Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Attribute that helps with verifying Impala webhooks in dot net core
public static class ImpalaHeaderContants
{
public const string XImpalaSignature = "X-Impala-Signature";
}
public class ImpalaConfigDTO
{
public string ApiKey { get; set; }
public string WebhookSecret { get; set; }
}
public class ImpalaWebhookVerificationAttribute : ActionFilterAttribute
{
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var config = context.HttpContext.RequestServices.GetService<IOptionsSnapshot<ImpalaConfigDTO>>().Value;
var strContent = await context.HttpContext.Request.GetRawBodyStringAsync();
context.HttpContext.Request.Headers.TryGetValue(ImpalaHeaderContants.XImpalaSignature, out var headers);
var xImpalaSignature = headers.FirstOrDefault();
var actualXImpalaSignature = GetXImpalaSignature(strContent, config.WebhookSecret);
if (actualXImpalaSignature != xImpalaSignature)
{
var logger = context.HttpContext.RequestServices.GetService<ILogger<ImpalaWebhookVerificationAttribute>>();
logger.LogWarning(string.Format("Unverified webhook call Body=[{0}] Hash=[{1}]", strContent, xImpalaSignature));
context.Result = (context.Controller as Controller).StatusCode(403);
}
else
{
await next();
}
}
private static string GetXImpalaSignature(string text, string key)
{
ASCIIEncoding encoding = new ASCIIEncoding();
var textBytes = encoding.GetBytes(text);
var keyBytes = encoding.GetBytes(key);
byte[] hashBytes;
using (HMACSHA256 hash = new HMACSHA256(keyBytes))
{
hashBytes = hash.ComputeHash(textBytes);
}
return BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
}
}
@PeterKottas

This comment has been minimized.

Copy link
Owner Author

PeterKottas commented Aug 29, 2019

Make sure to configure options, something along the lines of:

services.Configure<ImpalaConfigDTO>(Configuration.GetSection("Impala:Plugin"));

Then you just put the Attribute on method or controller.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.