From eefdf8f4fa85947f459f0da9e8b571d1fddfecce Mon Sep 17 00:00:00 2001
From: dev-prakhar <prakhar@pushowl.com>
Date: Sun, 20 Feb 2022 00:12:40 +0530
Subject: [PATCH] Added GDPR Webhook Request Verification

---
 README.md              | 10 ++++++++++
 lib/smoothcode/auth.rb |  7 +++++++
 smoothcode.gemspec     |  2 +-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8da7c90..ec3a2fe 100644
--- a/README.md
+++ b/README.md
@@ -30,4 +30,14 @@ require 'smoothcode'
 
 SmoothCodeAuth.new(request_hmac, client_secret).webhook_request?(webhook_data) # returns True if the request is valid
 ```
+
+* `gdpr_webhook_request?(webhook_data)` - This method verifies if the webhook request is coming from `SmoothCode`
+```ruby
+require 'smoothcode'
+
+# SmoothCode sends hmac in the Authorization Header of the request
+# It is hmac of the shop id signed by your App Client Secret
+
+SmoothCodeAuth.new(request_hmac, client_secret).gdpr_webhook_request?(webhook_data) # returns True if the request is valid
+```
 ***
diff --git a/lib/smoothcode/auth.rb b/lib/smoothcode/auth.rb
index a0aedfd..e478a9e 100644
--- a/lib/smoothcode/auth.rb
+++ b/lib/smoothcode/auth.rb
@@ -16,4 +16,11 @@ def webhook_request?(webhook_data)
 
         generate_hmac(@client_secret, webhook_id.to_s) == @request_hmac
     end
+
+    def gdpr_webhook_request?(webhook_data)
+        webhook_data = webhook_data.transform_keys(&:to_sym)
+        shop_id = webhook_data[:shop_id]
+
+        generate_hmac(@client_secret, shop_id.to_s) == @request_hmac
+    end
 end
diff --git a/smoothcode.gemspec b/smoothcode.gemspec
index c0b731c..ef16dcf 100644
--- a/smoothcode.gemspec
+++ b/smoothcode.gemspec
@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name        = 'smoothcode'
-  s.version     = '0.0.3'
+  s.version     = '0.0.4'
   s.summary     = 'Ruby client to interact with SmoothCode'
   s.description = 'Ruby client to interact with SmoothCode'
   s.authors     = ['SmoothCode']