flask sha1 signe package verifier

gistfile1.txt

import os 
import hmac

from flask import Flask,request,jsonify
import json

app = Flask(__name__)
MAGAZZINO_WEBHOOK_SECRET=""

@app.route('/')
def hello_world():
    header_signature = request.headers.get('X-MagazzinoDelSole-Signature')

    print(header_signature)
    print(json.dumps(request.get_json(),separators=(',', ':')))
    # pass request data and signature to verify function
    ret = verify_signature(json.dumps(request.get_json(),separators=(',', ':')).encode(), header_signature)
    if ret:
        return ret
    json_data = request.get_json()
    return jsonify({'message': 'success'}), 200    
    


def verify_signature(request_data, header_signature):
    # do not store your secret key in your code, pull from environment variable
    secret_key = MAGAZZINO_WEBHOOK_SECRET

    if not header_signature:
        return jsonify({'message': 'failure'}), 404

    # separate the signature from the sha1 indication
    # sha_name, signature = header_signature.split('=')
    # if sha_name != 'sha1':
    #     return jsonify({'message': 'failure'}), 501

    # create a new hmac with the secret key and the request data
    mac = hmac.new(secret_key.encode(), msg=request_data, digestmod='sha1')
    print(mac.hexdigest())
    # verify the digest matches the signature
    if not hmac.compare_digest(mac.hexdigest(), header_signature):
        return jsonify({'message': 'failure'}), 404

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=int("5000"), debug=True)