-
Notifications
You must be signed in to change notification settings - Fork 572
/
Copy pathsecurity.py
38 lines (31 loc) · 1.18 KB
/
security.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
from functools import wraps
from flask import current_app, jsonify, request
import logging
import hashlib
import hmac
def validate_signature(payload, signature):
"""
Validate the incoming payload's signature against our expected signature
"""
# Use the App Secret to hash the payload
expected_signature = hmac.new(
bytes(current_app.config["APP_SECRET"], "latin-1"),
msg=payload.encode("utf-8"),
digestmod=hashlib.sha256,
).hexdigest()
# Check if the signature matches
return hmac.compare_digest(expected_signature, signature)
def signature_required(f):
"""
Decorator to ensure that the incoming requests to our webhook are valid and signed with the correct signature.
"""
@wraps(f)
def decorated_function(*args, **kwargs):
signature = request.headers.get("X-Hub-Signature-256", "")[
7:
] # Removing 'sha256='
if not validate_signature(request.data.decode("utf-8"), signature):
logging.info("Signature verification failed!")
return jsonify({"status": "error", "message": "Invalid signature"}), 403
return f(*args, **kwargs)
return decorated_function