Twilio Request Validation for Rails

twilio_calls_controller.rb

class TwilioCallsController < ApplicationController
  before_filter :authenticate_twilio_request, :only => [
    :twilio_handling_method_1, :twilio_handling_method_2
  ]

  def twilio_handling_method_1
    # do something Twilio-related
  end

  def twilio_handling_method_2
    # do something else Twilio-related
  end

  def non_twilio_handling_method
  end

  private
  def authenticate_twilio_request
    twilio_sig = request.headers['HTTP_X_TWILIO_SIGNATURE']
    twilio_validator = Twilio::Util::RequestValidator.new(twilio_sig)

    # Twilio parameters all begin with an uppercase letter, so the filter should only
    # consider parameters that start with an uppercase letter. This is needed if you
    # are passing custom parameters with your Twilio requests.
    twilio_params = params.reject {|k| k.downcase == k}
    twilio_sig_verify = twilio_validator.build_signature_for(request.url, twilio_params)

    is_valid_twilio_req = twilio_validator.validate(request.url, twilio_params, twilio_sig_verify)

    unless is_valid_twilio_req
      render :xml => (Twilio::TwiML::Response.new {|r| r.Hangup}).text, :status => :unauthorized
      false
    end
  end
end