMAC_SHA_256"]
    end

    unless OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), SHARED_KEY, request.body.read) == params[:signature_hmac_sha_256]
      render :nothing => true, :status => :forbidden
    end
  end

  def convert_payload
    if params[:payload].has_key? :transaction
      @transaction = Chargify::Transaction.new params[:payload][:transaction]
    end

    if params[:payload].has_key? :subscription
      @subscription = Chargify::Subscription.new params[:payload][:subscription]
    end
  end
end

# route
#map.chargify_hooks '/chargify/hooks', :controller => 'chargify/hooks', :action => "dispatch", :conditions => { :method => :post }

Updated to support HMAC_SHA_256 based signatures and full set of events from Chargify webhooks