feat: HMAC verification for web widget (#1643)

* feat: HMAC verification for web widget. Let you verify the authenticated contact via HMAC on the web widget to prevent data tampering. * Add docs for identity-validation Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2021-01-17 22:44:03 +05:30
parent d758df8807
commit b6e8173b24
26 changed files with 517 additions and 311 deletions
--- a/app/views/widget_tests/index.html.erb
+++ b/app/views/widget_tests/index.html.erb
@@ -1,5 +1,15 @@
 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0" />

+
+<%
+  user_id = 1
+  user_hash = OpenSSL::HMAC.hexdigest(
+    'sha256',
+    @web_widget.hmac_token,
+    user_id.to_s
+  )
+
+%>
 <script>

 window.chatwootSettings = {
@@ -24,6 +34,11 @@ window.chatwootSettings = {
 })(document,"script");

 window.addEventListener('chatwoot:ready', function() {
-  console.log(window.$chatwoot)
+  console.log(window.$chatwoot);
+  window.$chatwoot.setUser('<%= user_id %>', {
+    identifier_hash: '<%= user_hash %>',
+    email: 'jane@acme.inc',
+    name: 'Jane Doe'
+  });
 })
 </script>