def facebook_user_deletion
    signed_request = params['signed_request']
    data = parse_fb_signed_request(signed_request)

    # Do data deletion stuff then
    user = User.find_by(uid: data['user_id'])
    user.destroy

    # Return tracking url and code to Facebook
    data = { url: "#{ENV['APP_HOST_URL']}/deletion_status?id=del_#{user.id}", confirmation_code: "del_#{user.id}" }

    respond_to do |format|
      format.json { render :json => data }
    end
  end

  def parse_fb_signed_request(signed_request)
    encoded_sig, payload = signed_request.split('.', 2)
    secret = ENV['FACEBOOK_SECRET_ID']

    # Decode the data
    decoded_sig = Base64.urlsafe_decode64(encoded_sig)
    data = JSON.load(Base64.urlsafe_decode64(payload))

    # Create the HMAC signature
    expected_sig = OpenSSL::HMAC.digest("SHA256", secret, payload)

    if decoded_sig != expected_sig
      puts 'Bad Signed JSON signature!'
      return nil
    end

    data
  end