benzado / heroic-sns Goto Github PK

• Drop support for Ruby < 2.0 (Travis doesn't seem to support it anyway)
• Add 2.4+ to travis.yml
• Does this mean we drop Rack 1.x support?
• Merge #15 for stricter cert check
• Add #14 relaxed JSON dependency to release notes
• Merge #13 for better error message
• review forks for anything worthwhile
• update rake
• update release notes, etc.

Contributor names don't have URLs to make them clickable!

I can see why that happened... the URLs are all the way at the bottom of the file and it's not crazy to assume that GitHub would automatically link GitHub usernames. (It's good that it doesn't, though, since there's no reason to assume a Markdown file in your repo is designed to be parsed and displayed by GitHub.)

I should move the link definition lines up, near the contributor's first contribution.

From an Amazon announcement on June 19:

SNS Raw Message Delivery enables developers to pack even more information content into their messaging payloads. When delivering notifications to SQS and HTTP endpoints, SNS today adds JSON encoding with metadata about the current message and topic. With this release, developers can set the optional "RawMessageDelivery" property to disable this added JSON encoding. Raw message delivery is off by default, to ensure existing applications continue to behave as expected.

Does heroic-sns work with raw messages?

A tool to send a simulated notification to a given URL would be really useful during development.

Message verification does not take the timestamp into account, and is therefore vulnerable to replay attacks. Heroic::SNS::Message.verify! should probably fail if the message is older than some threshold amount, probably 15 minutes.

Note that this would have an impact on the test code, which depends on fixtures that were captured from Amazon far more than 15 minutes ago. Code to generate signed messages is probably needed for proper testing.

Amazon allows payloads of up to 256KB. Should we reject incoming messages that are over the limit?

Heroic Software, Inc. is no more; copyright reverts back to me, a human person.

I'm trying to use this with rails 5, and it's not working because rails5 depends on rack 2.x. If you could relax the requirement to >= 1.4, that would solve this problem.